FIREWALL

A firewall is a hardware or software system that prevents unauthorized

access to or from a network. They can be implemented in both hardware and
software, or a combination of both. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected to
the Internet. All data entering or leaving the Intranet pass through the
firewall, which examines each packet and blocks those that do not meet the
specified security criteria.

Generally, firewalls are configured to protect against unauthenticated

interactive logins from the outside world. This helps prevent hackers from
logging into machines on your network. More sophisticated firewalls block
traffic from the outside to the inside, but permit users on the inside to
communicate a little more freely with the outside.

Firewalls are essential since they can provide a single block point where
security and auditing can be imposed. Firewalls provide an important
logging and auditing function; often they provide summaries to the
administrator about what type/volume of traffic has been processed through
it. This is an important point since providing this block point can serve the
same purpose (on your network) as an armed guard can (for physical
premises).

Hardware Firewalls
Hardware firewalls can be purchased as a stand-alone product but
more recently hardware firewalls are typically found in broadband
routers, and should be considered an important part of your system
and network set-up, especially for anyone on a broadband
connection. Hardware firewalls can be effective with little or no
configuration, and they can protect every machine on a local network.
Most hardware firewalls will have a minimum of four network ports to
connect other computers, but for larger networks, business
networking firewall solutions are available.

A hardware firewall uses packet filtering to examine the header of a

packet to determine its source and destination. This information is
compared to a set of predefined or user-created rules that determine
whether the packet is to be forwarded or dropped.

As with any electronic equipment, a computer user with general

computer knowledge can plug in a firewall, adjust a few settings and
have it work. To ensure that your firewall is configured for optimal
security and protect however, consumers will no doubt need to learn
the specific features of their hardware firewall, how to enable them,
and how to test the firewall to ensure its doing a good job of
protecting your network.

Not all firewalls are created equal, and to this end it is important to
read the manual and documentation that comes with your product.
Additionally the manufacturer's Web site will usually provide a
knowledgebase or FAQ to help you get started. If the terminology is a
bit too tech-oriented, you can also use the Webopedia search to help
you get a better understanding of some of the tech and computer
terms you will encounter while setting up your hardware firewall.

To test your hardware firewall security, you can purchase third-party

test software or search the Internet for a free online-based firewall
testing service. Firewall testing is an important part of maintenance to
ensure your system is always configured for optimal protection.

Software Firewalls
For individual home users, the most popular firewall choice is a
software firewall. Software firewalls are installed on your computer
(like any software) and you can customize it; allowing you some
control over its function and protection features. A software firewall
will protect your computer from outside attempts to control or gain
access your computer, and, depending on your choice of software
firewall, it could also provide protection against the most common
Trojan programs or e-mail worms. Many software firewalls have user
defined controls for setting up safe file and printer sharing and to
block unsafe applications from running on your system. Additionally,
software firewalls may also incorporate privacy controls, web filtering
and more. The downside to software firewalls is that they will only
protect the computer they are installed on, not a network, so each
computer will need to have a software firewall installed on it.

Like hardware firewalls there is a vast number of software firewalls to

choose from. To get started you may wish to read reviews of software
firewalls and search out the product Web site to glean some
information first. Because your software firewall will always be
running on your computer, you should make note of the system
resources it will require to run and any incompatibilities with your
operating system. A good software firewall will run in the background
on your system and use only a small amount of system resources. It
is important to monitor a software firewall once installed and to
download any updates available from the developer.

WHY DO WE NEED A FIREWALL?

The Internet, like any other society, is plagued with the kind of jerks who
enjoy the electronic equivalent of writing on other people's walls with
spraypaint, tearing their mailboxes off, or just sitting in the street blowing
their car horns. Some people try to get real work done over the Internet, and
others have sensitive or proprietary data they must protect. Usually, a
firewall's purpose is to keep the jerks out of your network while still letting
you get your job done.

Many traditional-style corporations and data centers have computing

security policies and practices that must be followed. In a case where a
company's policies dictate how data must be protected, a firewall is very
important, since it is the embodiment of the corporate policy. Frequently, the
hardest part of hooking to the Internet, if you're a large company, is not
justifying the expense or effort, but convincing management that it's safe to
do so. A firewall provides not only real security--it often plays an important
role as a security blanket for management.

Lastly, a firewall can act as your corporate ``ambassador'' to the Internet.

Many corporations use their firewall systems as a place to store public
information about corporate products and services, files to download, bug-
fixes, and so forth. Several of these systems have become important parts of
the Internet service structure (e.g., UUnet.uu.net, whitehouse.gov,
gatekeeper.dec.com) and have reflected well on their organizational
sponsors. Note that while this is historically true, most organizations now
place public information on a Web server, often protected by a firewall, but
not normally on the firewall itself.

WHAT DOES FIREWALL

PROTECT AGAINST?
• Remote login - When someone is able to connect to your computer
and control it in some form. This can range from being able to view or
access your files to actually running programs on your computer.
• Application backdoors - Some programs have special features that
allow for remote access. Others contain bugs that provide a backdoor,
or hidden access, that provides some level of control of the program.
• SMTP session hijacking - SMTP is the most common method of
sending e-mail over the Internet. By gaining access to a list of e-mail
addresses, a person can send unsolicited junk e-mail (spam) to
thousands of users. This is done quite often by redirecting the e-mail
through the SMTP server of an unsuspecting host, making the actual
sender of the spam difficult to trace.
• Operating system bugs - Like applications, some operating systems
have backdoors. Others provide remote access with insufficient
security controls or have bugs that an experienced hacker can take
advantage of.
• Denial of service - You have probably heard this phrase used in news
reports on the attacks on major Web sites. This type of attack is nearly
impossible to counter. What happens is that the hacker sends a request
to the server to connect to it. When the server responds with an
acknowledgement and tries to establish a session, it cannot find the
system that made the request. By inundating a server with these
unanswerable session requests, a hacker causes the server to slow to a
crawl or eventually crash.
• E-mail bombs - An e-mail bomb is usually a personal attack.
Someone sends you the same e-mail hundreds or thousands of times
until your e-mail system cannot accept any more messages.
• Macros - To simplify complicated procedures, many applications
allow you to create a script of commands that the application can run.
This script is known as a macro. Hackers have taken advantage of this
 to create their own macros that, depending on the application, can
destroy your data or crash your computer.
• Viruses - Probably the most well-known threat is computer viruses.
A virus is a small program that can copy itself to other computers.
This way it can spread quickly from one system to the next. Viruses
range from harmless messages to erasing all of your data.
• Spam - Typically harmless but always annoying, spam is the
electronic equivalent of junk mail. Spam can be dangerous though.
Quite often it contains links to Web sites. Be careful of clicking on
these because you may accidentally accept a cookie that provides a
backdoor to your computer.
• Redirect bombs - Hackers can use ICMP to change (redirect) the path
information takes by sending it to a different router. This is one of the
ways that a denial of service attack is set up.
• Source routing - In most cases, the path a packet travels over the
Internet (or any other network) is determined by the routers along that
path. But the source providing the packet can arbitrarily specify the
route that the packet should travel. Hackers sometimes take advantage
of this to make information appear to come from a trusted source or
even from inside the network! Most firewall products disable source
routing by default.

What can't a firewall protect

against?
Firewalls can't protect against attacks that don't go through the firewall.
Many corporations that connect to the Internet are very concerned about
proprietary data leaking out of the company through that route.
Unfortunately for those concerned, a magnetic tape, compact disc, DVD, or
USB flash drives can just as effectively be used to export data. Many
organizations that are terrified (at a management level) of Internet
connections have no coherent policy about how dial-in access via modems
should be protected. It's silly to build a six-foot thick steel door when you
live in a wooden house, but there are a lot of organizations out there buying
expensive firewalls and neglecting the numerous other back-doors into their
network. For a firewall to work, it must be a part of a consistent overall
organizational security architecture. Firewall policies must be realistic and
reflect the level of security in the entire network. For example, a site with
top secret or classified data doesn't need a firewall at all: they shouldn't be
hooking up to the Internet in the first place, or the systems with the really
secret data should be isolated from the rest of the corporate network.

Lost or stolen PDAs, laptops, cell phones, USB keys, external hard drives,
CDs, DVDs, etc. For protection against this type of data loss, you will need
a good policy, encryption, and some sort of enterprise
auditing/enforcement. Places that really care about Intellectual Property (IP)
and data loss prevention use USB firewalling technology on their desktops
and systems in public areas. The details are outside the scope of this FAQ.

Badly written, pooly thought out, or non-existent organizational policy. A

firewall is the end extension of an organization's security policy. If that
policy is ill-informed, pooly formed, or not formed at all, then the state of
the firewall is likely to be similar. Executive buy-in is key to good security
practice, as is the complete and unbiased enforcement of your policies.
Firewalls can't protect against political exceptions to the policy, so these
must be documented and kept at a miniumum.

Another thing a firewall can't really protect you against is traitors or idiots
inside your network. While an industrial spy might export information
through your firewall, he's just as likely to export it through a telephone,
FAX machine, or Compact Disc. CDs are a far more likely means for
information to leak from your organization than a firewall. Firewalls also
cannot protect you against stupidity. Users who reveal sensitive information
over the telephone are good targets for social engineering; an attacker may
be able to break into your network by completely bypassing your firewall, if
he can find a ``helpful'' employee inside who can be fooled into giving
access to a modem pool or desktop through a "remote support" type portal.
Before deciding this isn't a problem in your organization, ask yourself how
much trouble a contractor has getting logged into the network or how much
difficulty a user who forgot his password has getting it reset. If the people on
the help desk believe that every call is internal, you have a problem that can't
be fixed by tightening controls on the firewalls.

Firewalls can't protect against tunneling over most application protocols to

trojaned or poorly written clients. There are no magic bullets and a firewall
is not an excuse to not implement software controls on internal networks or
ignore host security on servers. Tunneling ``bad'' things over HTTP, SMTP,
and other protocols is quite simple and trivially demonstrated. Security isn't
``fire and forget''.

Lastly, firewalls can't protect against bad things being allowed through them.
For instance, many Trojan Horses use the Internet Relay Chat (IRC) protocol
to allow an attacker to control a compromised internal host from a public
IRC server. If you allow any internal system to connect to any external
system, then your firewall will provide no protection from this vector of
attack.

WINDOW XP FIREWALL
• Currently not enabled by default
• Enable under Start -> Settings -> Control Panel
• Select Local Area Connection
• Select the Properties button
• Click the “Advanced” tab
• Windows XP firewall
• Updates to Windows XP Firewall
• Will be enabled in default installations of Windows XP Service Pack 2
• Ports will be closed except when they are in use
• Improved user interface for easier configuration
• Improved application compatibility when firewall is enabled

TYPES OF FIREWALL:
1.PACKET FILTERS

2.APPLICATION GATEWAY

3.CIRCUIT LEVEL GATEWAY

 4.PROXY SERVER

5.NETWORK ADDRESS TRASLATION

1.PACKET FILTERS: : Looks at each packet entering

or leaving the network and accepts or rejects it based on user-defined rules.
Packet filtering is fairly effective and transparent to users, but it is difficult
to configure. In addition, it is susceptible to IP spoofing. To simplify the
most commonly used firewalls, expert Chris Partsenidis breaks them down
into two categories: application firewalls and network layer firewalls. The
International Standards Organization (ISO) Open Systems Interconnect
(OSI) model for networking defines seven layers, where each layer provides
services that higher-level layers depend on. The important thing to recognize
is that the lower-level the forwarding mechanism, the less examination the
firewall can perform. IP packet filter firewall allows you to create a set of
rules that either discard or accept traffic over a network connection. The
firewall itself does not affect this traffic in any way. Because a packet filter
can only discard traffic that is sent to it, the device with the packet filter
must either perform IP routing or be the destination for the traffic.

A packet filter has a set of rules with accept or deny actions. When the
packet filter receives a packet of information, the filter compares the packet
to your pre-configured rule set. At the first match, the packet filter either
accepts or denies the packet of information. Most packet filters have an
implicit deny all rule at the bottom of the rules file.

Packet filters usually permit or deny network traffic based on:

• Source and destination IP addresses

• Protocol, such as TCP, UDP, or ICMP
• Source and destination ports and ICMP types and codes
• Flags in the TCP header, such as whether the packet is a connect
request
• Direction (inbound or outbound)
• Which physical interface the packet is traversing

All packet filters have a common problem: the trust is based on IP addresses.
Although this security type is not sufficient for an entire network, this type
of security is acceptable on a component level.
Most IP packet filters are stateless, which means they do not remember
anything about the packets they previously process. A packet filter with state
can keep some information about previous traffic, which gives you the
ability to configure that only replies to requests from the internal network
are allowed from the Internet. Stateless packet filters are vulnerable to
spoofing since the source IP address and ACK bit in the packet's header can
be easily forged by attackers.

2.APPLICATION GATEWAY:
Application layer firewalls defined, are hosts running proxy servers, which
permit no traffic directly between networks, and they perform elaborate
logging and examination of traffic passing through them. Since proxy
applications are simply software running on the firewall, it is a good place to
do lots of logging and access control. Application layer firewalls can be used
as network address translators, since traffic goes in one side and out the
other, after having passed through an application that effectively masks the
origin of the initiating connection, Chris Partsenidis says.

However, run-of-the-mill network firewalls can't properly defend

applications. As Michael Cobb explains, application-layer firewalls offer
Layer 7 security on a more granular level, and may even help organizations
get more out of existing network devices. In some cases, having an
application in the way may impact performance and may make the firewall
less transparent. Early application layer firewalls are not particularly
transparent to end-users and may require some training. However, more
modern application layer firewalls are often totally transparent. Application
layer firewalls tend to provide more detailed audit reports and tend to
enforce more conservative security models than network layer firewalls.

The future of firewalls sits somewhere between both network layer firewalls
and application layer firewalls. It is likely that network layer firewalls will
become increasingly aware of the information going through them, and
application layer firewalls will become more and more transparent. The end
result will be kind of a fast packet-screening system that logs and checks
data as it passes through.
This has two major advantages. Firstly, no direct communication is allowed
between outside sources and computers behind the firewall, since everything
must first pass through a proxy, and secondly, filtering can now be done
using the actual content of the data, as opposed to just where it came from
and where it's going.

For example, using an application level gateway firewall, you can not only
control which computers inside your network can access internet web pages

, but also specify which web pages they are allowed to view, since the proxy
for HTTP can read the contents of the data sent from a web server and check
for restricted websites.

Application level gateway firewalls will have integrated Internet sharing,

since this is necessary to their function. They are generally intended for
business use, protecting large networks

. A good example of an application level gateway software package is

Microsoft's ISA (internet Security and Acceleration) server, though this has
several features beyond the firewall service.

3.CIRCUIT LEVEL GATEWAY:

A circuit-level gateway is a type of firewall.

Circuit level gateways work at the session layer of the OSI model, or as a
"shim-layer" between the application layer and the transport layer of the
TCP/IP stack. They monitor TCP handshaking between packets to determine
whether a requested session is legitimate. Information passed to a remote
computer through a circuit level gateway appears to have originated from the
gateway. This is useful for hiding information about protected networks.
Circuit level gateways are relatively inexpensive and have the advantage of
hiding information about the private network they protect. On the other
hand, they do not filter individual packets. As an example of how circuit
level gateways work, say computer A is in a network protected by a circuit
level gateway firewall
, and wants to view a web page on computer B which is outside the firewall.
Computer A sends the request for the web page to computer B, which is
intercepted and recorded by the firewall before being passed on. Computer B
receives the request, which as far as it is concerned came from the address of
the firewall, and starts sending the web-page data back across the Internet.
When it reaches the firewall, it is compared to computer A's request to see if
the IP address and the port match up, then the data is either allowed or
dropped.

A major advantage to using this method is that non-requested data from

outside the firewall is not allowed in, period. All ports are closed until the
firewall opens them. The main disadvantage is that unless it is combined
with some other form of filtering, any type of data requested from inside the
firewall will be allowed though.

4.PROXY SERVER:
In computer networks, a proxy server is a server (a computer system or an
application program) that acts as an intermediary for requests from clients
seeking resources from other servers. A client connects to the proxy server,
requesting some service, such as a file, connection, web page, or other
resource, available from a different server. The proxy server evaluates the
request according to its filtering rules. For example, it may filter traffic by IP
address or protocol. If the request is validated by the filter, the proxy
provides the resource by connecting to the relevant server and requesting the
service on behalf of the client. A proxy server may optionally alter the
client's request or the server's response, and sometimes it may serve the
request without contacting the specified server. In this case, it 'caches'
responses from the remote server, and returns subsequent requests for the
same content directly.

A proxy server has many potential purposes, including:

• To keep machines behind it anonymous (mainly for security).[1]

• To speed up access to resources (using caching). Web proxies are
commonly used to cache web pages from a web server.[2]
• To apply access policy to network services or content, e.g. to block
undesired sites.
• To log / audit usage, i.e. to provide company employee Internet usage
reporting.
 • To bypass security/ parental controls.
• To scan transmitted content for malware before delivery.
• To scan outbound content, e.g., for data leak protection.
• To circumvent regional restrictions.

A proxy server that passes requests and replies unmodified is usually called
a gateway or sometimes tunneling proxy.

A proxy server can be placed in the user's local computer or at various points
between the user and the destination servers on the Internet.

A reverse proxy is (usually) an Internet-facing proxy used as a front-end to

control and protect access to a server on a private network, commonly also
performing tasks such as load-balancing, authentication, decryption or
caching.

NETWORK ADDRESS TRASLATION:

In computer networking, network address translation (NAT) is the process of
modifying network address information in datagram (IP) packet headers
while in transit across a traffic routing device for the purpose of remapping a
given address space into another.

Most often today, NAT is used in conjunction with network masquerading

(or IP masquerading) which is a technique that hides an entire address
space, usually consisting of private network addresses (RFC 1918), behind a
single IP address in another, often public address space. This mechanism is
implemented in a routing device that uses stateful translation tables to map
the "hidden" addresses into a single address and then rewrites the outgoing
Internet Protocol (IP) packets on exit so that they appear to originate from
the router. In the reverse communications path, responses are mapped back
to the originating IP address using the rules ("state") stored in the translation
tables. The translation table rules established in this fashion are flushed after
a short period without new traffic refreshing their state.

As described, the method enables communication through the router only

when the conversation originates in the masqueraded network, since this
establishes the translation tables. For example, a web browser in the
masqueraded network can browse a website outside, but a web browser
outside could not browse a web site in the masqueraded network. However,
most NAT devices today allow the network administrator to configure
translation table entries for permanent use. This feature is often referred to as
"static NAT" or port forwarding and allows traffic originating in the 'outside'
network to reach designated hosts in the masqueraded network.

Because of the popularity of this technique (see below), the term NAT has
become virtually synonymous with the method of IP masquerading.

Network address translation has serious consequences (Drawbacks,

Benefits) on the quality of Internet connectivity and requires careful
attention to the details of its implementation. As a result, many methods
have been devised to alleviate the issues encountered. See article on NAT
traversal.

BENEFITS OF USING FIREWALL:

Firewalls are filters that filter any information passing from and into your
computer when you are surfing the Internet. It is up to you to set a filtration
level where you can say what information gets in and what gets out. Many
people believe that the firewalls are the first level of security and they are
not far from the truth. There are many benefits of using firewalls.

If you are using a computer at home or office, it is important to have a

firewall. The thing is that most large organizations have very complex
firewalls which are relatively impenetrable. These firewalls prevent
employees from sending out sensitive company data through emails. They
also prevent employees from accessing sites which could be harmful to the
organization's network or stop the employees from being productive. In
addition, firewalls prevent other computers from accessing the company's
network.

The benefits of using a firewall are immense for an organization and that is
why it is in such great demand. There are many different levels of
configuration possible with firewalls and any organization using them would
require trained IT employees to oversee and maintain them.

When we talk about computers at home, the firewall used is not as complex
as that used in an organization. Here the firewall just has to protect your
home PC and network from malicious software like viruses and spyware. A
firewall on your home computer does not allow traffic to enter or go out
other than what has been programmed. So, if a program entering your
computer is infected with virus and does not conform to the preset criteria
stipulated on your firewall, it will block it.

DISADVATAGES OF USING
FIREWALL:
Firewalls evolve due to cracker's ability to circumvent them increases.

"Always on" connections created by Cable and DSL connections create

major problems for firewalls. This can be compared to leaving you car
running with the keys in it and the doors unlocked which a thief may
interpret as an invitation to "Please steal me".

Firewalls cannot protect you from internal sabotage within a network or

from allowing other users access to your PC.

Firewalls cannot edit indecent material like pornography, violence, drugs

and bad language. This would require you to adjust your browser security
options or purchase special software to monitor your children's Internet
activity.

Firewalls offer weak defense from viruses so antiviral software and an

IDS (intrusion detection system) which protects against Trojans and port
scans should also complement your firewall in the layering defense.

Some firewalls claim full firewall capability when it's not the case. Not
all firewalls are created equally or offer the same protection so it's up to
the user to do their homework.

Cost varies. There are some great free firewalls available to the PC User
but there are also a few highly recommended products, which can only be
purchased. The difference may be just the amount of support or features
that a User can get from a free product as opposed to a paid one and how
much support that user thinks he or she will require.

A firewall protection is limited once you have an allowable connection

open. This is where another program should be in place to catch Trojan
horse viruses trying to enter your computer as unassuming normal traffic.
There have been claims made by IDS (Intrusion Detection System)
companies where Trojan's were detected such as the RuX FireCracker v
2.0 which disabled certain Firewalls programs thus leaving the PC
vulnerable to malicious actions.