Professional Documents
Culture Documents
Abdul Mannan
Student ID 06037871
Contents
Contents..............................................................................................2 1 Introduction ......................................................................................3 2 Literature review ..............................................................................4 2.1 Firewall..........................................................................................................4 2.1.1 Hardware Firewall....................................................................................4 2.2 Purpose of Firewall........................................................................................7 2.3 How does it work...........................................................................................8 2.4 Types of firewall ...........................................................................................8 2.4.1 Packet Filtering.......................................................................................8 2.4.2 Circuit-Level Gateways..........................................................................10 2.4.3 Application Gateways............................................................................10 2.4.4 Stateful Multilayer Inspection................................................................12 3 Comparison .....................................................................................13 4 Conclusion ......................................................................................13 4.1 Recommendation .......................................................................................13
2| Page
Abdul Mannan
Student ID 06037871
Abstract
In this report my main aim is to assume that I am working as a consultant for a network security organisation and prepare a report comparing different type of firewalls available.by using the internet and other sources I will create a report that will give the strengths and weakness of each product, I will also state where this product would generally be used.
1 Introduction
The internet has millions of data available for free to users to consume and share it has evolved to such an extent we now play games, stream live TV, and even talk using the internet on the go most are completely free, for many of us it has become so essential that we cant get on with our normal lives but yet by connecting to the internet has become a risk our confidential data could be available to hackers or intruders if we dont have a firewall in place. Threat has moved slowly from being most dominant in lower layer of the network traffic to the application layer, this has reduced the effectiveness of firewall in stopping threats that is carried through the network communications but firewall is still needed to stop the threats that continue to work at the lower layer of network traffic .firewall is good at providing some protection at the application layer supplementing the capabilities of other network security technologies (CNG) Firewall is the most basic form of protection users can have for their network and there are many types of firewall to choose from depending on the network. Firewall watches the traffic and examines suspicious activity and used for two main reason To keep people (intruders, hackers) out To keep people (students, lecturers) in (VSC)
3| Page
Abdul Mannan
Student ID 06037871
2 Literature review
2.1 Firewall
Firewall can be hardware or software program that prevents unauthorised access to or from a network and it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. Firewall also control the flow of network traffic between network and hosts that employs differing security postures at one time most firewall was deployed at the network perimeters.(VSC) This provided some form of protection for internal host but did not recognise all forms of attacks, and attacks sent from one internal host to another do no pass through the network firewall because of this reason network designers now include firewall functionality at other places other than the network perimeter to provide additional layer of security and also to protect mobile devices that are place onto external networks.(CNG) Firewall is used to safeguard the data within the network all data entering or leaving the network will have to pass through a security check (firewall) which will examine each packet that do no not meet the specified security criteria and then will be rejected and denied access. The firewall is part of an overall security policy that creates a perimeter defence designed to protect the information resources of the network. (LSC) The firewall will sit at the junction point or gateway between the two networks, normally a private network and a public network such as the Internet. The earliest firewalls were just routers. The term firewall comes from the fact that by segmenting a network into different physical sub networks, they will limit the damage caused that could of spread from one subnet to another just like fire doors or firewalls. Below I have included diagrams showing the connection taking place. (VSC)
4| Page
Student ID 06037871
Hardware firewalls can be expensive at first and might be more difficult to configure and hardware firewalls treat outgoing traffic from the local network as safe, which can be a hazard if malware, such as a worm, penetrates your network and attempts to connect to the Internet (TIC)
(VSC)
Products for hardware firewalls UTM10EW-100EUS - Netgear NG Prosecure UTM10 Hardware Firewall inc 1YR Email, Web & Maintenance/Support Subscription
The ProSecure UTM series of all-in-one gateway security has a combination of security options to keep business safe and secure from the Web, email, and network threats. Malware hosted on Web pages, phishing attacks, spam, virus infected emails, hackers, and denial-of-service attacks, Because comprehensive network security requires a lot of processing power to examine the network in real time this all in one security solution is all a network needs.
