1

1. INTRODUCTION
Initially, there were not many threats to network security. With the
Internet becoming more popular, more companies are doing business over
the web. In addition, a number of attempts to illegally infiltrate networks
have increased. As a result, the need to secure networks has grown.
Firewalls were implemented on networks to prevent unauthorized access
from external sources. Initially firewalls were complex & unreliable
hardware devices. Most of the firewalls were routers that separate a private
network from other networks.
Over the years, firewalls have developed into highly reliable solutions.
They protect networks from unauthorized access & play an important
part in enforcing the security policy for a company. The firewall
examines each packet of data that passes through it & allows the
authorized data.
The Internet has made large amounts of information available to the
average computer user in business, in education and at home. For many
people having access to this information is no longer just an advantage, it
is essential. Yet connecting a private network to the Internet can expose
critical or confidential data to malicious attack from anywhere in the world
and raises serious Internet security questions. Users who connect their
computers to the Internet must be aware of these dangers, their
implications and how to protect their data and their critical systems.
Firewalls can protect both corporate networks and individual computers
from hostile intrusion from the Internet, must be understood to be used
correctly. This document is intended to help you achieve this
understanding, and to help you choose the best firewall for your needs.
 2

2. WHAT IS A FIREWALL?
Firewall is a device, which is placed between something dangerous,
and something to be protected. A typical firewall configuration starting
from the left the physical connection to the outside world attached to a
border router, which may be under the local area network administrator or
another organization. A LAN network such as an Ethernet is attached to
the border router. This network is known as de-militarized zone (DMZ). It
provides an attachment point for the bastion hosts which provide external
connection points for services such as email, web, etc.

Figure 2: Firewall

3. TYPES OF FIREWALLS
Software firewall & hardware firewall are the basic firewalls a user can
install.
 3

3.1.SOFTWARE FIREWALL

Figure 3.1 Software Firewall

A software firewall runs on your computer system in the background.eg:

zonealarm pro.

Advantages:
1. They are generally very inexpensive.
2. They are very easy to configure.

Disadvantages:
1. They can introduce incompatibilities into your operating system.
2. You must install exactly the correct version for your operating system.
3. You must purchase one copy for each system on your home network.
 4

HARDWARE FIREWALL

Figure 3.2: Hardware Firewall

A hardware firewall is generally a small box, which sets between your

computer & your modem.eg: sonicwall.

Advantages:
1. They provide more complete protection than software firewalls.
2. They protect more than one system at home.
3. They do not affect system performance.
4. Independent of operating system.

Disadvantages:
1.They are expensive.
2.Difficult to configure.

The best protection is a combination of both hardware & software

firewalls, since both have different advantages & disadvantages.
 5

4. CONVENTIONAL TYPES OF FIREWALLS

Conventionally, there are three types of firewalls:
• Network layer
• Application layer
• Proxies & DMZ
The International Standards Organization (ISO) Open Systems
Interconnect (OSI) model for networking defines seven layers, where each
layer provides services that ``higher-level'' layers depend on. In order from
the bottom, these layers are physical, data link, network, transport, session,
presentation, and application.
The important thing to recognize is that the lower-level the
forwarding mechanism, the less examination the firewall can perform.
Generally speaking, lower-level firewalls are faster, but are easier to fool
into doing the wrong thing.
These days, most firewalls fall into the ``hybrid'' category, which do
network filtering as well as some amount of application inspection. The
amount changes depending on the vendor, product, protocol and version,
so some level of digging and/or testing is often necessary.

4.1. Network layer firewalls

These generally make their decisions based on the source,
destination addresses and ports in individual IP packets. A simple router is
the ``traditional'' network layer firewall, since it is not able to make
particularly sophisticated decisions about what a packet is actually talking
to or where it actually came from. Modern network layer firewalls have
become increasingly sophisticated, and now maintain internal information
about the state of connections passing through them, the contents of some
 6

of the data streams, and so on. One thing that's an important distinction
about many network layer firewalls is that they route traffic directly
though them, so to use one you either need to have a validly assigned IP
address block or to use a ``private internet'' address block Network layer
firewalls tend to be very fast and tend to be very transparent to users.

