Sunteți pe pagina 1din 19
SCHOOL OF COMPUTER SCIENCES UNIVERSITI SAINS MALAYSIA CST233: Information Security and Assurance Academic Session:

SCHOOL OF COMPUTER SCIENCES

UNIVERSITI SAINS MALAYSIA

CST233: Information Security and Assurance

Academic Session: 2011/2012

Lecturer Name: Dr. Aman Jantan

White Paper: Firewall

By: OW CHEE YEE 107627

Table of Content

Introduction

2

What is Firewall?

3-4

Firewall Mechanism

5-8

Generations of Firewall

9-11

History of Firewall

12-13

Choosing a Firewall

14-16

Conclusion

17

References

18

Introduction

Cyber crime has become an issue recently. It doesn’t only harms an organization

but also pose threats to individuals. Cyber criminal can harvest information, alter

and also damages the information in the cyber world. All these information is

important as it might contain important personal data which can be exploited by

the cyber criminal to perform illegal activity. Therefore, there is an importance

for computer security to develop protection against such threats. Protections

from cyber criminals are very vital and needed to be constantly updated and

developed to prevent being hacked by the criminals. As the technology improving

every second, the protection mechanism is also improving. In computer security,

there are many ways to defend the computer. Firewall is one of the protective

ways to defend the computer. In this paper, we are also going to discuss the

functionalities of firewall and the types of firewall.

What is Firewall?

Firewall is a set of hardware devices or software system that allows or deny

transmission of packets in the network depending on a set of rules. The firewall

is the first line defense of the network and is placed at the perimeter of the

network. The firewall protects the network by acting as a gatekeeper; filtering

unauthorized access and permitting legitimate communications.

The set of rules that determines the filtering of firewall scans the characteristics

of the packets, protocol type, the source or destination host address and port.

Firewall promotes the security of a network by performing:

Insulate the internal network from unwanted packets by the public

(Internet).

Limit access of hosts of the internal network to authorized services of the

Internet.

Support network address translation (NAT). It enables internal network to

use private IP addresses.

Firewall has similar function like a router. They both connect networks together.

Firewall software runs on a host and acts as an intermediate which connecting

the trusted network and the untrusted network. It filters out the unwanted

traffics from the untrusted network.

Although firewall are similar to routers, but firewalls are different because they

also provide security measures such as authentication, encryption, content

security and NAT. After all, firewall's primary function is to enhance the security

policy and protects the host.

is to enhance the security policy and protects the host. Figure 1: Simple firewall representation [

Figure 1: Simple firewall representation [1]

the host. Figure 1: Simple firewall representation [ 1 ] Figure 2: A network architecture without

Figure 2: A network architecture without the firewall protection [5]

Firewall Mechanism

Screening Router

The screening router is implemented by placing a packet filter on the router and

be used as a firewall. This way, the architecture is transparent to users. The

packet filter will prevent the unwanted traffic from entering the internal network.

Thus, this makes the network safer and secure. The main function of routers is

to transfer packets over the network, and if there are some errors over the

control mechanism, there is a possibility that the unauthorized traffic is leaking

out of the network.

The screening router can act as firewall but is not secure on their own. The

screening routers tend to violate the choke point principle of firewalls.

Although all traffic does pass through the router at one point or

another, the router merely passes the traffic on to its ultimate

destination. [2] Every potential destination on the network should be secured

rather than a single point.

Dual-Homed Gateways

Aside from screening router, there is another common router which is the dual-

homed gateways. It is a system that fits two network interfaces (NICs) between

an untrusted network (like the internet) and trusted network (such as a

corporate network) to provide secure access. This type of router requires all

users to log in to the machine prior entering to other networks.

The word ‘dual-homedis referring to proxies or gateways which provide secure

access to untrusted networks. This architecture often uses network address

translation (NAT) to invoke a barrier; protecting the host from potential

intrusions.

Dual-homed hosts can be seen as a special case of bastion

hosts and multi-homed hosts. [3]

Screened Host Gateway

The screened host gateway combines routers with application-level firewall

architecture. In screened host gateway, the line of defense is still guarded by the

router; filtering and access controls of the network. There is also another

separate host known as the bastion host. It is a target for intrusion and should

be extremely secured. This architecture allows the router to screen through all

the packets and minimize network traffic.

