NETWORK SECURITY
PL.SORNALATHA
S. SNEHA.
First Year CSE Department, Velammal College of Engg. and Tech.
Viraganoor, Madurai-625009
Abstract— Protection of networks and their services
from unauthorized modification, destruction, or
disclosure, and provision of assurance that the network
performs its critical functions correctly and there are no
harmful side-effects. Network security includes
providing for data integrity. It is taken as providing
protection at the boundaries of an organization by
keeping out hackers. Network security starts from
authenticating the user, Once authenticated; a firewall
enforces access policies such as what services are
allowed to be accessed by the network users. In this
paper we are going to deal about Fire walls and its
significance in Network Security.
Introduction:
A “network'' has been defined as ``any set of
interlinking lines resembling a net, a network of roads ||
an interconnected system, a network of alliances.''
Network security consists of the provisions made in an
underlying computer network infrastructure, policies
adopted by the network administrator to protect the
network and the network-accessible resources from
unauthorized access, and consistent and continuous
monitoring and measurement of its effectiveness
combined together. It is a preventive measure for
keeping out hacking. A firewall is a part of a computer
system or network that is designed to block
unauthorized access while permitting authorized
communications.
Contents:
• Firewall
• History
• Types
• Function
• Configuration
• Need to have firewall.
• Security issues in firewall
• Advantages
• Conclusion.
A. Firewall:
Firewalls are a product and development of this
new security consciousness that realized the need to
keep private LANs and personal computers
protected.Firewalls can be implemented in either
hardware or software, or a combination of both.
Firewalls are frequently used to prevent unauthorized
Internet users from accessing private networks
connected to the Internet, especially intranets. All
messages entering or leaving the intranet pass through
the firewall, which examines each message and blocks
those that do not meet the specified security criteria.
B. History:
The term "firewall/ fireblock" originally meant a wall
to confine a fire or potential fire within a building.Later
uses refer to similar structures, such as the metal sheet
separating the engine compartment of a vehicle or
aircraft from the passenger compartment.
Firewall technology emerged in the late 1980s when the
Internet was a fairly new technology in terms of its
global use and connectivity. The predecessors to
firewalls for network security were the routers used in
the late 1980s to separate networks from one
another.The view of the Internet as a relatively small
community of compatible users who valued openness
for sharing and collaboration was ended by a number of
major internet security breaches which occurred in the
late 1980s:
• Clifford Stoll's discovery of German spies tampering
with his system.
• Bill Cheswick's "Evening with Berferd" 1992 in
which he set up a simple electronic jail to observe an
attacker
• In 1988 an employee at the NASA Ames Research
Center in California sent a memo by email to his
colleagues that read
• The Morris Worm spread itself through multiple
vulnerabilities in the machines of the time. Although
it was not malicious in intent, the Morris Worm was
the first large scale attack on Internet security; the
online community was neither expecting an attack
nor prepared to deal with one .
First Generation-Packet filters:
The first paper published on firewall technology was
in 1988, when engineers from Digital Equipment
Corporation (DEC) developed filter systems known as
packet filter firewalls. This fairly basic system was the
first generation of what became a highly evolved and
technical internet security feature. At AT&T Bell Labs,
Bill Cheswick and Steve Bellovin were continuing their
research in packet filtering and developed a working
model for their own company based upon their original
first generation architecture.
Packet filters act by inspecting the "packets" which
represent the basic unit of data transfer between
computers on the Internet. If a packet matches the
packet filter's set of rules, the packet filter will drop the
packet, or reject it .
This type of packet filtering pays no attention to whether
a packet is part of an existing stream of traffic. Instead,
it filters each packet based only on information
contained in the packet itself
TCP and UDP protocols comprise most communication
over the Internet, and because TCP and UDP traffic by
convention uses well known ports for particular types of
traffic, a "stateless" packet filter can distinguish
between, and thus control, those types of traffic ,unless
the machines on each side of the packet filter are both
using the same non-standard ports.
Second Generation –Application Layer:
The key benefit of application layer filtering is that it
can "understand" certain applications and protocols .and
it can detect whether an unwanted protocol is being
sneaked through on a non-standard port or whether a
protocol is being abused in any harmful way.
An application firewall is much more secure and reliable
when comparing to packet filter firewall because it
works on all seven layers of the OSI reference model
which means application to physical Layer. This is
similar to a packet filter firewall but here we can also
filter information on Content Basis. The best example of
application firewall is ISA. This is a software based
firewall and thus it is much slower than a stateful
firewall.
Third Generation- Stateful filters:
From 1989-1990 three colleagues from AT&T Bell
Laboratories, Dave Presetto, Janardan Sharma, and
Kshitij Nigam developed the third generation of
firewalls, calling them circuit level firewalls.
Third generation firewalls in addition regard placement
of each individual packet within the packet series. This
technology is generally referred to as a stateful packet
inspection as it maintains records of all connections
passing through the firewall and is able to determine
whether a packet is either the start of a new connection,
a part of an existing connection, or is an invalid packet.
Though there is still a set of static rules in such a
firewall, the state of a connection can in itself be one of
the criteria which trigger specific rules.
This type of firewall can help prevent attacks which
exploit existing connections, or certain Denial-of-service
attacks
A fourth method that can be utilized by firewalls is
called "Stateful Packet Inspection". It is called "Stateful"
because it examines the contents of the packet to
determine what the state of the communication is. It
ensures that the stated destination computer has
previously acknowledged the communication from the
source computer. In this way all communications are
initiated by the "receiving" computer and are taking
place only with sources that are known or trusted from
previous communication connections. In addition
Stateful Packet Inspection firewalls are also more
rigorous in their packet inspections. Stateful Packet
Inspection firewalls also close off ports until an
authorized connection is requested and acknowledged by
the receiving computer. This allows for an added layer
of protection from the threat of "port scanning" a
method used by hackers to determine what PC services
or applications are available to be utilized to gain access
to the host computer.
Subsequent Developments:
In 1992, Bob Braden and Annette DeSchon at the
University of Southern California (USC) were refining
the concept of a firewall. The product known as "Visas"
was the first system to have a visual integration interface
with colours and icons, which could be easily
implemented to and accessed on a computer operating
system such as Microsoft's Windows or Apple's MacOS.
In 1994 an Israeli company called Check Point Software
Technologies built this into readily available software
known as FireWall-1.
The existing deep packet inspection functionality of
modern firewalls can be shared by Intrusion-prevention
systems (IPS).
Currently, the Middlebox Communication Working
Group of the Internet Engineering Task Force (IETF) is
working on standardizing protocols for managing
firewalls and other middleboxes.
Another axis of development is about integrating
identity of users into Firewall rules. Many firewalls
provide such features by binding user identities to IP or
MAC addresses, which is very approximate and can be
easily turned around. The NuFW firewall provides real
identity based firewalling, by requesting user's signature
for each connection.
block . Network layer firewalls tend to be very
fast and tend to be very transparent to users
• Application Layer Firewalls:
These generally are hosts running proxy servers, which
permit no traffic directly between networks, and which
perform elaborate logging and auditing of traffic passing
through them. Since the proxy applications are software
components running on the firewall, it is a good place to
do lots of logging and access control. Application layer
firewalls can be used as network address translators,
since traffic goes in one ``side'' and out the other, after
having passed through an application that effectively
masks the origin of the initiating connection. Having an
application in the way in some cases may impact
performance and may make the firewall less transparent.
Early application layer firewalls such as those built
using the TIS firewall toolkit, are not particularly
transparent to end users and may require some training.
Modern application layer firewalls are often fully
transparent. Application layer firewalls tend to provide
more detailed audit reports and tend to enforce more
conservative security models than network layer
firewalls.

C. Types:

• Network Layer Firewalls:

These generally make their decisions based on

the source, destination addresses and in
individual IP packets. A simple router is the
``traditional'' network layer firewall, since it is
not able to make particularly sophisticated
decisions about what a packet is actually
talking to or where it actually came from.
Modern network layer firewalls have become
increasingly sophisticated, and now maintain
internal information about the state of
connections passing through them, the contents
of some of the data streams, and so on. One
thing that's an important distinction about many
network layer firewalls is that they route traffic
directly though them, so to use one you either
need to have a validly assigned IP address
block or to use a ``private internet'' address

• Proxies:
A proxy device may act as a firewall by responding to
input packets in the manner of an application, whilst
blocking other packets.
Proxies make tampering with an internal system from
the external network more difficult and misuse of one
internal system would not necessarily cause a security
breach exploitable from outside the firewall.
Conversely, intruders may hijack a publicly-reachable
system and use it as a proxy for their own purposes; the
proxy then masquerades as that system to other internal
machines. While use of internal address spaces enhances
security, crackers may still employ methods such as IP
spoofing to attempt to pass packets to a target network
A function that is often combined with a firewall is a
proxy server. The proxy server is used to access Web
pages by the other computers. When another computer
requests a Web page, it is retrieved by the proxy server
and then sent to the requesting computer. The net effect
of this action is that the remote computer hosting the
Web page never comes into direct contact with anything
on your home network, other than the proxy server.
Proxy servers can also make your Internet access work
more efficiently. If you access a page on a Web site, it is
cached (stored) on the proxy server. This means that the
next time you go back to that page, it normally doesn't
have to load again from the Web site. Instead it loads
instantaneously from the proxy server.
There are times that you may want remote users to have
access to items on your network. Some examples are:
• Web site
• Online business
• FTP download and upload area
In cases like this, you may want to create a DMZ
(Demilitarized Zone). Although this sounds pretty
serious, it really is just an area that is outside the
firewall. Think of DMZ as the front yard of your house.
It belongs to you and you may put some things there, but
you would put anything valuable inside the house where
it can be properly secured.
Setting up a DMZ is very easy. If you have multiple
computers, you can choose to simply place one of the
computers between the Internet connection and the
firewall. Most of the software firewalls available will
allow you to designate a directory on the gateway
computer as a DMZ.
• Network Address Translation:
Firewalls often have network address translation (NAT)
functionality, and the hosts protected behind a firewall
commonly have addresses in the "private address range",
as defined in RFC 1918. Firewalls often have such
functionality to hide the true address of protected hosts.
Originally, the NAT function was developed to address
the limited number of IPv4 routable addresses that could
be used or assigned to companies or individuals as well
as reduce both the amount and therefore cost of
obtaining enough public addresses for every computer in
an organization. Hiding the addresses of protected
devices has become an increasingly important defense
against network reconnaissance
• Packet Filtering:
A packet filtering firewall will examine the information
contained in the header of a packet of information
which, is attempting to pass through the proverbial
'drawbridge into the castle'. Information checked
includes the source address, the destination and the
application it is being sent to. A packet filter firewall
works on the network level of the Open System
Interconnection, protocol stack, and so, does not hide the
private network topology behind the firewall from
prying eyes. It is important to be aware that this type of
firewall only examines the header information. If data
with malicious intent is sent from a trusted source, this
type of firewall is no protection. When a packet passes
the filtering process, it is passed on to the destination
address. If the packet does not pass, it is simply dropped.
This type of firewall is vulnerable to 'IP spoofing', a
practice where a hacker will make his transmission to
the private LAN (Local Area Network) look as though it
is coming from a trusted source, thereby gaining access
to the LAN.
• Circuit Gateways:
Circuit gateway firewalls work on the transport level of
the protocol stack. They are fast and transparent, but
really provide no protection from attacks. Circuit
gateway firewalls also do not check the data in the
packet. The one great benefit to this type of firewall is
that they make the LAN behind the firewall invisible, as
everything coming from within the firewall appears to
have originated from the firewall itself. This is the least
used type of firewall.
• Interconnection Firewall:
Windows XP provides Internet security in the form of
the new Internet Connection Firewall (ICF). ICF makes
use of active packet filtering, which means the ports on
the firewall are opened for as long as needed to enable
you to access the services you are interested in. The type
of technology prevents hackers from scanning your
computer's ports and resources. If you are hosting an
Internet session, ICF allows you to open holes in the
firewall that allow traffic on specific ports. This is called
"port mapping."
• Hybrid Firewall:
A hybrid firewall is a combination of two of the above-
mentioned firewalls. The first commercial firewall, the
DEC Seal, was a hybrid developed using an application
gateway and a filtering packet firewall. This type of
firewall is generally implemented by adding packet
filtering to an application gateway to quickly enable a
new service access to and from the private LAN.
Personal firewalls are usually software implementations
of an application gateway firewall. Exceptions to this are
products such as a router like the Linksys router that
contains a packet filtering firewall within it.
The most important thing to remember with a firewall is
that it should only be ONE part of a security system for
a private LAN or computer. Modern firewalls cannot
protect a network or system from insider attacks,
viruses, and previously unknown attacks, as firewall
technology is generally 'catch-up' and 'protect from
known threats' technology. To keep your system(s)
completely secure constant updates and other security
methods will have to be implemented.
D. Functions:
A firewall is a dedicated appliance, or software running
on a computer, which inspects network traffic passing
through it, and denies or permits passage based on a set
of rules.
It is normally placed between a protected network and
an unprotected network and acts like a gate to protect
assets to ensure that nothing private goes out and
nothing malicious comes in.
A firewall's basic task is to regulate some of the flow of
traffic between computer networks of different trust
levels. Typical examples are the Internet which is a zone
with no trust and an internal network which is a zone of
higher trust. A zone with an intermediate trust level,
situated between the Internet and a trusted internal
network, is often referred to as a "perimeter network" or
Demilitarized zone (DMZ).
A firewall's function within a network is similar to
physical firewalls with fire doors in building
construction. In the former case, it is used to prevent
network intrusion to the private network. In the latter
case, it is intended to contain and delay structural fire
from spreading to adjacent structures.
A firewall is simply a program or hardware device that
filters the information coming through the Internet
connection into your private network or computer
system. If an incoming packet of information is flagged
by the filters, it is not allowed through.
With a firewall in place, the landscape is much different.
A company will place a firewall at every connection to
the Internet.The firewall can implement security rules.
A company can set up rules like this for FTP servers,
Web servers, Telnet servers and so on. In addition, the
company can control how employees connect to Web
sites, whether files are allowed to leave the company
over the network and so on. A firewall gives a company
tremendous control over how people use the network.
Firewalls use one or more of three methods to control
traffic flowing in and out of the network:
• Packet filtering - Packets (small chunks of
data) are analyzed against a set of filters.
Packets that make it through the filters are sent
to the requesting system and all others are
discarded.
• Proxy service - Information from the Internet is
retrieved by the firewall and then sent to the
requesting system and vice versa.
• Stateful inspection - A newer method that
doesn't examine the contents of each packet but
instead compares certain key parts of the packet
to a database of trusted information. Information
traveling from inside the firewall to the outside
is monitored for specific defining
characteristics, then incoming information is
compared to these characteristics. If the
comparison yields a reasonable match, the
information is allowed through. Otherwise it is
discarded.
D. Configuration:
Firewalls are customizable. This means that you can add
or remove filters based on several conditions. Some of
these are:
• IP addresses - Each machine on the Internet is
assigned a unique address called an IP address.
• Domain names - Because it is hard to remember
the string of numbers that make up an IP
address, and because IP addresses sometimes
need to change, all servers on the Internet also
have human-readable names, called domain
names.
• Protocols - The protocol is the pre-defined way
that someone who wants to use a service talks
with that service. The "someone" could be a
person, but more often it is a computer program
like a Web browser. Protocols are often text, and
simply describe how the client and server will
have their conversation. The http in the Web's
protocol. Some common protocols that you can
set firewall filters for include:
 IP (Internet Protocol) - the main
delivery system for information over the
Internet
 TCP (Transmission Control Protocol) -
used to break apart and rebuild
information that travels over the Internet
 HTTP (Hyper Text Transfer Protocol) -
used for Web pages
 FTP (File Transfer Protocol) - used to
download and upload files
  UDP (User Datagram Protocol) - used
for information that requires no
response, such as streaming audio and
video
 ICMP (Internet Control Message
Protocol) - used by a router to exchange
the information with other routers
 SMTP (Simple Mail Transport
Protocol) - used to send text-based
information (e-mail)
 SNMP (Simple Network Management
Protocol) - used to collect system
information from a remote computer
 Telnet - used to perform commands on
a remote computer
A company might set up only one or two machines to
handle a specific protocol and ban that protocol on all
other machines.
• Ports - Any server machine makes its services
available to the Internet using numbered ports,
one for each service that is available on the
server (see How Web Servers Work for details).
For example, if a server machine is running a
Web (HTTP) server and an FTP server, the Web
server would typically be available on port 80,
and the FTP server would be available on port
21. A company might block port 21 access on
all machines but one inside the company.
E. Need to have a firewall:
Simply stated, all users require a firewall. It's as
important as antiviral software for computer protection
and definitely one layer that should be considered for
online security. Perhaps the real question should be
rephrased to "How many users realize they need a
firewall to protect their PC?" It appears that many PC
Users with no previous computing experience or
backgrounds have purchased computers for the very
first time for the sole purpose of joining the mysterious
but exciting Internet world. That being said, this article
was written with the novice user as the primary target
audience. It is far more likely that experienced users
may have skill, interest and knowledge to seek online
security on their own. Experienced users tend to be
more willing to try new stuff, which categorizes them
as "early adopters". The average novice user, on the
other hand, being inexperienced in the mechanics of
computing may be under the following misconceptions.
There are many creative ways that unscrupulous people
use to access or abuse unprotected computers:
• Remote login - When someone is able to
connect to your computer and control it in some
form. This can range from being able to view or
access your files to actually running programs
on your computer.
• Application backdoors - Some programs have
special features that allow for remote access.
Others contain bugs that provide a backdoor, or
hidden access, that provides some level of
control of the program.
• SMTP session hijacking - SMTP is the most
common method of sending e-mail over the
Internet. By gaining access to a list of e-mail
addresses, a person can send unsolicited junk e-
mail (spam) to thousands of users. This is done
quite often by redirecting the e-mail through the
SMTP server of an unsuspecting host, making
the actual sender of the spam difficult to trace.
• Operating system bugs - Like applications,
some operating systems have backdoors. Others
provide remote access with insufficient security
controls or have bugs that an experienced hacker
can take advantage of.
• Denial of service - You have probably heard
this phrase used in news reports on the attacks
on major Web sites. This type of attack is nearly
impossible to counter. What happens is that the
hacker sends a request to the server to connect
to it. When the server responds with an
acknowledgement and tries to establish a
session, it cannot find the system that made the
request. By inundating a server with these
unanswerable session requests, a hacker causes
the server to slow to a crawl or eventually crash.
• E-mail bombs - An e-mail bomb is usually a
personal attack. Someone sends you the same e-
mail hundreds or thousands of times until your
e-mail system cannot accept any more
messages.
• Macros - To simplify complicated procedures,
many applications allow you to create a script of
commands that the application can run. This
script is known as a macro. Hackers have taken
advantage of this to create their own macros
that, depending on the application, can destroy
your data or crash your computer.
