Skip to main content

Firewall





Firewalls:-

.1 Introduction:-    

The dramatic rise and progress of the Internet has opened possibilities that no one would have thought of. We can connect any computer in the world to any other computer, no matter how far the two are located form each other. This is undoubtedly a great advantage for individuals and corporate as well. However, this can be a nightmare for network support staff, which is left with a very difficult job of trying to protect the corporate network from a variety of network. At a broad level, there are two kinds of attacks:

·         Most corporations have large amounts of valuable and confidential data in their networks. Leaking of this critical information to competitors can be a great setback.

·         Apart from the danger of the insider information leaking out, there is a great danger of the outside elements (such as viruses and worms) entering a corporate network to create havoc.

We can depict this situation as shown in Fig.1

 

        

As a result of these dangers, we must have mechanism which can ensure that the inside information remains inside and also prevent the outsider attackers from entering inside a corporate network. As we know, encryption of information (if implemented properly ) renders its transmission to the outside world redundant. That is, even if confidential information flows out of a corporate network, if it is in encrypted form, outsiders cannot make any sense of it. However, encryption does not work in the other direction. Outside attackers can still try to break inside a corporate network. Consequently, better schemes are desired to achieve protection from outside attacks. This is where a firewall comes into picture.

Conceptually, a firewall can be compared with a sentry standing outside an important person’s house (such as the nation’s president) . This sentry usually keeps an eye on and physically checks every person that enters into or comes out of the house. If the sentry senses that a person wishing to enter the president’s house is carrying a knife, the sentry would not allow the person to enter. Similarly, even if the person does not possess any banned objects, but somehow looks suspicious, the sentry can still prevent that person’s entry.

A firewall acts like a sentry. If implemented, it guards a corporate network by standing between the network and the outside world. All traffic between the network and the Internet in either direction must pass through the firewall. The firewall decides if the traffic can be allowed to flow or whether it must be stopped from proceeding further. This is shown in figure. 2.

Of course, technically, a firewall is a specialized version of a router. Apart from the basic routing functions and rules, a router can be configured to perform the firewall functionality, with the help of additional resources.

The characteristics of a good firewall implementation can be classified as follows.

·         All traffic from inside to outside and vice versa, must pass through the firewall.

·         Only the traffic authorized as per the local security policy should be allowed to pass through.

·         The firewall itself must be strong enough, so as to render attacks on it useless.

Types Of Firewalls:-

Based on the criteria that they use for filtering traffic, firewals are generally classified into two types, as shown below.

 
               Firewalls
Packet Filters
 
Application Gateways


Fig . 3. Types of Firewalls

Let us discuss these two types of firewalls one-by-one.

Packet Filters:-    As the name suggests, a packet filter applies a set of rules to each packet an based on the outcome, decides to either forward or discard the packet. It is also called as screening router or screening filter. Such a firewall implementation involves a router, which is configured to filter packets going in either direction (from the local network to the outside world and vice versa). The filtering rules are based on a number of fields in the IP and TCP/UDP headers, such as source and destination IP addresses, IP protocol field (which identify the application which is using this packet, such as email, file transfer or World Wide Web).

The idea of a packet filter is shown in fig.4


Conceptually, a packet filter can be considered as a router that performs three main actions, as shown in fig. 5.


A Packet filter performs the following functions.

1.      Receive each packet as it arrives.

2.      Pass the packet through a set of rules, based on the content of the IP and transport header fields of the packet. If there is a match with one of the set rules, decide whether to accept or discard the packet based on that rule. For example, a rule could specify: disallow all incoming traffic from an IP address 157.29.19.10 (this IP address is taken just as an example) or disallow all traffic that uses UDP as the higher (transport) layer protocol.

3.      If there is no match with any rule, take the default action. The default can be discard all packets or accept all packets. The former policy is more conservative, whereas the latter is more open. Usually, the implementation of a firewall begins with the default discard all packet option and then rules are applied one-by-one to enforce packet filtering.

The chief advantage of the packet filter is its simplicity. The users need not be aware of a packet filter at all. Packet filters are very fast in their operating speed. However, the two disadvantages of a packet filter are the difficulties in setting up the packet filter rules correctly and lack of support for authentication.

Attacker can try and break the security of a packet filter by using the following techniques.

