jump to navigation

Firewalls August 10, 2005

Posted by Coolguy in Networks.
trackback
  • A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system
  • If an incoming packet of information is flagged by the filters, it is not allowed through.
  • A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company).
  • The firewall can implement security rules. For example, one of the security rules inside the company might be:
    Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others.
  • Firewalls use one or more of three methods to control traffic flowing in and out of the network:
  • Packet filtering – Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
  • Proxy service – Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
  • Stateful inspection – A newer method that doesn’t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

Customising Firewalls

  • IP addresses: If a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
  • Domain names: A company might block all access to certain domain names, or allow access only to specific domain names.
  • Protocols: A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
  • Ports: A company might block certain ports access on all machines but one inside the company.
  • Specific words and phrases : The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word “X-rated” in it.

Uses of Firewall

Protects from

  • Remote login
  • Application backdoors
  • SMTP session hijacking
  • Operating system bugs
  • Denial of service
  • E-mail bombs
  • Macros
  • Viruses
  • Spam
  • Redirect bombs :Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up
  • Source routing : In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default.

Firewall Products

Radware specific faq

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: