FIREWALLS AND NETWORK SECURITY

PRESENTED BY:

HIDAYATULLAH KHOMAINI
Hiday00786@yahoo.co.in
MALINENI LAKSHMAIAH ENGINEERING COLLEGE
SINGARAYA KONDA
&
VIDYA PRATIMA
s030558prathima@yahoo.com
St.ANN’S ENGINEERING COLLEGE, CHIRALA
 ABSTRACT
wall is a system that allows network administrators to set an access control policy for the
network. It can be used to permit limit or block the traffic between the network and the Internet.
It can be configured to enter only e-mail to enter the network. It can also authenticate remote
logons to the network, preventing unauthorized users from entering the network. Its auditing
capabilities include a) web pages accessed, b) attempts to log into the network and 3) usage
statistics. These data help network administrators manage the network, monitor inappropriate
users and detect attacks.
Network security refers to the proper safeguarding of everything associated with the
network, including data, media and equipment. It involves administrative functions, such as
threat assessment and technical tools and facilities such as cryptographic products such as
firewalls. It also involves making certain that only people who are authorized to see these
resources use in accordance with a prescribed policy and network resources.
INTRODUCTION

The Internet has made large amount of information available to the average computer user at
home, in business and education. For many people, having access to this information is no longer
just an advantage is essential. By connecting a private network to the Internet can expose critical
or confidential data to malicious attack from anywhere in the world. The intruders could gain
access to your sites private information or interfere with the use of your own systems. Users who
connect their computers to the Internet must be aware of these dangers, their implications and
how to protect the data and their critical systems.
Therefore security of the network is the main criteria here and firewalls provide this security.
The Internet firewalls keep the flames of Internet hell out of your network or, to keep the
members of your LAN pure by denying them access the all the evil Internet temptation.
All the enterprises with computer networks have security concerns with their data
whether or not their network is connected to the Internet. Attempts to corrupt or steal enterprises
data is referred to as an attack. A typical attack is when a hacker breaks in to an enterprises
network through their web server and either steals valuable data, modifies data or inserts a virus
in to a network. Another form of an attack is when a disgruntled employee steals data for a
financial gain or to injure the enterprise.
Going through the whole process of developing a security policy is not enough. Threats
change, vulnerabilities change, business requirement change and the available counter measures
change. All of these must be periodically and routinely re-evaluated to achieve a network
security policy that is feasible, practical and enforceable and at the same time it protects the
network.
TYPES OF FIREWALLS
Firewalls fall into different categories. They are mainly
 Packet filtering firewalls
These firewalls work at the network layer of the OSI model, or IP layer of TCP/IP.
They are usually a part of the router. A router is a device that receives the packet from one
network and forwards them to other network. In a packet filtering firewall, each packet is
compared to a set of criteria before it is forwarded. Depending on the packet and the
criteria, firewall can drop the packet, forward it or send a message to the originator. Rules
can include source and destination IP addresses, source and destination port number and
type of the protocol embedded in that packet. These firewalls often contain an ACL (access
control list) to restrict who gains the access to which the computers and the networks.

5. Application Disallowed
Allowed
4. Transport control Traffic is filtered based on
Protocol (TCP) Specific rules including source
3. Internet protocol And destination IP addresses, packet
(IP) type, port number etc. unknown
2. Data link traffic is allowed only up to level3 of the
network stack.
1. Physical

 Circuit level gateways:

These firewalls work at the session layer of the OSI model., or TCP/IP layer of
the TCP/IP. They monitor TCP hand shaking between packets to determine whether the
requested session is legitimate. Traffic is filtered based on the specified session rules, such as
when a session is initiated by the recognized computer. Information passed to remote computer
through a circuit level gateway appears to have originated from the gateway. This is useful for
hiding the information about protected networks. Circuit level gateways are relatively
inexpensive and have the advantage of hiding the information about the private network they
protect. On the other hand, they do not filter individual packets. Unknown traffic is allowed up to
the level 4 of the network stack. These are the hardware firewalls and apply security mechanisms
when a TCP or UDP connection is established.

