Network Firewall

-




A Network Firewall is a system or group of systems used to control access between two networks – a trusted and an untrusted network

  A firewall is considered a first line of defense in protecting private information.
Need of firewall:
  If a user spend a lot of time on the internet and is not behind a firewall then the system can be easily attacked. Therefore, protection between user and the internet is probably the most important thing that one needs to have (after getting virus checking software and performing regular backups).
 For those with a DSL, cable modem or other "always-on" connection, user must get a firewall. This is critical, as machine is always live and it most likely has a fixed IP address. This makes it easier for system to be "found" and attacked.

Unprotected system using a DSL modem:


As we can see, someone on the internet can attack the computer system easily as the DSL modem provides no protection (some DSL modems have built-in firewalls). An attacker can get through any type of modem - DSL, cable, 56K, 28.8 or whatever.

Protected system using a DSL modem:

Firewall protection system:
  All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks whether it meets the specified security criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted.

Types of Firewalls:
1.  Software Firewall
2.  Hardware Firewall

 1.Software Firewall:
    A software firewall runs on our computer system in the background. It intercepts each network request and determines if the request is valid or not. This type of firewall is a software package installed on a server operating system which turns the server into a full fledged firewall.
    
Advantages & Disadvantages of  Software firewalls:
       
      Advantages:
1. They are generally very inexpensive.
 2. They are very easy to configure.
     Disadvantages:
1.  Since they run on computer they require resources (CPU, memory and disk space) from system.
2.  They can introduce incompatibilities into operating system.
3. Users must install exactly the correct version for their operating system.
Hardware Firewall:
A hardware firewall is generally a small box  which sits between computer and modem.
     These firewalls are designed to handle large amounts of network traffic. Hardware firewalls are often placed on the perimeter of the network to filter the internet noise and only allow pre-determined traffic into the network. Sometimes hardware firewalls are used in conjunction with software firewalls so the hardware firewall filters out the traffic and the software firewall inspects the network traffic.
     
       Advantages:
1. They tend to provide more complete protection than software firewalls
2. A hardware firewall can protect more than one system at a time
3. They do not affect system performance since they do not run on system.
4.  They are independent of operating system and applications.
Disadvantages:
1.  They tend to be expensive, although if we have a number of machines to protect it can cost less to purchase one hardware firewall than a number of copies of a software product.
2.  Since they do not run on our computer, they can be challenging to configure.
Techniques of firewalls
  There are several types of firewall techniques:
1. Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
2.  Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation.
3.  Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

4.Proxy server: Intercepts all messages entering and Leaving the network. The proxy server effectively hides the true network addresses.
Each method uses information from different layers of   the Open Systems Interconnection (OSI) model. These methods are based on how firewalls use both pre-configured rules and filters and information gathered from packets and sessions to determine whether to allow or deny traffic.


 5. Packet Filtering
   Packet filtering is the simplest packet screening method. A packet filtering firewall does exactly what its name implies -- it filters packets. The most common implementation is on a router or dual-homed gateway.
     The packet filtering process is accomplished in the following manner
     As each packet passes through the firewall, it is examined and information contained in the header is compared to a pre-configured set of rules or filters. An allow or deny decision is made based on the results of the comparison.

Application Gateways/Proxies
   An application gateway/proxy is considered by to be the most complex packet screening method. This type of firewall is usually implemented on a secure host system configured with two network interfaces. The application gateway/proxy acts as an intermediary between the two endpoints.

    An application gateway/proxy firewall operates in the following manner :
  When a client issues a request from the untrusted network, a connection is established with the application gateway/proxy. The proxy determines if the request is valid (by comparing it to any rules or filters) and then sends a new request on behalf of the client to the destination. By using this method, a direct connection is never made from the trusted network to the untrusted network and the request appears to have originated from the application gateway/proxy.
  The request is answered in the same manner. The response is sent back to the application gateway/proxy, which determines if it is valid and then sends it on to the client. By breaking the client/server model, this type of firewall can effectively hide the trusted network from the untrusted network. The application gateway/proxy actually builds a new request, only copying known acceptable commands before sending it on to the destination.
  This is considered a highly secure method of firewall protection, application gateways require great memory and processor resources compared to other firewall technologies, such as stateful inspection.
Stateful Packet Inspection
  Stateful packet inspection uses the same fundamental packet screening technique that packet filtering does. In addition, it examines the packet header information from the network layer of the OSI model to the application layer to verify that the packet is part of a legitimate connection and the protocols are behaving as expected.
  The stateful packet inspection process is accomplished in the following manner. As packets pass through the firewall, packet header information is examined and fed into a dynamic state table where it is stored. The packets are compared to pre-configured rules or filters and allow or deny decisions are made based on the results of the comparison. The data in the state table is then used to evaluate subsequent packets to verify that they are part of the same connection.

Circuit-level Gateway
  Unlike a packet filtering firewall, a circuit-level gateway does not examine individual packets. Instead, circuit-level gateways monitor TCP or UDP sessions. Once a session has been established, it leaves the port open to allow all other packets belonging to that session to pass. The port is closed when the session is terminated.
  In many respects this method of packet screening resembles application gateways/proxies, but circuit-level gateways operate at the transport layer (layer 4) of the OSI model.




Comments

Post a Comment

Popular posts from this blog

AUDIO SPOTLIGHTING

-
Image
INTRODUCTION n   Audio spot lighting is a very recent technology that creates focused beams of sound similar to light beams coming out of a flashlight. By ‘shining’ sound to one location, specific listeners can be targeted with sound without others nearby hearing it, ie to focus sound into a coherent and highly directional beam. It uses a combination of non-linear acoustics and some fancy mathematics. But it is real and is fine to knock the socks of any conventional loud speaker. n   The Audio Spotlight & Hyper Sonic Sound Technology (developed by American Technology Corporation), uses ultrasonic energy to create extremely narrow beams of sound that behave like beams of light. Audio spotlighting exploits the property of non-linearity of air. When inaudible ultrasound pulses are fired into the air, it spontaneously converts the inaudible ultrasound into audible sound tones, hence proved that as with water, sound propagation in air is just as non-linear, and can be calculated math
Read more

Electronic Reconnaissance, ELECTRONIC COUNTERMEASURES (ECM), ELECTRONIC COUNTER-COUNTERMEASURES (ECCM)

-
Electronic Reconnaissance: Reconnaissance aims to give to field players, at a tactical level, the information they need: Where are (and where will be) the targets, what are their defenses, what military means to use, what kind of weapon is the best suited, when to conduct the attack, etc. Due to short reaction time in Air Defense, this task is generally carried out directly by the AEW system. In fact in some cases the AEW platform is a C3I system itself that controls the fighters in real time. For ground targets, due to slower evolution of the situation and to a more complex environment (collateral damage avoidance, mask), a specific mission is needed. This mission uses SAR/MTI systems either fitted in POD carried by a manned aircraft (business jet or fighter), or carried by an unmanned vehicle (UAV). The main objective of these missions is to re-acquire the targets (in case they are moved as Ballistic Missile Launchers), and to identify and locate them accurately. Once again fusion
Read more

INTERFACING OF EEPROM with 8051

-
Image
7.1 Introduction As we know, ROM is a memory that does not lost its contents when the power is turned off. For this reason ROM is also called Non-Volatile Memory. There are different types of ROM such as PROM, EPROM, EEPROM, Flash EPROM and Mask ROM. In which PROM refers to the Kind of ROM that the user can burn information into. PROM is a user programmable memory. PROM is referred to as OTP (One time programmable). EPROM was invented to allow making changes in the contents of PROM after it is burned. In short, one can program the memory chip and erase it thousands of time. This is especially necessary during development of microcontroller based project. EEPROM is electrically erasable programmable ROM. EEPROM has several advantages over EPROM. EEPROM does not require external eraser and programming device. Flash EPROM has become a popular user programmable memory chip. The reason behind that is the eraser of entire content takes less than a second that why it is named Flash memory. Wh
Read more