.

Thursday, April 4, 2019

The Current Firewall Technology Computer Science Essay

The Current Firewall Technology Computer wisdom EssayCurrently firewall technology as a specialized engineering solution rather than a scientifically based solution. Currently firewall is classified in to lead category softw atomic number 18 system filtering, procurator boniface, and stateful firewall. This penning is main focus on the various casing of firewall available and their pros and cons.Originally computing wrench communicate was figure of speech for data communication to sh are the resources. The sharing of resources was bounded in the midst of universities. Eventually businesses, corporations, g all overnment agencies were begun to use internet. So interlock become vital part of their institution. Computer networking, however, is not without risks as Howard illustrates in his analysis of over 4000 security incidents on the Internet in the midst of 1989 and 1995 1. A neutral approach to network protection draws from some(prenominal) other fields, such as physi cal security, somebodynel security, operations security, communication security, and social mechanisms. 2 According to rendering firewall is a set of mechanisms that can enforce a network domain security policy on communication traffic entering or leaving a network policy domain 3. In simple word firewall is guard point which gives control point of entry or exit from computer or network. It is a first line of defence and it is similarly a contact point of the network. It is real im behaviorant to choose and design firewall to guard at heart network from alfresco feeler.Case Study cipher 1 ABC.Ltd network 6Above figure shows our trip study network . Consider a case where comp all ABC.Ltd want to implement a firewall for their campus design. Comp either whole network is divide in to three parts, inside network, Demilitarized Z champion (DMZ) and right(prenominal) network. Inside network has ip address 10.1.1.0/24. DMZ is further divided in to two sub section one is protected DMZ which has ip address 192.168.11.0/24 and dirty DMZ which is dump emcee whose ip address is 192.168.1.0/24. Dump host is a computer which got nothing important in it. These dump hosts are act as a honey seat which is use to lure attacker so that network security designer know variant type of attack and help them to design security policy. DMZ is a zone where company put their function equal web services, FTP services etc. Company has remote office which uses secure VPN to bind to the main campus network.There are various type of firewall technology which are packet filtering, placeholder boniface and stateful firewall, Network point of reference Translation (NAT),Software firewall. Each firewall has their advantages and disadvantages. Rest portion of this paper is describe pro and cons of different firewall.Packet FilteringThis is one of the simple types of firewall. This firewall is work on OSI point 3 and 4.It filter packet by looking at IP address, TCP/UDP port num ber. It compare the incoming packet against pre define hulk tack together in to the router. After comparing router make decision to cater in or renounce the packet 4. An access argument is used to create rule to make decision. witness shows the working of the packet filtering firewall.Figure 2 Packet Filtering in Router 4ProsThe simplest of the firewall technologies to configure. Only required access list to configure the firewall.Packet filtering capabilities are easily available in many hardware and software routing products, two commercially and they are freely available over the Internet.It is less processor intensifier. Adding a filtering rule to a router produces little or no additional proceeding overhead.It is use for all type of masking program because it operates at the OSI grade 3 (Network) and layer 4 (Transport) layer.Only one router is required to protect entire network.ConsThe packet filter has no legal to identify the authenticity of source. A well trai ned intruder can spoof inside IP address and can fool the firewall as the packet is from inside network.Since filtering rule is configuring manually it add administrative workload. Adding complex rule to the firewall decrease the router performance.In some cases, the filtering is incompatible with certain cachingStrategies comm besides used for performance enhancement.Some policies cannot readily be enforced by normal packet filtering routers.ExampleThe following spokesperson shows how to build basic packet filtering firewallConsider a scenario of company whose inside network is lying in IP address range 10.1.1.0/24. Ethernet 0/1 is inside interface and Ethernet 0/0 is outside interface. To protect against IP spoofing attack following access list policy is configure accession list 100 deny ip 10.1.1.0 0.0.0.255 any logAccess list 100 deny ip 127.0.0.0 0.255.255.255 any logAccess list 100 deny ip 172.16.0.0 0.15.255.255 any logAccess list 100 deny ip 192.168.0.0 0.0.255.255 any logA ccess list 100 deny ip 224.0.0.0 15.255.255.255 any logAccess list 100 deny ip host 255.255.255.255 any logAccess list 100 permit ip any 10.1.1.0 0.0.0.255Interface Ethernet 0/0Ip access-group 100 inAn access list is basic tool to configure for packet filtering. generally all routers support this tool. Above example is configured and tested on cisco router. There are free download is available on internet few examples are Tuneup 1.0, Truxtis, Visnetic. Packet filtering firewall is simple in configuring and freely available on internet it is goodish solution for small business where not frequently complex firewall implementation is required.In our case study implementation of packet filtering is not a flip solution. A simple reason is it is very cumbersome. Example shows that just to stop ip spoofing we need to configure eight commands. Sometime it is difficult to troubleshoot andmanage for network administrator.Application Layer FirewallApplication Layer Firewall is also known a s a proxy host. According to dictionary meaning of proxy is A person authorized to act for another an agent or substitute. Same definition is valid for proxy host in network security. substitute master of ceremonies is a software package prepare on device and act behalf of protected network which allows or denies access across network 5, 7.Figure 3 Proxy Server 4Above figure shows the working of proxy horde. Proxy server works at layer 7 of Open System Inter link upion (OSI) system model 4. It intercepts and established the connection behalf of internal host to the outside network. As shown in figure when inside network is trying to connect outside network, application layer firewall which is install on router is intercept the secession and check the request is valid or not. If it is not valid request it discard the packet and if it is a valid request it repackage the request and send it to outside network as the packet is send by itself. When outside network response the req uest proxy server repackaged the response and sends it back to the original inside network. In some case proxy server block all connection from outside network and allowed only inside network to go outside. The only traffic is allowed from outside is the response from outside network to inside network. In some case both inbound and outbound traffic is allowed but under strict observation 4, 5, 7.ExampleA good example, and the one we probably see the most, is a web proxy. When configured to use a proxy, your web browser contacts the proxy server for each web access instead of going directly to the target server on the internet. The proxy server then turns around and makes the real request of the web server. The proxy server gets the response, and then modificationes it back to you.Another example is proxy server is tibia proxy which is game proxy server. Tibia is a popular multiplayer online computer game hosted on Internet servers. To play Tibia requires establishing a network co nnection to TCP port 7171 on the server. Depending on your network setup and your Internet benefit Provider (ISP), your direct connection to the Tibia server and ability to play the game may be blocked by a network firewall or proxy server. Setting up a Tibia proxy avoids this common connection problem. A Tibia proxy is a special Internet server (separate from the game server) that does not require a port 7171 connection. Instead, the Tibia proxy server will evaluate requests on alternative network ports (such as port 80) that will typically not be certified by firewalls / proxies. The Tibia proxy, in turn, makes its own direct connection to the game server (on port 7171) and gives messages between the Tibia server and your leaf node in real time to allow game play 8.Pros deed of conveyance as an intermediary between outside network and protected network. It prevent direction connection between source and destinationIt is application aware firewall so that it can analyzes appli cation inside the payload abet exploiter train authenticationIt able to log the traffic and can do user level authenticationConsIt is processor intensive so it is slower than packet filteringNeed to configure internal client about proxy serverSometime it does not support all type of application. For example drive Player 2.0 does not supported by proxy server.It is single point failure. Proxy server is install on device so if that device gets compromised then whole security compromised. deferful Packet FilteringFigure 4 Stateful Firewall 4In the mid-1990s, packet filters and proxy servers were the two technologies used to build firewall systems. As the number of applications that needed to pass through firewalls increased, proxy server vendors could not keep up with the development of new proxy servers. On the other hand, packet filtering also could not support the dynamic nature of the many modern applications. Thus, a new technology was born 4, 11.Stateful packet filtering is a combination of packet filtering and application level doorway firewall 11. It contains advantages of both. It is also refer as a application aware firewall. Stateful firewall not only examines IP headway information but also up to application layer information for better inspection. The working of stateful firewall is as follow. When host from inside network send a packet to outside network it check assurance of the network and if it is authorized then it allow the packet outside the network and maintain state table. State table is a table which keep track of the active network connection which is TCP secession or UDP communication passing across it. This is also called as saving of state. When destination network answer to the initial request it compare the response with the information saved in state table to allow or denied the packet 11.Example lake herring Adaptive Security Appliances in short Cisco ASA 9, Cisco PIX firewall, Check Point 10 are example of stateful firewall. ProsIt work at network level and displace level but also at application layerIt is not a processor intensive as proxy serverTemporarily open the outside port so it reduces the possibility of attack that work against static packet filtering.Because of the state table it is faster than application layer gateway shop at almost all the services.ConsIt allows direct connection to inside host once the request to enter the network is granted. An attacker may exploit the vulnerability of that host and poison the network.It required skill knowledge of different type of traffic and attacksNetwork Address TranslationThis is one of the simplest methods to protect inside network. Network Address Translation (NAT) is quite similar to the packet filtering. When it configure on router it translate internal private network to outside public network. It maintain translation table so when reply come from outside to inside it send back to correct host. There are three type of NAT static NAT, dynamic N AT, port address translation (PAT) 12.ProsIt is very simple to configureIt hide private network behind one public IP addressUnlikely proxy server it does not requires any configuration on inside host.ConsIt is difficult to troubleshoot end-to-endNAT cause problem when Virtual Private Network (VPN) is configured equal packet filter firewall it work at network and transport level of OSI model so it translate packet based on ip addressPersonal FirewallThe personal firewall is an application which is install on computer to protect personal computer from different virus and different kind of attack 13. It allow or deny request from computer based on configure policies. Many personal firewall like does intrusion detective work. An example of this type firewall is Host Base Intrusion Prevention (HIPS) which block the communication if it finds any suspicious activity 14.ProsPrompt user for outgoing connectionAllow user to control which application is permitted to connect interne od LANDose auditing for all user of the computerTell user that application is attempting to connect internet and gives information about destination server with which application want to connectIt dose virus scanning automatically every day and remove themConsIt is an application running on host so it gives some load on CPUIf system get affected by malware or spyware, it can modify the firewall cause security issueRecommendationBy looking at different type of firewall and comparing their advantages and drawback we can conclude that stateful firewall is good solution for our scenario. The product like Cisco ASA or Check Point is ideal to guard against different type of attack. They also does intrusion detection and prevention and can virtualized these firewall which save cost of buying extra firewall.

No comments:

Post a Comment