• Viruses - Probably the most well-known threat
is computer viruses. A virus is a small program
that can copy itself to other computers. This way
it can spread quickly from one system to the
 next. Viruses range from harmless messages to
erasing all of your data.
• Spam - Typically harmless but always
annoying, spam is the electronic equivalent of
junk mail. Spam can be dangerous though. Quite
often it contains links to Web sites. Be careful
of clicking on these because you may
accidentally accept a cookie that provides a
backdoor to your computer.
• Redirect bombs - Hackers can use ICMP to
change (redirect) the path information takes by
sending it to a different router. This is one of the
ways that a denial of service attack is set up.
• Source routing - In most cases, the path a
packet travels over the Internet (or any other
network) is determined by the routers along that
path. But the source providing the packet can
arbitrarily specify the route that the packet
should travel. Hackers sometimes take
advantage of this to make information appear to
come from a trusted source or even from inside
the network! Most firewall products disable
source routing by default.
The level of security you establish will determine how
many of these threats can be stopped by your firewall.
The highest level of security would be to simply block
everything. Obviously that defeats the purpose of having
an Internet connection. But a common rule of thumb is
to block everything, then begin to select what types of
traffic you will allow. You can also restrict traffic that
travels through the firewall so that only certain types of
information, such as e-mail, can get through. This is a
good rule for businesses that have an experienced
network administrator that understands what the needs
are and knows exactly what traffic to allow through. For
most of us, it is probably better to work with the defaults
provided by the firewall developer unless there is a
specific reason to change it.
One of the best things about a firewall from a security
standpoint is that it stops anyone on the outside from
logging onto a computer in your private network. While
this is a big deal for businesses, most home networks
will probably not be threatened in this manner. Still,
putting a firewall in place provides some peace of mind.
F. Security issues in firewalls:
Personal firewalls are tools that can be used to enhance
the security of computers to a network, such as the
Internet. They are equivalent to a home security system
and the owner can set the level of security. Firewalls
examine each data packet sent to or from your computer
to see if it meets a set of criteria, then selectively passes
or blocks the packet.
One could argue that home users should also address
each of the six areas noted below and select appropriate
solutions. The areas critical to security are:
1. Data Transport encryption is a necessity.
2. User Authentication - confirmation of the user's
identity should be required to 'unlock' the
capabilities of mobile-computing devices -
ultimately biometrics will have a very strong
presence.
3. Personal/Home firewalling - The use of always-
on Internet connections is driving the market for
personal firewall software.
4. Personal Threat Management - emerging
personal intrusion detection products should be
viewed as necessary and complementary to
firewall products.
5. Data Protection - Use of file/disk encryption
products should be considered. As personal
devices are increasingly portable and able to
access data/networks, they and their contents
must be guarded.
6. Hardware Protection - Physical locking devices
or theft-alert mechanisms especially for portable
devices.
Home users should have a security management plan
and routinely review the areas critical to online security.
Symantec "found 35 percent of computers have
unknown or unauthorized Internet communication, 44
percent don't have a recent version of an anti-virus
product and 79 percent use Web browsers that release
information about the site they last visited without the
user being aware." Home users need to have a
comprehensive security approach.
G. Advantages:
• A feeling of increased security that your PC and
contents are being protected.
• Relatively inexpensive or free for personal use.
• New releases are becoming user friendly.
• You can monitor incoming and outgoing
security alerts and the firewall company will
record and track down an intrusion attempt
depending on the severity.
 • Some firewalls but not all can detect viruses,
worms, Trojan horses, or data collectors.
• All firewalls can be tested for effectiveness by
using products that test for leaks or probe for
open ports.

H H. Conclusion:

Today most of the hacker’s toolkit consists of

software that could circumvent most of the
firewalls. Almost 50,000 viruses are created each
day, all over the world. So, it is mandatory that the
security systems must be updated regularly.