5| Page
Abdul Mannan
Student ID 06037871
(VSC)
Student ID 06037871
Blocks hackers and prevents viruses & spyware from stealing your personal data and sending it out to the Internet zone alarm has 2-Way Firewall (Inbound & Outbound) Stops Internet attacks at the front door and even catches thieves on their way out. Our 2-way firewall proactively protects against inbound and outbound attacks while making you invisible to hackers. Inbound & Outbound - monitors and blocks threat traffic in or out. Full Stealth Mode - makes you invisible to hackers Kill Controls - instantly disable malicious programs. (ZAS)
7| Page
Abdul Mannan
Student ID 06037871
8| Page
Abdul Mannan
Student ID 06037871
Below is a product that can be used for small or medium sized business this product has the functionality of a router, packet filtering firewall, VPN gateway, and modem pool in one cost effective solution
The Epipe 2000 Shared Internet access for your entire office Packet filtering firewall, robust security features Secure Remote Access for mobile clients (PPTP server) Site to Site VPN using IPsec and E2B (MLIP bonding technology) or IPsec and IKE Direct dial access for remote workers, and Site to Site direct dial connections
(MLI) Advantages Uses very little CPU resources Rules are set by the administrator Very cheap
9| Page
Abdul Mannan
Student ID 06037871
Product Description: Juniper Networks Secure Services Gateway 5 with ISDN backup, S/T Interface, 128 MB Memory The Juniper Networks SSG5 it is built for small sized offices protected from outside network by making it invisible as everything coming from within the firewall appears to have originated from the firewall itself. (VSJ) Advantages Data hidden No need to filter each packets Fast Simple
Abdul Mannan
Student ID 06037871
rules according to authentication and privilege and can monitor events on the host system and capabilities of sounding alarm or notification if rules are disobeyed An application gateway is normally implemented on a separate computer on the network whose primary function is to provide proxy service.(PHO)
Description Blocking of harmful information on the web / Time Control of Internet access Multi-Connection - By Using only one ADSL or Cable line, up to 253 PCs can be connected to the Internet NAT-based IP sharing - Multiple PC's in LAN can access Internet simultaneously on a single IP account NAT-based firewall - Provides an effective firewall HUB - Enables multiple PC's to communicate data in LAN Port mapping - Provides application gateway function like Web server, FTP server, etc.(TKP)
Advantages Examines packets at the application level High security features such as denial of service attacks Reject packets
11 | P a g e
Student ID 06037871
The ZyWALL is very powerful solutions for small business has the capabilities to perform deep packet inspection and also It embodies a Stateful Packet Inspection (SPI) firewall, Anti-Virus, Intrusion Detection and Prevention (IDP), Content Filtering, Anti-Spam, and VPN (IPsec/SSL) all in one box. This multi-layered security safeguards your organization's customer and company records, intellectual property, and critical resources from external and internal threats. (NCP) Advantages More performance then proxies Very high security feature such as enforcing security policies at the application
12 | P a g e
Abdul Mannan
Student ID 06037871
3 Comparison
Above I have compared most firewall type and come to a conclusion that the best firewall is not a product itself but the feature and option it provides for the home or a business.in most cases there is no universal firewall that best suites the security need for all.
4 Conclusion
Serious evaluation should be taken when choosing a firewall solution for a network. Firstly before any firewall is implemented at home user need to note down any task they would be performing with the computers to best match what firewall device they need for the home but I think software firewall should do the job, but in a corporate firewall it needs to be evaluated for any security issues and how important the data is and from that they will create a firewall security policy and then implemented after successful evaluation.
4.1 Recommendation
Network architecture and threat analysis should be performed before any security implementation. Firewall policies should be based on strict rule set. Policies handling all incoming and outgoing traffic
13 | P a g e
Abdul Mannan
Student ID 06037871
References
(CNG) http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf (VSC) http://www.vicomsoft.com/learning-center/firewalls/ (LSC) www.linuxsecurity.com/resource_files/firewalls/nsc/500619.html (CSR) http://www.computer-security-review.org/faqs/firewalls/are-there-differenttypes-of-firewalls.html (SLB) http://www.smallbusinesscomputing.com/webmaster/article.php/3103431/FirewallDebate-Hardware-vs-Software.htm (AWC) http://www.antivirusware.com/articles/what-is-firewall.htm (ZAS) http://www.zonealarm.com/security/en-us/zonealarm-pc-security-freefirewall.htm (TIC) http://technology.inc.com/2006/11/01/choosing-a-firewall-hardware-vsoftware/ (WMI) www.whatismyipaddress.com/firewall (CDC) http://www.comodo.com/resources/home/how-firewalls-work.php (KLT) http://kimberleytaylor.com/articles/firewalls_type.htm (SPS) http://www.support.psi.com/support/common/routers/files/Filter-Desc.html (MLI) http://www.ml-ip.com/html/documentation/vpn-ug-intro-hw.html (VSJ) http://www.vology.com/shop/juniper-ssg-5-sb-bt-5358 (CRN) http://www.careerride.com/nw-circuit-level-gateway.aspx (PHO) http://www.pc-help.org/www.nwinternet.com/pchelp/security/firewalls.htm (TKP) http://www.tradekorea.com/product-detail/P00006352/RG_1000.html# (CSU) http://www.c-sharpcorner.com/uploadfile/pmalik/what-is-a-firewall/ (NCP) http://www.newegg.ca/Product/Product.aspx?Item=N82E16833181137
14 | P a g e
Abdul Mannan
Student ID 06037871
Bibliography
http://www.vicomsoft.com/learning-center/firewalls/
http://www.buzzle.com/articles/what-is-the-purpose-of-a-firewall.html
http://www.pc-help.org/www.nwinternet.com/pchelp/security/firewalls.htm http://whatismyipaddress.com/firewall http://www.networkworld.com/subnets/cisco/060109-ch1-cisco-securefirewalls.html?page=1 http://acw1-nt.wikidot.com/what-is-a-firewall http://www.comtest.com/tutorials/firewalls.html http://searchnetworking.techtarget.com/tutorial/Introduction-to-firewalls-Types-offirewalls http://www.computer-security-review.org/faqs/firewalls/are-there-different-typesof-firewalls.html http://www.aboutonlinetips.com/what-is-a-computer-firewall/ http://en.wikipedia.org/wiki/Internet_security#Types_of_firewalls http://www.techrepublic.com/forum/questions/101-314601/stateful-firewalls http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf
15 | P a g e