Firewall

Tech-Guide Home

Introduction

Firewall is a set of related programs, located at a network gateway server, that protects a network when it is connected to an outside network, especially the Internet. Normally, a Firewall is deployed between a trusted, protected private network and an untrusted public network. This is an extra layer of security built into computers on a network, which restricts access to systems from the outside world.

Firewalls protect against hackers and malicious intruders. It has built-in filters that can disallow unauthorized or potentially dangerous material from entering the system. It also logs attempted intrusions. In order to protect the network from unauthorized access from the outside, users are  identified before they leave or enter the network by way of a User ID, Password or IP address.

Firewalls can be implemented in both hardware and software, or a combination of both. It is usually placed between the users of a LAN and the Internet (some ISPs also use firewalls). The firewall can be set to screen for incoming viruses and only allow access to certain resources on the Internet as a security measure. It can also cache previously visited sites to avoid excessive use of bandwidth.

How does a firewall works?

Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

A typical firewall can perform a number of tasks depending on the complexity of the firewall itself. The basic functions of a firewall are as follows:

Packet Filtering
Data is transmitted over networks and the internet in what are called packets. Each packet contains information about where the data came (i.e. the IP address of the sender) and where it is going to (i.e. the IP address of the receiver). Packets are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.

Packet filtering is a much more advanced mechanism for providing security and is not available in typical small business or home use router devices.

Port Forwarding and Blocking
Port blocking and forwarding are the most fundamental level of firewall security and used by most home or small business users to protect their systems. A firewall can be used to block and forward any ports that user do not want to be open to their systems inside the firewall.

Stealth Mode - Discarding Pings
There is a common mechanism in networked environments for finding out if a particular system is up and running and connected to the network. Typically a utility called ping is given the IP address of the remote system. The ping utility sends a data packet to the remote system represented by the IP address and waits for a reply. If it gets a reply then the user knows that the system at that address is available on the network.

Whilst this seems safe enough, there is actually good reason to configure your firewall to not respond to ping requests. There are hackers around who will send out ping packets to every IP address on the planet and attack those that reply. By not responding to the ping packet you have a greater chance of remaining anonymous to the attacker.

Firewall Protection

There are many ways that unscrupulous people use to access or abuse unprotected computers. The following list is a summary of the types of attacks that be waged against your server:

• Remote login
  When someone is able to connect to your computer and control it in some form. Hackers sometimes use this manner to attack another network using your server as the offending source.
   

• Spam
  Refers to electronic junk mail or junk newsgroup postings. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.
   

• Application backdoors
  Backdoor is a secret or unauthorized channel for accessing computer system. In an attack scenario, hackers install backdoors on a machine, once compromised, to access it in an easier manner at later times.

• SMTP session hijacking
  Stand for Simple Mail Transfer Protocol , SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, hackers can send unsolicited junk e-mail (spam) to thousands of users. This means that your server address will be shown as the sender when in fact it was not you who sent the email.
   

• Operating system bugs
  Similar to the application backdoor attack, this attack uses vulnerabilities in your operating system to gain access to your server and use its resources.
   

• Denial of service
  This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to connect to a unsuspecting server. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By sending repeated requests, the hacker can bog down the server and eventually cause it to crash.
   

• E-mail bombs
  An e-mail bomb are often personal in nature as someone sends you the same e-mail hundreds or thousands of times until your e-mail system can no longer receive any other email.
   

• Macros
  Many programs allow you to create a macro or "script" of actions to perform complicated or lengthy procedures. Hackers have made use of this to create their own macros that, depending on the application, can destroy your data or crash your computer.

• Viruses
  A virus is a small program that spreads from computer to computer, erasing files or crashing entire systems. Some viruses simply manipulate the data on the system while others are more destructive and completely erase all data in the system.
   

• Redirect bombs
  Using Internet Control Message Protocol (ICMP) hackers can redirect data and send it using a different router. This is one of the ways that a denial of service attack is set up.
   

• Source routing
  Data packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from from within the network when in fact it is coming from a possibly dangerous source.

Some of these attacks can be stopped by a firewall but some are only preventable by monitoring attack attempts on your server and making adjustments to your security as necessary.