Firewall Security

Introduction:

Firewall is a barrier between Local Area Network (LAN) and the Internet. It
allows keeping private resources confidential and minimizes the security risks. It
controls network traffic, in both directions.

Firewall is a network security device, either hardware or software based, which

monitors all incoming and outgoing traffic and based on defined set of security
rules it accept, reject or drop that specific traffic.

Accept : allow the traffic

Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply
Firewall establishes a barrier between secured internal networks and outside
untrusted network, such as Internet.

A firewall is a device installed between the internet network of an organization

and the rest of Internet. When a computer is connected to Internet, it can create
many problems for corporate companies. Most companies put a large amount of
confidential information online. Such an information should not be disclosed to
the unauthorized persons. Second problem is that the virus, worms and other
digital pests can breach the security and can destroy the valuable data.

The main purpose of a firewall is to separate a secure area from a less secure
area and to control communications between the two. Firewall also controlling
inbound and outbound communications on anything from a single machine to an
entire network.

On the other-hand Software firewalls, also sometimes called personal firewalls,

are designed to run on a single computer. These are most commonly used on
home or small office computers that have broadband access, which tend to be
left on all the time.

A software firewall prevents unwanted access to the computer over a network

connection by identifying and preventing communication over risky ports.
Computers communicate over many different recognized ports, and the firewall
will tend to permit these without prompting or alerting the user.

The following diagram depicts a sample firewall between LAN and the internet.
The connection between the two is the point of vulnerability. Both hardware and
the software can be used at this point to filter network traffic.
There are two types of Firewall system: One works by using filters at the
network layer and the other works by using proxy servers at the user,
application, or network layer.

A firewall can serve the following functions:

1- Limit Internet access to e-mail only, so that no other types of information can
pass between the intranet and the Internet
2- Control who can telnet into your intranet (a method of logging in remotely
3- Limit what other kinds of traffic can pass between your intranet and the
Internet.
A firewall can be simple or complex, depending on how specifically you want to
control your Internet traffic. A simple firewall might require only that you
configure the software in the router that connects your intranet to your ISP. A
more complex firewall might be a computer running UNIX and specialized
software

Why a Firewall is needed?

There is no need for a firewall if each and every host of a private network is
properly secured. Unfortunately, in practice the situation is different. A private
network may consist of different platforms with diverse OS and applications
running on them. Many of the applications were designed and developed for an
ideal environment, without considering the possibility of the existence of bad
guys. Moreover, most of the corporate networks are not designed for security.
Therefore, it is essential to deploy a firewall to protect the vulnerable
infrastructure of an enterprise.

Firewall Capabilities

Important capabilities of a firewall system are listed below:

 It defines a single choke point to keep unauthorized users out of
protected network
 It prohibits potentially vulnerable services from entering or leaving the
network
 It provides protection from various kinds of IP spoofing
 It provides a location for monitoring security-related events
 Audits and alarms can be implemented on the firewall systems
 A firewall is a convenient platform for several internet functions that are
not security related
 A firewall can serve as the platform for IPSec using the tunnel mode
capability and can be used to implement VPNs

Limitations of a Firewall

Main limitations of a firewall system are given below:

 Firewall cannot protect against any attacks that bypass the firewall. Many
organizations buy expensive firewalls but neglect numerous other back-doors
into their network
 A firewall does not protect against the internal threats from traitors. An
attacker may be able to break into network by completely bypassing the
firewall, if he can find a ``helpful'' insider who can be fooled into giving access
to a modem pool
 Firewalls can't protect against tunneling over most application protocols.
For example, firewall cannot protect against the transfer of virus-infected
programs or files

How Firewall Works

Firewall match the network traffic against the rule set defined in its table. Once
the rule is matched, associate action is applied to the network traffic. For
example, Rules are defined like any employee from HR department cannot
access the data from code server and at the same time other rule is defined like
system administrator can access the data from both HR and technical
department. Rules can be defined on firewall based on the necessity and
security policies of the organization.
From the perspective of a server, network traffic can be either outgoing or
incoming. Firewall maintains distinct set of rules for both the cases. Mostly the
outgoing traffic, originated from the server itself, allowed to pass. Still, setting
rule on outgoing traffic is always better in order to achieve more security and
prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on firewall is
one of these three major Transport Layer protocols- TCP, UDP or ICMP. All these
types have a source address and destination address. Also, TCP and UDP have
port numbers. ICMP uses type code instead of port number which identifies
purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on

firewall. For this reason, firewall must always have a default policy. Default
policy only consist action (accept, reject or drop).
Suppose no rule is defined about SSH connection to the server on firewall. So, it
will follow default policy. If default policy on firewall is set to accept, then any
computer outside of your office can establish SSH connection to the server.
Therefore, setting default policy as drop (or reject) is always a good practice.