SCHOOL OF COMPUTER SCIENCES UNIVERSITI SAINS MALAYSIA

CST233: Information Security and Assurance Academic Session: 2011/2012 Lecturer Name: Dr. Aman Jantan White Paper: Firewall

By: OW CHEE YEE 107627

Table of Content

Introduction What is Firewall? Firewall Mechanism Generations of Firewall History of Firewall Choosing a Firewall Conclusion References

2 3-4 5-8 9-11 12-13 14-16 17 18

Page | 1

Introduction
Cyber crime has become an issue recently. It doesnt only harms an organization but also pose threats to individuals. Cyber criminal can harvest information, alter and also damages the information in the cyber world. All these information is important as it might contain important personal data which can be exploited by the cyber criminal to perform illegal activity. Therefore, there is an importance for computer security to develop protection against such threats. Protections from cyber criminals are very vital and needed to be constantly updated and developed to prevent being hacked by the criminals. As the technology improving every second, the protection mechanism is also improving. In computer security, there are many ways to defend the computer. Firewall is one of the protective ways to defend the computer. In this paper, we are also going to discuss the functionalities of firewall and the types of firewall.

Page | 2

What is Firewall?
Firewall is a set of hardware devices or software system that allows or deny transmission of packets in the network depending on a set of rules. The firewall is the first line defense of the network and is placed at the perimeter of the network. The firewall protects the network by acting as a gatekeeper; filtering unauthorized access and permitting legitimate communications. The set of rules that determines the filtering of firewall scans the characteristics of the packets, protocol type, the source or destination host address and port. Firewall promotes the security of a network by performing: Insulate the internal network from unwanted packets by the public (Internet). Limit access of hosts of the internal network to authorized services of the Internet. Support network address translation (NAT). It enables internal network to use private IP addresses. Firewall has similar function like a router. They both connect networks together. Firewall software runs on a host and acts as an intermediate which connecting the trusted network and the untrusted network. It filters out the unwanted traffics from the untrusted network.

Page | 3

Although firewall are similar to routers, but firewalls are different because they also provide security measures such as authentication, encryption, content security and NAT. After all, firewall's primary function is to enhance the security policy and protects the host.

Figure 1: Simple firewall representation

[1]

Figure 2: A network architecture without the firewall protection

[5]

Page | 4

Firewall Mechanism
Screening Router The screening router is implemented by placing a packet filter on the router and be used as a firewall. This way, the architecture is transparent to users. The packet filter will prevent the unwanted traffic from entering the internal network. Thus, this makes the network safer and secure. The main function of routers is to transfer packets over the network, and if there are some errors over the control mechanism, there is a possibility that the unauthorized traffic is leaking out of the network. The screening router can act as firewall but is not secure on their own. The screening routers tend to violate the choke point principle of firewalls. Although all traffic does pass through the router at one point or another, the router merely passes the traffic on to its ultimate destination. [2] Every potential destination on the network should be secured rather than a single point.

Page | 5

Dual-Homed Gateways Aside from screening router, there is another common router which is the dualhomed gateways. It is a system that fits two network interfaces (NICs) between an untrusted network (like the internet) and trusted network (such as a corporate network) to provide secure access. This type of router requires all users to log in to the machine prior entering to other networks. The word dual-homed is referring to proxies or gateways which provide secure access to untrusted networks. This architecture often uses network address translation (NAT) to invoke a barrier; protecting the host from potential intrusions. Dual-homed hosts can be seen as a special case of bastion hosts and multi-homed hosts. [3]

Screened Host Gateway The screened host gateway combines routers with application-level firewall architecture. In screened host gateway, the line of defense is still guarded by the router; filtering and access controls of the network. There is also another separate host known as the bastion host. It is a target for intrusion and should be extremely secured. This architecture allows the router to screen through all the packets and minimize network traffic.

Page | 6

This gateway has the following functions: Server for the entire corporate network. Serves as an information server, providing internet services. Acts as a gateway for external network and internal network.

