Firewalls Abstract Nowadays, weare living in an evolutionary world in the field of communications and computernetworking. Internet, an international network connecting the world together,made the earth a small world in which we can access resources and informationremotely within seconds. In such world, there are a lot of risks and dangersthat result from malicious persons and entities. The need for securingcommunications and networks around the world is a must for each business andeven for personal networks. In this paper we will have a look at a securitysolution that is being used world-wide in order to secure computer networks,which is Firewalls. We will delve in more details regarding this topic, fromdefinition, types, and proposes to its abilities and disabilities.
1. What is a firewall?In simplewords, a firewall is a network security system that monitors and controlsincoming and outgoing network traffic based on predetermined security rules. Afirewall works as a barrier or a wall between internal network that needs to befirewalled and external world which may represent a source of risks to ourinternal network, such as the Internet. A firewall can be considered a toolthat enhances all the three types of security components which are:Confidentiality (Preventing unauthorized disclosure of information), Integrity(Ensuring that there are no unauthorized changes to information and that it isreliable and accurate), and Availability (ensuring that information is availableto authorized persons when they request it). Firewalls can prevent unauthorizedchanges or tampering of information; and they can help to maintain access andavailability to the information or to the resources. Thus, enhancing CIAcomponents.2.
Purpose of a firewall:A firewallserves as a gatekeeper to vital resources. It adds additional layer of securitybetween an internal network and its important assets, and between the outer world.Connecting our networks to the outside world directly will leave the door opento outsiders to easily access network resources. A firewall serves as a blockeror as a wall to block these unauthorized requests from the outside world and,allowing only authorized ones.3.
Types of firewalls?Firewalls canbe classified in many categories such as: network/host-based,software/hardware, and they can be classified on the way they function whetherpacket switching, circuit-level, and many more. In the upcoming sections, wewill discuss these categories in more details. 3.1 Network firewallsvs. host-based firewalls: Network firewalls filterincoming and outgoing traffic between two or more networks and usually run onnetwork hardware.Host-based firewalls run on hostcomputers and control incoming and outgoing network traffic of those machines3.2 Hardwarefirewalls vs software firewalls:A software firewall is a piece ofsoftware that is installed on any machine in order to protect it fromunauthorized access.
Software firewalls can allow data to one program whileblocking another program. They can filter incoming and upcoming requests fromthe machine on which they are installed on. The main drawback of softwarefirewalls is they require installation, updating and administration on eachindividual computer.A hardware firewall is a piece ofhardware that sets between networks.
They can be set between local networkslocated in a corporate or between local networks and an outside network such asthe Internet. Hardware firewalls acts as a filter between networks. Theyinspect all the incoming traffic from the Internet, allowing only safe datapackets while blocking the potentially malicious packets. The drawback ofhardware firewalls is the level of monitoring and maintenance they need.Hardware firewalls are complex and managing them is not an easy task.3.
3 Historical/TechnicalClassification of Firewalls:Packet filtering firewalls:Packet filtering firewalls can be considered the first generationtype of firewalls. They operates inline at junction points where devices suchas routers and switches do their work. Packet filtering firewalls comparetraffic packets to a predefined set of criteria such as allowed IP addresses,packet type, port number, etc. Filtering in white-listed or benign packets anddropping malicious or black-listed packets.
Stateful inspection firewalls:Stateful inspection firewall can be considered the secondgeneration type of firewalls. Second-generationfirewalls perform the work of their first-generation predecessors but operateup to layer 4 (Transport layer)of the OSI model. They track the operating state andcharacteristics of network connections through a network. They are configuredto distinguish legitimate packets for different types of connections. They onlyallow connections that match a predefined active connections. Stateful packetinspection (SPI), also referred to as dynamic packet filtering, is a securityfeature often included in business networks.
Application-level gateways: Application layer firewalls: An applicationfirewall is a type of firewall that controls input, output, and access from,to, or by an application or service. It operates by monitoring the input,output, or system service calls. It blocks the system service calls that do notmeet the configured policy of the firewall. The application firewall istypically built to control all network traffic on any OSI layer up to theapplication layer.
