Beruflich Dokumente
Kultur Dokumente
PL.SORNALATHA
S. SNEHA.
First Year CSE Department, Velammal College of Engg. and Tech.
Viraganoor, Madurai-625009
The first paper published on firewall technology was From 1989-1990 three colleagues from AT&T Bell
in 1988, when engineers from Digital Equipment Laboratories, Dave Presetto, Janardan Sharma, and
Corporation (DEC) developed filter systems known as Kshitij Nigam developed the third generation of
packet filter firewalls. This fairly basic system was the firewalls, calling them circuit level firewalls.
first generation of what became a highly evolved and
technical internet security feature. At AT&T Bell Labs, Third generation firewalls in addition regard placement
Bill Cheswick and Steve Bellovin were continuing their of each individual packet within the packet series. This
research in packet filtering and developed a working technology is generally referred to as a stateful packet
model for their own company based upon their original inspection as it maintains records of all connections
first generation architecture. passing through the firewall and is able to determine
whether a packet is either the start of a new connection,
Packet filters act by inspecting the "packets" which a part of an existing connection, or is an invalid packet.
represent the basic unit of data transfer between Though there is still a set of static rules in such a
computers on the Internet. If a packet matches the firewall, the state of a connection can in itself be one of
packet filter's set of rules, the packet filter will drop the the criteria which trigger specific rules.
packet, or reject it .
This type of firewall can help prevent attacks which
This type of packet filtering pays no attention to whether exploit existing connections, or certain Denial-of-service
a packet is part of an existing stream of traffic. Instead, attacks
it filters each packet based only on information
contained in the packet itself A fourth method that can be utilized by firewalls is
called "Stateful Packet Inspection". It is called "Stateful"
TCP and UDP protocols comprise most communication because it examines the contents of the packet to
over the Internet, and because TCP and UDP traffic by determine what the state of the communication is. It
convention uses well known ports for particular types of ensures that the stated destination computer has
traffic, a "stateless" packet filter can distinguish previously acknowledged the communication from the
between, and thus control, those types of traffic ,unless source computer. In this way all communications are
the machines on each side of the packet filter are both initiated by the "receiving" computer and are taking
using the same non-standard ports. place only with sources that are known or trusted from
previous communication connections. In addition
Second Generation –Application Layer: Stateful Packet Inspection firewalls are also more
rigorous in their packet inspections. Stateful Packet
The key benefit of application layer filtering is that it Inspection firewalls also close off ports until an
can "understand" certain applications and protocols .and authorized connection is requested and acknowledged by
it can detect whether an unwanted protocol is being the receiving computer. This allows for an added layer
sneaked through on a non-standard port or whether a of protection from the threat of "port scanning" a
protocol is being abused in any harmful way. method used by hackers to determine what PC services
or applications are available to be utilized to gain access
to the host computer.
Subsequent Developments: block . Network layer firewalls tend to be very
fast and tend to be very transparent to users
In 1992, Bob Braden and Annette DeSchon at the
University of Southern California (USC) were refining • Application Layer Firewalls:
the concept of a firewall. The product known as "Visas"
was the first system to have a visual integration interface These generally are hosts running proxy servers, which
with colours and icons, which could be easily permit no traffic directly between networks, and which
implemented to and accessed on a computer operating perform elaborate logging and auditing of traffic passing
system such as Microsoft's Windows or Apple's MacOS. through them. Since the proxy applications are software
In 1994 an Israeli company called Check Point Software components running on the firewall, it is a good place to
Technologies built this into readily available software do lots of logging and access control. Application layer
known as FireWall-1. firewalls can be used as network address translators,
since traffic goes in one ``side'' and out the other, after
The existing deep packet inspection functionality of having passed through an application that effectively
modern firewalls can be shared by Intrusion-prevention masks the origin of the initiating connection. Having an
systems (IPS). application in the way in some cases may impact
performance and may make the firewall less transparent.
Currently, the Middlebox Communication Working Early application layer firewalls such as those built
Group of the Internet Engineering Task Force (IETF) is using the TIS firewall toolkit, are not particularly
working on standardizing protocols for managing transparent to end users and may require some training.
firewalls and other middleboxes. Modern application layer firewalls are often fully
transparent. Application layer firewalls tend to provide
Another axis of development is about integrating more detailed audit reports and tend to enforce more
identity of users into Firewall rules. Many firewalls conservative security models than network layer
provide such features by binding user identities to IP or firewalls.
