Introducing Firewalls

By Danny Kalev, ITworld |  How-to

Introducing Firewalls

In essence, a firewall is a device that blocks external users from
accessing your network. Typically, a firewall is a router -- a
standalone computer running special filtering software -- or a
proprietary device running such software ("firewall in a box"). A
firewall can provide a single access point, or a choke point, to a
site. Connection requests first arrive at the choke point. Only
requests from authorized hosts are processed; other requests are
discarded.

Modern firewalls perform additional tasks. For example, they can
disable certain protocols and content type. Just as you can disable
your Web browser's Java and JavaScript support, a firewall can screen
incoming content and disable Java applets, JavaScript code, cookies,
etc.... In fact, firewalls are more capable than that -- they allow you
to define rules to thwart attacks by specifying their signatures. We
will get to this shortly. Another common task that firewalls perform is
packet filtering and analysis. Because firewalls recognize many
protocols, they can read incoming packets' content and apply certain
restrictions and security measures to block malicious or illicit
content. Finally, firewalls support encryption and authentication
services. This enables them to verify users' identity and protect data
from eavesdropping.

Attack Signatures
Usually, hostile attacks have typical commands, ports and flags
associated with them. Consider the day and daytime denial-of-service
attacks. The day and daytime protocols run on ports 13 and 37
respectively. Linux 2.0.x crashes when attackers stealthily scan these
ports via half-open connections that don't resolve to live sessions.
Upgrading the kernel is the recommended remedy; however, if this is not
an option, you can still use the firewall's ability to disable
suspicious users from accessing these ports.

Firewall Types
Using a router as a firewall has two major advantages. First, it's
platform neutral. Therefore, attackers can't exploit certain OS
vulnerabilities. Second, since all the incoming network traffic must
pass through the router anyway, it's an ideal location for blocking
unwanted content and users from accessing a site. However, router-based
firewalls have their drawbacks, too. Applying rigorous filtering
policies can degrade routers' performance significantly. Furthermore,
many routers aren't immune to spoofing attacks. An application-proxy
firewall, or application gateway, is another type of a firewall.
Instead of running on a router, it operates on a computer. It replaces
the connection between external users and a local network, accepts the
original IP packets and substitutes them with corresponding data. In
other words, it serves as a conduit and interpreter between external
users and the local network.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness