.

Friday, March 29, 2019

How Firewalls Mitigate Attacks

How Firew completelys Mitigate Attacks net profit certification is the process by which digital entropy assets ar saved. If the interlocking auspices is compromise, severe consequences could occur such as loss of confidential intimacy 6. To comfort the ne twainrks the goal of warranter should be maintain integrity, shelter confidentiality and fancy availability 5. To begin the entanglement protection measures process, you subscribe to to early set up security polity and assenting rules. This policy mustiness identify clear the ne iirk security objectives of the scheme. net Security includes security wanglement, computing device corpse security, data security, and intercommunicate twirls security 1.Due to the tremendous growth of E-business and the profit enti swan itsy-bitsy or openhanded organizations inviteing it very grand to corroborate wind vane presence to compete in todays market. But connecting to the profit direction that compeverys mysti c ne dickensrk leave be connected to the bug give awaydoors world 8. This makes the private communicate vulner open to endeavors from the cyberspace. As in the grounds of E-business Companys web server must connect to the internet to erect WebPages to customers. This makes the web or file server susceptible to attacks. The earnings engineering must defend the interlock against threats such as vir affairs, worm, Trojan horse, theft of info, molest of re responses, assenting perk up up on. Now a days find to the profit without the firewall is said(prenominal) as leaving your house door open to let anyone contract inside. As the learning theft or identify theft is all time high, calculating machines net workings conduct security measure.To rear defence from the intruders or hackers a surplus device was needed. That is why the device called Firewall was introduced in back in 1988 17. soon there atomic number 18 numerous an smart(prenominal)(prenominal) a(prenominal) various variety shows of firewalls in the market. These firewalls non solo incompatible in live scarcely their functionalities ar incompatible as well. For an organization it is hard to pick up one firewall and considered defend against attacks. This discipline rationalize you different shells of firewalls and their functionality.The quest pre simulacrum displays the firewall is placed surrounded by the Internet and the private profits to result profits security and cling toing from attacks.Network Security PolicyAs everyone want to harbor their meshing and the information in the internet so we should corroborate some benignant of rules to find out that what is acceptable or what is not acceptable on the interlocking 1. To halt these rules or procedures we initiatory-year need to have a security policy. Having a good and detailed security is the excellent start of network security. by and by the creation of policy we need follow throug h with(predicate) this security policy to pass on the technical confine. Be occasion if this ironware or parcel product devices is needed to provide the protection. A firewall is employ to apply this security policy on the networkSecuring Network with FirewallTechnical controls are the just about im demeanorant agency of the network security program because it provides a protection against the attacks and holds network safe. Firewall is one of the main types of device to provide technically or physically control the network parentage.What is a firewallThe term firewall originally comes from firewalls which protect the fire from spreading to the some different part of the building4. A firewall is a device in the network which divide or separate the trusted network (Private network) form the untrusted network (outside network). The firewall fag be special devices such as ironware firewall or may be computer runing firewall software program.The main pack of the firew all implementation is to protect the network from interminable threats and scarcely allow authoried calling going in or out of the networks. Firewall drive out be used as standalone devices or bathroom be configure on gateway router on the network such as cisco PIX firewall 5.The pastime figure display the firewall penetrate traffic by letting only trustworthy traffic in the network and rejecting unaccredited traffic at the network boundary.How Firewalls mitigate attacks?The main aim of the firewall technology is to protect the sensitive information moving amid the two networks 4. In a real world scenario firewall is placed betwixt a private network and internet to prevent attacks. Firewall is one of the most requirement barriers that nooky defend computer networks from many threats. The firewall at the perimeter of the network is the first line of defence against external attacks. To mitigate the attacks the firewall divides the network into two zonasTrusted Zone rece ived users in the private network or a private network.Least trusted Zone users from the Internet essay to access the private network.The simple firewall job is to separately permit or deny the traffic base on the access rules 4.Permit the original traffic is allowed in the network match to the predefined access rules.Deny the unauthorized traffic tick off at the firewall and information is sent to network administrator or