5. Application Disallowed Allowed

Traffic is filtered based on specified
4. Transport control session rules, such as when e session
Protocol (TCP)
Is initiated by a recognized computer.
3. Internet protocol Unknown traffic is allowed only at the level
(IP)
4 of the network stack.
2. Data link

1. Physical
  Application gateways:
These are the software firewalls. These are often used by the companies
specifically to monitor and log the employee activity and by private citizens to protect a
home computer from hackers, spy ware to set the parental controls for children.
Application gateways are also called proxies are similar to circuit level gateways expect
that they are application specific. Hey can filter the packets at the application layer of
OSI or TCP/IP model. Incoming or outgoing packets can’t access services for which
there is no proxy. In plain terms, an application level gateway is configured to be a web
proxy will not allow all ftp, golpher, telnet or other traffic through. Because they examine
packets at the application layer, they contain filter application specific commands such as
http, post, get etc.
It works like a proxy. A proxy is a process that sits between a client and a server. For a
client proxy look like a server and for the server proxy look like a client. Example Application
layer firewall in the above figure an application firewall called “dual homed gateway” is
represented. A dual homed gateway is highly secured host that runs proxy software. It has two
interfaces one on each network and blocks all traffic passing through it.

5. Application Disallowed Allowed

4. Transport control Traffic is filtered based on specified

Protocol (TCP)
Specified application rules, such as specified
3. Internet protocol Applications (such as FTP, or combinations.
(IP)

2. Data link Unknown traffic is allowed up to the top of

1. Physical the network stack.
  Stateful multiplayer inspection firewall:

They combine the aspects of other three types of firewalls. This firewall keeps
track of all packets associated with a specific communication session. A typical communication
session between two computers will consists a several thousand packets, each of which is
identified by a unique source and destination address and a sequence number that allows all the
packets to be assembled in to the correct data files at destination computer. Each packet of data is
checked to ensure that it belongs to proper sessions. Any packets that are not part of an existing
session are rejected. In addition to checking and validating the communication session ensuring
that all packets belong to the proper session, these are the further screens the packets at the
application layer also.
Filtering at the software application port level provides an additional layer of control for
the network administrator to ensure that only authorized transactions are allowed through the
firewall. These firewalls close off ports until connection to the specified port is requested.

5. Application
Disallowed Allowed

Traffic is filtered at the three levels baded on a

4. Transport control
wide range of specified
Protocol (TCP)
Application, session and packet
Filtering rules.
3. Internet protocol
(IP)
Unknown traffic is allowed up to level 3 of
the network stacks.
2. Data link

1. Physical
 SECURITY IN NETWORKS

Telephone/voice mail security is often forgotten about, threats involve attackers

telephoning cheaply internationally, listening to voice mail messages and possibly unauthorized
access to the Internet. 1) Dial-up networks can be easy entry point for attackers as they are often
less well-protected or monitored than Internet connections. Typical attacks are identifying
spoofing leading to unauthorized access. 2) The Internet connection offers a way to communicate
with millions of people globally but is difficult to control due to its complex and dynamic nature.
A wide range of attacks is possible: evesdropping, identity spoofing, and denial of service. 3)
Connections to vendors/ patner’s are often not secured enough, due to lack of time or resources, or
belief in security through obscurity. They can be used as an attack point by patner organizations
and also for the attackers who have penetrated the patner’s network. 4) WAN’s are used to extend
the corporate intranet to many areas. The cabling probably passes through public zones. The
complexity of WAN’s can serve as a deterent to attackers.5) Social engineering can be used to
stick the personnel into divulging information or providing access. 6) Helpdesks may also subject
to social engineering, providing modern numbers, passwords etc. Unwittingly to unauthorized
persons. 7) Many people who are not employees will access to buildings in one way or another. 8)
Sensitive information, if not securely disposed of, will yield a valuable resource to attackers.
10 TIPS FOR CREATING NETWORK SECURITY POLICY
 Identifying and locate your assets.
 Perform a threat risk management.
 Adopt a “need to know philosophy”.
 Perform an informal site survey of your organization.
 Institute a standard for classifying all the information.
 Ascertain who needs access to external resources.
 Create a disaster recovery plan
 Appoint a some one to be responsible for security policy enforcement
 Review the impact of any intended procedural changes on your employees.
 Understand that the implementation of any security policy needs regular validation.

COMPONENTS OF NETWORK SECURITY POLICY

Although network security policies are subjective and can be very different for
different organizations, there are certain issues that are relevant in most policies

 Physical security: without physical security, the other issues of network

security like confidentiality; availability and integrity will be greatly threatened
.The physical security section states how facilities of hardware and software should be
protected.
 Network security: the network security section states how assets how assets stored on
the network will be protected. . This section might include security measures regarding
access controls, firewalls, network auditing, remote access, directory services, Internet
services and file system directory services.
  Access control: access control determines who has access to what. Good access control
includes managing remote access and enabling administrators to be efficient in their
work.
 Authentication: Authentication is how the users tell the network who they are. The type
of authentication used varies depending on from where users are authenticating from the
desk.
The other components of network security policy are Encryption, key
management, auditing and review, security awareness, acceptable use policy, software
security…so on.

ADVANTAGES OF FIREWALLS AND NETWORK SECURITY

 Concentration of security
 Information hiding
 Application gateways
 Extended logging
 Centralized and simplified network service management

DISADVANTAGES OF FIREWALLS AND NETWORK SECURITY

 The most obvious being that certain types of network access may be hampered or even
blocked for some hosts, including telnet, FTP, X windows, NFS, NIS etc. however
these disadvantages are not unique to firewalls; network access could be restricted at
the host level as well, depending on a sites security policy.
 A second disadvantage with a firewall system is that it concentrates security in one spot
as opposed to distributing it among systems, thus a compromise3 of the firewall could
be disastrous to the less protected systems on the subnet. The weakness can be
countered, however the argument that lapses and weaknesses the security are more
likely to be found, as the number of systems in the subnet is increase, there by
multiplying the ways in which subnets can be exploited.
  Another disadvantage is that relatively few vendors have offered firewall systems
until very recently. Most firewalls have been somewhat “hand-built” by site
administrators, however the time and effort that could go constructing a firewall may
outweigh the cost

CONCLUSION

In conclusion, the Internet has become a dangerous place. Thirteen-year-old kids on dial-
up accounts can crash a site supported by two T-1 connections by using hundreds of Zombies
(PC’s hacked and uploaded with the Trojan) to flood with UDP and ICMP traffic. This is simply
a malicious attack meant to consume all of the bandwidth of the connection to the Internet.
Yahoo was recently crashed by what is called a “smurf” attack, pings requests are sent to several
Internet broadcast addresses with a spoofed return address aimed at the victim (yahoo in this
case). The resulting storm of packets consumes all bandwidth and disconnects or makes the site
unusable for the normal traffic. Hackers attack networks to destroy and/or steal the information.
They attack PC’s so they can use them in zombie attacks, to hide their identity when trying to
gain illegal entry to secure networks, or for nothing more than malicious purposes. While on the
internet my firewall typically gets 1 to 3 hits an hour, primarily port scanners looking for a
specific Trojan or a vulnerability to exploit. No one should be on the Internet without a firewall.
All networks are protected by firewalls. However, it is always a trade-off. The whole point of the
Internet is communication and exchange of information. The question how much do we restrict
access without losing all the advantages of speed and openness.

BIBLIOGRAPHY

 Firewalls and network security, W.Cheswick and S.Bellovin, Addison Welesley

 www.google.com

 www.sun.com
 www.astaro.com

 www.networkworld.com