FIREWALLS

Prepared and presented By Rahat Azim Chowdhury Junior Researcher Genesis Technologies Ltd.

What are firewalls?

a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization

Source: Vicomsoft tutorial

Its main objectives are to filter:

what should come in the intranet (inbound traffic) and what should come out of the intranet (outbound traffic).

How firewalls work?

Using one of two access denial methodologies:

may allow all traffic through unless it meets certain criteria, or may deny all traffic unless it meets certain criteria

Note: many other access systems also use this allow/deny rule.

Firewall layer

traditional OSI and TCP/IP layers

Modern firewalls have their own communications layer

Firewall types

Packet Filtering Firewall:

They are usually part of a router and each packet is compared to a set of criteria before it is forwarded, dropped, or a message is sent to the originator.

Circuit level Gateway: they

monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. On the other hand, they do not filter individual packets.

Firewall types (continued)

Application level gateways:

also called proxies, are application specific. An application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. They offer a high level of security, but have a significant impact on network performance.

Stateful Multilayer Firewalls:

combine aspects of the other three types of firewalls. They filter packets at the network layer and evaluate contents of packets at the application layer. They allow direct connection between client and host, and they rely on algorithms to recognize and process application layer data instead of running application specific proxies.

Hardware gateways

Market: they are in the upswing, see this article. Cisco: product line and some problems. WatchGuard: product line. SonicWall: product line. D-Link: product line (a low cost SOHO player). How they work: D-Link example. Filtering inbound traffic: allowing special applications, redirecting traffic to specific servers, denying all other inbound traffic. Filtering outbound traffic: allowing/denying specific LAN hosts to use certain ports. NAT and DHCP: all LAN hosts use local IP numbers, only the gateway has both a local IP number and a regular Internet IP number. NAT - network address translation - converts the request of a host in the LAN to the gateway IP number when sending an outbound request, and convert back to the local IP number when receiving an inbound reply. DHCP: automatically assigns local IP numbers, DNS, etc., to hosts in the LAN, as shown in this example (disabled).

Software firewalls

Market: dominant in SOHO and a player in business. F.W.T.K. org: how it all started, still a free firewall toolkit. Checkpoint: FireWall-1, a leader in business networks CSI: comparison table, mostly for business networks. Zone Labs: a leader in SOHO networks, free for personal use. Tiny Software: also a leader in SOHO, also free for personal use. Network ICE: another leader in SOHO, see it here. Symantec: a traditional Windows developer built a solid firewall. How they work: similar to hardware, but using a generic computer as the firewall device. Tiny example: once downloaded and installed it is set by default to block all inbound traffic and ask for authorization for outbound traffic, creating, or not rules, as you choose. You can create rules directly, and see status of the connections in your host. ZoneAlarm example: similarly blocks all inbound traffic, require you to setup security levels for LAN and Internet. Ask for authorization for outbound traffic, adding authorized programs to the list.

Firewall resources

Internet connection sharing and gateway: Wingate: the pioneer proxy SOHO software (includes firewall,) Sygate: the pioneer NAT SOHO software (also includes firewall). Windows XP: the ICF is a stateful firewall (a plus for XP). General resources Firewall.com Internet Firewalls: Frequently Asked Questions Firewall and Proxy Server HOWTO Shields UP Personal Firewalls Intrusion Detection Systems: FAQ Security of firewalls: proper configuration ... Leak test: LeakTest, PC World and PC Magazine articles. Wingate: read book to close vulnerabilities (telnet, mail, IRC), see here list of servers. Scanning through firewalls: Hping.

THANKS TO ALL

Prepared and presented By Rahat Azim Chowdhury

Junior Researcher Genesis Technologies Ltd.