Home

Email

Guest Book

About me

       Last updated:          Nov. 12, 2002

Security and privacy go hand by hand and one of the vital importance in the human life. As Internet is a knowledge pool and a public network, but even then all are not invited, some are extracted with the help of firewall. This firewall restricts the incoming and outgoing data traffic. It acts as an excellent metaphor in the volatile and unsafe environment of Internet, when viewed from security point of view. Or in the other words, we can say that it is an electronic security barrier, that has emerged as the most secure option so far in Internet to control the traffic between the local and the global network.

Is firewall enough to secure my network?
Keep remember that firewall is an integral part of any security program, but it is not a security program in and of itself. If any data that transits outside the firewall is subject to factors out of the control of the firewall. So some other security program must also be incorporated.

When firewall is required?
If you are trying to connect a private network to a public network, you need a firewall. Anyone who connects as a single computer to the Internet via modem should have a personal firewall software.

Why firewall is required?
To increase the client and server security by:
Screening the traffic
Restrict the hosts
Restricting the applications/ protocols.

Where firewall is to be placed?
Firewall is placed at the junction point of two networks.

Now, what firewall does?
It filters both inbound and outbound traffic by three means:
i) Address filtering - Firewall filters packets based on the source and the destination addresses and port numbers.
ii) Protocol filtering - Firewall filters network traffic by taking decisions on the behalf of protocols used.
iii) Filtering job can also be based on the packet attributes or state.

How does firewall work on OSI and TCP/IP network models?
The OSI and TCP/IP reference models have much in common. Both are based on the concept of a stack of independent protocol. Also, the functionality of the layers is roughly similar.
Despite these fundamental similarities, the two models also have many differences. It is important to note that we are comparing the reference models here, not the corresponding protocol stacks.

	OSI reference model	TCP/IP reference model
1.	OSI model has 7 layers.	TCP/IP model has 5 layers.
2.	It is not spinal cord of Internet.	Internet builds on TCP/IP suite foundation.
3.	It was devised before, protocols were invented. This ordering means that model was not biased towards one particular set of protocols, which made it quite general.	With TCP/IP, protocol come first, and model was really a description of existing protocols. There was no problem with protocols as with OSI.
4.	It supports both connectionless and connection-oriented communications in the network layer, but only connection-oriented communication in the transport layer.	TCP/IP model has only one mode in the network layer - connectionless. But, it supports both modes in the transport layer, giving the users a choice.

 

Each layer has a particular task to do that enables the networks to mix and match network protocols and physical supports. Firewall operates at different layers to use different criteria to restrict traffic. The lowest level at which a firewall can work is layer three i.e. network layer in OSI model and Internet protocol layer as in TCP/IP model.

Job of firewall at layer 3 is to find out that whether the arrived packet is from reliable source or not. Its tasks end here for this layer and are not concerned with the contents or any other information associated with the packets.

Job of firewall at layer 4 - Here firewall knows slightly about the packets, and are able to grant or deny access depending on more complex and reasonable criterias.

Job of firewall at layer 5 - Firewall knows much more about what is going on and can be very selective in granting access.

As the layer goes on incrementing, the firewall becomes more superior. But more secure the firewall is when packet is intercepted at lower layers. I firewall the intruder is unable to pass layer 3, it is impossible to control your operating system.

 

Firewall architecture
Firewall is the TCP/IP equivalent of a security gate at the entrance to your company. All traffic (data) must pass through it, and the security guard (firewall ) there allows only authorized people (data) to pass into the facility (LAN).

Firewalls are broadly present with four architectures and can be implemented by using any one of them :

1. Packet filters:
At Internet data travels in the form of packets. Packet is a series of digital numbers that carries

• Data, acknowledgement, request/command from the originating system.
  
• Source and destination IP address and port.
  
• Information about protocols that handle the packet.
  
• Error checking information.
  and much more.

Now, packet filtering firewall work at network layer of OSI model or IP layer of TCP/IP model. These are usually part of routers. Router is a device that receives packets from one network to another network. The decision either to forward i.e. filter or drop down the packet depends upon the following criterias

• Source and destination IP address.
  
• Source and destination port number.
  
• Protocols used.

These criterias are decided by the network administrator.

Advantages

+ Fast as don't examine data in the packets.

+ Low impact on network performance.

+ Ease of implementation.

+ Low cost.

Disadvantages

- Flexibility suffers as all designated packets or protocols are rejected from a filtered site. A fully filtered site cannot be accessed at all from users within the "trusted" network.

- Address information in a packet can potentially be falsified or "spoofed" by the sender.

- Complex to maintain.

2. Circuit level gateway/ Stateful inspection firewall / Circuit relay
It works at session layer of OSI model or TCP layer of TCP/IP model. It validates connections before allowing data to be exchanged, depending upon

• Source IP address and/or port
  
• Destination IP address and/or port
  
• Sequence number
  
• Time of day
  
• Protocol
  
• User
  
• Password

In a typical network, thousands of sessions may be occurring simultaneously. Firewall keeps track of all the concurrent sessions. Each and every packet is checked to ensure that it belongs to the current sessions. Any packet that belongs it is filtered and the remaining existing ones are rejected.

Advantages

+ Ensures that all packets must be part of an authorized communication session. Therefore, a high level protection is provided to the users communicating with system external to the "trusted" network.

+ Hides information about protected networks.

+ IP spoofing can be rendered much mire difficult.

Disadvantages

- It requires additional hardware and software and is not bundled with another existing network device.

 

3. Application proxies / Application gateway firewall
It works at application layer of OSI model and TCP/IP model and acts as a proxy for application, performing all data exchanges with the remote site on their behalf. This can render a computer behind the firewall all but visible to the remote site. Incoming and outgoing packets cannot access services for which there is no proxy.

It allows or disallows traffic according to the following rules

• Permitting some application specific commands and other not.
  For instance http: post and get etc.
  ftp, gopher, telnet etc.
  
• Limiting file access to certain types.
  For instance filter all EXE and COM files.
  
• Varying rules according to authenticated user and so forth.

Advantages

+ Can be used to log user activity and logins.

+ Provide higher degree of security.

Disadvantages

- Due to much computing resources network performance goes down.

- Firewall must have proxy for each type of protocol that can be used. It creates delay in implementing if firewall doesn't support it.

- Setup can be very complex as required detailed attention to the individual applications that use the gateway.

 

Mechanism of firewall

1. Firewall acts as a gatekeeper between a companys' internal network and the outside world. It examines the location from which the data enters the system and then decides, based on the system and instructions, whether to allow the information.
   
   
2. In addition to gatekeeping, the firewall also monitors logging of all the system activities and generation of reports for system administration. A firewall product, smartwall - alters the administrator via e-mail or paper about suspicious online activity.
   
   
3. Packet filtering mechanism - A router either allows or denies the passage of data, after checking its header and contents for conformance to a set of rules, that reflects security policy. It checks the source and destination address and protocol port number(s) for decision.
   
   
4. NAT (Network Address Translation) - It hides the internal address and network topology of its protected domain from outside. NAT devices are [placed at borders of network domains. It translated the global address into its local address.

 

References

firewall.esoft.com

bitpipe.com

lgm.iwarp.com

< TOP >