It is fairly straightforward to implement public servers such as FTP, Web, and DNS, but this machine must have modified servers to handle other individual protocols such as incoming telnet and non-anonymous FTP. [2] The disadvantages of using this architecture are: Numbers of services must be executed so that the gateway is usable by external users. Either proxy server or user account must be established on the gateway. This situation tends to be targeted by intruders because it provides passwords and potential intruders can have chances to overcome them. If there are any errors happened on the gateway such as DNS server crash, then the whole Internet connection will be disabled.

Despite those disadvantages, screened host gateway is widely used by companies as it is easy to implement. This version of architecture gives improvement over both screening routers and also dual-homed gateways.

Page | 7

Screened Subnet The screened subnet architecture is similar to the screened host gateway. It uses the screening router at the entry point to screen incoming network traffics between Internet and the public hosts. While the functions of gateways are divided into several hosts such as Web server, FTP server or proxy server. The screened subnet has similar functions to the screened host gateway also. The router separate Internet from the gateway and the gateway protects the internal network. The advantage of this architecture is that it is easier to implement a screened subnet that has multiple hosts with different functions. The hosts on the subnet are only required to operate the server. This will lessen the probability of intrusion on the machine. Using this way, the machines in the internal network do not treat the machines on the subnet differently than they would to other machines in the external network. This approach will significantly increase the security of the network because accessing to the internal network will be disabled if there is any intrusion by external machines.

Page | 8

Generations of Firewall
First generation: Packet filters It was 1988, when the engineers developed a filter system known as the packet filter firewall. It the first generation of basic firewall system and this system continues to developed and evolve into complex internet security mechanism. The filter will first inspect the packet travelling through the internet. If the inspected packet matches the characteristic of the packet in the packet filters rules, then that particular packet will be dropped or discarded. This filtering system only filters packets according to the information contained in the packet (i.e. source and destination address, protocol, port numbers and etc.). The packet filtering firewall operates on the first three layer of the OSI reference model which is the physical layer, data link layer and the network layer. Most works are carried out in these layers but it involves a little bit of work at the transport layer to find out the port numbers. When a packet goes through the firewall, the filter will sort the packet based on the protocol or port number basis (GSS). For example, if a rule in the firewall exists to block telnet access, then the firewall will block the TCP protocol for port number 23.
[4]

Page | 9

Second generation: "Stateful" filters The second generation of firewall is the circuit level firewall which is also the stateful filters. It is developed at year 1989-1990 by AT&T Bell Laboratories. This firewall operates on the first four layer of the OSI reference model which is also similar to the predecessors, the packet filters. The filter inspects the data of each packet and also its position on the data stream. It checks for the connection records which determines whether the packet is the start of a new connection, a part of existing connection or not involved in any connection. It is also known as the stateful packet inspection. In addition to the set of rules, this filter adds a new criterion which is the connection state in order to monitor the packet traffic.

Figure 3: A representation of Firewall rules in handling packets

[8]

Page | 10

Third generation: application layer firewall The main point of the third generation firewall is the application layer filtering. This filtering can detect certain applications and protocols that are sneaky and might cause any harm to the host. This firewall can protect the network from application layer exploits like viruses and Trojan horse programs. There are two primary categories of application firewalls which are the networkbased application firewalls and host-based application firewalls. The application firewall can control inputs, output and access within an application or a service. If an application or a service doesnt meet the criteria of the configured firewall policy, the firewall will block the input, output or system service calls. This firewall technically controls all network traffic up to the application layer based on the OSI reference model which the predecessor couldnt operate on.

Page | 11

History of Firewall
Firewall is referred to a wall that is used to confine a fire or potential fire within a building. These physical barriers functions to prevent and slow down the spreading of fire. It is intended to saving both lives and property. It is then used to refer to similar uses such as separating engine compartments from other compartments. The firewall technology is created in the late 1980s when the Internet is still fresh and new. Before firewall, routers are used to perform similar actions. Below are the examples of intrusions in the early years when the Internet was developed:
[4] [5]

The Morris Worn - On November 2, 1988, Peter Yee at the NASA Ames Research Center sent a note out to the TCP/IP Internet mailing list that reported, "We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames."

