FIREWALLS
A firewall is inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter, forming a single choke point where security and audit can be imposed.
A firewall:
1. defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks.
2. provides a location for monitoring security-related events
3. is a convenient platform for several Internet functions that are not security related, such as NAT and Internet usage audits or logs
4. A firewall can serve as the platform for IPSec to implement virtual private networks. The firewall itself must be immune to penetration, since it will be a target of attack.
TECHNIQUES THAT FIREWALL USED TO CONTROL ACCESS AND ENFORCE SITE’S SECURITY POLICY
Service control: Determines the types of Internet services that can be accessed, inbound or outbound.
Direction control: Determine the direction in which particular service requests may be initiated and allowed to flow through the firewall.
User control: Controls access to a service according to which user is attempting to access it.
Behavior control: Controls how particular services are used. For example, the firewall may filter e-mail to eliminate spam.
FIREWALL LIMITATIONS
Firewalls have their limitations, including that they:
1. cannot protect against attacks that bypass the firewall, eg PCs with dial-out capability to an ISP, or dial-in modem pool use
2. do not protect against internal threats, eg disgruntled employee or one who cooperates with an attacker
3. An improperly secured wireless LAN may be accessed from outside the organization. An internal firewall that separates portions of an enterprise network cannot guard against wireless communications between local systems on different sides of the internal firewall.
4. A laptop, PDA, or portable storage device may be used and infected outside the corporate network, and then attached and used internally
TYPES OF FIREWALLS
Have three common types of firewalls: packet filters, application-level gateways, & circuit-level gateways.
1. PACKET FILTERS
A packet-filtering router applies a set of rules to each incoming and outgoing IP packet to forward or discard the packet.
Filtering rules are based on information contained in a network packet such as src & dest IP addresses, ports, transport protocol & interface.
Some advantages are simplicity, transparency & speed.
If there is no match to any rule, then one of two default policies are applied:
o that which is not expressly permitted is prohibited (default action is discard packet), conservative policy
o that which is not expressly prohibited is permitted (default action is forward packet), permissive policy
Attacks on Packet Filters
o IP address spoofing: where intruder transmits packets from the outside with internal host source IP addr, need to filter & discard such packets
o Source routing attacks: where source specifies the route that a packet should take to bypass security measures, should discard all source routed packets
o Tiny fragment attacks: intruder uses the IP fragmentation option to create extremely small fragments and force the TCP header information into a separate fragments to circumvent filtering rules needing full header info, can enforce minimum fragment size to include full header.
2. FIREWALLS - APPLICATION LEVEL GATEWAY (OR PROXY)
An application-level gateway (or proxy server), acts as a relay of application-level traffic.
A user contacts the gateway to access some service, provides details of the service, remote host & authentication details, contacts the application on the remote host and relays all data between the two endpoints.
If the gateway does not implement the proxy code for a specific application, then it is not supported and cannot be used.
Application-level gateways tend to be more secure than packet filters, & can log and audit traffic at application level.
3. CIRCUIT LEVEL GATEWAY
relays two TCP connections
imposes security by limiting which such connections are allowed
once created usually relays traffic without examining contents
typically used when trust internal users by allowing general outbound connections
Comments
Post a Comment