170 likes | 223 Views
Firewalls. Nathan Long Computer Science 481. What is a firewall?. A firewall is a system or group of systems that enforces an access control policy between two or more networks. Pair of mechanisms One to block traffic One to permit traffic. What is a firewall?.
E N D
Firewalls Nathan Long Computer Science 481
What is a firewall? • A firewall is a system or group of systems that enforces an access control policy between two or more networks. • Pair of mechanisms • One to block traffic • One to permit traffic
What is a firewall? http://www.interhack.net/pubs/faq/
Why use a firewall? • Protect systems and data against intrusion from Internet. • Protect from leakage of information from inside company to Internet. (to a point) • Security blanket for large organizations. • Historically, firewalls were used as data storage for public information and intranet files. Most companies now use web servers. • Serve as gateways for internal Internet connection, allowing companies to control access.
What can a firewall protect against? • Unauthorized interactive logins from ‘outside’ world. • Provide point where security and audit can be imposed. • Can act as a ‘phone tap’ and tracing tool. • Can be used as evidence in court. • Unauthorized access from inside corporate network to Internet.
What can a firewall not protect against? • Can’t protect against things that don’t go through firewall. • Should be part of an overall security architecture. • Users • Information can be leaked via other sources such as telephone, Fax, CDs, Flash Drives. • Many locations have problems with security policy • How hard is it to get a password reset? • How much trouble does a contractor have getting into network? • Tunneling over application protocols.
What types of firewalls are available? • Hardware Systems • Routers • Dedicated Proxy Server • Software Systems • PC Applications • Proxy Software
Hardware Firewalls • Typically monitors network layer. • Make decisions based on source, destination address and ports found in IP packets. • Routers are a type, but not sophisticated. • Newer network layer firewalls maintain data on the state of connections and content of data passing through it. • Protects a whole network from one point.
Network Firewalls • Advantages • Typically easy to setup (needs to conform to security policy) • Doesn’t slow down machines or consume system resources. • Disadvantages • Blocks everything in filter – not dynamic
Software Firewalls • Monitors inbound and outbound connections on a single computer. • Monitors network and application layers. • Most popular option for home users. • Dynamically makes decisions on whether or not to block connection or data.
Software Firewalls • Advantages • Easy to setup. • Monitors inbound and outbound connections. • Dynamic monitoring • Upgradable • Disadvantages • Slows down computer • Only protects one computer at a time.
Popular Software Firewalls • Big Three: • ZoneAlarm Security Suite • McAfee Personal Firewall • Norton Personal Firewall … others available
ZoneAlarm – Triple Defense • Protects from hackers, spyware and Trojan horses. • Prevents bad programs from attacking good programs on computer. • Protects operating system down to kernel (registry and file systems)
ZoneAlarm • Considered difficult to use/configure, but very versatile. • New version provides updates via Internet for firewall. Identifies common programs and network usage rules. Allows novice users to use with no configuration. • Total protection for PC when used with Antivirus and spyware software.
Weakest Link • Hardware firewalls are the weakest link • Application layer attacks can bypass network layer firewalls • Stateful Packet Inspection examines header information and contents of packet to determine if valid. • Stateful firewalls examine packet information in OSI layer 4 (transport layer) and below to provide better performance. • The only packets inspected are the layer 7 packets that initialize a connection. • After connection is made, vulnerabilities can be passed through as legitimate network traffic.
The best of both worlds.. • Hardware or Software? BOTH • To fully protect your network, some sort of hardware and software firewall needs to be implemented. • This is the only way that network and application layer protection will be present.