gr5 firewall secc
TRANSCRIPT
-
8/3/2019 GR5 Firewall SecC
1/6
The Tech Panorama on
FirewallSubmitted by:
Group 5 Section C
Joel Dias 2011154
Komal Laddha 2011156
Nikhil Mahajan 2011161
Pankaj Kumar Jha 2011162
Pushkar Kshirsagar 2011164
Praveen Sharma 2011165
-
8/3/2019 GR5 Firewall SecC
2/6
Firewall
There are various ways to access the computers apart from normal physical access. Some of
them are ethical while some of them are used for unethical purposes. Few of the ways are
discussed below:
1. Remote login- Remote login is the ability to get access to a computer or a network froma remote distance. In corporations, people at branch offices, telecommuters, and people
who are travelling may need access to the corporation's network. A remote access
server is the computer and associated software that is set up to handle users seekingaccess to network remotely.
2. Denial of service- Denial of service is an attempt to make a computer or networkresource unavailable to its intended users. It generally consists of the concerted efforts
of a person, or multiple people to prevent a network or service from functioning
efficiently or at all, temporarily or indefinitely.
3. E-mail bombs- email bomb is a malicious act where huge numbers ofe-mails aredirected to a specific system or a targeted user of that system. Mail bombs will usually
fill the allotted space on an e-mail server for the users e-mail and can result in crashing
the e-mail server
4.
Viruses-viruses are specially designed programs aimed at gaining access or crashingcomputer applications.
Three of the above mentioned four ways of accessing computers are intended for unethical use.
This underlines the need of an application or hardware which can control the traffic on the
network. Firewall helps the users to achieve this.
Why firewall?In this era of internet wherein 1846936890 people have direct access to internet, it is
impossible to physically isolate people from accessing network. So there is always a risk of theft
of critical internal data. Firewall helps organizations prevent unauthorized access to their
intranet thereby preventing misuse and alteration of the data.
What is firewall?The name firewall, originates from construction industry. A firewall is a fireproof barrier used
to prevent the spread of fire between or through buildings, structures, electrical substation
transformers, or within an aircraft or vehicle. In computer language, a firewall is software or
hardware designed to permit or deny network transmissions based upon a set of rules and is
frequently used to protect networks from unauthorized access while permitting legitimate
communications to pass.
http://www.webopedia.com/TERM/E/e_mail.htmlhttp://www.webopedia.com/TERM/E/e_mail_server.htmlhttp://www.webopedia.com/TERM/E/e_mail_server.htmlhttp://www.webopedia.com/TERM/E/e_mail.html -
8/3/2019 GR5 Firewall SecC
3/6
Ways of implementing firewall policy1. Default permit- In this policy, anything which is not explicitly forbidden is permitted.
The level is security in this policy is less to enhance functionality.
2. Default deny-In this policy, anything which is not explicitly permitted is forbidden. Ahigh level of security is achieved with this policy.
Classification of firewall:Based on the complexity and usefulness, Firewall is basically divided into four types:
1. Packet Filtering: These are first generation of firewall worked at network level by
inspecting packet headers and filtering traffic based on the Ip address of source and
destination, the port and the service. They are fast and today they can be found in many
hardware devices like routers and switches. These firewalls however dont support
sophisticated rule based models and cant understand languages like HTML and XML.
2. Circuit Gateway: These applications, which represent the second-generation of firewall
technology, monitor TCP handshaking between packets to make sure a session is
legitimate. Traffic is filtered based on specified session rules and may be restricted to
recognized computers only. Circuit-level firewalls hide the network itself from the
outside, which is useful for denying access to intruders. But they don't filter individual
packets.
3. Application Gateway: They are also called Proxies and have been looking more deeply
into the application data going through their filters. They are most secure form of
firewall but are bit costly.
With the combination of good features of all the above categories of firewall, Dynamic
Firewall Feature is formed.
Firewall Utilities
When choosing your firewall it is important to pay attention to what features they offer you asthese features can make a large difference in how your computer is protected. In terms of
security the most important features are inbound and outbound filtering, application
protection, notifications, stealth mode. These features and others will be discussed below:
1. Inbound and Outbound FilteringFiltering is when a firewall examines information passing through it and determines if
that information is allowed to be transmitted and received or should be discarded based
on rules or filters that have been created. This function is the primary function of a
firewall and how it handles these tasks if very important for your security.
-
8/3/2019 GR5 Firewall SecC
4/6
Most people feel inbound filtering, which is the processing of inbound data towards your
computer, is the most important function of a firewall. Outbound filtering, though, plays
just as an important role for securing your computer.
You may have had malware installed on your computer without your knowledge, and
suddenly when you install a firewall with outbound filtering, you will find that software
on your computer is attempting to transmit data to a remote host somewhere on the
Internet. Now, not only do you know that this software is installed, but the outbound
filtering stopped it from passing on private information.
Example of a Firewall allowing a remote computer access to a computer behind a
firewall2. Stealth Mode
It is important for your firewall to not only block requests to reach your computer, but to
also make it appear as if your computer does not even exist on the Internet. When you
are connected to the Internet and your computer can be not be detected via probes to
your computer, you are in what is called Stealth mode. Hackers have the ability to detect
if you are on the Internet by probing your machine with special data and examining the
results. When you are in Stealth mode the firewall does not send this information back
making it seem like you are not even connected. Due to this hackers will not continue
targeting your computer as they will think you are not online.
3. Privacy protectionMany firewalls now have the ability to block spyware, hijackers, and adware from
reaching your computer. This allows you to protect your computer from being infected
with software that is known to reveal private information about what you do on the
Internet or other computing habits. These features are usually bundled into the
commercial versions of the firewall software packages.
4. Application IntegrityApplication Integrity is when the firewall monitors the files on your computer for
modification in the file or how they are launched. When it detects such a change it will
notify the user of this and not allow that application to run or transmit data to the
-
8/3/2019 GR5 Firewall SecC
5/6
Internet. Many times these modifications may have been part of an upgrade, but if it was
modified by a malicious program you will now be made aware of it.
5. Intrusion detectionIntruders use various methods to penetrate the security of your computer. Intrusion
detection scans incoming data for signatures of known methods and notifies you when
such attacks are recognized. This allows you to see what means a hacker is trying to use
to hack your computer.
6. NotificationsNotifications allow you to see the activity of what is happening on your firewall and for
the firewall to notify you in various ways about possible penetration attempts on your
computer.
Deploying firewall policyDeploying a firewall is often a costly affair. In a business scenario, we need to analyse it
from different perspectives before we actually go about implementing it. Firstly, we need to
decide the level of access granted to different users i.e. who gets to do what over the
network. Secondly, the kind of pages or sites one is allowed to browse over the network
also needs to be analysed, else it may lead to serious security threats. Next is the role of
firewall administrator. The role of firewall administrator becomes all the more important
because he is the one who has to look after all the day to day maintenance activities. If this
responsibility is not assigned to a responsible and skilled person, the security of an
organisation may be jeopardised. Fourthly, the technology changes at a rapid pace.
Therefore, an organization cannot afford to be complacent. The firewall system must allow
privileges to adapt to the ever growing security demands of an organisation. Last but more
importantly, several non-technical issues play a vital role in the deployment of firewall.
Some people may like to have greater access and user friendliness which is often restricted
because of a firewall, whereas few others would prefer security over user friendliness. In
such dicey situations, the pros and cons should be analysed thoroughly and a strategy
should be devised to meet the long term goals of the business.
Business Advantages of Firewall:1. Enhanced business continuity- business continuity is improved by preventing
malware infections and security breaches from disrupting business critical applications
and services.2. Cost Savings- decreased need of removing spyware, viruses and other malwares
reduces the cost.
3. Enhanced employee productivity- due to reduced spams, spyware and relateddistractions employees are less disturbed and are able to concentrate on the work
better. This enhances employee productivity.
4. Efficient use of network resources- non-business traffic and content is under control.Firewall requires inside/outside users to connect first to firewall before connecting to
application thereby filtering the protocol. So, the network is used efficiently.
-
8/3/2019 GR5 Firewall SecC
6/6
Limitations of firewallFirewalls are not the be all and end all of network security. They do have some
disadvantages, such as:
1. They are a central point for attack, and if an intruder breaks through the firewall theymay have unlimited access to the corporate network. They may restrict legitimate usersfrom accessing valuable services, for example, corporate users may not be let out onto
the Web, or when working away from home a corporate user may not have full access to
the organizations network. They do not protect against back door attacks, and may
encourage users to enter and leave via the backdoor, particularly if the service
restrictions are severe enough. Examples of backdoor entrance points to the corporate
network are: modems, and importing/exporting floppy discs. The security policy needs
to cover these aspects as well.
2. They can be a bottleneck to throughput, since all connections must go via the firewallsystem. Firewall systems on their own cannot protect the network against smuggling i.e.
the importation or exportation of banned material through the firewall e.g. gamesprograms as attachments to Email messages.
3. Smuggling could still be a significant source of virus infection if users downloadsoftware from external bulletin boards etc. This is an area that the security policy needs
to address.
4. The biggest disadvantage of a firewall is that it gives no protection against the insideattacker. Since most corporate computer crime is perpetrated by internal users, a
firewall offers little protection against this threat.