Computer Security

Chapter 4

Firewalls

Firewalls.
 Computer Security

4.0. Introduction

A firewall forms a barrier through which the traffic going in each direction must pass. A firewall

security policy dictates which traffic is authorized to pass in each direction.

A firewall may be designed to operate as a filter at the level of IP packets, or may operate at a

higher protocol layer.

Figure 1: General Model of a Firewall.

4.2. The Need for Firewalls

Information systems in corporations, government agencies, and other organizations

have undergone a steady evolution. The following are notable developments:

• Centralized data processing system, with a central mainframe supporting a number of

directly connected terminals.

• Local area networks (LANs) interconnecting PCs and terminals to each other and the

mainframe.

• Premises network, consisting of a number of LANs, interconnecting PCs, servers, and

perhaps a mainframe or two.

 Computer Security

• Enterprise-wide network, consisting of multiple, geographically distributed premises

networks interconnected by a private wide area network (WAN).

• Internet connectivity, in which the various premises networks all hook into the Internet

and may or may not also be connected by a private WAN.

4.3. Firewall Characteristics.

The following design goals for a firewall:

a. All traffic from inside to outside, and vice versa, must pass through the firewall.

This is achieved by physically blocking all access to the local network except

via the firewall.

b. Only authorized traffic, as defined by the local security policy, will be allowed to pass.

Various types of firewalls are used, which implement various types of security policies, as

explained later in this chapter.

c. The firewall itself is immune to penetration.

This implies the use of a hardened system with a secured operating system. Trusted computer

systems are suitable for hosting a firewall and often required in government applications.

4.4. General techniques used by firewalls to enforce security policy.

a. Service control: Determines the types of Internet services that can be accessed, inbound

or outbound. The firewall may filter traffic on the basis of IP address, protocol, or port

number; may provide proxy software that receives and interprets each service request

before passing it on; or may host the server software itself, such as a Web or mail service.
 Computer Security

b. Direction control: Determines the direction in which particular service requests may be

initiated and allowed to flow through the firewall.

c. User control: Controls access to a service according to which user is attempting to access

it. This feature is typically applied to users inside the firewall perimeter (local users).

d. Behavior control: Controls how particular services are used. For example, the firewall

may filter e-mail to eliminate spam, or it may enable external access to only a portion of

the information on a local Web server

4.5. Types of Firewalls.

A firewall may act as a packet filter. It can operate as a positive filter, allowing to pass only packets

that meet specific criteria, or as a negative filter, rejecting any packet that meets certain criteria.

Depending on the type of firewall, it may examine one or more protocol headers in each packet,

the payload of each packet, or the pattern generated by a sequence of packets. In this section, we

look at the principal types of firewalls.

i. Packet Filtering Firewall.

A packet filtering firewall applies a set of rules to each incoming and outgoing IP packet and

then forwards or discards the packet. The firewall is typically configured to filter packets going

in both directions (from and to the internal network). Filtering rules are based on information

contained in a network packet.

ii. Stateful Inspection Firewalls.

A stateful inspection packet firewall tightens up the rules for TCP traffic by creating a directory

of outbound TCP connections. There is an entry for each currently established connection. The
 Computer Security

packet filter will now allow incoming traffic to high-numbered ports only for those packets that

fit the profile of one of the entries in this directory.

iii. Application-Level Gateway

An application-level gateway, also called an application proxy, acts as a relay of application-level

traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and the

gateway asks the user for the name of the remote host to be accessed. When the user responds and

provides a valid user ID and authentication information, the gateway contacts the application on

the remote host and relays TCP segments containing the application data between the two

endpoints. If the gateway does not implement the proxy code for a specific application, the service

is not supported and cannot be forwarded across the firewall. Further, the gateway can be

configured to support only specific features of an application that the network administrator

considers acceptable while denying all other features.

iv. Circuit-Level Gateway

A fourth type of firewall is the circuit-level gateway or circuit-level proxy. This can be a stand-

alone system or it can be a specialized function performed by an application-level gateway for

certain applications. As with an application gateway, a circuit-level gateway does not permit an

end-to-end TCP connection; rather, the gateway sets up two TCP connections, one between

itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.

Once the two connections are established, the gateway typically relays TCP segments from one

connection to the other without examining the contents. The security function consists of

determining which connections will be allowed.

4.6. Benefits of using firewalls

 Computer Security

a) Monitors Network Traffic

All of the benefits of firewall security start with the ability to monitor network traffic. Data

coming in and out of your systems creates opportunities for threats to compromise your

operations. By monitoring and analyzing network traffic, firewalls leverage preestablished rules

and filters to keep your systems protected. With a well-trained IT team, you can manage your

levels of protection based on what you see coming in and out through your firewall.

b) Stops Virus Attacks

Nothing can shut your digital operations down faster and harder than a virus attack. With

hundreds of thousands of new threats developed every single day, it is vital that you put the

defenses in place to keep your systems healthy. One of the most visible benefits of firewalls is

the ability to control your system's entry points and stop virus attacks. The cost of damage from a

virus attack on your systems could be immeasurably high, depending on the type of virus.

c) Prevents Hacking

Unfortunately, the trend of businesses moving more toward digital operations invites thieves and

bad actors to do the same. With the rise of data theft and criminals holding systems hostage,

firewalls have become even more important, as they prevent hackers from gaining unauthorized

access to your data, emails, systems, and more. A firewall can stop a hacker completely or deter

them to choose an easier target.

d) Stops Spyware

In a data-driven world, a much-needed benefit is stopping spyware from gaining access and

getting into your systems. As systems become more complex and robust, the entry points
 Computer Security

criminals can use to gain access to your systems also increase. One of the most common ways

unwanted people gain access is by employing spyware and malware—programs designed to

infiltrate your systems, control your computers, and steal your data. Firewalls serve as an

important blockade against these malicious programs.

e) Promotes Privacy

An overarching benefit is the promotion of privacy. By proactively working to keep your data

and your customers' data safe, you build an environment of privacy that your clients can trust.

No one likes their data stolen, especially when it is clear that steps could have been taken to

prevent the intrusion.

Review Questions.

1. List three design goals for a firewall.

2. List four techniques used by firewalls to control access and enforce a security policy.

3. What information is used by a typical packet filtering firewall?

4. What are some weaknesses of a packet filtering firewall?

5. What is the difference between a packet filtering firewall and a stateful inspection

firewall?

6. What is an application-level gateway?

7. What is a circuit-level gateway?

…end!