You are on page 1of 5

Firewalls

BY
A.Pa
vanidevi
1
/3 M.C.A
Roll No:1
Bapatla engg col.

Contents
1. Definition:
2. Why do we require firewalls?
2.1 What is an attack?
3. Types of Firewalls (Krause)
3.1Static packet filter
3.1.1 .Advantages
3.1.2 .Disadvantages
3.2Dynamic Packet Filter
3.2.1.Advantages
3.2.2.Disadvantages
3.3Circuit level Gateway
3.3.1.Advantages
3.3.2.Disadvantages
3.4Application level Gateway
3.4.1.Proxy Server
3.4.2.Advantages
3.4.3.Disadvantages
4. Latest Firewall Technologies
5. A review about the Windows Firewall (Vamosi)
Works Cited

Firewalls
1.Definition:
A firewall is defined as a hardware device/software that provides
secure access between the internal network and the external network.
2.Why do we require firewalls?
A firewall is a device or software which will act like a filer and f
ilter out all network traffic which does not meet the specified rules. Let us sa
y that we wanted to block network traffic from a certain IP range or block certa
in ports from communicating with untrusted networks, we can do this using a fire
wall. Firewall will protect our internal network from external attacks.
2.1 What is an attack?
When people are attempting to access contents or doing things that can potentia
lly harmful to our network, we refer such attempts as attacks. With every compan
y around the globe moving towards computer networks and internet to carry out da
y to day operations protection from these sorts of attacks has become inevitable
. In recent times even companies such as MTV experienced unauthenticated access
to their networks which lead to the loss of valuable information. (MacRonin).
So protect the internal network from unauthorized access institutions round the
globe are using various security tools one of which is a firewall. To understan
d how a firewall works we have to look different types of firewalls.
3. Types of Firewalls (Krause)
1. Static packet
2. Dynamic packet filter
3. Circuit level gateway
4. Application level gateway
3.1 Static packet filter
It is one of network layer. The accepted and which header data
and TCP the oldest firewall architecture and it operates in the administrator ca
n define rules which packets are packets are denied. The static filter will scan
for IP header data.
The decision to accept and deny packets is based on examination of specific fiel
ds.
• Source address
• Destination address
• Application or protocol
• Source port number
• Destination port number
The IP header information allows the administrators from blocking or accepts pac
kets from certain IP’s or IP ranges. The TCP header information allows the adminis
trator to write service-specific rules (i.e., allow or deny packets to or from p
orts) related to specific services. A combination of the above stated services i
s also possible like blocking the HTTP service from a certain IP’s.
3.1.1 Advantages
• Low impact on network performance
• Low cost- included in many operating systems
3.1.2 Disadvantages
• Operates in the network layer, examines only the IP header and TCP header. So it
is not aware of the packet payload.
• Lack of state awareness, susceptible to IP spoofing.
• Offers low level of protection.
3.2 Dynamic Packet Filter
The dynamic packet filter was designed to overcome the lim
itation the static packet filter had that it is not state aware. The dynamic pac
ket filter operates in the network layer. The dynamic packet filter will base it
s decision to deny/accept packet based upon examination of IP and protocol heade
r.
• Source address
• Destination address
• Application or protocol
• Source port number
• Destination port number
A dynamic filter is a static packet that is state aware, i.e. it can differentia
te between a new and an established connection. After a connection is establishe
d information about this connection is stored in a table on RAM, any packet from
this connection will be allowed to go ahead without any further processing. Thi
s is a very important performance enhancement feature in the Dynamic packet filt
er. (zebulebu)
The dynamic packet filter had some performance issue when it was used with RISC
processors. In order to overcome this some of the vendors designed firewalls tha
t violated the RFC guide lines for three way hand shake. Some of the firewall de
signed would open a connection when the server received a single SYN packet. Thi
s was a big security issue during that period.
3.2.1 Advantages
• Lowest impact on network performance
• Low cost
• State awareness improves the performance when compared to a static filter
3.2.2 Disadvantages
• Operates in the network layer, examines only the TCP and IP header, does not exa
mine the packet payload
• Susceptible to IP spoofing
• Can create a problem when RFC recommended hand shake is not followed