1.      IP Address spoofing:          An intruder outside the corporate network  can attempt to send a packet towards the internal corporate network, with the source IP address set equal to one of the IP addresses of the internal users. This is shown in Fig 6. This attack can be defeated by discarding all the packets that arrive at the incoming side of the firewall, with the source address equal to one of the internal addresses.

2.      Source routing attacks:        An attacker can specify the route that a packet should take as it moves along the Internet. The Attacker hopes that by specifying this option, the packet filter can be fooled to bypass its normal checks. Discarding all packets that use this option can thwart such an attack.

3.      Tiny fragment attacks:        IP packets pass through a variety of physical networks, such as Ethernet, Token Ring, ATM, etc. All these networks have a pre-defined maximum frame size (called as the Maximum Transmission Unit or MTU). Many times, the size of the IP packet is greater than this maximum size allowed by the underlying network. In such cases, the IP packet needs to be fragmented, so that it can be accommodated inside the physical frame and carried further. An attacker might attempt to use this characteristic of the TCP/IP protocol suite by intentionally creating fragments of the original IP packet and sending them. The attacker feels that the packet filter can be fooled, so that after fragmentation, it checks only the first fragment and does not check the remaining fragments. This attack can be filed by discarding all the packets where the (upper layer protocol types is TCP and the packet is fragmented (refer to identification and protocol fields of an IP packet discussed earlier to understand how we can implement this).

An advanced type of packet filter is called as dynamic packet filter or stateful packet filter. A dynamic packet filter allows the examination of packets based on the current state of the network. That is, it adapts itself to the current exchange of information, unlike the normal packet filters, which have routing rules hard coded. For instance, we can specify a rule with the help of a dynamic packet filter as follows:

Allow incoming TCP packets only if they are responses to the outgoing TCP packets that have gone through our network.

Application Gateways:-

                              An application gateway is also called as a proxy server. This is because it acts like a proxy(i.e. deputy or substitute) and decides about the flow of application level traffic. The idea is shown below.

Application gateways typically work as follows.

1.      An internal user contacts the application gateway using a TCP/IP application, such as HTTP or TELNET.

2.      The application gateway asks the user about the remote host with which the user wants to set up a connection for actual communication (i.e. its domain name or IP address, etc) . The application gateway also asks for the user id and the password required to access the services of the application gateway.

3.      The user provides this information to the application gateway.

4.       

 
  

Comments

Post a Comment

Popular posts from this blog

Derivation of the Phase Rule

Derivation of the Phase Rule:                                        According to this rule, for any equilibrium thermodynamic system, the sum of the number of degrees of freedom(F) and the number of phases(P) are equal to the sum of number of independent component ‘C’ and the number of external factors n(T and P) affecting the physical state of the system.            F+P=C+n   Or ,     F+P= C+2        where ( n=2 )   Or ,    F= C-P+2    (Gibbs phase rule) Let us consider a heterogeneous system in equilibrium having C components (C 1 ,C 2 ,----C c ) distributed in P phase (P 1 , P 2 , ----P p ). The number of degree of freedom = Total number of variables   - ...
Post a Comment
Read more

Properties of Lubricants

Properties of Lubricants:- Lubricants have several properties, some important properties are given below:- 1.       Viscosity:                              It is the property of a liquid or a fluid by virtue of which it offers resistance to its own flow. If two layers of a liquid separated by a distance’s and moving with a relative velocity difference ‘v’ then force per unit area(f) required to maintain this velocity difference is given by-                                                 f=nv/d Where n is the coefficient of viscosity. Viscosity is the most important property of ...
Post a Comment
Read more

Additives For Lubricants

Additives For Lubricants There are lack of properties of single lubricating oil so the properties of lubricants may be improved by adding some specific suitable compounds, such type of compounds which are used to improve the properties of lubricants are known as additives for lubricants. Some important additives are listed below. (i)                  Extreme pressure additives:   These additives either get absorbed on the metal surface or react with the metal to form a layer having low shear strength on the metal surface and prevent wearing and tearing. They also protect them from welding and seizure under extreme pressure conditions. For example fatty ester, acids, organic chlorine compounds, metallic soaps etc. (ii)                Viscosity Index improves: The prevent the oil from thickening at low temperature and thin ...
Post a Comment
Read more