View
6
Download
0
Category
Preview:
Citation preview
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 1
VISVESVARAYA TECHNOLOGICAL UNIVERSITY
S.D.M COLLEGE OF ENGINEERING AND TECHNOLOGY
A seminar report on
FILTERING NETWORK TRAFFIC USING FIREWALL
Submitted by
Sheila S Hinchigeri
2SD06CS093
8th
semester
DEPARTMENT OF COMPUTER SCIENCE ENGINEERING
2009-10
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 2
VISVESVARAYA TECHNOLOGICAL UNIVERSITY
S.D.M COLLEGE OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF COMPUTER SCIENCE ENGINEERING
CERTIFICATE
This is to Certify that the seminar work entitled “FILTERING NETWORK TRAFFIC USING
FIREWALL” is a bonafide work presented by SHEILA S HINCHIGERI bearing USN NO
2SD06CS093 in a partial fulfillment for the award of degree of Bachelor of Engineering in
Computer Science of the Vishveshwaraiah Technological University, Belgaum during the year
2009-10. The seminar report has been approved as it satisfies the academic requirements with
respect to seminar work presented for the Bachelor of Engineering Degree.
Prof S L Deshpande Prof S M Joshi
Staff in charge H.O.D CSE
Name: Sheila S Hinchigeri
USN: 2SD06CS093
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 3
ABSTRACT
A Firewall is a piece of a software or hardware that filters all network traffic between your computer,
home network or company network and the internet. It is a program or a hardware device that filters
the information coming through the internet connection into your private network or computer
system and vice versa. It isolates an organisation's internal network from internet, allowing some
packets to pass and blocking others. A Firewall allows a network administrator to control access
between the outside world and resources within the administered network by managing the traffic
flow to and from these resources. Firewalls are classified into two types, Hardware and Software
firewalls. Hardware Firewall are generally preferred because they are a single hardware device which
protects the entire network and Softwares Firewalls are in software form which are to be installed on
every computer in the network. Hardware and Software firewalls can be further classified into Packet
Filters and Application Gateways. Packet Filters filter the incoming or the outgoing packets based on
some security policy to decide whether to allow the packet inside the network or discard it.
Application Gateways act as a proxy server which allows access to only to websites which have been
permitted by the internal security policy. Firewalls have advantages like network security, access
control and privacy. Firewalls also have some disadvantages like access restriction, back-door
challenges and risk of the inside attack. Firewalls are neither the panacea of every security aspect of
a network, nor the sole sufficient bulwark against network intrusion. Still Firewalls provide more
powerful and flexible protection for networks to make them secure.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 4
CONTENTS:
1. INTRODUCTION TO FIREWALL 05
2. NECESSITY OF FIREWALL 07
3. WORKING OF FIREWALLS 10
4. CLASSIFICATION OF FIREWALL 12
5. TYPES OF FIREWALL 14
6. DESIRED FEATURES OF FIREWALL 16
7. ADDITIONAL FEATURES OF FIREWALL 17
8. FIREWALL ESTABLISHMENT POLICES 19
9. ADVANTAGES OF FIREWALL 20
10. DISADVANTAGES OF FIREWALL 21
11. CONCLUSION 22
12. BIBLIOGRAPHY 23
13. REFERENCES 24
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 5
A Firewall is a piece of a software or hardware that filters all network traffic between your computer, home network or company network and the internet. It is a program or a hardware device that filters the information coming through the internet connection into your private network or computer system and vice versa. It isolates an organization's internal network from the Internet allowing some packets to pass and blocking others.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 6
The increasing complexity of networks, and the need to make them more open due to the
growing emphasis on and attractiveness of the Internet as a medium for business
transactions, mean that networks are becoming more and more exposed to attacks, both
from out and from within. One of the protective mechanisms under serious consideration
is the firewall. Firewalls are becoming more sophisticated by the day, and new features
are constantly being added, so that, in spite of the criticisms made of them and
developmental trends threatening them, they are still a powerful protective mechanism.
Today's networks change and develop on a regular basis to adapt to new business
situations, such as reorganizations, acquisitions, outsourcing, mergers, joint ventures, and
strategic partnerships, and the increasing degree to which internal networks are connected
to the Internet. The increased complexity and openness of the network necessitates the
development of sophisticated security technologies at the interface between networks of
different security domains, such as between Intranet and Internet or Extranet. The best
way of ensuring interface security is the use of a firewall. A Firewall is a computer,
router or other communication device that filters access to the protected network. A
firewall is defined as a collection of components or a system that is placed between two
networks and possesses the following properties:
• All traffic from inside to outside, and vice-versa, must pass through it. • Only authorized traffic, as defined by the local security policy, is allowed to pass
through it. • The firewall itself is immune to penetration.
Such traditional network firewalls prevent unauthorized
access and attacks by protecting the points of entry into the network. A firewall may consist of a variety of components including host (called bastion host), router filters (or screens), and services. A gateway is a machine or set of machines that provides relay services complementing the filters. DMZ this is an area or sub-network between the inside and outside networks that is partially protected. Exemplifying a traditional security concept, defence-in-depth, the outside filter protects the gateway from attack, while the inside gateway guards against the consequences of a compromised gateway Depending on the situation of the network concerned, there may be multiple firewalls, multiple internal networks, VPNs, Extranets and perimeter networks.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 7
2. NECESSITY OF FIREWALL
WHAT IT PROTECTS YOU FROM:
There are many creative ways that unscrupulous people use to access or abuse unprotected computers:
*Remote login - When someone is able to connect to your computer and control it in
some form. This can range from being able to view or access your files to actually running
programs on your computer.
*Application backdoors - Some programs have special features that allow for
remote access. Others contain bugs that provide a backdoor or hidden access that provides
some level of control of the program.
*SMTP session hijacking - SMTP is the most common method of sending e-mail
over the Internet. By gaining access to a list of e-mail addresses, a person can send
unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting
the e-mail through the SMTP server of an unsuspecting host, making the actual sender of
the spam difficult to trace.
*Operating system bugs - Like applications, some operating systems have
backdoors. Others provide remote access with insufficient security controls or have bugs
that an experienced hacker can take advantage of.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 8
*Denial of service - You have probably heard this phrase used in news reports on
the attacks on major Web sites. This type of attack is nearly impossible to counter. What
happens is that the hacker sends a request to the server to connect to it. When the server
responds with an acknowledgement and tries to establish a session, it cannot find the
system that made the request. By inundating a server with these unanswerable session
requests, a hacker causes the server to slow to a crawl or eventually crash.
*E-maiI bombs - An e-mail bomb is usually a personal attack. Someone sends you the
same e-mail hundreds or thousands of times until your e-mail system cannot accept any
more messages.
*Macros - To simplify complicated procedures, many applications allow you to create a
script of commands that the application can run. This script is known as a macro. Hackers
have taken advantage of this to create their own macros that, depending on the application,
can destroy your data or crash your computer.
*Viruses - Probably the most well-known threat is computer viruses. A vims is a small
program that can copy itself to other computers. This way it can spread quickly from one
system to the next. Viruses range from harmless messages to erasing all of your data.
*Spam - Typically harmless but always annoying, spam is the electronic equivalent of
junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be
careful of clicking on these because you may accidentally accept a cookie that provides a
backdoor to your computer.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 9
*Redirect bombs - Hackers can use ICMP to change (redirect) the
path information takes by sending it to a different router. This is one of the
ways that a denial of service attack is set up.
*S0UITe routing - In most cases, the path a packet travels over the
Internet (or any other network) is determined by the routers along the path. But
the source providing the packet can arbitrarily specify the route that the packet
should travel. Hackers sometimes take advantage of this to make information
appear to come from a trusted source or even from inside the network! Most
firewall products disable source routing by default.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 10
3. WORKING OF FIREWALL
What It Does:
A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Firewall protection works by blocking certain types of traffic
between a source and a destination. All network traffic has a source, a destination,
and a protocol. This protocol is usually TCP, UDP, or ICMP.