MAC addresses, which is very approximate and can be
easily turned around. The NuFW firewall provides real
identity based firewalling, by requesting user's signature
for each connection.
C. Types:
There are times that you may want remote users to have
access to items on your network. Some examples are:
• Web site
• Online business
• FTP download and upload area
Proxies make tampering with an internal system from Firewalls often have network address translation (NAT)
the external network more difficult and misuse of one functionality, and the hosts protected behind a firewall
internal system would not necessarily cause a security commonly have addresses in the "private address range",
breach exploitable from outside the firewall. as defined in RFC 1918. Firewalls often have such
Conversely, intruders may hijack a publicly-reachable functionality to hide the true address of protected hosts.
system and use it as a proxy for their own purposes; the Originally, the NAT function was developed to address
proxy then masquerades as that system to other internal the limited number of IPv4 routable addresses that could
machines. While use of internal address spaces enhances be used or assigned to companies or individuals as well
as reduce both the amount and therefore cost of firewall that allow traffic on specific ports. This is called
obtaining enough public addresses for every computer in "port mapping."
an organization. Hiding the addresses of protected
devices has become an increasingly important defense • Hybrid Firewall:
against network reconnaissance
A hybrid firewall is a combination of two of the above-
• Packet Filtering: mentioned firewalls. The first commercial firewall, the
DEC Seal, was a hybrid developed using an application
A packet filtering firewall will examine the information gateway and a filtering packet firewall. This type of
contained in the header of a packet of information firewall is generally implemented by adding packet
which, is attempting to pass through the proverbial filtering to an application gateway to quickly enable a
'drawbridge into the castle'. Information checked new service access to and from the private LAN.
includes the source address, the destination and the
application it is being sent to. A packet filter firewall Personal firewalls are usually software implementations
works on the network level of the Open System of an application gateway firewall. Exceptions to this are
Interconnection, protocol stack, and so, does not hide the products such as a router like the Linksys router that
private network topology behind the firewall from contains a packet filtering firewall within it.
prying eyes. It is important to be aware that this type of
firewall only examines the header information. If data The most important thing to remember with a firewall is
with malicious intent is sent from a trusted source, this that it should only be ONE part of a security system for
type of firewall is no protection. When a packet passes a private LAN or computer. Modern firewalls cannot
the filtering process, it is passed on to the destination protect a network or system from insider attacks,
address. If the packet does not pass, it is simply dropped. viruses, and previously unknown attacks, as firewall
This type of firewall is vulnerable to 'IP spoofing', a technology is generally 'catch-up' and 'protect from
practice where a hacker will make his transmission to known threats' technology. To keep your system(s)
the private LAN (Local Area Network) look as though it completely secure constant updates and other security
is coming from a trusted source, thereby gaining access methods will have to be implemented.
to the LAN.
D. Functions:
• Circuit Gateways:
A firewall is a dedicated appliance, or software running
Circuit gateway firewalls work on the transport level of on a computer, which inspects network traffic passing
the protocol stack. They are fast and transparent, but through it, and denies or permits passage based on a set
really provide no protection from attacks. Circuit of rules.
gateway firewalls also do not check the data in the
packet. The one great benefit to this type of firewall is It is normally placed between a protected network and
that they make the LAN behind the firewall invisible, as an unprotected network and acts like a gate to protect
everything coming from within the firewall appears to assets to ensure that nothing private goes out and
have originated from the firewall itself. This is the least nothing malicious comes in.
used type of firewall.
A firewall's basic task is to regulate some of the flow of
• Interconnection Firewall: traffic between computer networks of different trust
levels. Typical examples are the Internet which is a zone
Windows XP provides Internet security in the form of with no trust and an internal network which is a zone of
the new Internet Connection Firewall (ICF). ICF makes higher trust. A zone with an intermediate trust level,
use of active packet filtering, which means the ports on situated between the Internet and a trusted internal
the firewall are opened for as long as needed to enable network, is often referred to as a "perimeter network" or
you to access the services you are interested in. The type Demilitarized zone (DMZ).
of technology prevents hackers from scanning your
computer's ports and resources. If you are hosting an A firewall's function within a network is similar to
Internet session, ICF allows you to open holes in the physical firewalls with fire doors in building
construction. In the former case, it is used to prevent
network intrusion to the private network. In the latter
case, it is intended to contain and delay structural fire
from spreading to adjacent structures.
H H. Conclusion: