Firewall

Written by: Nirav Patel

Contact Links: facebook.com/patelniravv twitter.com/niravvhackky

Index
Introduction to Firewall Working of Firewall Introduction to DMZ Working of DMZ Types of Firewall Advantages of Firewall Disadvantages of Firewall Some well-known Firewalls

 Introduction to Firewall
Firewall is a software or hardware based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on the Access Control List (ACL) created by the system administrator.

Firewall is used to prevent unauthorized access to private network. Firewall protects the network from being compromised by attacks like DOS, DDOS etc. from the hacker which trying to intrude the network from outside. A firewall needs to be connected to minimum of two network interface, one which is supposed to be protected (Your Internal Network) and other which is exposed to attacks (Generally Internet).

Firewall examines all messages entering or leaving the intranet and blocks those that do not meet the specified security criteria or not mentioned in the ACL list.

 Working of Firewall
Firewall examines all the data packets passing through them to see if they meet the rules defined by the ACL (Access Control List) made by the administrator of the network. Only, if the data packets allowed as per ACL, they will be terminated over the connection.

Firewall generally also maintain logs of important activities in inside the network. A network administrator can define what is important for him and configure the firewall to makes the logs accordingly.

Firewall can filter contents on the bases of Address, Protocols, Packet attributes and State.

Firewall generally screened the Packet headers.

 Introduction to DMZ
Demilitarized Zone (DMZ) is a Network Security Zone which increases security to your network, DMZ is usually between an untrusted Network (eg:Internet) and trusted network (eg:Your Internal Network).

The purpose of the DMZ is to add an additional layer of security in a layered security model that a potential hacker must break through in order to reach an organizations data and business critical servers and services running in the trusted network.

After a successful breach through the perimeter router/firewall occur, the intruder should only have access to equipment, data and services inside the DMZ itself while the critical trusted network remains secure behind the secondary firewall.

The strictest DMZ configurations would not allow any single host within the DMZ to communicate with any other host in the trusted network, however communication with other hosts in the DMZ and external hosts on the untrusted network is usually permitted.

 Working of DMZ
The security level of a DMZ is determined by the network administrator and implementation can take many forms however there are some models that have been traditionally followed.

One of the more secure of the recognized DMZ models is the dual firewall model whereby a distinctly separate network is configured to act as a layered security zone between the perimeter firewall and a second DMZ firewall located ahead of the trusted network.

This model has the additional benefit of being able to continue certain services should any part of the infrastructure fail. For example, should the DMZ firewall fail, most services in the DMZ can continue to operate while the failed firewall is replaced.

The single firewall model provides just as secure a method as the dual firewall model in that it segregates the DMZ security zone from other networks but has the disadvantage of being a single point of failure.

The firewall is usually configured with three physical network interfaces each connecting a separate security zone:

The Trusted Network The DMZ The Untrusted Network

If firewall suffer a complete failure, then all services are unreachable and for this reason, this model remains second preference to the dual firewall model.

The virtual DMZ model is a scenario that attempts to emulate a true DMZ but does not create the preferred security zone that protects the trusted network from not only the untrusted network but also the DMZ network. This model could be considered where the expense of a true DMZ is a factor, otherwise this model should be avoided in favor of the previous single and dual firewall models.

If an attack be launched against any of the services being protected, the vulnerability to which the attack is targeted is either non-existent due to different software used to proxy the real service or succeeds within the DMZ security zone and not on the critical server itself.

 Types of Firewall
In this session we will discuss about the types of firewall with their advantages and disadvantages.

There are four types of firewall and are mentioned below: 1) 2) 3) 4) Packet Filtering Firewall Circuit Level Gateway Firewall Application Level Gateway Firewall Stateful Multilayer Inspection Firewall

Now let us understand each of this firewall:

1) Packet Filtering Firewall: Packet Filtering Firewall works at the Network Layer of (Open System Interconnection) OSI model, they are usually a part of a router. In a Packet Filtering Firewall, each packet is compared to a set of criteria before it is forwarded. Depending on the packet a firewall can drop the packet or forward it, or send to the originator.

 Administrator can create their own ACL on the basis of requirement.

Advantages of Packet Filtering Firewall: The Biggest advantage of Packet Filtering Firewall is Cost and Lower Resource Usage. Best suited for the Smaller Networks. You don't have to train users or use any special client or server programs to implement packet filters. The screening router or packet filtering host transparently does all the work to the clients in your network. Disadvantage of Packet Filtering Firewall: Packet Filtering Firewall can work only on the Network Layer of OSI Model and do no support complex rule based model so it is sometimes vulnerable to spoofing and can bypass this firewall.

2) Circuit Level Gateway Firewall: Circuit Level Gateway Firewall works at the Session Layer of OSI model. This Circuit Level Gateway Firewall monitor sessions like TCP three way Handshake to see whether a requested connection is legal or not. Information sent to a Computer outside the network through a Circuit Level Gateway Firewall appears to have originated from the gateway. Circuit Level Gateway Firewall hide information about a private network they protect, but they do not filter individual packets.

 Advantage of Circuit Level Gateway Firewall: Circuit Level Gateway Firewall are comparatively inexpensive and Anonymity to the private network. Disadvantage of Circuit Level Gateway Firewall: Circuit Level Gateway Firewall do not filter individual packets. After Establishing connection to a network an attacker can take advantage of this.

3) Application Level Gateway Firewall: Application Level Gateway Firewall works at the Application Layer in OSI model. Proxy servers are the best example of Application Level Gateway Firewall. Application Level Gateway Firewall that is configured to be a web proxy will not allow ftp, gopher, telnet or many other traffic. But they are supposed to understand application specific commands such as HTTP:GET and HTTP:POST as they are deployed on application layer, for a specific protocols. Application Level Gateway Firewall can also be configured as a caching servers which in turn increases the network performance and makes it easier to log traffic.

4) Stateful Multilayer Inspection Firewall: Stateful Multilayer Inspection Firewall is the combination of all the firewalls that we have seen till now. They can filter packets at the Network Layer, check for the legitimate sessions at the Session Layer and they also evaluate the packets at the Application Layer. This type of firewall works on the transparent mode allowing direct connections between the server and the client. This firewall implement complex security model for data transfer to be more secure.

 Advantages of Firewalls:
Software Firewalls:
Software Firewalls are cheaper. Software Firewalls usually meant for personal use or for the home purpose. Software Firewalls are easy to configure.

Hardware Firewalls:
Hardware Firewalls have faster response time and can handle high volume of bandwidth or traffic. Security is more than software firewall and also includes more features and options. No interference: A box which is separated from other network components can be managed easily and does not overload the operating system.

 Disadvantages of Firewalls:
Software Firewalls:
They take up all the resources and slow down other applications. Software Firewalls are not suitable for the organizations or for the office networks. Software Firewall are generally not able to address DOS Attack or DDOS Attack.

Hardware Firewalls:
Hardware Firewalls are expensive. Hardware Firewalls requires technical knowledge to install and manage.

 Some Well-Know Firewalls

Software Firewalls:
Comodo Internet Security PC Tools Firewall Plus Free Edition ZoneAlarm Free Firewall Ashampoo FireWall Free Online Armor Free Agnitum Outpost Firewall Free Filseclab Personal Firewall Professional Edition

Hardware Firewalls:
Cyberoam CyberGuard Firewall UTM (Unified Threat Management System) FireProof Guardian Firewall