Firewalls are absolutely vital for keeping network security in force. The firewall stops and controls the traffic that comes between your network and the different sites you go to. A firewall is a constituent of a company’s network protection, and it acts to keep in force the network security policy. It can log inter-network activity with efficiency. It can also reduce a network’s vulnerability. Whenever an organization is connected to the Internet but is not using a firewall, any host on the network has direct access to all resources on the internet. If you don’t have a firewall, every host online can attack every host in your network.

What is a Firewall Incapable of Doing?

Firewalls can’t always detect malicious data. For the most part they cannot offer any protection against an attack from inside, although they may log network activity should the criminal use the Internet gateway. A connection that doesn’t go through a firewall cannot be protected by a firewall. To put it another way, if you connect directly to the internet via modem, there is no way the network firewall can protect you. Some firewalls cannot protect from viruses. Firewalls also cannot totally protect against previously unknown attacks; while a simple firewall provides little protection against computer viruses.

Firewall User Authentication or Verification

You establish a claimed identity’s validity via user authentication. The use of a password and user name can provide this authentication; however, it is not really strong authentication. When you use a public connection, for example if you have a connection to the Internet that is not encrypted, your user name and password can easily be copied by other people and replayed. Powerful user authentication makes use of cryptography, for example SSL certificates. A certificate of this sort can prevent “replay attacks” from occurring. A replay attack happens when a user name and password are captured and used again to gain unauthorized access.

Firewall-to-firewall encryption

A connection that is encrypted is sometimes called a VPN, or Virtual Private Network. Cryptography makes this more or less private. Of course it isn’t really private. The information may be private but it is sent on a public network — the Internet. While VPNs were available before firewalls were, they became more common when they began running on firewalls. Today, most firewall vendors offer a VPN option.

Additional Purposes of Firewalls

• Increasingly, firewalls are being used for purposes of content filtration. Virus scanning is a common addition to firewalls in this area as well. Though this may be a waste of resources, because filtering for viruses needs to be carried out by every computer since information might be transmitted to these computers via routes besides through the firewall itself – for example, via separate disks.
• URL Screening: Firewall regulated accessibility to the internet as well as content filtering of both files and messages appears to be a practical extension of a firewall. The drawback of utilizing a firewall for URL or content filtering is minimized performance.
• To restrict the size of network space that any single user can occupy, or restrict the amount of the network’s bandwidth that may be utilized for given purposes.

Stephen Grisham, Sr. is a copy writer for InfoServe Media, LLC. InfoServe Media is a Houston, TX web design and web hosting company. Want to create your website yourself? InfoServe Media also offers a way to create a web site yourself with a very powerful and easy to use site builder. They also provide domain registration, search engine optimization (SEO) and more.

Article Source:http://www.articlesbase.com/security-articles/network-security-firewalls-810920.html

The firewall, a “combo” approach of software that regulates and monitors hardware and communications protocols, is there to inspect network traffic and all the “packets” of information that pass through to your inner sanctum, your CPU and hard drives. A firewall will rule out the possibility of harm, or at least greatly minimize, by noting and quarantining potentially harmful “zones” and will either deny or permit access to your computer based on the current set of rules that applies at the time, depending on many (very many) factors.

Basic tasks and settings

The basic task for a firewall is to regulate of the flow of traffic between different computer networks that have different “trust levels.” The Internet is full of countless overlapping zones, some safe and some totally deadly. On the other hand, internal networks are more likely to contain a zone or zones that offer a bit more trust. Zones that are in between the two, or are hard to categorize, are sometimes referred to as “perimeter networks” or, in a bit of geek humor, Demilitarized Zones (DMZ).

Without proper configuration, a firewall can simply become another worthless tool. Standard security practices call for a “default-deny” firewall rule, meaning that the only network connections that are allowed are the ones that have been explicitly okayed, after due investigation. Unfortunately, such a setup requires detailed understanding of network applications and a great deal of time and energy to establish and administer.

Who can do what?

Many businesses and individuals lack sufficient computer and network knowledge to set up a default-deny firewall, and will therefore use a riskier but simpler “default-allow” rule, in which all traffic is permitted unless it has been specifically blocked for one of a number of possible reasons. This way of setting up a firewall makes “mysterious” and unplanned network connections possible, and the chance your system may be compromised becomes much more likely.

Firewall technology had its first growth period in the computer technology revolution of the late 1980s, when the Internet was a fairly new in terms of its global reach and connectivity options. The predecessors to today’s hardware/software hybrid firewalls were the routers used in the mid 1980s to physically separate networks from each other. However small the Internet began, it was ultimately undone by supremely fast growth and the lack of security planning, and therefore there were the inevitable breaches caused by older (”prehistoric”) firewall formats. Fortunately, computer pros learn from their errors, and the firewall technology continues improving daily.

Cisco Kits is a leading provider of CCNA, CCIE and CCNP Cisco training courses and equipment. Visit online for more information on certification or just furthering education.

Article Source:http://www.articlesbase.com/networks-articles/why-firewall-security-is-necessary-to-protect-your-network-784872.html

Many people know what a firewall does, but few understand that a firewalls needs careful configuration before it can start protecting your network.

I still remember more than 10 years ago, as I visited clients to talk about the security configuration of their network, many were proud to tell me that they had gotten firewalls installed to protect their network. (At that time, a firewall was considered advanced networking equipment!) But when I logged into their administration menu to check their firewall policies, there were none there! They didn’t know that they needed to “configure” their firewall before it would function properly.

A firewall is actually the deployment tool used carry out your network access policy. The network access policy refers to the organizational management’s intention regarding the various network access rules for both the internal employees and external visitors. Without properly configured firewall rules, a firewall’s existence is meaningless.

Take a packet-filtering firewall as an example. It works on Network and Transport Layer (TCP/IP). It hunts down filtering rules by examining the source port/destination port (Transport Layer) and IP address (IP Layer) to decide whether it will let go a particular packet in or out of your network.

For example, if your company does not allow internal employees to access ftp servers during work time, then you need to set up a firewall rule to block any access to port 20 and 21 of remote server during the office time. The following table illustrates a typical set of firewall access rules to achieve this:

The different columns’ meanings in above table are explained here:

• Direction: The direction of the packet going through the firewall, either IN or OUT, or   EITHER
• Source Addr: The source address;, either internal (INT) or external (EXT)
• Dest. Addr: The destination address, either internal (INT) or external (EXT)
• Protocol: Transport Layer Packet Type, either TCP or UDP
• Source Port: The source port at the TCP layer of the sender
• Dest. Port: The destination port at the TCP layer of the receiver
• ACK set: The acknowledge flag at the Transport Layer of the Packet, either SET (Y) or DOES-NOT-MATTER (Any)

There are many cases when packet filtering rules do not work. For example, if you want to block the users’ access to particular remote web-based email services, chances are that you will not able to control this by blocking certain designated IP numbers (as filling in the Destination Address in the above packet-filtering table) since some web-based services are based on more than one sever of varying IP addresses, and thus cannot be shut down by only a set of fixed IP addresses. In this case, you need the firewall to work at higher layer.

A firewall working at higher layer provides more refined control over network access. For previous example, if you use an application-level firewall, it can screen the URLs of web-based emails access, such as www.hotmail.com for Microsoft’s email services, and does now allow it to pass through.

An application-level firewall can even zoom into the details of the applications’ data passing through – such as the authentication information, application types, and other types of information – to decide to allow or disallow a particular network connection to continue or not. It can even carry out a detailed inspection of the users’ data going through.

A proxy server is one kind of application-level firewall. I’m sure you have heard of this type of server being used in your or some other company’s network. It’s a popular device because it provides more control of the network traffic passing through. However, it also requires more firewall computation power, so it is slower in performance. It also requires modification of the internet network client to go through the proxy before it can access external network resources.

No matter which type of firewall you are deploying, you need to work out the network access policy with senior management. Otherwise, you will not know what rules you need to set up in your firewall rule table. Simply put, you’ll be installing a tool that has no idea how to protect your network.

¹firewall. (n.d.). Dictionary.com Unabridged (v 1.1). Retrieved June 18, 2008, from Dictionary.com website: http://dictionary.reference.com/browse/firewall

Tags: Packet Filtering Firewall Application-Level Firewall

A firewall’s function is to act as a gatekeeper, keeping Internet “bad guys” out of your internal network. Setting up an effective firewall requires careful planning.

In my view, the Screened Subnet Architecture is a preferred network setup for firewalls to protect your company’s network while at the same time allowing external visitors to access your public service hosts.

What is Screened Subnet Architecture?

Let’s take a look at how a typical Screened Subnet Architecture is setup:

From this diagram, note that there are two, not one, firewalls in the network structure.The exterior firewall is configured to allow external traffic to access the subnet section (Perimeter Network) where you have put the public service hosts (Bastion Hosts) such as your e-mail server, web server, and/or DNS server, for example. The Screened Subnet is  also called “DM Zone”  (demilitarized zone) or simply “DMZ”.The internal firewall acts a second gatekeeper to keep external visitors from directly coming into your internal corporate network.The subnet section where you have put the service hosts is called “Screened Subnet” or “Perimeter Network,” hence the name “Screened Subnet Architecture” has become used for this type of network architecture.

What is the benefit of using Screened Subnet Architecture for a firewall setup?

The advantage of this setup is that if your external hosts are exploited (as they could be since they are serving many external visitors’ requests and are exposed to a greater risk of being hacked), you still have the interior firewall as the second gatekeeper to defend the attacks of the hacker by the exploited hosts. Or if the exterior firewall has been compromised, then the interior firewall can still fend off the hackers’ possible direct intrusion to the corporate internal network.

There are variations of this network setup that serve similar functions. One variation uses a single firewall with three network interfaces: one for the external Internet connection, another for the Screened Subnet, and a third for the internal network. The firewall is configured to allow external visitors to visit the Screened Subnet only, without the authority to access the internal network interface.

This setup, of course, saves the hassle of maintaining two firewalls, making it easier to concentrate on the security maintenance of one single firewall.

However, the disadvantage is that if this only firewall becomes compromised, chances are the attackers can gain access to the internal network by the firewall’s internal interface. This, of course, poses a great security risk to a corporate environment.

Tags:  Exploit Firewall, Firewall Attack, Firewall Hacking, Hacking Firewall

firewall protection

Before you understand the many Firewall Protections, you should know firewall’s limitations first.

Here they are:

• not guarantee data integrity
• not support authenticity of the source of data
• no control over how the packets were created
• not support confidentiality- no encryption among different firewalls unless it is incorporated with VPN features
• don’t protect against some Internet threats like virus attack and/or password cracking
• Do not provide protection from insider threats i.e. Insider Attacks
• can’t protect against traffic that doesn’t go through it (example: dial-up modems in the private network can be a backdoor)
• Once pass through it, it can do nothing!
• Single point of failure

Definitely there are more, can you think of some more?

Related topics: Limitations of Firewall, Single Point of Failure

Bastion Hosts are hosted in the DMZ. Those hosts are designed to serve external visitors who would like to request services from the network owners. HTTP, FTP and SMTP services are common services provided by Bastion Hosts in DMZ. Since Bastion hosts are aimed at supporting external users’ access, they have to be built against possible Internet attacks.

DMZ is setup in the security concept of layered defending. External hackers, even though they can potentially hack those Bastion hosts in success, they still need to figure out the way to get into the internal networks. This extra layer adds difficulty because all external servers are in DMZ. Hackers are unlikely have any direct access to any hosts in the internal network.

To setup DMZ, the most direct way is to use two firewalls with two network interfaces each. One Firewall is connected to internal network and the other one connected to external Internet. These two firewalls are then joined together using their remaining interface to form a subnet called DMZ.

Another solution is to use a Firewall with three network interfaces. One interface is connected to Internet, the other one to internal network and the last one to a DMZ subnet. In this way, we can configurate the firewall rule to operate the DMZ as a middle network between external and internal network.

Statistics shows that most of the network attacks of an organization comes from internal employee and hence most likely comes from internal network. Firewall cannot handle this kind of network attacks.

To compliment Firewall’s limitation in dealing internal network attacks, we need other devices like Intrusion Detection System (IDS), and of course other common security measures in areas like physical security.

Who decides the Internet Access Policy? The information owner! Many people mistaken this to be done by the company’s system administrator. It is wrong. The administrator’s role is to help implementing the firewall policy as per company’s senior management’s intention. It is afterall not the administrator’s call whether a particular service is allowed or not during a particualr period of time.

Since firewall is the gatekeeper between your company’s internal network with the Internet, it should be an important device that you need to put resources to protect. If it is compromised, the intruder can potentially get the direct access to internal network.