• Provided a low level of protection
3.3 Circuit level Gateway
The circuit level gateway operates in the session la
yer. Circuit level gateway is basically a packet filter with additional features
namelyverification of proper handshaking and the legitimacy of the sequence num
bers used in establishing the connection.
The circuit level gateway examines and validates TCP and UDP sessions before if
open up a connection or circuit through the firewall. So it will provide more se
curity than the static packet and dynamic packet filter. The decisions to accept
/deny the traffic is based examining
• Source address
• Destination address
• Application or protocol
• Source port number
• Destination port number
The circuit level gateway will determine if the session is legitimate using the
SYC flags, ACK flags and sequence numbers involved in TCP handshaking between th
e trusted client and untrusted host and if the connection is legitimate, it will
use the packet filter rules to check if the packet can be passed.
3.3.1 Advantages
• Less impact on network performance
• Breaks direct connection between the untrusted host and trusted client
• Higher level security than the static and dynamic filter.
3.3.2 Disadvantages
• Does not examine the packet payload.
• Low to moderate security level.
3.4 Application level Gateway
An application level proxy will run proxies that copy and f
orward information across the gateway as function as proxy server. This will pre
vent any direct connection between the trusted and untrusted networks. Features
of these firewalls can include user authentication systems and the capability to
control which systems an outside user can access on the internal network. (Brai
nbell)
3.4.1 Proxy Server
A proxy server (sometimes referred to as an application gateway or forwarder) is
an application that mediates traffic between a protected network and the Intern
et. Since proxies must ``understand the application protocol being used, they
can also implement protocol specific security (e.g., an FTP proxy might be confi
gurable to permit incoming FTP and block outgoing FTP). Proxy servers are applic
ation specific. In order to support a new protocol via a proxy, a proxy must be
developed for it.
3.4.2 Advantages
• Highest level of security
• Capable of eliminating Buffer over flow
• Breaks direct connection to server behind firewall eliminating the risk of an e
ntire class of covert channel attacks
3.4.3 Disadvantages
• Must be written very carefully
• Vendors must keep up with latest protocols
4. Latest Firewall Technologies
One of the latest firewall technologies is Deep packet inspection.
Deep packet inspection combines firewall and IDS technologies together to analy
ze packets and make better decisions. DPI’s deeply analyze packet contents, includ
ing information from all seven layers of the OSI model.
DPI base their accept/deny decision using several technologies which include
• Protocol anomaly detection
• Signature scanning,
So when a packet arrives they typically compare the packet against vendor suppil
ed definiton and also check for protocol anomolies. Regular vendorupdates are re
quired to prevent latest attacks bypassing overpowering the firewall.
5. A review about the Windows Firewall (Vamosi)
Windows operating systems (which has OS market share of 91.8%) did not have an e
ffective firewall system built into it until 2004. The firewall which XP with SP
2 had was a simple inbound traffic blocker. The problem which many people had wi
th the system was this it was able to prevent spyware from getting in to your sy
stem but did not block an existing spyware from creating an outbound connection
and affect others.
Microsoft did make improvements to its Firewall system in its latest OS Vista. T
he firewall in Vista has a few special features. The firewall in vista will star
t up when the OS starts to boot which will minimize the change of a malware prog
ram getting into the PC during startup. The firewall is not designed to handle b
oth inbound and out bound filtering and it integrates IPSec protocol. (Wikipedia
- Windows Firewalls).
Works Cited
1. Brainbell. <http://www.brainbell.com/tutorials/Networking/Application_Gateway
_Firewalls.html >.
2. Krause, Harold Tipton and Micki. Information Security Management Handbook, 6t
h ed. Auerbach Publishing, 2007.
3. MacRonin. Breach at MTV. 08 March 2008. <http://www.privacydigest.com/2008/03
/08/breach+mtv+computer+files>.
4. Vamosi, Robert. Outward bound with Vista s new firewall. 06 June 2006. <http:
//reviews.cnet.com/4520-3513_7-6536942-1.html>.
5. Wikipedia- Windows Firewalls. 13 03 2008. <http://en.wikipedia.org/wiki/Windo
ws_Firewall>.
6. Zebulebu. Cert Forums. Aug 2006. <http://www.certforums.co.uk/forums/thread18
698.html>.