Firewall Basics by stevecronin
Results 1 to 8 of 8

Thread: Firewall Basics by stevecronin

  1. #1
    Junior Member
    Join Date
    Dec 2004
    Posts
    10

    Firewall Basics by stevecronin

    Firewall Basics
    by stevecronin

    Firewall - Customizable security system to prevent unauthorized access to a network and/ or a system monitor that logs incoming and outgoing information on a network. Firewalls act like a traffic barrier.

    |YOUR NETWORK| - |FIREWALL| - |INTERNET|

    Firewalls work on different layers of the OSI model, depending on the type.

    -Network/ Transport Firewall
    -Application Firewall
    -Combination Firewall
    -Personal Firewall

    Network/ Transport Firewall

    A Network/ Transport firewall, when using Packet Filtering at the network and transport layers, looks at the header of incoming/ outgoing packets to decide whether to allow the packet to be transmitted, or for it to be discarded. The firewall's decision is based a pre configured set of rules made in place by the manufacturer (Default Rules) or the user (Customized Rules). Rules can be customized based Network/ Transport layer functions. (Such as IP addresses and ports). Packet Filtering looks for suspicious packets that aren’t coming from a valid IP address or aren’t using the proper port. It is the fastest of the packet screening methods because of the scanning done at the lower/ mid levels of the OSI model. A Network/ Transport firewall using Packet Filtering contains logging capabilities.

    |YOUR NETWORK| - |OUTGOING PACKET| - |FIREWALL| - |OUTGOING PACKET| - |INTERNET|
    |YOUR NETWORK| - |INCOMING PACKET| - |FIREWALL| - |INCOMING PACKET| - |INTERNET|

    Packet filtering firewalls are prone to the following attacks:

    -IP Spoofing
    Sending data from a spoofed (faked) address so the firewall sees your machine as a trusted one.

    -Buffer overruns
    These occur when a program connected to the internet receives a connection from someone on the internet into a buffer and doesn't check to see if the data exceeds the allotted amount appointed by the buffer. This exceeded data allows a hacker to input/ execute malicious code to tamper with/ gain access to your machine.

    -ICMP (Internet Control Message Protocol) tunneling
    Hiding data in a valid ICMP packet.

    A Network/ Transport firewall, when using Stateful Packet Inspection, scans the packet header information to make sure that the packet is from a legitimate connection, and that the protocols are working the way they are supposed to. The difference from Packet Filtering is Stateful Packet Inspection looks at the packet header at the Network, Transport, Session, Presentation, and Application layers of the OSI model. Also, not only can the rules be customized based on IP addresses, protocols, and ports, but the Connection State can be regulated as well, therefore stateful packet inspection is able to protect against unauthorized access. Sateful packet inspection is also able to recognize protocols in the packet header, because of the scanning taking place in the application layer. A Network/ Transport firewall using Stateful Packet Inspection contains logging capabilities.

    Application Firewall

    An application firewall works at the application layer of the OSI model and acts like a proxy and breaks the client/ server model, thus hiding your network from others.

    When a machine from another network, or a machine connected to you by the Internet, sends a request to yours, a connection is made with the application firewall. The application firewall then rebuilds the request to send to your machine. When your machine responds to the sending machine, it sends its response to the application firewall, which then rebuilds the response to transfer to the sending machine.

    |YOUR NETWORK| <----> |APPLICATION FIREWALL| |INTERNET|
    |YOUR NETWORK| |APPLICATION FIREWALL| <----> |INTERNET|

    Because Application firewalls only work at the application layer, they are able to focus their scanning. An Application firewall can identify text, graphics, source code, etc. Having a more in depth look in packets provides better security because the content removal decision is more precise. Having this type of firewall in place, however, significantly reduces network performance. Because all incoming/ outgoing traffic is scanned at the application layer, inspection time is longer. Processing power is greater, and this process can serve as a network bottleneck.

    Application Firewalls are prone to the following attacks:

    -Denial of Service (DDoS)
    Forcing too much data on the firewall to render it inactive.

    Combination Firewall

    Combination firewalls combine specific features (chosen by vendor) of Network/ Transport firewall and Application firewall to fit specific needs.

    Personal Firewall

    A Personal Firewall is not a firewall by definition, Firewall - Customizable security system to prevent unauthorized access to a network and/ or a system monitor that logs incoming and outgoing information on a network, however they are marketed as one.

    Personal Firewalls protect singular devices, such as a single computer, from unauthorized access. They do not protect an entire network.

    It is important to understand that firewalls are not the one and only security solution for your network; it is a security addition. Your network still has to be locked down by taking the proper security procedures with your OS and any other software; Updates for any of these are crucial. Coding mistakes in programs are often used to make the program do something it is not supposed to. If an exploit is found, anybody can easily gain access to your system that has the information. This is why it is always important to update when a software company comes out with a new patch fixing these exploits. A firewall will not protect you from them.

    Firewall topology is also important, incorrect setup could leave some devices on your network unsecured.


    Host Firewall Topology

    This firewall topology has a computer with an installed firewall managing your network. All incoming/ outgoing traffic is redirected to pass through that machine.

    |YOUR NETWORK| - |HUB| - |ROUTER| - |INTERNET|

    |Host Firewall|

    DMZ Topology

    This firewall allows a section of your network to have specific services open that you would not want open on your main network, this can be useful for allowing a group of machines host certain content on the internet, or run servers. (Example: Counter-Strike/ Warcraft/ Starcraft servers) This topology can also be used as a front for a network that doesn't want to be seen.

    |WEB SERVER|

    |YOUR NETWORK|ROUTER|UNPROTECTED NETWORK|ROUTER|INTERNET|

    |FIREWALL|

    Physical Firewall Topology

    A separate firewall unit that is placed physically in your network. (Not logically)

    |YOUR NETWORK| - |PHYSICAL FIREWALL| - |INTERNET|


    CISCO PIX Firewalls Overall Features

    -OSPF (Open Shortest Path First Dynamic Routing)
    -NAT (Network Address Translation)
    -PAT (Port Address Translation)
    -Content Filtering
    -URL Filtering
    -Advanced Authentication
    -Advanced Authorization
    -Accounting Intergration (RADIUS/TACACS+)
    -DHCP (Dynamic Host Configuration Protocol Client)
    -Server
    -Relay (Device that connects two or more networks, such as a bridge.)
    -P2P (Point to Point protocol over ethernet)
    -VPN (Virtual Private Network) Support
    -Tunneling (Secure line from Network to Network over the Internet)
    -Layer Two Tunneling
    -P2P Tunneling Protocol
    -Configurable 56 bit DES (Data Encryption Standard), 168 bit 3DES (Triple Data Encryption Standard), and 256 bit AES Encryption (Advanced Encryption Standard).
    -DDoS Attack Prevention

    High End/ Low End Scale Comparison Models

    CISCO PIX 535 - Ideal for Large Businesses and Service Providers

    Price: ~$15000

    -Three rack unit design
    -Supports up to ten 10/100 fast Ethernet interfaces or nine gigabit interfaces.
    -Delivers 1.7 Gbps of firewall throughput with the capability to handle more than 500,000 simultaneous sessions.

    CISCO PIX 501 - Ideal for Small Office/ Home Users.

    Price: ~$400

    -Includes four port 10/100 switch
    -60 Mbps of firewall throughput


    OSI Model -Firewall Layer- Overview

    |APPLICATION| - |APPLICATION FIREWALL| - |STATEFULL INSPECTION|
    |PRESENTATION| - |STATEFULL INSPECTION|
    |SESSION| - |STATEFULL INSPECTION|
    |TRANSPORT| - |PACKET FILTERS| - |STATEFULL INSPECTION|
    |NETWORK| - |PACKET FILTERS| - |STATEFULL INSPECTION|
    |DATA LINK|
    |PHYSICAL|

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    This firewall allows a section of your network to be unprotected, this can be useful for allowing a group of machines host certain content on the internet, or run servers. (Example: Counter-Strike/ Warcraft/ Starcraft servers) This topology can also be used as a front for a network that doesn't want to be seen.
    Hrmm.. I don't think I'd word it like this. DMZs (De-Militarized Zones) are usually, AFAIK, for servers that are to be access both publically and privately but need protection and usually part of perimeter defense (although there is nothing that says you can't have a DMZ internally for department-to-department networks and/or extranets). Those firewalls (sometimes multiple) tend to be the stronger ones you have (hardware firewalls go well here). The other DMZ that I've seen (although using the term might be a misnomer) is a multihomed server (with at least 3 network cards) with access for two internal but seperate networks and the 3rd out to the Internet. Obviously the private networks would have different subnetting schemes (10.x.x.x and 192.168.x.x) to avoid potential crossover (at least in the environment I had to admin where this was used).

    |YOUR NETWORK|ROUTER|UNPROTECTED NETWORK|ROUTER|INTERNET|

    |FIREWALL|
    More like:

    |YOUR NETWORK|Router/FW|PROTECTED NETWORK|ROUTER/FW|INTERNET|
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    To expand on Ms. M's discussion of a DMZ....

    A DMZ is not :-

    This firewall allows a section of your network to be unprotected
    A DMZ is a protected area that allows specific, potentially vulnerable, service requests to reach the servers placed there to provide public content that one would not want allowed to reside on the private network. In some circumstances access from the DMZ is required to the private network but those services that the DMZ'ed servers require from the private network should also be strictly controlled by the individual service and should also be provided by hardened servers on the private network.

    To blandly say that a DMZ is unprotected doesn't do justice to it's purpose... It's a restricted area rather than "unprotected".
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Junior Member
    Join Date
    Dec 2004
    Posts
    10
    Thanks guys! This was a CISCO paper I wrote for my class. My teacher pointed that out, as well as some other errors (got some layer functions mixed up), which I will update.

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    This was a paper? Interesting. So in the last section, which is pretty much cut'n'paste from Cisco, did you at least identify it on the paper in footnotes/endnotes?

    It also seems to be lacking a flow and a conclusion. Or was this just a draft?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130

    Re: Firewall Basics by stevecronin

    A Personal Firewall is not a firewall by definition, Firewall - Customizable security system to prevent unauthorized access to a network and/ or a system monitor that logs incoming and outgoing information on a network, however they are marketed as one.
    I didnt get that. Why a personal firewall isnt a firewall? Just because it has a "smaller line of sight" than a Nokia (or any other) appliance?

    I think that a better the definition of a firewall is:

    "a component that take actions based on rules about on the content of network packets and/or network flow. Depending on the implementation and the complexity of the firewall, several actions can be taken, such as drop, reject, allow, mangle, copy, log, etc."

    Not a good one, but ....
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #7
    Junior Member
    Join Date
    Dec 2004
    Posts
    10

    Re: Re: Firewall Basics by stevecronin

    Originally posted here by cacosapo
    I didnt get that. Why a personal firewall isnt a firewall? Just because it has a "smaller line of sight" than a Nokia (or any other) appliance?

    I think that a better the definition of a firewall is:

    "a component that take actions based on rules about on the content of network packets and/or network flow. Depending on the implementation and the complexity of the firewall, several actions can be taken, such as drop, reject, allow, mangle, copy, log, etc."

    Not a good one, but ....
    Well, the agreed definition of a firewall is it affecting a NETWORK...

    here is whatis.com says

    A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks

    because personal firewalls only protect a device, they are not really firewalls (by definition) its more of a technicality than anything else. Its just that when somebody goes and buys a firewall, they should be expecting protection for their network, not just their computer. I think it is wrong that companies market personal firewalls as firewalls.

  8. #8
    Junior Member
    Join Date
    Dec 2004
    Posts
    10
    Originally posted here by MsMittens
    This was a paper? Interesting. So in the last section, which is pretty much cut'n'paste from Cisco, did you at least identify it on the paper in footnotes/endnotes?

    It also seems to be lacking a flow and a conclusion. Or was this just a draft?
    ehh, actually is was more like notes for a powerpoint presentation i did for the class... this wasnt like a structered essay i turned in... it was structured to fit the presentation i did.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •