SECURITY USING FIREWALLS

ABSTRACT

In this age of universal electronic connectivity of

viruses andhackers, of electronic

Eavesdropping and electronic fraud, there is indeed no time

at which security does not matter. The explosive growth in

computer systems and their interconnections via network

has increased the dependence of both organizations and

individuals on the information stored and communicated

using these systems. This, in turn, has led to a heightened

awareness of the needtoprotect the dataandmessages, and

toprotect systems fromnetworkbasedattacks.

As we tend towards a more and more computer

centric world, the concept of data security has attained a

paramount importance. Thoughpresent day security systems

offer a good level of protection, they are incapable of

providing a “trust worthy” environment and are vulnerable

tounexpectedattacks. The generic name for the collectionof

tools design to protect data and to thwart hackers is

computer security.

In this technical paper we are introducing firewalls

concept. The disciplines of firewall have matured, leadingto

the development of practical, readily available applications

to enforce network security. Initially the paper discusses

some threats to network security and entering into the

firewall concept. Thepaper discusses thedetailed

use of a Firewall mechanisms for facing those network

basedattacks. It conclude withthe

difficulties Encounteredintheimplementationof firewalls.

Security using

firewalls

With the increasing necessity of e-mail accessing and internet resources and
the convenience it offers serious security concerns also arise. Internet is vulnerable to
intruders who are always snooping to find open computers in the network to steal personal
files, information or cause any damage. The loss of these records, e-mails or customer files,
can be devastating.

INTRODUCTION:

Avarietyof technologies have beendevelopedtohelp

organizations secure their systems and information against
intruders. These technologies help protect systems and
information against attacks, detect unusual or suspicious
activities, and respond to events that effects security.
Network security is the process of preventing and detecting
unauthorizeduse of the computer in the network. Prevention
measures help stop unauthorized users (also known as
“intruders”) fromaccessinganypart of the computer system.
Detection helps to determine whether or not someone
attempted to break into the system, if they were successful,
andwhat theymayhave done.
AMODELFORNETWORKSECURITY:

A model for much of what we will be discussing is

captured , in very general terms, in the following figure . A
message is to be transferred from one party to another
across some sort of internet. The two parties, who are the
principals in this transaction, must cooperate for the
exchange to take place. A logical information channel is
established by defining a route through the internet from
source to destination and by the cooperative use of
communication protocols ( e.g., TCP/IP) by the two
principals. Security accepts come into play when it is
necessary or desirable to protect the information
transmission froman opponent who may present a threat to
confidentiality, authenticity, and so on. All the techniques
for providingsecurityhavetwocomponents:
A security- related transformation on the information to be sent. Examples include the
encryption of the message, which scrambles the message so that it is unreadable by
the opponent, and the addition of code based on the contents of the message, which
can be used to verify the identity of the sender.
Some secret information shared by the two principals and ,it is hoped, unknown to the
opponent. An example is an inscription used in conjunction with the transformations
to scramble the message before transmission and unscramble it on reception.

SECURITY ATTACK

Any action that compromises the security of

informationownedbyanorganization.

ATTACK MODEL

The attacker, sitting at home, uses client software to

send commands to the nodes. The nodes in turn send floods
of packets, or malformed packets to crash systems (or both)
toward the victim. Typically, the client software the attacker
is using to detect these attacks is not on his system, that
sitting on another system (usually a compromised host
several hopes from the attacker’s home system to help
prevent authorities fromtracking down the attacker). From
here, a set of commands are currently sent using ICMP
packets, with the possibly encrypted. With one node,
thousands of packets can be sent per minute, flooding the
target.
With a hundred nodes, millions of packets can be sent
per minute, using up all of the available bandwidth a victim
might have. With a thousand geographically dispersed
nodes, billions of packets could certainly cripple virtually
any victim, including victims with multiple ISPs, redundant
internet connections, server farms, and high band-width
routers.
DEFENDING AGAINST ATTACKS

The user should be able to determine the source

address of the rogue packets that are comingin. Todothis it
is necessary to have physical access to a device or devices
on the outer perimeter of the network. During the flood of
packets, the user will probably not be able to communicate
with outer perimeter devices, so he has to make sure that he
can get to the device. This device can be firewall, router,
intrusion detection system, or network monitoring device
(such as sniffer) that will allowyou to viewthe source and
destinationIPaddresses of packets flyingby.

WHATISAFIREWALL
Firewall:
 a device used to implement a security policy between networks. A firewall has
multiple network interfaces, and is typically used to create a secure boundary between
untrusted external networks and trusted internal networks. The security policy defines what
type of access is allowed between the connected networks.

Firewalls are tools that can be used to enhance the security of computers connected
to a network, such as a LAN or the internet. A firewall separates a computer from the
internet, inspecting packets of data as they arrive at either side of the firewall inbound to or
outbound from the computer to determine whether it should be allowed to pass or be
blocked. Firewalls act as guards at the computer’s entry points (which are called ‘ports’ )
where the computer exchanges data with other devices on the network. Firewalls ensure
that packets that are requesting permission to enter the computer meet certain rules that are
established by the user of the computer.

Singlearchitecture

Firewall Characteristics :

• All traffic frominside to outside, and vise versa, must

pass through the fire wall. This is achieved by
physically blocking all access to the local network
except viathe firewall.
• Only authorized traffic, as defined by the local security
policy, will be allowed to pass. Various types of
firewalls are used, which implements various types of
securitypolicies.
 • The firewall itself is immune to penetration. This
implies that use of a trusted system with a secured
operatingsystem.

What one expect fromafirewall?

• A firewall defines a single choke point that keeps

unauthorized users out of the protected network,
prohibits potentially vulnerable services fromentering
or leaving the network, and provides protection from
various kinds of IPspoofingandroutingattacks.
• Afirewall provides a location for monitoring security –
related events . Audits and alarms can be implemented
onthe firewall system.
• A firewall convenient platform for several internet
functions that are not security related. These include a
network address translator , which maps to local
address to internet address, and a network management
functionthat audits or logs internet usage.
• Afirewall serves as the platformfor IPsec.

HOW A FIREWALL WORKS

Packets:
When messages are sent along the internet, they
are broken up into small ‘packets’ that take different routes
to get to the destination. On reaching the destination, the
packets are re-assembled to form the complete original
message. The TCP/IP ensures that messages arrive at the
proper computer inthe proper order. Whenthe message is in
packet form, the destination address and the source address
information are carried in the ‘head’ of the packet. Firewalls
read the IPaddress in the head of packets. The IPaddress is
an important concept to determine the source of message.
They can use part of that information to determine whether
or not themessage will be allowedaccess or not.

Packet filtering:
 The most common firewall method is known as packet filtering.
Maintaining the bouncer analogy, some bouncers may only check ID’s and compare this
with the guest list before letting people in. Similarly, when a packet filter firewall receives
a packet from the internet, it checks information held in the IP address in the header of the
packet and checks it against a table of access control rules to determine whether or not the
packet is acceptable.
A set of rules established by the firewall administrator serves as the guest list.
These rules may specify certain actions when a source or destination IP address or port
number is identified. Although packet filters are fast, they are also relatively easy to
circumvent. One method of getting around a packet filter firewall is known as IP spoofing,
in which hackers adopt the IP address of a trusted source, thereby fooling the firewall into
the thinking that are packets from the hackers or actually from a trusted source. The second
fundamental problem with packet filter firewalls is that they allow a direct connection
between source and destination computers.

How Do You Know if You Need a Firewall?

The installation of a firewall requires a clear understanding of the networking requirements
of a group. The installation is likely to have a direct impact on every machine behind the
firewall. Since firewalls are tools used to implement network security policy, no firewall
design should ever be considered without first clearly defining the ultimate security policy
goals.
TYPESOFFIREWALLS:

Packet –filtering router:

Apacket filtering router applies a set of rules

toeachincomingIPpacket andthenforwards or discards the
packet. The router is typically configured to filter packets
going in both directions (fromand to the internal network).
Filtering rules are based on fields in the IP and transport
(e.g., TCPor UDP) header, including source and destination
IP address, IP protocol field (which defines the transport
protocol), and TCP or UDP port Number (which defines an
applications suchas SNMPor TELNET).
The packet filter is typically setup as a list of rules
based on matches to fields in the IP or TCP header. If there
is a match to one of the rules, that rule is invoked to
determine whether to forward or discard the packet. If there
is nomatchtoanyrule, thena default actionis taken.

Applicationlevel gateway:
Application level gateways tend to be more securing than
packet filters. It is also called a proxy server, acts as a relay
of application -level traffic. The user contacts the gate way
using a TCP /IP application, such as telnet or FTP and the
gate way asks the user for the name of the remote host to be
accessed. When the user responds and provides a valid user
id and authentication information, the gate way contacts the
application on the remote host and relays TCP segments
containingtheapplicationdata betweenthe twoendpoints.

Fig: Types of firewalls

Circuit level gateway:

A third type of firewall is the circuit level gate way. This can be a stand-alone system
or it can be a specialized function performed by an application level gate way for
certain applications. A circuit level gate way does not permit an end to end TCP
connection; rather, the gate way sets up two TCP connections, one between itself and a
TCP user on an inner host and one between itself and a TCP user on an outside host.
Once the two connections are established, the gate way typically relays TCP segments
from one connection to the other without examining the contents. Security function
consists of determining which connection will be allowed.

A FIREWALL IN AN IT SYSTEM

A firewall is primarily used to protect the boundary of an organization’s internal network

whilst it is connected to other networks (e.g. to the Internet). A typical misconception is, as
I already mentioned, to use perimeter routers for performing this role. At the very least,
perimeter routers can be employed in two ways: either without packet filtering rules
involved or by using an IP filtering router solution (most likely together with a dynamic
NAT) selectively passing or blocking data packets based on port information or addresses
acceptable by the security policy. Of course, a firewall must always be situated next to the
router. Some practical solutions to this are illustrated in Figures 1 and 2 below.
 Fig: Model networkusingfirewall

Fig: Another model usingfirewall

SHORT COMINGS OF A FIREWALL
Firewall can’t protect against attacks that don’t go
through the firewall. There are a lot of organizations out
there buying expensive firewalls and neglecting the
numerous other back-doors intotheir network. For a firewall
to work, it must be a part of a consistent overall
organizational securityarchitecture.
Another thing a firewall can’t really protect
against is a traitor inside the network. While an industrial
spymight export informationthroughyour firewall, he’s just
as likely to export it through a telephone. FAXmachine, or
floppy disk. An attacker may be able to break in to the
network by completely bypassing the firewall, if he can find
a helpful employee inside who can be fooled into giving
access toamodempool.
Lastly, firewalls can’t protect against tunneling
over most application protocols to trojaned or poorly written
clients. There are no magic bullets and a firewall is not an
excuse to not implement software controls on internal
networks or ignores host securityonservices.

CONCLUSION
Firewall policies must berealisticandreflect
the level of securityintheentire network. The futureof
firewalls sits somewhere betweenbothnetworklayer
firewalls andapplicationlayer firewalls. It is likelythat
networklayer firewalls will become increasinglyawareof
the informationgoingthroughthem, andapplicationlayer
firewalls will becomemore andmoretransparent. Theend
result will be kindof afast packet-screeningsystemthat logs
andchecks dataas it passes through.
Firewalls areavailable as personnel firewalls
(eg.,ZoneAlarm,Nortronpersonnel firewall) andnetwork
firewalls .The personnel firewall is asoftware usedon
different personnel computers. Whereas thenetwork
firewalls are availableintwotrends as softwareand
hardware firewalls. Innear futurethefirewall becomes the
necessarysecuritydevices toprevent thenetworkbased
attacks.

Finally security isn’t “fire and forget”

Our E-mail I.D’s:

rakesh_chelloju@yahoo.co.in
santhoshpuli_747@yahoo.co.in
PH:08742-220218
Address:
Ch. RakeshKumar,
S/oCh. Ramachary,
H.No: 2-5-529/4,
Mothi Nagar,
KHAMMAM–507003.