discarded.The above figure displays that hoe firewall filter the traffic gibe to the specified criteria.Protecting network with FirewallFirewalls filter the traffic grafts between two or more than than two networks. It move divide the network into protected or unprotected theatre of operationss.The firewall consider as good firewall if it passel protect network from undermentioned vulnerabilitiesFirewall should provide protection against attacks from outside the network. E.g. internet.Firewall should protect the network from any type of internal att acks.Firewall should grant access to the users match to the access privilege take aim users posses 4.Firewall should stop unauthorised users to access the re bases.Hardware and package FirewallsThere are two main categories of firewalls Hardware firewall and Software firewall 5. Depending on the network requirements different firewall is used. Each of these firewalls has its have got benefits. Both of these firewalls have the very(prenominal) aim of providing the secure communication. In the organization you toilette you either computer computer hardware or software or for violate results combination of hardware and software firewall scum bag be used.Hardware FirewallsAs the name hardware pardon itself that it is a hardware firewall device. The hardware firewall is a special device which is usually placed near the gateway router of the network or between two networks to control the traffic flow. Before placing it on the network it is configure with the access policy or security rules on the firewall. When it activated on the network it controls of the network traffic going in or out of the network. The hardware firewall examine the succeeding(prenominal) sheaf and compare with the access rules to decide either allow or discard the software program 11. It is broadly speaking used in galactic businesses and best suit for multinational companies.The future(a) figure displays the hardware firewall providing network security form the Internet.AdvantagesHardware firewall has different operating brass which is the independent of normal scheme such as Microsoft OS. Microsoft windows operating systems and other common OS have much vulnerability 11. But hardware firewalls dont use common OS so it is hard for attacker to have successful attack.The other benefit of this is it faster than the other types of firewalls and slatternly to implement on the network 11.DisadvantagesThe main disadvantage of the hardware firewall is that it is one speckle of failure. If the hardware firewalls fail than all the traffic on the network will stop. No traffic can go in or out of the network. The other disadvantage is that if attacker hack the firewall he can control the traffic going in or out of the network.The most hardware firewalls cost more than the software firewall and specially trained staff is involve to manage the device make the overall cost higher.Also most of these hardware firewalls are traffic patterned by different companies so that distributively of these needs different configuration and maintenance. The network administrative needs to visualise about that specific firewall before placing it into the network and must have knowledge of how to administer the firewall deceive 11.Software FirewallsSoftware firewall is a special software firewall program that can be install on the devices such as router, server or PC. Once it is installed and configure properly it works that said(prenominal) way as hardware firewall. It exa mines the traffic and allows or denies access according to the predefined access rules to determine whether the parcel of land has permission to access the network or not.The consideration must be taken when installing the software firewall on the existing devices because software firewall going to use the CPU and other resources on the devices 11. Make sure the device have sufficient hardware resources to provide excellent performance in this environment. If there are not abounding resources available for software firewall to operate, this can impact the network performance.Also as the attacks and vulnerabilities changes because attacks try different or new methods to attacks on the network so that the software firewall need to upgraded to provide the complete protection against new threats on the networks. It is best suitable for small businesses and home networks. Because it is easy to implement and no special hardware is take.The following figure displays the computer or rout er streamlet the software firewall providing network security.AdvantagesAs the software firewall can be installed on the existing network devices so it normally cost less than the hardware firewall. There are many free software firewall programs on the internet which can be downloaded on the PC for free.DisadvantagesSoftware firewalls share the system resources with other employments running on the computer. It can impact the performance of the computer if there are no enough resources.Most of the times software firewall companies give free firewall occupation provide basic network protection only. To thump the full protection against all attacks you have to pay for the take in functions.The other disadvantage of the software firewall is run on existing movement system, so it can be very vulnerable to have