This gateway has the following functions:

Server for the entire corporate network.

Serves as an information server, providing internet services.

Acts as a gateway for external network and internal network.

It is fairly straightforward to implement public servers such as FTP,

Web, and DNS, but this machine must have modified servers to handle

other individual protocols such as incoming telnet and non-anonymous

FTP. [2]

The disadvantages of using this architecture are:

Numbers of services must be executed so that the gateway is usable by

external users. Either proxy server or user account must be established on

the gateway. This situation tends to be targeted by intruders because it

provides passwords and potential intruders can have chances to overcome

them.

If there are any errors happened on the gateway such as DNS server

crash, then the whole Internet connection will be disabled.

Despite those disadvantages, screened host gateway is widely used by

companies as it is easy to implement. This version of architecture gives

improvement over both screening routers and also dual-homed gateways.

Screened Subnet

The screened subnet architecture is similar to the screened host gateway. It uses

the screening router at the entry point to screen incoming network traffics

between Internet and the public hosts. While the functions of gateways are

divided into several hosts such as Web server, FTP server or proxy server.

The screened subnet has similar functions to the screened host gateway also.

The router separate Internet from the gateway and the gateway protects the

internal network. The advantage of this architecture is that it is easier to

implement a screened subnet that has multiple hosts with different functions.

The hosts on the subnet are only required to operate the server. This will lessen

the probability of intrusion on the machine.

Using this way, the machines in the internal network do not treat the machines

on the subnet differently than they would to other machines in the external

network. This approach will significantly increase the security of the network

because accessing to the internal network will be disabled if there is any

intrusion by external machines.

Generations of Firewall

First generation: Packet filters

It was 1988, when the engineers developed a filter system known as the packet

filter firewall. It the first generation of basic firewall system and this system

continues to developed and evolve into complex internet security mechanism.

The filter will first inspect the packet travelling through the internet. If the

inspected packet matches the characteristic of the packet in the packet filter’s

rules, then that particular packet will be dropped or discarded. This filtering

system only filters packets according to the information contained in the packet

(i.e. source and destination address, protocol, port numbers and etc.).

The packet filtering firewall operates on the first three layer of the OSI reference

model which is the physical layer, data link layer and the network layer. Most

works are carried out in these layers but it involves a little bit of work at the

transport layer to find out the port numbers.

When a packet goes through the firewall, the filter will sort the packet based on

the protocol or port number basis (GSS). For example, if a rule in the

firewall exists to block telnet access, then the firewall will block the

TCP protocol for port number 23. [4]

Second generation: "Stateful" filters

The second generation of firewall is the circuit level firewall which is also the

“stateful” filters. It is developed at year 1989-1990 by AT&T Bell Laboratories.

This firewall operates on the first four layer of the OSI reference model which is

also similar to the predecessors, the packet filters. The filter inspects the data of

each packet and also its position on the data stream. It checks for the

connection records which determines whether the packet is the start of a new

connection, a part of existing connection or not involved in any connection. It is

also known as the “stateful” packet inspection. In addition to the set of rules,

this filter adds a new criterion which is the connection state in order to monitor

the packet traffic.

the connection state in order to monitor the packet traffic. Figure 3: A representation of Firewall

Figure 3: A representation of Firewall rules in handling packets [8]

Third generation: application layer firewall

The main point of the third generation firewall is the application layer filtering.

This filtering can detect certain applications and protocols that are sneaky and

might cause any harm to the host. This firewall can protect the network from

application layer exploits like viruses and Trojan horse programs.

There are two primary categories of application firewalls which are the network-

based application firewalls and host-based application firewalls.

The application firewall can control inputs, output and access within an

application or a service. If an application or a service doesn’t meet the criteria of

the configured firewall policy, the firewall will block the input, output or system

service calls.

This firewall technically controls all network traffic up to the application layer

based on the OSI reference model which the predecessor couldn’t operate on.

History of Firewall

‘Firewall’ is referred to a wall that is used to confine a fire or potential fire within

a building. These physical barriers functions to prevent and slow down the

spreading of fire. It is intended to saving both lives and property. It is then used

to refer to similar uses such as separating engine compartments from other

compartments.

The firewall technology is created in the late 1980s when the Internet is still

fresh and new. Before firewall, routers are used to perform similar actions.

Below are the examples of intrusions in the early years when the Internet was

developed: [4] [5]

The Morris Worn - On November 2, 1988, Peter Yee at the NASA Ames

Research Center sent a note out to the TCP/IP Internet mailing list that

reported, "We are currently under attack from an Internet VIRUS! It has

hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA

Ames."

Clifford Stoll's run-in with German spies

The massive password capture of the winter of 1994

The IP spoofing attack that Kevin Mitnick used against Tsutomu

Shimomura

The rash of denial-of-service attacks in January 1996, and the "Web site

break-in of the week."

The researchers and contributors of Internet have concluded that the

Internet was not safe anymore because the usage of Internet was no longer

limited to a closed community of trusted people. Therefore, more security

measures are taken in order to preserve the peace on the Internet.

Choosing a firewall

Below are the advantages and disadvantages in choosing the right firewall for

different types of home users. There are software firewalls, hardware firewalls,

and wireless routers. To determine which firewall to use, first user must know

the size of their desktop area (i.e. numbers of machine or distances between

each machines) and also the operating system of the machines.

Software firewalls

By default, operating system like Windows Vista and XP both have built-in

software firewall where others might need to search firewalls.

Pros

Cons

Does not require additional hardware

Additional cost for operating system without built-in firewall

Does not require wiring

Requires installation and configuration

Viable for single computer usage

Each computer requires a copy of firewall

Table 1: Table of Pros and Cons of installing software firewalls [6]

Hardware Firewall

Hardware firewall/routers are a good choice for home networks that will connect

to the Internet.

Pros

Cons

Hardware routers have more network ports to connect computers together

Require wiring and consume space

Protection for multiple computers

 

Table 2: Table of Pros and Cons of installing hardware firewalls [6]

Wireless routers

If you have or plan to use a wireless network, you need a wireless router.

Pros

Cons

Does not require wiring

Signals might be poor if range is far and the signal can be intercepted by others.

Useable for both laptops and desktops

Wireless routers are expensive and not all wireless routers have built-in firewall. Users might need to purchase the firewall separately

Table 3: Table of Pros and Cons of installing wireless routers [6]

As for enterprise needs, there are four basic types of firewalls: [7]

Embedded firewalls.

Not all routers come with embedded firewalls. Some router requires

purchasing the firewall separately.

However they do not protect the

machine thoroughly. Embedded firewall does not protect application layer

exploits like viruses as they only work on IP level.

Enterprise/ SOHO software-based firewalls.

These firewalls are software packages that contain firewall software to be

installed. It is very viable for small organization and wish to combine a

firewall from another server (such as web site server). For large

organization, the DMZ (demilitarized zone) would probably exist and a

separate firewall would be advisable.

Enterprise/ SOHO hardware-based firewalls.

The firewall software is already installed into the hardware. It works

exactly the same as appliance firewalls. They are used protect a large

numbers of machine on a network.

Specialty firewalls.

These firewalls are specially designed for certain focus. For example,

some specialty firewalls are configured to mainly for filtering content or

security messaging servers.

Conclusion

In a nutshell, there are many types of firewall developed since the creation of

Internet. The firewall plays a very important role in protecting the host machine

from intrusion and protecting valuable information. Users should careful analyze

their computing needs and choose the right firewall to protect their own identity

and preventing any exploitation and intrusion of privacy. As technology quickly

evolves in this era, more vicious types of attacks will be created. Efforts should

be placed in developing more security mechanism and enforcing the firewall.

References

[1] What is a Firewall?:Sorporte21.com(Spanish),

[2] Firewall architectures, http://www.invir.com/int-sec-firearc.html, (retrieved

8 th April 2012)

[3] Dual-Homed, http://en.wikipedia.org/wiki/Dual-homed, (retrieved 8 th April

2012)

(retrieved 8 th April 2012)

[5] Firewalls and internet security,

hive_article09186a00800c85ae.html, (retrieved 8 th April 2012)

8 th April 2012)

[7] How to choose the right enterprise firewall,

Right-Enterprise-Firewall.htm, (retrieved 8 th April 2012)

[8] How to setup Linux Firewall with PPPoE, NAT, iptables,