Figure 4.1: Network Layer Firewall

A network layer firewall called a ``screened host firewall'' is
represented. In a screened host firewall, access to and from a single host is
controlled by means of a router operating at a network layer. The single
host is a bastion host; a highly defended and secured strong point that can
resist attack.
4.2. Application layer firewalls:
These generally are hosts running proxy servers, which permit no
traffic directly between networks, and which perform elaborate logging
 7

and auditing of traffic passing through them. Since the proxy applications
are software components running on the firewall, it is a good place to do
lots of logging and access control. Application layer firewalls can be used
as network address translators, since traffic goes in one ``side'' and out the
other, after having passed through an application that effectively masks the
origin of the initiating connection. Having an application in the way in
some cases may impact performance and may make the firewall less
transparent. Modern application layer firewalls are often fully transparent.
Application layer firewalls tend to provide more detailed audit reports and
tend to enforce more conservative security models than network layer
firewalls.
A dual homed gateway is a highly secured host that runs proxy
software. It has two network interfaces, one on each network, and blocks
all traffic passing through it.
Most firewalls now lie someplace between network layer firewalls
and application layer firewalls. The end result is that now there are fast
packet-screening systems that log and audit data as they pass through the
system.
4.3. Proxy Servers and DMZ:
A function that is often combined with a firewall is a proxy server.
The proxy server is used to access web pages by the other computers.
When another computer requests a Web page, it is retrieved by the proxy
server and then sent to the requesting computer. The net effect of this
action is that the remote computer hosting the Web page never comes into
direct contact with anything on your home network, other than the proxy
server.
Proxy servers can also make your Internet access work more
efficiently. If you access a page on a Web site, it is cached (stored) on the
 8

proxy server. This means that the next time you go back to that page, it
normally doesn't have to load again from the Web site. Instead it loads
instantaneously from the proxy server.
There are times that you may want remote users to have access to
items on your network. Some examples are: web site, online business, etc.
In cases like this, you may want to create a DMZ (Demilitarized Zone).
Although this sounds pretty serious, it really is just an area that is outside
the firewall.
Setting up a DMZ is very easy

5. How it works:
Firewalls use one or more of three methods to control traffic flowing in
and out of the network:
• Packet filtering - Packets (small chunks of data) are analyzed against
a set of filters. Packets that make it through the filters are sent to the
requesting system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the
firewall and then sent to the requesting system and vice versa.
• Stateful inspection - A newer method that doesn't examine the
contents of each packet but instead compares certain key parts of the
packet to a database of trusted information. Information traveling from
inside the firewall to the outside is monitored for specific defining
characteristics, and then incoming information is compared to these
characteristics. If the comparison yields a reasonable match, the
information is allowed through. Otherwise it is discarded.
 9

6. What It Protects You From

There are many creative ways that unscrupulous people use to access or
abuse unprotected computers:
• Remote login - When someone is able to connect to your computer
and control it in some form. This can range from being able to view or
access your files to actually running programs on your computer.
• Application backdoors - Some programs have special features that
allow for remote access. Others contain bugs that provide a backdoor, or
hidden access, that provides some level of control of the program.
• Denial of service - You have probably heard this phrase used in
news reports on the attacks on major Web sites. This type of attack is
nearly impossible to counter. What happens is that the hacker sends a
request to the server to connect to it? When the server responds with an
acknowledgement and tries to establish a session, it cannot find the system
that made the request. By inundating a server with these unanswerable
session requests, a hacker causes the server to slow to a crawl or eventually
crash.
• E-mail bombs - An e-mail bomb is usually a personal attack.
Someone sends you the same e-mail hundreds or thousands of times until
your e-mail system cannot accept any more messages.
• Viruses - Probably the most well known threat is computer viruses.
A virus is a small program that can copy itself to other computers. This
way it can spread quickly from one system to the next. Viruses range from
harmless messages to erasing all of your data.
• Spam - Typically harmless but always annoying, spam is the
electronic equivalent of junk mail. Spam can be dangerous though. Quite
often it contains links to Web sites.
 10

7. What can't a firewall protect against?

Firewalls can't protect against attacks that don't go through the
firewall. Many organizations that are terrified of Internet connections have
no coherent policy about how dial-in access via modems should be
protected.
There are a lot of organizations out there buying expensive firewalls
and neglecting the numerous other back doors into their network. For a
firewall to work, it must be a part of a consistent overall organizational
security architecture. Firewall policies must be realistic and reflect the
level of security in the entire network.
Another thing a firewall can't really protect you against is traitors or
idiots inside your network. While an industrial spy might export
information through your firewall, he's just as likely to export it through a
telephone, FAX machine, or Compact Disc.
Lastly, firewalls can't protect against bad things being allowed
through them. If you allow any internal system to connect to any external
system, then your firewall will provide no protection from this vector of
attack.

8. Basic firewall operation

There are two access denial methodologies used by firewalls. A
firewall may allow all traffic through unless it meets certain criteria.
Firewalls may be concerned with the type of traffic, or with source or
destination addresses and ports. They may also use complex rule bases that
analyze the application data to determine if the traffic should be allowed
through. How a firewall determines what traffic to let through depends on
which network layer it operates at.
 11

Figure 8: Basic Firewall Operation

9. Description of firewall functions

Firewalls fall into four broad categories: packet filters, circuit level
gateways, application level gateways and stateful multilayer inspection
firewalls.
Packet filtering firewalls work at the network level of the OSI
model, or the IP layer of TCP/IP. They are usually part of a router. A
router is a device that receives packets from one network and forwards
them to another network. In a packet filtering firewall each packet is
compared to a set of criteria before it is forwarded. Depending on the
packet and the criteria, the firewall can drop the packet, forward it or send
a message to the originator. Rules can include source and destination IP
address, source and destination port number and protocol used. The
advantage of packet filtering firewalls is their low cost and low impact on
network performance.
 12

9.1. Packet Filtering Firewall

Figure 9.1: Packet Filtering Firewall

Application level gateways, also called proxies, are similar to

circuit-level gateways except that they are application specific. They can
filter packets at the application layer of the OSI model. Incoming or
outgoing packets cannot access services for which there is no proxy.
Because they examine packets at application layer, they can filter
application specific commands such as http: post and get, etc. This cannot
be accomplished with either packet filtering firewalls or circuit level
neither of which knows anything about the application level information.
Application level gateways can also be used to log user activity and logins.
They offer a high level of security, but have a significant impact on
network performance. This is because of context switches that slow down
network access dramatically.
 13

9.2. Application level gateways

Figure 9.2: Application level gateways

Stateful multilayer inspection firewalls combine the aspects of the

other three types of firewalls. They filter packets at the network layer,
determine whether session packets are legitimate and evaluate contents of
packets at the application layer.
 14

9.3. Stateful Multilayer Inspection Firewall

Figure 9.3: Stateful Multilayer Inspection Firewall

10. Firewall related problems

Firewalls introduce problems of their own. Information security
involves constraints, and users don't like this. It reminds them that Bad
Things can and do happen. Firewalls restrict access to certain services. The
vendors of information technology are constantly telling us "anything,
anywhere, any time", and we believe them naively. Of course they forget
to tell us we need to log in and out, to memorize our 27 different
passwords, not to write them down on a sticky note on our computer
screen and so on.
Firewalls can also constitute a traffic bottleneck. They concentrate
security in one spot, aggravating the single point of failure phenomenon.
The alternatives however are either no Internet access, or no security,
neither of which are acceptable in most organizations.
 15

11. Benefits of a firewall

Firewalls protect private local area networks from hostile intrusion
from the Internet. Consequently, many LANs are now connected to the
Internet where Internet connectivity would otherwise have been too great a
risk.
Firewalls allow network administrators to offer access to specific
types of Internet services to selected LAN users. This selectivity is an
essential part of any information management program, and involves not
only protecting private information assets, but also knowing who has
access to what. Privileges can be granted according to job description and
need rather than on an all-or-nothing basis.

How do I implement firewall security?

We suggest you approach the task of implementing a firewall by going
through the following steps:
a. Determine the access denial methodology to use.
b. Determine inbound access policy.
c. Determine outbound access policy
d. Determine if dial-in or dial-out access is required.
e. Decide whether to buy a complete firewall product, have one
implemented by a systems integrator implement one yourself.
Once the above questions have been answered, it may be
decided whether to buy a complete firewall product or to configure one
from multipurpose routing or proxy software. This decision willdepend as
much on the availability of in-house expertise as on the complexity of the
need
 16

12. Firewalls in current technology

Home p.c.
Home network
LAN & wan sin organizations.
Wireless networking.
The cordless phone
The cell phone
The electronic anti-flea ultrasonic noisemaker (we have 4 dogs)
The digital camera
 17

13. CONCLUSION
A firewall is always found to be more costly and more difficult to
implement than the other security methods like passwords, logins, etc. But
the cost and complexity are bearable against the fruitful outcomes of the
firewall performance.
Proper configuration of firewalls demands not only skill from the
administrator but also requires proper understanding of network protocols
& computer security. Small mistakes can render a firewall worthless as a
security tool.
 18

REFERENCES

[1] “www.technology.com”
[2] “www.discovercircuits.com”
[3] www.wickypedia.com
[4] “Basics of network security,firewalls,vpns (Prentice-hall of India)”
[5] “Managing ip Networks with Cisco Routers (Scott M.Ballew)”