Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1. INTRODUCTION
Initially, there were not many threats to network security. With the
Internet becoming more popular, more companies are doing business over
the web. In addition, a number of attempts to illegally infiltrate networks
have increased. As a result, the need to secure networks has grown.
Firewalls were implemented on networks to prevent unauthorized access
from external sources. Initially firewalls were complex & unreliable
hardware devices. Most of the firewalls were routers that separate a private
network from other networks.
Over the years, firewalls have developed into highly reliable solutions.
They protect networks from unauthorized access & play an important
part in enforcing the security policy for a company. The firewall
examines each packet of data that passes through it & allows the
authorized data.
The Internet has made large amounts of information available to the
average computer user in business, in education and at home. For many
people having access to this information is no longer just an advantage, it
is essential. Yet connecting a private network to the Internet can expose
critical or confidential data to malicious attack from anywhere in the world
and raises serious Internet security questions. Users who connect their
computers to the Internet must be aware of these dangers, their
implications and how to protect their data and their critical systems.
Firewalls can protect both corporate networks and individual computers
from hostile intrusion from the Internet, must be understood to be used
correctly. This document is intended to help you achieve this
understanding, and to help you choose the best firewall for your needs.
2
2. WHAT IS A FIREWALL?
Firewall is a device, which is placed between something dangerous,
and something to be protected. A typical firewall configuration starting
from the left the physical connection to the outside world attached to a
border router, which may be under the local area network administrator or
another organization. A LAN network such as an Ethernet is attached to
the border router. This network is known as de-militarized zone (DMZ). It
provides an attachment point for the bastion hosts which provide external
connection points for services such as email, web, etc.
Figure 2: Firewall
3. TYPES OF FIREWALLS
Software firewall & hardware firewall are the basic firewalls a user can
install.
3
3.1.SOFTWARE FIREWALL
Advantages:
1. They are generally very inexpensive.
2. They are very easy to configure.
Disadvantages:
1. They can introduce incompatibilities into your operating system.
2. You must install exactly the correct version for your operating system.
3. You must purchase one copy for each system on your home network.
4
HARDWARE FIREWALL
Advantages:
1. They provide more complete protection than software firewalls.
2. They protect more than one system at home.
3. They do not affect system performance.
4. Independent of operating system.
Disadvantages:
1.They are expensive.
2.Difficult to configure.
of the data streams, and so on. One thing that's an important distinction
about many network layer firewalls is that they route traffic directly
though them, so to use one you either need to have a validly assigned IP
address block or to use a ``private internet'' address block Network layer
firewalls tend to be very fast and tend to be very transparent to users.
and auditing of traffic passing through them. Since the proxy applications
are software components running on the firewall, it is a good place to do
lots of logging and access control. Application layer firewalls can be used
as network address translators, since traffic goes in one ``side'' and out the
other, after having passed through an application that effectively masks the
origin of the initiating connection. Having an application in the way in
some cases may impact performance and may make the firewall less
transparent. Modern application layer firewalls are often fully transparent.
Application layer firewalls tend to provide more detailed audit reports and
tend to enforce more conservative security models than network layer
firewalls.
A dual homed gateway is a highly secured host that runs proxy
software. It has two network interfaces, one on each network, and blocks
all traffic passing through it.
Most firewalls now lie someplace between network layer firewalls
and application layer firewalls. The end result is that now there are fast
packet-screening systems that log and audit data as they pass through the
system.
4.3. Proxy Servers and DMZ:
A function that is often combined with a firewall is a proxy server.
The proxy server is used to access web pages by the other computers.
When another computer requests a Web page, it is retrieved by the proxy
server and then sent to the requesting computer. The net effect of this
action is that the remote computer hosting the Web page never comes into
direct contact with anything on your home network, other than the proxy
server.
Proxy servers can also make your Internet access work more
efficiently. If you access a page on a Web site, it is cached (stored) on the
8
proxy server. This means that the next time you go back to that page, it
normally doesn't have to load again from the Web site. Instead it loads
instantaneously from the proxy server.
There are times that you may want remote users to have access to
items on your network. Some examples are: web site, online business, etc.
In cases like this, you may want to create a DMZ (Demilitarized Zone).
Although this sounds pretty serious, it really is just an area that is outside
the firewall.
Setting up a DMZ is very easy
5. How it works:
Firewalls use one or more of three methods to control traffic flowing in
and out of the network:
• Packet filtering - Packets (small chunks of data) are analyzed against
a set of filters. Packets that make it through the filters are sent to the
requesting system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the
firewall and then sent to the requesting system and vice versa.
• Stateful inspection - A newer method that doesn't examine the
contents of each packet but instead compares certain key parts of the
packet to a database of trusted information. Information traveling from
inside the firewall to the outside is monitored for specific defining
characteristics, and then incoming information is compared to these
characteristics. If the comparison yields a reasonable match, the
information is allowed through. Otherwise it is discarded.
9
13. CONCLUSION
A firewall is always found to be more costly and more difficult to
implement than the other security methods like passwords, logins, etc. But
the cost and complexity are bearable against the fruitful outcomes of the
firewall performance.
Proper configuration of firewalls demands not only skill from the
administrator but also requires proper understanding of network protocols
& computer security. Small mistakes can render a firewall worthless as a
security tool.
18
REFERENCES
[1] “www.technology.com”
[2] “www.discovercircuits.com”
[3] www.wickypedia.com
[4] “Basics of network security,firewalls,vpns (Prentice-hall of India)”
[5] “Managing ip Networks with Cisco Routers (Scott M.Ballew)”