WEST VIRGINIA UNIVERSITY

Firewalls
[Type the document subtitle]
CS101
11/19/2009

An Introduction to Firewalls
Contents
1. Definition: ............................................................................................................. 2
2. Why do we require firewalls? ................................................................................... 2
2.1 What is an attack? ............................................................................................. 2
3. Types of Firewalls (Krause) ...................................................................................... 2
3.1 Static packet filter .............................................................................................. 2
3.1.1 Advantages ................................................................................................. 3
3.1.2 Disadvantages ............................................................................................. 3
3.2 Dynamic Packet Filter ......................................................................................... 3
3.2.1 Advantages ............................................................................................... 4
3.2.2 Disadvantages .......................................................................................... 4
3.3 Circuit level Gateway .......................................................................................... 4
3.3.1 Advantages ............................................................................................... 5
3.3.2 Disadvantages .......................................................................................... 5
3.4 Application level Gateway ...................................................................................... 5
3.4.1 Proxy Server .................................................................................................. 6
3.4.2 Advantages .................................................................................................. 6
3.4.3 Disadvantages ............................................................................................. 6
4. Latest Firewall Technologies ..................................................................................... 6
5. A review about the Windows Firewall (Vamosi) ........................................................... 7
Works Cited ............................................................................................................... 7
 Firewalls
1. Definition:
A firewall is defined as a hardware device/software that provides
secure access between the internal network and the external network.

2. Why do we require firewalls?

A firewall is a device or software which will act like a filer and filter out all
network traffic which does not meet the specified rules. Let us say that we
wanted to block network traffic from a certain IP range or block certain ports
from communicating with untrusted networks, we can do this using a
firewall. Firewall will protect our internal network from external attacks.

2.1 What is an attack?

When people are attempting to access contents or doing things that can
potentially harmful to our network, we refer such attempts as attacks. With
every company around the globe moving towards computer networks and
internet to carry out day to day operations protection from these sorts of
attacks has become inevitable. In recent times even companies such as MTV
experienced unauthenticated access to their networks which lead to the loss
of valuable information. (MacRonin)

So protect the internal network from unauthorized access institutions round

the globe are using various security tools one of which is a firewall. To
understand how a firewall works we have to look different types of firewalls.

3. Types of Firewalls (Krause)

1. Static packet filter

2. Dynamic packet filter

3. Circuit level gateway

4. Application level gateway

3.1 Static packet filter

It is one of the oldest firewall architecture and it operates in the
network layer. The administrator can define rules which packets are
accepted and which packets are denied. The static filter will scan for IP
header data and TCP header data.
The decision to accept and deny packets is based on examination of specific
fields.

 Source address

 Destination address

 Application or protocol

 Source port number

 Destination port number

The IP header information allows the administrators from blocking or accepts

packets from certain IP’s or IP ranges. The TCP header information allows
the administrator to write service-specific rules (i.e., allow or deny packets
to or from ports) related to specific services. A combination of the above
stated services is also possible like blocking the HTTP service from a certain
IP’s.

3.1.1 Advantages
 Low impact on network performance

 Low cost- included in many operating systems

3.1.2 Disadvantages
 Operates in the network layer, examines only the IP header and TCP
header. So it is not aware of the packet payload.

 Lack of state awareness, susceptible to IP spoofing.

 Offers low level of protection.

3.2 Dynamic Packet Filter

The dynamic packet filter was designed to overcome the limitation
the static packet filter had that it is not state aware. The dynamic packet
filter operates in the network layer. The dynamic packet filter will base its
decision to deny/accept packet based upon examination of IP and protocol
header.
  Source address

 Destination address

 Application or protocol

 Source port number

 Destination port number

A dynamic filter is a static packet that is state aware, i.e. it can differentiate
between a new and an established connection. After a connection is
established information about this connection is stored in a table on RAM,
any packet from this connection will be allowed to go ahead without any
further processing. This is a very important performance enhancement
feature in the Dynamic packet filter. (zebulebu)

The dynamic packet filter had some performance issue when it was used
with RISC processors. In order to overcome this some of the vendors
designed firewalls that violated the RFC guide lines for three way hand
shake. Some of the firewall designed would open a connection when the
server received a single SYN packet. This was a big security issue during
that period.

3.2.1 Advantages

 Lowest impact on network performance

 Low cost
 State awareness improves the performance when compared to a static
filter

3.2.2 Disadvantages

 Operates in the network layer, examines only the TCP and IP header,
does not examine the packet payload
 Susceptible to IP spoofing
 Can create a problem when RFC recommended hand shake is not
followed
 Provided a low level of protection

3.3 Circuit level Gateway

The circuit level gateway operates in the session layer. Circuit level
gateway is basically a packet filter with additional features namely
verification of proper handshaking and the legitimacy of the sequence
numbers used in establishing the connection.

The circuit level gateway examines and validates TCP and UDP
sessions before if open up a connection or circuit through the firewall. So it
will provide more security than the static packet and dynamic packet filter.
The decisions to accept/deny the traffic is based examining

 Source address

 Destination address

 Application or protocol

 Source port number

 Destination port number

The circuit level gateway will determine if the session is legitimate using the
SYC flags, ACK flags and sequence numbers involved in TCP handshaking
between the trusted client and untrusted host and if the connection is
legitimate, it will use the packet filter rules to check if the packet can be
passed.

3.3.1 Advantages

 Less impact on network performance

 Breaks direct connection between the untrusted host and trusted client
 Higher level security than the static and dynamic filter.

3.3.2 Disadvantages

 Does not examine the packet payload.

 Low to moderate security level.

3.4 Application level Gateway

An application level proxy will run proxies that copy and forward
information across the gateway as function as proxy server. This will prevent
any direct connection between the trusted and untrusted networks. Features
of these firewalls can include user authentication systems and the capability
to control which systems an outside user can access on the internal network.
(Brainbell)

3.4.1 Proxy Server

A proxy server (sometimes referred to as an application gateway or
forwarder) is an application that mediates traffic between a protected
network and the Internet. Since proxies must ``understand'' the application
protocol being used, they can also implement protocol specific security (e.g.,
an FTP proxy might be configurable to permit incoming FTP and block
outgoing FTP). Proxy servers are application specific. In order to support a
new protocol via a proxy, a proxy must be developed for it.

3.4.2 Advantages

 Highest level of security

 Capable of eliminating Buffer over flow
 Breaks direct connection to server behind firewall eliminating the risk
of an entire class of covert channel attacks

3.4.3 Disadvantages

 Must be written very carefully

 Vendors must keep up with latest protocols

4. Latest Firewall Technologies

One of the latest firewall technologies is Deep packet inspection. Deep
packet inspection combines firewall and IDS technologies together to
analyze packets and make better decisions. DPI’s deeply analyze packet
contents, including information from all seven layers of the OSI model.

DPI base their accept/deny decision using several technologies which include

 Protocol anomaly detection

 Signature scanning,

So when a packet arrives they typically compare the packet against vendor
suppiled definiton and also check for protocol anomolies. Regular vendor
updates are required to prevent latest attacks bypassing overpowering the
firewall.

5. A review about the Windows Firewall (Vamosi)

Windows operating systems (which has OS market share of 91.8%)
did not have an effective firewall system built into it until 2004. The firewall
which XP with SP2 had was a simple inbound traffic blocker. The problem
which many people had with the system was this it was able to prevent
spyware from getting in to your system but did not block an existing
spyware from creating an outbound connection and affect others.

Microsoft did make improvements to its Firewall system in its latest

OS Vista. The firewall in Vista has a few special features. The firewall in vista
will start up when the OS starts to boot which will minimize the change of a
malware program getting into the PC during startup. The firewall is not
designed to handle both inbound and out bound filtering and it integrates
IPSec protocol. (Wikipedia- Windows Firewalls).

Works Cited
1. Brainbell.
<http://www.brainbell.com/tutorials/Networking/Application_Gateway_Firewalls.html
>.

2. Krause, Harold Tipton and Micki. Information Security Management Handbook,

6th ed. Auerbach Publishing, 2007.

3. MacRonin. Breach at MTV. 08 March 2008.

<http://www.privacydigest.com/2008/03/08/breach+mtv+computer+files>.

4. Vamosi, Robert. Outward bound with Vista's new firewall. 06 June 2006.
<http://reviews.cnet.com/4520-3513_7-6536942-1.html>.

5. Wikipedia- Windows Firewalls. 13 03 2008.

<http://en.wikipedia.org/wiki/Windows_Firewall>.

6. Zebulebu. Cert Forums. Aug 2006.

<http://www.certforums.co.uk/forums/thread18698.html>.