It is able to control applications or services specifically,unlike a stateful network firewall, which is unable to control network traffic ofa specific application. There are two primary categories of applicationfirewalls, network-based application firewalls and host-based applicationfirewalls which we discussed above.Circuit-level gateways:A circuit-level gateway is a type offirewall. Circuit-level gateways work at the session layer of the OSI model, oras a “mid-layer” between the application layer and the transportlayer of the TCP/IP stack. They monitor TCP handshaking between packets todetermine whether a requested session is legitimate. 4.
What firewalls can accomplish?Firewalls have a lot of functions todo when implementing in a network. We will discuss more details about the basicfunctions of firewalls in the upcoming section.4.1 Filtering: The primary purpose of a firewall is packet filtering. When acomputer sends a request across the Internet, it takes the form of smallpackets of data, which travel through the network to their destination. Thetarget server responds with its own packets of data, which return along thesame route. A firewall monitors every packet that passes through it,considering its source, destination and what type of data it contains, and itcompares that information to its internal rule set. If the firewall detectsthat the packet is malicious it drops the data.
Typically, firewalls allowtraffic from common programs such email or Web browsers, while discarding mostincoming requests. Firewalls can be configured to disallow access to certainwebsites or services to fit the security policy of a corporate.4.2 Logging: Logging is an important function of a firewall.
Almost, allfirewalls have the ability to log any traffic that passes through it. Firewallsrecord the information from packets that pass through or that it discards, thusproviding network administrators with a clear picture of the kind of trafficthat passes through a system. This will be handy in identifying the source ofan external attack, but it can also be used to monitor users’ activities.4.
3 Alerting: Alerting is anothervaluable feature in any firewall system. When configured correctly, thisfeature will help system administrators, network engineers, securityprofessionals to handle an attack early. Firewalls can also secure againstinternal attacks. For example, many types of malware will send out a signal ora specific traffic once they take over a system, allowing the author to triggerspecific actions or even control the hacked system remotely. A firewall canalert administrators when an unknown program attempts to send potentialmalicious traffic 5. What firewalls cannot accomplish?All the above discussed items doshow the power and advantages of a firewall to a network as a securityrequirement. However, there are many limitations in which a firewall will notwork efficiently or in more precise words, it was not designed and implementedto do such stuff.
Those limitations are discussed in the following elements:Vulnerabilitiesin the host operating system: A firewall isonly as secure as the operating system on which it is installed. There are manyflaws present in operating systems that a firewall cannot protect against. Thisis why it is important to regularly secure the operating system and apply the necessarysecurity patches before you install the firewall and on a periodic basis.Traffic notgoing through the firewall: A firewallcan only monitor traffic and data that go through it. A firewall cannot protectagainst connections that can go around the firewall. It also cannot prevent aninternal intruder from hacking an internal system.
Socialengineering: If attackers can somehow obtainpasswords they are not authorized to have or otherwise compromiseauthentication mechanisms through social engineering mechanisms, the firewallwon’t stop them. Malicious use of authorized services: A firewall cannot prevent malicious person from using anauthenticated Telnet session to compromise your internal machines or fromtunneling an unauthorized protocol through another, authorized protocol.Firewall bypassmechanisms: Firewall systems are designed toreact to attacks used and discovered by hackers, who are usually at least onestep ahead of the firewall manufacturers. So, if there is unknown attackmethodology or firewall-bypass trick, firewall systems will not react to suchstuff as they are not configured to do that.
ConclusionFirewalls maybe considered the most important item when securing computer networks and theirbeneath hosts. They protect against malicious attacks, viruses, worms and manymore. There are many types of firewalls systems that can be implemented in anetwork. Depending on the requirements of an organization, the selected typecan be implemented and configured to fit the organizations need. There isalways a race between good and evil and network security field is not anexception. In the coming years, the security industry will witness a hugedevelopment in firewall technology as the world becomes more and moreconnected. ReferencesWes Noonan & Ido Dubrawsky (2006).
Firewall Fundamentals 1st Edition, Cisco PressKeith Strassberg, ?Gary Rollie (Author) & Richard Gondek (2002). Firewalls: The CompleteReference Paperback – May 28, 2002William R. Cheswick, Steven M.Bellovin & Aviel D. Rubin (2003). Firewalls and Internet Security:Repelling the Wily Hacker.
Addison-Wesley Longman Publishing Co., Inc.Boston, MA, USA