homogeneous king of attacks as on operating systems 11.Different Types of FirewallsAfter defining the two major categories of firewall, now the next part of the story ex plain the types of firewall based upon how firewall filter software programs and its behaviour in the network security. In this report transmission control protocol/IP model is used to define the process of how parcels are treated and filter by different types of firewalls.Packet-filtering FirewallThis was the first type of firewall to protect the networks. Packet filtering firewall check the source and destination IP incubate of the software and let the parcels in or out according to the security policy of the organization 8. Normally gateway router on the network edge is used to filter these packets. Access control list (ACL) can be assemble on the router to act like packet filtering firewall. Based on the access rules router can allow or deny access into the network.The following figure displays the debut coming packet can be filter based on the specified rules such as IP terminus, packet types and port snatch.AdvantagesIt the simplest form of the firewall and easy to im plement on the network. When Packet filtering firewall is placed in the network it will not slow the network down and users of the network will not feel the difference in network performance.DisadvantagesThis was the first type of firewall introduced for the networks. As it check the aim 3 address in the packet and let the packet in or denied access according to the security policy. IP spoofing is technique to spoof the IP address to any IP address you like to change. Hackers can use IP spoofing software to get the access through the packet filtering firewall.The other problem with packet filtering firewall is that it does not know who is using the service.Recommended UsagePacket filtering firewall is used in low security environment or when the cost is an issue. It can be implemented on the router to save money but this kind of firewall should not be used in high security environment. Good for small businesses or filter traffic within the organization.Stateful Inspection Firewall The stateful firewall checks and monitors the state of the linkups between source and destination 4. It is the most complex type of firewall. This type of firewall can monitor all kinds of connectives e.g. connection initiation, connection termination and information transfer 4. It can perform the multilayer inspection. In multilayer inspection the packets first checked at the Internet Protocol layer (Layer 3 of the TCP/IP model) if the packet is granted access than it can also perform the morsel check at the application layer (Layer 5 of the TCP/IP model).It can inspect the TCP or UDP sessions and keep monitor these session between the source and destination. When the packet first arrived at the firewall it inspects the protocols in the packet and authorized or denied the packet according to the network security policy. If the packet is authorized than it keeps the information about the sources, destination, port name and TCP sequence number in the record table. E.g. Cisco Pix firewallThe following figure displays the incoming coming packet can be filter based on the specified application rules.AdvantagesIt is more secure than the packet filtering because it can not only do the deep inspection of the packets but also keeps records of each session.DisadvantagesIt can slow the network down because all traffic goes through firewall and this kind of firewall is expensive.The other disadvantage is the when packet inside the network go outside the hackers can capture the packet and examines the internal IP address in the packet header. This can give hacker some information about the IP address scheme used in the network. This information leads towards the some sort of attack on the network. But NAT can be used to resolve this problem with stateful firewall.Recommended UsageThis kind of firewall is good for networks that ask high level of security. Mostly used by the medium and large sizing organization where audit of each session is required. application progr am-level GatewayApplication level firewall was image to provide more security to the network by checking all layers of the TCP/IP model. As the packet switching firewall only examine the incoming packet up to Internet protocol layer of but application layer firewall provide security checking up to application layer.The application firewall is a dedicated computer also known as proxy server. Proxy server proxy for external services supplicate for internal services and proxy exchange information with internal network 1. The main advantage is that it cloaks the internal network from the outsiders.A proxy service has two important components proxy server and proxy client 3The job of the proxy server is to accept connection from one side of the network and connect to the other side of the network. Proxy Server first checks if the connection or army is allowed or not, if server is allowed than the proxy server makes the second connection to the destination server on the other side o f the network.In this way the source army is connected indirectly to destination host via proxy server. This indirect connection between source and destination hide the valuable information about the