-
-
   Home
   Archives
 About Us
   Advertise
 Feedback
 Subscribe

Home > Cover Story

Firewalls Gatekeepers to your network

In this age, information is power. It therefore makes good business sense to protect your corporate data from being accessed, stolen, or modified. You need to have a proper security policy for your company, and a firewall is an essential part of securing any network

A firewall is a piece of hardware or software that is used against an unauthorized user accessing a network. In the last few years of the existence of the Web we have seen a lot of importance being given to security with a clear focus on installing firewalls to protect unwanted traffic as well as users. A firewall only allows the Internet traffic that has been specifically permitted onto a company's local network. Firewalls use one or more of the following methods to control traffic flowing in and out of the network:

  • Packet Filter: Although this technique is difficult to configure and vulnerable to denial of service attack it is fairly effective and transparent to users. The way it works is that each packet leaving or entering a network is screened based on the rules set by the network administrator. The packet we are talking about here is a message that is transmitted over a network and contains both a destination address as well as data.
  • Proxy Server: A proxy server is a server that sits between a client application, such as a Web browser, and a real server. This method intercepts all messages entering and leaving a network. The proxy server essentially hides the network's true address.
  • Ports: A server machine makes its services available to the Internet using numbered ports for e.g. if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. Depending on the requirement these ports could then be blocked. Unless you're running a public web site or FTP site on your corporate network (which you really shouldn't be doing), keeping HTTP and FTP open is just asking for trouble.
  • Protocols: These simply describe how the client and server will communicate and are normally pure text based. Firewall filters can be programmed to block or allow certain protocols like TCP and UDP among others. For example, blocking ICMP means that nobody will be able to ping your IP address.
  • IP addresses: This can be used in two ways. You can block IP addresses of certain websites from being accessed through a corporate network. The second way is to block the IP address of a machine that you think poses a security risk. If you found, for instance, that somebody was doing port scans from a particular IP address, it would probably be a good idea to block that IP address completely.

Selecting a firewall
Before deciding on what kind of firewall to go for you need to remember clearly that firewalls cannot protect much against viruses, which normally come through emails and the reason is that as long as you accept an email a firewall cannot do anything about it. So if you are paranoid about email viruses consider switching over to an IMAP account from a POP where you can screen any emails before downloading them. Another area where firewalls are generally ineffective is attacks from within the corporate network. Estimates show that almost 70% of all security-related issues are from inside the company rather than from external intruders. While a firewall can restrict external access, a good corporate security policy should also include measures to prevent theft of data by unauthorized employees. This is, unfortunately, neglected or ignored by many system administrators.

Although there is a choice between installing a hardware or software firewall, a hardware solution is normally recommended for enterprise needs. Technically two types of firewalls exist:

  • Network Layer Firewall: These types of firewalls make their decision based on the source, the destination addresses and ports. Unlike routers which are in a small way like network layer firewalls minus the packet source and destination info, network layer firewalls maintain internal information about the state of connections passing through them, the contents of some of the data streams, and so on. An important distinction about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a ``private internet'' address block such as a 10.x.x.x or a 198.x.x.x address block. Network layer firewalls tend to be very fast and are transparent to users. In such a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly defended and secured strong point that can resist attack.
  • Application Layer Firewall: These are generally hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. A proxy server is a server that sits between a client application, such as a Web browser, and a real server. Proxies are often used instead of router-based traffic controls, to prevent traffic from passing directly between networks. Many proxies contain extra logging or support for user authentication. This method intercepts all messages entering and leaving a network. The proxy server essentially hides the network's true address.

Service

e-mail

Netnews

Web

IP Routing

Web Cache

Critical Resource

Disk I/O

Disk I/O

Host OS Socket Performance

Host OS Socket Performance

Host OS Socket Performance Disk I/O

Source: Interhack

Planning for deploying a firewall
A firewall deployment is clearly based on the kind of traffic your server is expected to serve. In most cases, memory is more important than processor speed if you expecting tons of traffic.

The question that is always on the minds of network administrators is what to block. If the emphasis is on security instead of connectivity, you should consider blocking everything by default, and only allow services you need on a case-by-case basis. Single point of failures can occur even though stiff security measures might exist.

In cases where you need to to keep fulltime security experts in your company, a less risky model is to outsource your firewalls deployment and maintenance to an application service provider (ASP). The advantage with these providers is that they can help maintain and update your firewalls with the latest software routines that fix loopholes and other security problems, as well as monitor your network for any possible intrusions.

(The author is with Plexus Technologies. Write to him at bhavishsood@netscape.net)

>>

- <Back to Top>-  

Copyright 2001: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by The Business Publications Division of the Indian Express Group of Newspapers. Site managed by BPD