2. The term firewall was in use by Lightoler as early as [1764] to describe
walls which separated the parts of a building most likely to have a fire (e.g.,
a kitchen)from the rest of a structure. These physical barriers prevented or
slowed a fire's spread throughout a building, saving both lives and
property.
A firewall is simply a program or hardware device that filters the
information coming through the Internet connection into your
private network or computer system.
3. IP addresses - Each machine on the Internet is assigned a unique address called an IP
address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted
decimal number." A typical IP address looks like this: 216.27.61.137
Domain names - Because it is hard to remember the string of numbers that make up an
IP address, and because IP addresses sometimes need to change, all servers on the Internet
also have human-readable names, called domain names A company might block all access
to certain domain names, or allow access only to specific domain names.
Ports - Any server machine makes its services available to the Internet using numbered
ports, one for each service that is available on the server .For example, if a server machine
is running a Web (HTTP) server and an FTP server, the Web server would typically be
available on port 80, and the FTP server would be available on port 21. A company might
block port 21 access on all machines but one inside the company.
Packet : On the Internet, the network breaks an e-mail message into parts of a certain size
in bytes. These are the packets. Each packet carries the information that will help it get to
its destination -- the sender's IP address, the intended receiver's IP address, something that
tells the network how many packets this e-mail message has been broken into and the
number of this particular packet. The packets carry the data in the protocols that the
Internet uses: Transmission Control Protocol/Internet Protocol (TCP/IP). Each packet
contains part of the body of your message. A typical packet contains perhaps 1,000 or
1,500 bytes.
4. Protocols - The protocol is the pre-defined way that someone who wants to use a
service talks with that service. The "someone" could be a person, but more often it
is a computer program like a Web browser. Protocols are often text, and simply
describe how the client and server will have their conversation. The http in the
Web's protocol. Some common protocols that you can set firewall filters for
include:
IP (Internet Protocol) - the main delivery system for information over the Internet
TCP (Transmission Control Protocol) - used to break apart and rebuild information
that travels over the Internet
HTTP (Hyper Text Transfer Protocol) - used for Web pages
FTP (File Transfer Protocol) - used to download and upload files
UDP (User Datagram Protocol) - used for information that requires no response,
such as streaming audio and video
ICMP (Internet Control Message Protocol) - used by a router to exchange the
information with other routers
SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-
mail)
SNMP (Simple Network Management Protocol) - used to collect system information
from a remote computer
Telnet - used to perform commands on a remote computer
5. The OSI Reference Model is a set of seven layers that define the different stages
that data must go through to travel from one device to another over a network.
A protocol stack is a group of protocols that all work together to allow software or
hardware to perform a function. The TCP/IP protocol stack is a good example. It
uses four layers that map to the OSI model as follows:
6. Firewalls use one of the following methods to control traffic flowing in and out of the
network:
Packet filtering - Packets (small chunks of data) are analyzed against a set of filters.
Packets that make it through the filters are sent to the requesting system and all others
are discarded.
Packet filters use one or more of the following pieces of information to make their
decision on whether or not to forward the packet [Reed 2002a]:
source address
destination address
whether the packet is inbound or outbound
7. Advantages of Packet Filtering :
Packet filtering is "free." If you already have a router, it
probably supports packet filtering. On a small LAN a
single router can be sufficient for use as a packet filter.
Theoretically, you only need one, at the point where your
LAN connects to the Internet or an external network.
This provides a "choke point" for the network.
You don't have to train users or use any special client or
server programs to implement packet filters. The
screening router or packet filtering host transparently
does all the work to the clients in your network.
8. Disadvantages of Packet Filtering Firewall :
Difficulty of setting up packet filtering rules
Another drawback of packet filtering is that it cannot determine which user is causing
which network traffic. It can inspect the IP address of the host where the traffic
originates, but a host is not the same as a user. If an organization with a packet-
filtering firewall is trying to limit the services some users can access, it must either
implement an additional, separate protocol for authentication or use the IP address of
the user's primary machine as a weak replacement for true user authentication.
Also, because IP addresses can be spoofed, using them for authentication can lead to
other problems.
9. A stateful firewall is a firewall that keeps track of the state of network connections
(such as TCP streams, UDP communication) traveling across it.
The firewall is programmed to distinguish legitimate packets for different types of
connections.
Only packets matching a known active connection will be allowed by the firewall;
others will be rejected
Information traveling from inside the firewall to the outside is monitored for specific
defining characteristics, then incoming information is compared to these
characteristics.
If the comparison yields a reasonable match, the information is allowed through.
Otherwise it is discarded.
10. Advantages of stateful inspection :
More secure .
No need to write long and insecure filtering rules.
Mechanism is faster.
Disadvantages of stateful inspection :
Cache table overflow: If a firewall of a very large or busy network with less
memory has filled its memory with cache ,it will start evicting cache entries and
the connections will drop.
Time out too short :If the user has been inactive for a long time ,the cache entry
is evicted and the connection is lost.
11. Developed by Cisco, Network Address Translation is used by a device
(firewall, router or computer) that sits between an internal network and the rest of the
world.
Implementing dynamic NAT automatically creates a firewall between your internal
network and outside networks, or between your internal network and the Internet.
A computer on an external network cannot connect to your computer unless your
computer has initiated the contact. You can browse the Internet and connect to a site,
and even download a file; but somebody else cannot latch onto your IP address and
use it to connect to a port on your computer.
12. Circuit level gateways work at the session layer of the OSI model, or the TCP
layer of TCP/IP.
They monitor TCP handshaking between packets to determine whether a
requested session is legitimate. Information passed to remote computer
through a circuit level gateway appears to have originated from the gateway.
This is useful for hiding information about protected networks.
Circuit level gateways are relatively inexpensive and have the advantage of
hiding information about the private network they protect.
On the other hand, they do not filter individual packets.
13. Application level gateways, also called proxies, are similar to circuit-level gateways
except that they are application specific. They can filter packets at the application layer
of the OSI model.
Incoming or outgoing packets cannot access services for which there is no proxy. In
plain terms ,an application level gateway that is configured to be a web proxy will not
allow any ftp, other traffic through. Because they examine packets at application layer,
they can filter application specific commands such as http:post and get, etc.
They offer a high level of security, but have a significant impact on network
performance. This is because of context switches that slow down network access
dramatically.
They are not transparent to end users and require manual configuration of each client
computer.
15. The Golden Shield Project is a censorship and surveillance
project operated by the Ministry of Public Security(MPS)
division of the government of China. The project was initiated
in 1998 and began operations in November 2003.
It has been nicknamed "the Great Firewall" in reference to its
role as a network firewall and to the ancient Great Wall of
China.
A major part of the project includes the ability to block content
by preventing IP addresses from being routed through and
consists of standard firewalls and proxy servers.
16. Web sites belonging to "outlawed" or suppressed groups, such
as pro-democracy activists.
News sources that often cover topics that are considered
defamatory against China, such as police brutality, freedom of
speech, democracy, and Marxist sites. These sites
include Voice of America and the Chinese edition of BBC
News.
Most blogging sites like Twitter experience frequent or
permanent outages.
17. Web sites that contain anything the Chinese authorities regard
as obscenity or pornography.
Web sites relating to criminal activity.
Sites linked with the Dalai Lama, his teachings or
the International Tibet Independence Movement.
Social networking sites like Facebook are also blocked.
18. The English-language BBC website (but not the Chinese
language website).
YouTube, although it has been subsequently re-blocked.
Wikipedia (wikipedia.org), HTTPS version is not blocked.
However, if one uses HTTP, many wikis are blocked.
Social websites and free web hosting websites. However, these
have also been re-blocked.
Some foreign news websites.
Dropbox has been unblocked, although the reason for this is
still unclear
19. Despite strict government regulations, the Chinese people are
continuing to protest against their government’s attempt to censor
the Internet.
They can also utilize the widely available proxies and virtual private
networks to fanqiang, or "climb the wall.”
In January 2010,Google announced that it will no longer censor its
Web search results in China, even if this means it might have to
shut down its Chinese operations altogether which ultimately led to
the blocking of all google search sites.
20. Denial of service:
In feb 2000 many websites such as Yahoo,Amazon,CNN etc were attacked and were shut
down for hours .Yahoo lost a million $ /minute
Viruses:
Malicious program inserted in an executable file .When executed spreads and infects other
files.The effects include inability to boot,deletion of file,inability to create file etc .
Trojan Horse:
Creates backdoor which gives the hacker access to private and confidential information. Eg:
black orifice,freelink,back door g etc.
Worm:
On May 4,2000 a fast moving computer worm called “lovebug” spread by email to millions
of computers and deleted every .jpeg and .mp3 file on computer.
Macro Virus:Infects word or excel documents and is spread by email attachment.
Remote login by Hackers.
E-mail bomb
21.
22. Provide
◦ configurable packet filtering
◦ NAT/DHCP
Eg :
Linksys – single board RISC based linux computer
D-Link
24. A firewall cannot prevent users or attackers with modems from dialing in to or out of
the internal network, thus bypassing the firewall and its protection completely.
Firewalls cannot stop internal users from accessing websites with malicious code,
making user education critical.
Firewalls cannot protect you when your security policy is too lax.
Email viruses :
Email viruses are attached to email messages. A firewall can't determine the contents
of email messages, so it can't protect you from these types of viruses. You should use
an antivirus program to scan and delete suspicious attachments from an email message
before you open it. Even when you have an antivirus program, you should not open
an email attachment if you're not positive it's safe.
Phishing scams :
Phishing is a technique used to trick computer users into revealing personal or
financial information, such as a bank account password. A common online phishing
scam starts with an email message that appears to come from a trusted source, but
actually directs recipients to provide information to a fraudulent website. Firewalls
can't determine the contents of email messages, so they can't protect you from this
type of attack.
25. Discuss the role of firewall ? Explain in detail
firewall components and list the benefits of
an internet firewall (10 mks)