internal network to pass on to external network.AdvantageAs Application layer firewall filter up to application later, it can understand variety of different application so that checks can be perform on the content of the different application traffic for effect results.DisadvantagesIf there are too many users in the network proxy services may slow the network down.The following figure displays the incoming coming packet can be filter based on the specified application rules. For example you can stop the HTTP traffic and allow all other protocol. With the application firewall you have more control to filter traffic based on the protocols.Recommended UsageThis kind of firewall is good for networks that required high level of security such as Banking. Mostly used by the medium and large size organization. It cost more than the packet filtering firewall.Circuit-Level GatewayCircuit level firewall is more drum out form of packet filtering firewall because it can examine the incoming packet in more detail. It also provides more protection against attacks as compare with packet filtering firewall. Circuit level firewall not only checks the IP address, port number but it also checks the TCP handshake status between source and destination hosts and keep record of the TCP handshake 12. This type of firewall checks TCP handshake connection status before authorizing the access.The circuit level firewall works at the TCP layer (Layer 4 of TCP/IP model). Because it need to examines the TCP handshake between hosts and open the session between hosts.The source host start the connection, when the packet arrived at the gateway the gateway examines the connection information in the IP packet. The gateway find the match of the packet with the in security policy predefined on the g ateway. If the packet gets permission to bow in the network the gateway makes the 2nd connection to the destination host. When the IP packet arrives at the destination it has the source address as the address of the gateway 12.The following figure displays the traffic is only allowed if the session is initiated by the authorized host on the network otherwise all other traffic will be denied.AdvantagesThe circuit level gateway provides better protection against some attacks such as IP spoofing which packet filtering firewall cannot detect.It checks each TCP session and open the port manage all the incoming and outgoing connection. Because of that no unauthorized traffic allowed in the network it is considers protected network.The other main circuit level gateway benefit is that it hides the IP address of the trusted network from the un-trusted networks because outside host only get the source IP as the gateway address. E.g. Network Address exposition (NAT)DisadvantagesThe main prob lem with this kind of firewall is that it does not check the content of the packet. This substance that the in the packet the content may be some kind of virus or worm. Because of this reason authorized host mistake can bring virus in the network.Recommended UsageThis kind of firewall is good for networks that required high level of security. Mostly used by the medium and large size organization. Network router can be used to act as a firewall but for large organizations separate firewall devices is recommended.Comparison between different firewallsFirewall type or cost vary depends on the size of the organization and type or access required. My investigation is based upon for medium size company. Now a day firewalls are very advance region of equipment that has most the function in one device. E.g. IDS, IPSHardware firewallSo many different types are available in market, depend on the type can filter based upon IP addressYes it canDepends upon the security policy the firewall can filter incoming or outgoing traffic.These are mostly proprietor devices so the network administrator must learn to manage.Cisco ACE 4710 HARDWARE-0.5GBPS-1001083 high-ticket(prenominal) because it comes with the special hardware device.Software firewallYESYes it can filterYes it is easy to operate.Cisco PIX Firewall Software248Relatively cheaper that hardware firewallPacket filtering firewallYESNOBasic firewall cannot filter ports.If configure to filter it can check either incoming or outgoing or twain traffic.Yes it is easy to operate.Netgear SRX5308-100EUS ProSafe Quad WAN Gigabit SSL VPN Firewall347One of the basic type, you can find this firewall cheaper.Stateful firewallYESYESYESYESCisco ASA 5505 Security appliance Unlimited Firewall Edition Bundle441.36 high-priced but provide good level of protectionApplication level firewallYESYESEasy to manage GUI based interface which makes it to configureSonicWALL NSA 220644.00Expensive but provide good level of protectionCircuit level firewallYESYESYESEasy to manage GUI based interface which makes it to configureCisco ASA 5505 Firewall Edition Bundle security appliance566.15Expensive but provide good level of protectionRecommendation and ImplementationFirewall end principlesThe first thing to remember that firewall is good only if it is configured properly but before buying and placing the firewall in the network you should know the answer of the following questions.What type of network it is and what are the network requirements?What is kind of information you have in the network?What