What
is a Firewall and how do they protect your computer?
[The following information was
taken from McAffe and Symantec's
web site]
The Internet can be a dangerous place, with hackers
using eavesdropping tools to monitor your computer, employing malicious
code to initiate disabling attacks, or running remote control programs
that seize control of your computer. See when someone is trying
to hack your system and beat them at their own game.
Firewalls have the ability to block hackers from accessing your
computer and allowing you to digitally 'fingerprint' trusted applications.
Some firewalls have the unique ability to track the apparent source
of an attack on a world map and obtain detailed identification information
on the originating source IP address. Every time your computer is
probed or attacked, with this ability, you can get detailed reports
and clear follow-up options. Learn what happens to your computer
and report hacker activity to conveniently assist law enforcement.
Firewalls monitor all of your ports
and allows only solicited traffic into your computer. This 'filtering'
is done right at the 'front door' of your system. This means that
the firewall protects your computer from Internet-based attacks.
Firewalls add a layer of defense to help prevent hackers from accessing
your software, hardware or information in any way. Anyone using
the Internet needs a firewall. If you store information on your
computer, such as passwords or personal financial information, that
you would not want others to see, you need a personal firewall.
Firewalls provide protections against Internet hackers and vandals
by preventing them from scanning or accessing information on a user's
computer. Users are notified automatically when such an event is
attempted. Firewalls can enable users to register these events to
HackerWatch.org, and report the activity to their Internet Service
Provider. For instance, McAfee's
Personal Firewall Plus includes the same functionality. This Plus
version incorporates the functionality of McAfee's Visual Trace
technology, allowing users to trace an event to its apparent origin.
This means that users will be able to trace the source of hack attempts
and provide more information in reporting events.
McAfee,
Symantec and PC-Cillin
all have firewall protection software for you to download or purchase
retail.
Introduction to Firewalls:
Overview
of what is a firewall, the types of firewalls, and what do they
do.
A firewall is a system, hardware- or software-based,
mounted strategically at the edge of, or inside of, private or closed
networks. It prevents unauthorized access into those networks or
segments of those networks. This is why they are called perimeter
defense mechanisms or security gateways. There are also desktop
firewalls that function to protect an individual computer from malicious
attacks. Depending on the needs of the business, firewalls can be
software, hardware, or both. A good firewall will examine all traffic
coming into the protected network or segment from the Internet or
external network. It provides protection by analyzing network traffic
and permitting entrance based on pre-established rules. It blocks
any traffic that does not meet specified, rules-based security criteria.
Firewall Types and Functions
Most commercial firewalls mix characteristics from several firewall
technologies, thus creating hybrid firewalls, but the five basic
types are:
- Packet filtering
- Stateful inspection
- Circuit-level gateway
- Application gateway
- Hybrid firewall
Packet filtering
is often employed on simple routers. A packet-filtering firewall
examines incoming and outgoing IP packets and decides to accept
or deny access based on one or both of the following:
The source or destination of the IP address
The source or destination of the TCP/UDP port numbers
Remember that packet filtering only looks at the
IP packet header, not the data contained within the packet, which
limits the types of security decisions that can be made.
Stateful inspection
provides a higher level of security and complexity than does simple
packet filtering. A firewall implementing stateful inspection examines
IP headers, as well as the flags and header IP options within the
packet, to verify that the packet is part of an authorized connection.
In addition, these types of firewalls can provide network address
translation (NAT) services.
A circuit-level gateway
looks at the TCP handshaking process. It allows the creation of
authorized connections, but it does not monitor data traffic over
those connections. It also keeps records of active, authorized connections
and allows network traffic only over those connections.
An application gateway
screens packets by looking at all of the information contained within
the packet, including both the IP header and data portion. This
ensures that not only is the connection permitted by security rules,
but that it follows the proper commands and specifications of the
application protocol. In addition, the application gateway acts
as an application proxy, meaning that it allows no direct connection
between the host and remote computers. This kind of firewall is
considered by many to offer the most security.
Hybrid firewalls
combine various functions from other firewalls, most often packet
inspection and proxy capabilities.
Other Critical Capabilities
Today's firewalls have capabilities far beyond the filtering, inspection,
gateway, and proxy functions that enterprises expect, including
authentication, management, virtual private networking, encryption,
high availability and load balancing, network address translation,
logging and reporting, and backup.
Authentication:
Authentication identifies individuals with user names and passwords.
These sign-on capabilities strengthen a company's security posture
to ensure that sensitive information gets to the right people. Many
of today's firewalls support authentication either in-band or as
authentication proxies acting as intermediary systems between the
firewall and authentication servers.
Management:
Management capabilities are critical to any significant network
security component because of the many different security elements
that need to work together in order to deliver the best protection.
Security administrators need to be able to monitor and control all
activity, including security elements.
Good firewalls supply a variety of tools and utilities to manage,
monitor, and work with the firewall systems and security management
frameworks. These tools could include the graphical management console,
event notification, log file tools, configuration reports, and packet-sniffing
utilities. Some even offer remote access to the system's operating
environment for troubleshooting.
Virtual Private Networks (VPNs):
VPN are becoming practical ways to extend business both large and
small beyond the confines of a specific place. VPNs become important
as businesses pursue business alliances or need connectivity between
main and satellite offices. They also provide protected access to
organizational resources for telecommuters or mobile workers.
Encryption:
A method of scrambling or coding information that passes across
public networks, is the most effective way to ensure the security
of data. Firewalls can encrypt data from an authorized user and
let that information pass through the firewall onto a public network.
The firewall protecting the receiving network can then inspect the
message, decrypt it, and deliver it to the correct authenticated
user. By using encryption, most firewalls can now act as VPN gateways,
sometimes doubling as VPN servers by protecting information passed
from site-to-site over the Internet. VPN client support for individual
remote PCs used by telecommuters or traveling workers is also an
option, depending on the type of firewall.
High availability and load balancing
(HA/LB): It is important to eliminate
single points of failure in the network environment. Traditionally,
firewalls have been a bottleneck and a single point of failure because
all Internet traffic addressed to the business needed to pass through
the firewall. The traditional approach was to use a stand-by firewall
however, this could be quite expensive when used only for disasters
or failures. The best approach to eliminate this problem and protect
today's environments is to use a high-availability, load-balanced
(HA/LB) solution. High-availability, load-balanced solutions designed
into firewalls allow administrators to configure specific systems,
all of which are already processing traffic, as part of the larger
cluster. If one firewall host in the cluster fails, the high availability
mechanism simply redirects traffic to the functioning firewall,
with virtually no network interruption. Load balancing will ensure
all systems are facilitating network traffic to make the most of
your investment.
Network address translation
(NAT): Hiding the actual network topology of protected
networks is important for comprehensive network security. Enterprise
firewalls can hide IP addresses on the networks they protect. Security
administrators should have the freedom to customize how the firewall
enables address translation especially when it is necessary to hide
the identity of certain inside hosts while leaving other hosts accessible
by their true IP address. Firewalls can also apply address translation
to clients as they pass through the firewall to gain access to data
at another location.
Logging and reporting:
Successful security management includes monitoring. Today's firewalls
often provide utilities to view log files directly by applying filters
for customized searches through the logs and securely transferring
them from the firewall system to a remote processing location. Firewalls
can also be configured to notify security administrators of events
logged at any message level. Look for reporting tools that detail
the access controls configured, code versions, and licensed features.
Backup,
because they are more functional than ever, this new generation
of firewalls becomes almost self-managing by making backups, offering
a restore option, and managing the underlying system routes directly,
often through a browser.
Software or Appliance
Firewalls deliver a wide variety
of capabilities in both software and appliance forms.
Appliances
feature hardware integrated with software and firmware, plus their
own hardened operating system kernel. Software firewalls can be
hosted on workstations or servers already in your business's network,
or that are purchased for this purpose. Firewall appliances are
convenient and easy to install. Usually, they are designed to plug
and protect, making them operational in minutes. They ensure security
more effectively, because of their design, and are often the best
choice for businesses without setup security-specific IT resources,
because they lower the complexity of firewall security setup as
well as total cost of ownership.PC magazine
lists hardware firewalls, the pros and cons of each and recommendations.
Click this PDF link to view.
[11_2002]
Software firewalls
can be installed on multiprocessor systems that offer better scalability
than single-processor appliances. Large enterprises must examine
their traffic requirements to determine whether a software or appliance
firewall will meet their needs based on the amount of traffic they
have to manage. Software firewalls often provide many more sophisticated
functions. They can also be cost-effective, because they can be
installed on existing hardware. PC magazine
lists software firewalls, the pros and cons of each and recommendations.
Click this PDF link to view.
[11_2002]
Additional information can be obtained from downloading
this 13 page PDF.
<Site
Map for "On the War Path Against virus creators">
<What Ports are being scanned?>
|