Clifford Stoll's run-in with German spies The massive password capture of the winter of 1994 The IP spoofing attack that Kevin Mitnick used against Tsutomu Shimomura

The rash of denial-of-service attacks in January 1996, and the "Web site break-in of the week."
Page | 12

The researchers and contributors of Internet have concluded that the Internet was not safe anymore because the usage of Internet was no longer limited to a closed community of trusted people. Therefore, more security measures are taken in order to preserve the peace on the Internet.

Page | 13

Choosing a firewall
Below are the advantages and disadvantages in choosing the right firewall for different types of home users. There are software firewalls, hardware firewalls, and wireless routers. To determine which firewall to use, first user must know the size of their desktop area (i.e. numbers of machine or distances between each machines) and also the operating system of the machines.

Software firewalls By default, operating system like Windows Vista and XP both have built-in software firewall where others might need to search firewalls. Pros Does not require additional hardware Does not require wiring Viable for single computer usage Cons Additional cost for operating system without built-in firewall Requires installation and configuration Each computer requires a copy of firewall

Table 1: Table of Pros and Cons of installing software firewalls [6]

Page | 14

Hardware Firewall Hardware firewall/routers are a good choice for home networks that will connect to the Internet. Pros Cons

Hardware routers have more network ports to connect Require wiring and computers together consume space Protection for multiple computers Table 2: Table of Pros and Cons of installing hardware firewalls [6] Wireless routers
If you have or plan to use a wireless network, you need a wireless router.

Pros

Cons

Does not require wiring Useable for both laptops and desktops

Signals might be poor if range is far and the signal can be intercepted by others. Wireless routers are expensive and not all wireless routers have built-in firewall. Users might need to purchase the firewall separately

Table 3: Table of Pros and Cons of installing wireless routers [6]

Page | 15

As for enterprise needs, there are four basic types of firewalls: Embedded firewalls.

[7]

Not all routers come with embedded firewalls. Some router requires purchasing the firewall separately. However they do not protect the machine thoroughly. Embedded firewall does not protect application layer exploits like viruses as they only work on IP level. Enterprise/ SOHO software-based firewalls. These firewalls are software packages that contain firewall software to be installed. It is very viable for small organization and wish to combine a firewall from another server (such as web site server). For large organization, the DMZ (demilitarized zone) would probably exist and a separate firewall would be advisable. Enterprise/ SOHO hardware-based firewalls. The firewall software is already installed into the hardware. It works exactly the same as appliance firewalls. They are used protect a large numbers of machine on a network. Specialty firewalls. These firewalls are specially designed for certain focus. For example, some specialty firewalls are configured to mainly for filtering content or security messaging servers.
Page | 16

Conclusion
In a nutshell, there are many types of firewall developed since the creation of Internet. The firewall plays a very important role in protecting the host machine from intrusion and protecting valuable information. Users should careful analyze their computing needs and choose the right firewall to protect their own identity and preventing any exploitation and intrusion of privacy. As technology quickly evolves in this era, more vicious types of attacks will be created. Efforts should be placed in developing more security mechanism and enforcing the firewall.

Page | 17

References
[1] What is a Firewall?:Sorporte21.com(Spanish), http://www.soporte21.com/que_es_un_firewall.php, (retrieved 8th April 2012) [2] Firewall architectures, http://www.invir.com/int-sec-firearc.html, (retrieved 8th April 2012) [3] Dual-Homed, http://en.wikipedia.org/wiki/Dual-homed, (retrieved 8th April 2012) [4] Firewall (computing), http://en.wikipedia.org/wiki/Firewall_(computing), (retrieved 8th April 2012) [5] Firewalls and internet security, http://www.cisco.com/web/about/ac123/ac147/ac174/ac200/about_cisco_ipj_arc hive_article09186a00800c85ae.html, (retrieved 8th April 2012) [6] How to choose firewall, http://www.microsoft.com/canada/protect/protectyour-computer/firewalls/article.aspx?article=how-to-choose-a-firewall, (retrieved 8th April 2012) [7] How to choose the right enterprise firewall, http://www.esecurityplanet.com/views/article.php/974501/How-to-Choose-theRight-Enterprise-Firewall.htm, (retrieved 8th April 2012) [8] How to setup Linux Firewall with PPPoE, NAT, iptables, http://www.akadia.com/services/pppoe_iptables.html, (retrieved 8th April 2012)

Page | 18