If this protocol is TCP or UDP, there is a source port and a destination
port. Most often the source port is a random port and the destination port is a well-
known port number. For example, the destination port for HTTP is 80 and the
destination port for DNS is 53.
If the protocol is ICMP, there is also an ICMP message type. The most
common ICMP message types are Echo Request and Echo Reply.
Firewall protection works by allowing the network security administrator to choose
which protocols and ports or message types to allow and which ones to deny.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
* Packet filtering - Packets (small chunks of data) are analyzed against a set
of filters. Packets that make it through the filters are sent to the requesting system
and all others are discarded.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 11
* Proxy service - Information from the Internet is retrieved by the firewall and
then sent to the requesting system and vice versa.
* Stateful inspection - This method compares certain key parts of the packet
to a database of trusted information. Information traveling from inside the
firewall to the outside is monitored for specific defining characteristics, and then
incoming information is compared to these characteristics. If the comparison
yields a reasonable match, the information is allowed through. Otherwise it is
discarded.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 12
4. CLASSIFICATION OF FIREWALLS
Firewalls can be classified into two basic types. They are:-
1) Hardware Firewalls
2) Software Firewalls
The Description of the above mentioned Hardware and Software
Firewalls is as follows:-
l) Hardware firewalls:
The computer's hardware resources are essentially: the
processor, the RAM, and the hard disk. Virtual memory is the content of RAM
that is temporarily written onto the hard disk in order to free the RAM chips to
hold other content or to supply other data lor mathematical processing. For this
reason, the virtual memory is open to internet attack just as the RAM is since
several ports of a computer need to be open at various times in order for
applications to be allowed to bring data in to the user and send it out from the
user, (applications such as internet browsers (http - hyper-text transfer protocol),
e-mail programs (SMTP - simple mail transfer protocol) and FTP programs (ftp -
file transfer protocol)), most types of firewalls are necessarily unable to stop the
flow of unwanted content via the ports that they have been configured to allow.
Hardware firewalls are connected to the computer where the phone-line modem
or cable modem allows data into the computer and out of the computer. They are
external hardware. They can be configured such that only data bound for
designated ports (virtual ways in/out of the computer) are routed to the OS
services. A port is essentially only an abstract address since the true data
pathway is the cable itself and the modem's jack. Ports are authorizations (in the
OS) of data flow to the OS. The hardware firewall's function is, therefore, to filter
out data coming from restricted origins and thus keep it from accessing the
Operating System's services. The net result is that only data bound for ports
which were set by the user to be open (in the firewall's configuration) will
always be passed on to the OS services, and to the computer's hardware
resources.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 13
2) Software firewalls:
Let us now contrast software firewalls (personal firewall). They
attempt to perform the function of a hardware firewall, but in the form of
running software which is configured to filter out data traffic designated for
restricted ports. Ideally, only the data bound for the desired ports would be
passed on to the processor. An application layer firewall is firewall software
operating at the application layer of a protocol stack. Generally it is a host
using various forms of proxy servers to proxy traffic instead of routing it.
As it works on the application layer, it may inspect the contents of the
traffic, blocking what the firewall administrator views as inappropriate
content, such as certain websites, viruses, and attempts to exploit known
logical flaws in client software, and so forth. An application layer firewall
does not route traffic on the network layer, but from the application to the
OS. In this context, the hardware resources are the bottom layer, the BIOS
is the 2nd layer, the Operating System Kernel and OS services are the 3rd
layer, and the application layer firewall is running as a 4th layer, at the
same level as other applications such as word processors or internet
browsers.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 14
Based on the criteria they use for filtering traffic, firewalls are further into
two types. They are:-
l) Packet Filters
2) Application Gateways
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 15
The Description of the Packet Filters and Application Gateways is as follows:-
l) Packet Filters:
Firewalls having this function perform only very basic operations, such as
examining the packet header, verifying the IP address, the port or both, and
granting and denying access without making any changes. Packets can be
filtered on the basis of some or all of the following criteria: source IP address,
destination IP address, TCP/UDP source port, and TCP/UDP destination port.
A firewall of this type can block connections to and from specific hosts,
networks and ports. Filtering decisions are typically based on:
1) IP Source or Destination address.
2) TCP Source or Destination address.
3) ICMP message type.
4) IP protocol field.
5) Interface.
2) Application Gateways:
An Application Gateways acts as a proxy server. An application proxy is more
complicated in operation than a packet filtering firewall or a circuit proxy. The
application proxy understands the application protocol and data, and intercepts
any information intended for that application. On the basis of the amount of
information available to make decisions, the application proxy can authenticate
users and judge whether any of the data could pose a threat. Application proxies
are referred to as proxy services, and the host machines running them as
application gateways.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 16
6. DESIRED FEATURES OF FIREWALL
1. It should be flexible and modular to fit the needs of the company's security policy.
2. It should contain advanced authentication measures or be expandable to accommodate these in the future.
3. It must employ filtering techniques that allow or disallow services to specified
server system as needed.
4. It should accommodate public access to the site so that public information
servers can be protected by firewall but segregated from site systems that do not
require public access.
5. It should be developed such that its strength and correctness are verifiable. The
design should be simple so that it can be understood and maintained.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 17
7. ADDITIONAL FEATURES OF FIREWALL
l) Content Caching:
While caching is not traditionally a function of firewalls, it is becoming an
increasingly frequent and important feature. An increase in performance is
achieved by caching the contents of an accessed location with the result that
subsequent requests for access will lead to already cached contents being used,
without it being necessary to access the location again (except when it is
necessary to refresh).
2) Logging and Alerts:
It is important for a firewall to log events, determine their legitimacy or otherwise, and notify the network administrator. It should be noted that it is essential to protect the integrity of the log, since unauthorized access to, and editing log will, of course, neutralize its raison d'etre. Whether the function of protecting the log is fulfilled by the firewall itself or not, is a matter of implementation.
3) Management:
Management ranges from command line to sophisticated GUI-based and secured
remote access. Security management and administration, particularly as it
applies to different firewalls using different technologies and provided by
different vendors, is a critical problem. As more and more security services are
introduced and applied to different firewall components, properly configuring
and maintaining the services consistently becomes increasingly difficult.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 18
4) Virtual Private Networks (VPNs):
A VPN is an encrypted tunnel over the Internet or another untrusted network
providing confidentiality and integrity of transmissions, and logically all hosts in
a VPN are in one Intranet. Some firewalls include VPN capabilities (reasonable
extension) to secure networks, so that they can safely communicate in private
over the public network. They achieve this by strong authentication and
encryption of all traffic between them.
5) Adaptive Firewalls :
The new trend is towards adaptive firewalls that tie filters, circuit gateways and proxies together in series. This gives the firewall administrator greater control over the level of security used for different services or at different points in the use of those services. He may, for example, configure the firewall to give priority to speed of transfer at the expense of security when this is appropriate. The firewall will then on such occasions reduce security to a lower level, thus allowing for greater speed of transfer, and return it to its original
level on completion of the transfer. Phoenix states that Adaptive Firewall Technology provides fluid, self-adapting control of network access, a key to establishing an effective network security policy by examining every packet (and adapting rules "on-the-fly" based on information in the packet) passing through the network interface.
6) Qualitv of Service (QoS) :
Some firewalls include QoS features that allow administrators to control what
proportion of a given network connection is to be dedicated to a given service.
There are those who feel that QoS should be handled by Internet routers,
while others insist that this is a matter of access control, and thus should be
included in the firewall. Quoting: "Moreover, some vendors, notably Check
Point, have built their QoS engine using the same technology that is in their
firewall. The philosophy here seems to be, access control is access control.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 19
8. FIREWALL ESTABLISHMENT POLICIES
1 .Flexibility policy: A policy must be flexible. As the Internet changes, services
provide through it change, and with that the company's needs change. So the policy
should not compromise security and consistency.
2. Service access policy: One should concentrate on company's user issues as well
as dial-in policies, SLIP connections and PPP connections. Policy should provide a
balance between protecting your network and providing user access to network resources.
3. Firewall design policy: It is specific to firewall and defines the service access
policy and implementation rule. Firewalls usually do one of the following: permit any
service unless it is expressly denied and deny any service unless it is expressly
permitted.
4. Information policy: As a LAN or Web administrator if you are required to
provide information access to the public, you must develop a policy to determine the
access to the server and include in your design of firewall.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 20
9. ADVANTAGES OF FIREWALL:
1. PROTECTION: A firewall greatly improves network security and reduces risks to
server on your network by filtering inherently insecure services, so only selected
protocols are able to pass the firewall.
2. ACCESS CONTROL: A firewall can provide access control to the site. Some
servers can be made reachable from outside networks, whereas others can be
effectively be sealed of from unwanted access.
3. SECURITY: Most modified software and additional security software can be
located on the system rather than distributed on each server or machine.
4. PRIVACY: By using a firewall your site can block access from such services as
finger and domain name.
5.BANDWIDTH MANAGEMENT: Firewall allows to allot different bandwidth
to different sets of users thus allowing bandwidth management.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 21
10. DISADVANTAGES OF FIREWALLS
1. ACCESS RESTRICTION: A firewall will very likely blocks certain service
that user wants, such as Telnet, FTP and so on. Network access could be restricted at
the server level as well depending on the site's security policy.
2. BACK-DOOR CHALLENGES (the modem threat): The backdoors in a
corporate network are not protected in firewalls . If you have any unrestricted access to
the modem; it is an open door for hackeis to bypass the firewall. An SLIP or PPP
connection inside a protected subnet can also very easily become a potential backdoor so
it must be monitored.
3. RISK OF THE INSIDE ATTACK: There is not much protection of firewall
can provide against inside threats: It does not prevent any insider from copying files or
stealing information.
4. VIRUS ATTACKS: Firewall cannot prevent virus attacks on the internal network
due to some unsecure activities of the internal users. Therefore Firewall cannot protect
the internal network from virus attacks.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 22
11. CONCLUSION:
Not withstanding the limitations of firewalls and the fact that they are neither the panacea
of every security aspect of a network, nor the sole sufficient bulwark against network
intrusion, and despite development trends that threaten them, they are still a powerful
protective mechanism, and will continue to play an important and central role in the
maintenance of network security for some years yet, and any organization that ignores
them does so at its peril. They continue to change and develop, and new features are
regularly added as the need arises. If developments follow the present trend, they will
continue to combine configurable access control and authentication mechanisms with
their traditional functions, thus providing more powerful and flexible protection for
networks to make them secure. There are some disadvantages but the advantages are more
then the disadvantages and so Firewall still continues to be one of the most sought after
Network Security devices.
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 23
12. BIBLIOGRAPHY:
> www.firewall.com
> www.cyberoam.com
> www.cisco.com
> www.ti.com
> www.tacp.toshiba.com
> www.mitsubishi-presentations.com
> www.howstuffswork.com
> www.projectoipoint.co.uk
Filtering Network Traffic Using Firewall
Department of CSE, SDMCET 24
13. REFERENCES:
> Bellovin,S.,and Cheswick,W. "Network Firewalls." IEEE
Communications Magazine, September 1994.
> Chapman,D.,and Zwicky,E. Building Internet Firewalls.
Sebastopol, CA: CTReilly, 1995.
> Cheswick,W.,and Bellovin,S. Firewalls and Internet
Security: Repelling the Wily Hacker. Reading, MA:
Addison-Weasley, 2000.
> Gasser,M. Builing a Secure Computer System. New York:
Van Nostrand Reinhold, 1998.
> Gollmann, D. Computer Security. New York: Wiley, 1999.
Recommended