This preview shows page 1. Sign up to view the full content.
Unformatted text preview: SECURITY USING FIREWALLS By:B.SAIRAM CSE III Year, P.ARUN KUMAR CSE III Year, V.I.T.S., KARIMNAGAR. e-mail: [email protected] V.I.T.S., KARIMNAGAR. [email protected] ABSTRACT: In this age of universal electronic connectivity of viruses and hackers, of electronic Eavesdropping and electronic level of protection, they are incapable of providing a “trust worthy” environment and are vulnerable to unexpected attacks. The generic of name tools and for design to the to fraud, there is indeed no time at which security does not matter. The explosive systems growth and in their collection protect data thwart hackers is computer security. In this technical paper we are introducing firewalls concept. The disciplines of firewall have matured, leading to the computer interconnections via network has increased the dependence of both organizations and individuals on the information stored using and these development of practical, readily available applications to enforce network security. Initially the communicated systems. This, in turn, has led to a heightened awareness of the need to protect the data and paper discusses some threats to network security into the firewall and entering concept. The messages, and to protect systems from network based attacks. As we tend towards a more and more computer centric world, the concept of data paper discusses the detailed use of a Firewall mechanisms for facing those network based attacks. It conclude with the difficulties Encountered in the security has attained a paramount importance. Though present day security systems offer a good implementation of firewalls. Security using firewalls With the increasing necessity of e-mail accessing and internet resources and the convenience it offers serious security concerns also arise. Internet is vulnerable to intruders who are always snooping to find open computers in the network to steal personal files, information or cause any damage. The loss of these records, emails or customer files, can be devastating. INTRODUCTION: A variety of technologies have been developed to help organizations secure their systems and information against intruders. These technologies help protect systems and information against attacks, detect unusual or suspicious activities, and respond to events that effects security. Network security is the process of preventing and detecting unauthorized use of the computer in the network. Prevention measures help stop unauthorized users (also known as “intruders”) from accessing any part of the computer system. Detection helps to determine whether or not someone attempted to break into the system, if they were successful, and what they may have done. A MODEL FOR NETWORK SECURITY: A model for much of what we will be discussing is captured , in very general terms, in the following figure . A message is to be transferred from one party to another across some sort of internet. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. A logical information channel is established by defining a route through the internet from source to destination and by the cooperative use of communication protocols ( e.g., TCP/IP) by the two principals. Security accepts come into play when it is necessary or desirable to protect the information transmission from an opponent who may present a threat to confidentiality, authenticity, and so on. All the techniques for providing security have two components: o o A securityrelated transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of code based on the contents of the message, which can be used to verify the identity of the sender. Some secret information shared by the two principals and ,it is hoped, unknown to the opponent. An example is an inscription used in conjunction with the transformations to scramble the message before transmission and unscramble it on reception. SECURITY ATTACK Any action that compromises the security of information organization. owned by an ATTACK MODEL The attacker, sitting at home, uses client software to send commands to the nodes. The nodes in turn send floods of packets, or malformed packets to crash systems (or both) toward the victim. Typically, the client software the attacker is using to detect these attacks is not on his system, that sitting on another system (usually a compromised host several hopes from the attacker’s home system to help prevent authorities from tracking down the attacker). From here, a set of commands are currently sent using ICMP packets, with the possibly encrypted. With one node, thousands of packets can be sent per minute, flooding the target. With a hundred nodes, millions of packets can be sent per minute, using up all of the available bandwidth a victim might have. With a thousand geographically dispersed nodes, billions of packets could certainly cripple virtually any victim, including victims with multiple ISPs, redundant internet connections, server farms, and high band-width routers. DEFENDING AGAINST ATTACKS The user should be able to determine the source address of the rogue packets that are coming in. To do this it is necessary to have physical access to a device or devices on the outer perimeter of the network. During the flood of packets, the user will probably not be able to communicate with outer perimeter devices, so he has to make sure that he can get to the device. This device can be firewall, router, intrusion detection system, or network monitoring device (such as sniffer) that will allow you to view the source and destination IP addresses of packets flying by. WHAT IS A FIREWALL Firewall: a device used to implement a security policy between networks. A firewall has multiple network interfaces, and is typically used to create a secure boundary between untrusted external networks and trusted internal networks. The security policy defines what type of access is allowed between the connected networks. Firewalls are tools that can be used to enhance the security of computers connected to a network, such as a LAN or the internet. A firewall separates a computer from the internet, inspecting packets of data as they arrive at either side of the firewall inbound to or outbound from the computer to determine whether it should be allowed to pass or be blocked. Firewalls act as guards at the computer’s entry points (which are called ‘ports’ ) where the computer exchanges data with other devices on the network. Firewalls ensure that packets that are requesting permission to enter the computer meet certain rules that are established by the user of the computer. Single architecture Firewall Characteristics: • All traffic from inside to outside, and vise versa, must pass through the fire wall. This is achieved by physically blocking all access to the local network except via the firewall. Only authorized traffic, as defined by the local security policy, will be • allowed to pass. Various types of firewalls are used, which implements various types of security policies. The firewall itself is immune to penetration. This implies that use of a trusted system with a secured operating system. • What one expect from a firewall? • A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks. A firewall provides a location for monitoring security – related events . Audits and alarms can be • • • implemented on the firewall system. A firewall convenient platform for several internet functions that are not security related. These include a network address translator , which maps to local address to internet address, and a network management function that audits or logs internet usage. A firewall serves as the platform for IP sec. HOW A FIREWALL WORKS Packets: When messages are sent along the internet, they are broken up into small ‘packets’ that take different routes to get to the destination. On reaching the destination, the packets are re-assembled to form the complete original message. The TCP/IP ensures that messages arrive at the proper computer in the proper order. When the message is in packet form, the destination address and the source address information are carried in the ‘head’ of the packet. Firewalls read the IP address in the head of packets. The IP address is an important concept to determine the source of message. They can use part of that information to determine whether or not the message will be allowed access or not. Packet filtering: The most common firewall method is known as packet filtering. Maintaining the bouncer analogy, some bouncers may only check ID’s and compare this with the guest list before letting people in. Similarly, when a packet filter firewall receives a packet from the internet, it checks information held in the IP address in the header of the packet and checks it against a table of access control rules to determine whether or not the packet is acceptable. A set of rules established by the firewall administrator serves as the guest list. These rules may specify certain actions when a source or destination IP address or port number is identified. Although packet filters are fast, they are also relatively easy to circumvent. One method of getting around a packet filter firewall is known as IP spoofing, in which hackers adopt the IP address of a trusted source, thereby fooling the firewall into the thinking that are packets from the hackers or actually from a trusted source. The second fundamental problem with packet filter firewalls is that they allow a direct connection between source and destination computers. How Do You Know if You Need a Firewall? The installation of a firewall requires a clear understanding of the networking requirements of a group. The installation is likely to have a direct impact on every machine behind the firewall. Since firewalls are tools used to implement network security policy, no firewall design should ever be considered without first clearly defining the ultimate security policy goals. TYPES OF FIREWALLS: Packet –filtering router: A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet. The router is typically configured to filter packets going in both directions (from and to the internal network). Filtering rules are based on fields in the IP and transport (e.g., TCP or UDP) header, including source and destination IP address, IP protocol field (which defines the transport protocol), and TCP or Application level gate way: Application level gateways tend to be more securing than packet filters. It is also called a proxy server, acts as a relay of application -level traffic. The user contacts the gate way using a TCP /IP application, such as telnet or FTP and the gate way UDP port Number (which defines an applications such as SNMP or TELNET). The packet filter is typically setup as a list of rules based on matches to fields in the IP or TCP header. If there is a match to one of the rules, that rule is invoked to determine whether to forward or discard the packet. If there is no match to any rule, then a default action is taken. asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user id and authentication information, the gate way contacts the application on the remote host and relays TCP segments containing the application data between the two end points. Fig: Types of firewalls Circuit level gateway: A third type of firewall is the circuit level gate way. This can be a stand-alone system or it can be a specialized function performed by an application level gate way for certain applications. A circuit level gate way does not permit an end to end TCP connection; rather, the gate way sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gate way typically relays TCP segments from one connection to the other without examining the contents. Security function consists of determining which connection will be allowed. A FIREWALL IN AN IT SYSTEM A firewall is primarily used to protect the boundary of an organization’s internal network whilst it is connected to other networks (e.g. to the Internet). A typical misconception is, as I already mentioned, to use perimeter routers for performing this role. At the very least, perimeter routers can be employed in two ways: either without packet filtering rules involved or by using an IP filtering router solution (most likely together with a dynamic NAT) selectively passing or blocking data packets based on port information or addresses acceptable by the security policy. Of course, a firewall must always be situated next to the router. Some practical solutions to this are illustrated in Figures 1 and 2 below. Fig: Model network using firewall Fig: Another model using firewall SHORT COMINGS OF A FIREWALL Firewall can’t protect against attacks that don’t go through the firewall. There are a lot of organizations out there buying expensive firewalls and neglecting the numerous other back-doors into their network. For a firewall to work, it must be a part of a consistent overall organizational security architecture. Another thing a firewall can’t really protect against is a traitor inside the network. While an industrial spy might export information through your firewall, he’s just as likely to export it through a telephone. FAX machine, or floppy disk. An attacker may be able to break in to the network by completely bypassing the firewall, if he can find a helpful employee inside who can be fooled into giving access to a modem pool. Lastly, firewalls can’t protect against tunneling over most application protocols to trojaned or poorly written clients. There are no magic bullets and a firewall is not an excuse to not implement software controls on internal networks or ignores host security on services. CONCLUSION:
Firewall policies must be realistic and reflect the level of security in the entire network. The future of firewalls sits somewhere between both network layer firewalls and application layer firewalls. It is likely that network layer firewalls will become increasingly aware of the information going through them, and application layer firewalls will become more and more transparent. The end result will be kind of a fast packet-screening system that logs and checks data as it passes through. Firewalls are available as personnel firewalls (eg.,Zone Alarm,Nortron personnel firewall) and network firewalls .The personnel firewall is a software used on different personnel computers. Where as the network firewalls are available in two trends as software and hardware firewalls. In near future the firewall becomes the necessary security devices to prevent the network based attacks. Finally security isn’t “fire and forget” REFERENCES: www.wikipedia.com Network Security by William Stallings www.google.com ...
View Full Document
This note was uploaded on 03/26/2011 for the course IT 101 taught by Professor Dontknow during the Spring '07 term at Northern Virginia.
- Spring '07