Tuesday, March 26, 2019
Monday, January 30, 2017
Thursday, October 29, 2015
Wednesday, September 17, 2014
internet security
MOBILE COMPUTING & NETWORK
SECURITY
DESIGN OF A SAFE NETWORK USING
FIREWALL
ABSTRACT:-
The Internet has become an integral
part of human society and business, and its full potential is as yet untapped.
Internet related crimes are rapidly on the increase, with numerous cases of
people illegally accessing private networks. The vulnerability of such networks
was underlined when a group of hackers going by the name "Milworm"
gained access to the B.A.R.C servers sometime ago. These threats pose an
unprecedented challenge to lawmakers and enforcers. Likewise this throws open a
new arena of challenge for Network engineers and designers. A sophisticated
array of security measures is being used to keep the hackers at bay.
The first line of defense against
external threats to networks is a "Firewall".
In this paper we mainly want to
focus on how to design a safe network using firewall and what are the different
firewalls that are present.
What is a
firewall?
A firewall is hardware, software, or a combination of both that is used
to prevent unauthorized programs or Internet users from accessing a private
network and/or a single computer.
- Hardware
Firewalls
–
Protect an entire network
- Software
Firewalls
–
Protect a single computer
Typically it works closely with a
router (which is intended to route traffic as fast as possible).Additionally a
firewall allows authorized users to get through and have
what they need, but you want to
prevent the evildoers from getting through.
Origin of
firewall
The term firewall didn't originate with
network security, but was borrowed from another industry-Firefighting. In some
of the areas in UK ,
the houses are located very close to each other. In the 1990s, a fire broke out
in one of the houses. The fire spread rapidly to all the other houses in the
areas because of the proximity of the other houses. To counter against such a
spread of fire in the future, brick walls were installed between houses. These
brick walls ensure that a fire did not spread to other house. Therefore, the
brick walls acted as barriers of fire. This is how the term “firewall”
originated.
History
Initially, there were not many threats
to network security. With the internet becoming more popular, more companies
are doing business over the web. In addition, the number of attempts to
illegally infiltrate networks has increased. As a result, the need to secure
networks has grown.
Firewalls were implemented on
networks to prevent unauthorized access from external sources. Initially,
firewalls were complex and unreliable hardware devices. Most of the firewalls
were routers that separated a private network from other networks. Over the
years, firewalls have developed into highly reliable solutions. They protect
networks from unauthorized access and play an important part in enforcing a
security policy for a company.
Need for
firewalls
When organizations have their private
networks connected to the internet, a physical connection is established
between the private network and thousands of other unknown networks and their users.
Most private networks contain confidential information that must not be shared
with users outside the network. However, accessibility to private networks
through the internet poses a potential threat to the confidentiality of this
information. Therefore protecting confidential information from people who do
not need to access it and those with malicious intent, is a key security issue.
Organizations invest a considerable amount of effort and money in tools and
technologies to protect their networks from unauthorized access,
vulnerabilities, and threats.
A firewall is a network security
system designed to prevent unauthorized access to a private network to any
other network.
The
Ping of Death
A few months ago, a small crisis arose in the
Internet security world--the infamous ``Ping of Death''. Somewhere in the BSD
socket code, there was a check missing on the size of certain fragmented
network packets. The result was that after reassembling a fragmented packet,
the packet could end up being a few bytes larger than the maximum allowed
packet size. Since the code assumed this could never happen, the internal
variables were not made larger than this maximum. The result was a very nasty
buffer overflow causing arbitrary code to be generated, usually crashing the
machine. This bug affected a large community, because it was present in the BSD
socket code. Since this code has often been used as a base for new software
(and firmware), a wide variety of systems were susceptible to this bug. A lot of devices other than operating systems
were susceptible to this problem--Ethernet switches, routers, modems, printers
and hubs.
The Microsoft Windows operating
systems contain an implementation of the ICMP ping program that miscalculates the
size of a packet. The maximum packet you can tell it to use is 65527, which is
indeed the maximum allowed IP packet. But this implementation created a data
segment of 65527 bytes and then put an IP header on it. Obviously, you end up
with a packet that is larger than 65535
This is a situation where a firewall has a
very valid role. If a security problem of this magnitude is found, you can
disable it at the access point of your network. If you had a firewall at the
time, most likely you filtered out all ICMP packets until you had confirmed
that your database servers were not vulnerable.
There are 4 general
techniques that firewalls use to control access
Service control- Determines
the types of internet services that can be accessed, inbound or outbound.
Direction control-Determines
the direction in which particular service requests may be initiated and allowed
to flow through the firewall
User control-Controls access
to a service according to which user is attempting to access it
Behavior control-Controls how
particular services are used. For example, the firewall may filter e-mail to
eliminate spam.
How Do We
Secure Our Network with One or More Firewalls?
These are the basic questions you should ask:
- What do we
need to protect?
- Against whom
do we need to protect?
- Where do we
place the firewall(s) in the network?
- How do we
configure the firewall?
What Do We Need to
Protect?
Firewall Placement
Most firewalls are used to protect the entire Local Area Network (LAN).
In this case, the Internet router usually acts as the firewall. A properly
configured Internet router filters out the IP numbers used locally (for
instance 10.*, 127.* ,192.x.y.*) to prevent IP spoofing. It should also filter
out all packets from the outside with an IP number that normally can come only
from the inside. Any packet in this category can only be an attempt to trick
your machines, and it should be denied access immediately.
Next, filter out any outgoing IP traffic that doesn't have your
registered class of IP numbers. This is not only to prevent sending out bogus
packets (or to keep your people from spoofing the Internet), it's also for your
own security. If your Internet router doesn't filter out these packets, you
might be routing your printed documents onto the Internet.
Another frequent
use for firewalls is to protect a single machine. If you want to protect a
single machine with a firewall, you must make sure it doesn't depend on
anything outside the firewall; otherwise, your firewall serves no purpose apart
from giving a false sense of security. If the protected server is using data
from an unprotected PC, someone can falsify the information on the PC in order
to do potentially serious damage to your server's data. Someone gaining access
to the PC could also reach the server by pretending to be the trusted PC user.
If the machine relies on other machines, you want to place your firewall a bit
further upstream, so that it can protect those machines as well.
The Complex Network
With complex networks, it is important to know who the threat is. The
threat typically comes from the inside and not the outside, which is protected
by the Internet Router/Firewall machine. Also, don't forget to protect yourself
against your modem pool--IP spoofing can occur from there as well.
Configuring the Firewall
There are basically two ways of configuring your firewall. The first and
most secure setup is “Deny everything unless we explicitly allow it”. The
disadvantage is that you will have a lot of users wondering why certain things
don't work. You might consider this approach in a setup where your firewall
protects a very small subnet containing only servers and no clients.
The
second and easier setup is “Allow everything unless we explicitly deny it”.
This one makes your network fairly open, but controls a few dangerous or
unwanted protocols.
Classification of firewalls
There are many ways to categorize firewalls.
You can classify firewalls as physical appliances or software applications and
on the basis of their deployment. We can also categorize firewalls on the basis
of the Open Systems Interconnection (OSI) layers in which the firewalls
operate.The OSI model has seven layers where each layer provides certain
services. The layers in decreasing order of hierarchy are: application,
presentation, session, transport, network, data link, and physical layer.
Based on the OSI layers in
which firewalls operate, you can classify firewalls into two basic categories.
There are:
·
Network-level
firewalls
·
Application-level
firewalls
·
Circuit-level
gateway
Network-level firewalls:
Network-level firewalls are also known as
packet filter firewalls.
You use network-level firewalls to control the traffic across networks.
Network-level firewalls treat information as a series of packets known as data
packets. These firewalls examines the information contained
in data packets up to the Transport layer of the OSI model to filter data
packets.
A network-level firewall
consists of a router and the firewall itself.
Routers are equipments used to connect two or more networks. The firewalls
can be built on the router or be placed after the router. A network
administrator defines a set of rules to govern a set of rules to govern the
flow of data packets that pass through a firewall. In a network-level firewall,
the router directs traffic to the appropriate network on the basis of the
network address. The network-level firewall examines whether the source
address, destination address, protocol and port match the set of rules
configured on the firewall.
Therefore, in a
network-level firewall, the router decides whether the data is intended for the
network. The firewall decides whether the packet is for an acceptable use. The
speed of network-level firewalls is high because these firewalls process a
limited amount of data. In addition, these firewalls perform a limits number of
logging activities.
The network of the organization
shown in the above figures has two servers, Mail and FTP.The network has a
network-level firewall that uses a router. In the above diagram, a source
computer with a unique IP address on the internet sends data packets to the
network. The router examines the IP addresses of the data packets to determine
their destination. The firewall examines the source and destination addresses, protocol and port
to check if the packets conform to the security
policy of the organization. If these match the security rules of the
firewall, the packets are allowed. Otherwise, they are rejected.
A Simple PFF : Example
boolean allow
(packet) {
if (! match
(packet.source,”130.194.*.*”))
return false;
/* Only allow packets from 130.194.*.* */
else if (match (packet.source,
“140.194.225.*”))
return false;
/* Allow all packets from 130.194.*.*, except
from subnet 225.*/
Else
return true; }
Application-level
firewalls:
Application-level
gateways firewalls, also called proxy-based firewalls,
Operate at the application level. They are usually implemented by
implementing
Separate proxy application for each service. They provide all the basic
proxy
features and also provides extensive packet analysis. The client needs to
provide valid user ID and authentication information to the proxy server in
order to communicate with the destination service. In effect, the proxy
establishes the connection with the destination behind the firewall and acts on
behalf of the client, hiding and protecting individual computers on the network
behind the firewall. Since all communication is conducted through the proxy
server, computers behind the firewall are protected. A typical
application-level gateway can provide proxy services for applications and
protocols like Telnet, FTP (file transfers), HTTP(Web services), and SMTP (e-mail).Except
the disadvantage that they require great memory and processor resources
compared to other firewall technologies, application- level gateways have a
number of general advantages over the default mode of permitting application
traffic directly to internal hosts. Below are some:
- Information hiding, in which the names of
internal systems need not
necessarily be made known to outside systems, since the application
gateway is the only host whose name has to be known to outside systems.
- Robust authentication and logging, in
which the application traffic can be
Pre-authenticated before it reaches internal hosts and can be logged more
effectively than if logged with standard host logging,
- Less-complex filtering rules, in which the
rules at the packet filtering
router will be less complex than they would be. The router need only
direct application traffic to the application gateway and reject the rest.
Circuit-level gateway :
It is basically used for TCP connections. It examines each connection setup
to
ensure that it follows a legitimate handshake for the transport layer
protocol being
used. Circuit level gateways do not examine each packet rather they monitor
each
connection at first. Once a connection (with a unique session identifier)
is
established, all other packets in that session are allowed to cross the
gateway.
Generally, circuit-level gateway is faster than application-level gateway
because of fewer evaluations, and it can secure the entire network by
prohibiting
connections between specific internet sources and internal hosts. One of
the
biggest disadvantages is that it cannot restrict access to protocol subsets
other than
TCP.
Advantages:
- A firewall
prevents unauthorized internet users from accessing a private network
connected to the internet.
- It enforces
a security policy by allowing a single point for implementing and
controlling all security decisions to be made.
- It filters,
monitors, and logs the sessions between any two networks.As a result your
exposure to the internet is also limited.
Conclusion:
As can be seen by
the ``Ping of Death'' example, firewalls can be a life saver. Furthermore, we
have seen that it is fairly easy to configure the firewall. To prevent your
internal network from exposing to malicious attacks, a firewall is absolutely
necessary. Based on the knowledge about the attacks and the features of each
type of firewall, network security can be realized as much as possible.
References:
·
Linux Journal by Paul Wouters, 2006
·
Fundamentals of Network Security by Eric
Maiwald, Dreamtech press
·
Network Security Essentials by William
Stallings, Pearson Education
·
Basics of network security, firewalls and vpns,
Prentice-Hall India
Thursday, September 11, 2014
Subscribe to:
Posts (Atom)