(Post 29/9/2005) Do you think you are really safe across our country? If so yes, why because it's purely due to security across the borders. Similarly network without controlled access are not safe due to hackers. Hackers: Hackers are really those people who commit computer crimes. But literally it means as the person who is having more knowledge in computer. Generally if you want to define it in simple terms hackers are the person who made an attempt to break the network. Private Network: When you connect your private network you are actually connecting your network directly to every other network attached to the internet directly. There is no need of central point of security in it. So we are in need of firewalls to protect our network by providing the checkpoints at the boundaries of network. By providing the routing function between the private network and the Internet, firewalls inspect all communications passing between the networks and either pass or drop the communications depending on how they match the programmer's policy rules. Firewalls: Firewalls keep your internet connection as secure as possible by inspecting and then approving or rejecting each connection attempt made between your internal network and external network like Internet. Firewalls primarily function using three fundamental methods - Packet Filtering
- Network Address Translation (NAT)
- Proxy Servers
Packet Filtering: Rejects TCP/IP packets from unauthorized hosts and rejects connection attempts to unauthorized services. Network Address Translation: Translates the IP addresses of internal hosts to hide them from outside monitoring. Proxy Services: Makes high level application connections on behalf of internal hosts to completely break the network layer connection between internal and external hosts. Filters: Filters compare network protocols and TCP packets to a database of rules and forward only those packets that conform to the criteria specified in the database of rules. Rules for Filtering: - Dropping inbound connections attempts but allow outbound connections attempts to pass.
- Restrict inbound access to certain IP ranges.
Packet Filtering: There are two types of Packet Filtering: 1. Standard or Stateless Packet Filtering 2. Stateful Inspection Packet Filters. Filters can be configured only to filter on the most useful data fields. - Protocol Type
- IP Address
- TCP/UDP Port Number
- Fragment Number
- Source Routing
Filtering on other Information: In addition to standard fields, header contains other information that can be used to determine whether or not a packet should be passed. - Source Routing
- Fragmentation
Source Routing: It is the process of defining an exact route a packet must take between hosts in an IP connection. Source routing was originally used for debugging and testing purposes. But its now frequently used by hackers because a hacker can put any address in the source field and still ensure the packet will return by specifying her own machine in the source route. There are two types of source routing: - Loose Source Routing
- Strict Source Routing
Loose Source Routing: This indicates one or more hosts the packet must flow through but not a complete list. Strict Source Routing: Which indicates the exact route a packet must sollow back to its source? Fragmentation: - Fragmentation was developed to support the passage of large IP packets through routers that could not forward them due to the frame size constraints encountered in some rarely networks.
- Fragmentation gave any router in the path between two hosts the ability to chop up an inbound IP packet into multiple smaller packets and then forward them on size constrained networks.
- Receiving system simply waited for all fragments of the packet to reassemble it to its original form.
Problems with stateless packet filters: - No Service Specific Security
- No Connection State Security
Filter removes state table entries when the TCP closed session negotiation packets are routed through are after a some period of delay, usually a few minutes. This ensures the dropped connection don't leaves state table holes open. Network Address Translation: It is also known as IP masquerading. Solves the problem of hiding internal hosts. NAT is actually a fundamental proxy. A single host makes request on behalf of all internal hosts, thus hiding their identity from the public network. Translation Modes: Many firewalls support various types of NAT. Four primary functions of NAT firewall are defined below in order of their popularity and availability - Static Translation
- Dynamic Translation
- Load Balancing Translation
Static Translation: It is also called Port Forwading.where in a specific internal network resource has a fixed translation that never changes. Static NAT is required to make internal hosts available for connections from external hosts. Dynamic Translation: It is also called as Automatic, Hide Mode or IP Masquerade. Wherein a large group of internal clients share a single or small group of internal IP or expanding the internal network address space. Load Balancing Translation: Wherein a single group IP address and port is translated to a pool of identically configured servers so that a single public address can be served by a number of servers. Proxy Servers: Proxy servers were originally developed to cache web pages that were frequently accessed Proxy servers regenerate high-level service requests on an external network for their clients on the a private network. This effectively hides the identity and a number of clients on the network from examination from external network. Because of their position between a number of internal clients and public server, proxies can also cache frequently accessed content from the public network to reduce access to the public network through high-cost wide area links. How Proxies work: Proxies work by listening for service request from internal client and then sending those requests on the external network as if the proxy server itself was the originating client. When the proxy server receives a response from the public server it returns that response to the original internal client as if it where the originating public server. Advantages of Proxies: - Client Hiding
- URL Blocking
- Content Filtering
- Consistency Checking
- Route Blocking
- Logging and Alerting
Reference : Firewalls by Matthew Strebe, Charles Perkins (Theo www.aptech-education.com) |