level of protection is required?Where to place the firewall in the network?Firewall BasingThere are many choices to place the firewall in the network. The following part of the report explains the best placement of the firewall.Bastion HostThe bastion host is a computer system that is used on the network especially on the local area network. It is normally installed after the first firewall. This system is designed in such a wa y that all the traffic has to go through it. As all communication of the private LAN go through it is designed to harden against attacks from outside. It runs the secure stochastic variable of operating system and record of the audit information 18.The following figure displays the bastion host in the network. All traffic in or out of the private LAN is going through the bastion host. watch 11 Bastion host example Ref 13Host-Based FirewallsThe host based firewall is designed to protect the respective(prenominal) host in the network 4. This kind of firewall mostly used for the servers 18 or other important host in the network to provide another layer to defense against the attacks. Host based firewall normally comes with the operating system or because it is software based so you can also buy and install on the host.This is the most effect reply to prevent the individual host in the network. Because most of the attacks now a days comes from the inside of the organization network. So the firewall at the boundary cannot protect from these internal attacks. By installing the host based firewall on host can defend host against security violation and control the traffic according to the access rules. As it is on the host itself it can protect host from both inside and external attacks. The other benefit of host based firewall is that it can be designed and configure according to the host requirement. The reason is that as some host on the network has different operating system or different needs e.g. servers.The disadvantage to have host based firewall on host is that host processes each packet which is CPU intensive. This traffic checking process can slow the performance of the individual host.The following figure display each host in the network has host-based firewall to gives extra protection to the individual host according to their needs.Figure 12 Host based Firewall Ref 14 personalized FirewallIt is application software that can be installed on the compute r or host. Once activated on the computer it examines the traffic going in or out of the computer. User control this firewall through GUI based application and configures the required level of security. It can allow or deny the traffic as defined by the user. There are many free personal firewalls available on the internet which can be downloaded from the internet. E.g. AVG antivirus is free and comes with basic personal firewall.The other thing you must remember that it is design to protect one host, this means that personal firewall need to install on every host on the network. This is not very scalable in the large network that is why it is mostly use for personal computers in homes or for small office.The following figure display the example of the Norton personal firewall.Figure 13 Personal Firewall Example Ref 15Firewalls in network designThere are many solutions available here are some of the important onesDemilitarized Zone (demilitarized zone) designThe Demilitarized Zone ( DMZ) is the special area which is designed between two networks. DMZ provides protection against outside and inside attacks. The external firewall is used to protect the network and the internal firewall is used protect the network from inside attacks the secure area is created between the two firewalls. In the large organizations this area is used to keep the servers such as web server or file servers so that the authorized outside users can access the network. In really you are creating three zonesOutside zone (Internet)Intermediate zone (DMZ)Inside zone (Private network)You can see from the figure below that two firewalls are use to create DMZ.Figure 14 Firewall Implementation in DMZ design Ref 17Fault tolerant firewall designThe following design can be used to provide jailbreak tolerant solution. In the following design two firewalls are used. One of the firewall is in active mode (main firewall) and the other one is passive mode (standby firewall). If the active firewall fails the passive firewall takes control. This is best solution to provide the network security and redundancy.Figure 15 Example of fault tolerant firewall implementation Ref 16Test the firewallAfter firewall is installed in the network, you should always judge that how effect it is and what are the vulnerabilities of this firewall. Testing the firewall can be done by using the network testing tools such as network perceptivity tools or Port scanning tools. These tools are available in the arrest software version 5 for network testing. If you able to hack you own network and bypass the firewall, its means that firewall is effective. In this way you can able to find the vulnerabilities of the firewall and work on these weaknesses to resolve the network security issue. overall benefits and limitations of firewallsBenefits of using firewall in the Network foil unauthorized personals in the network.Prevent sensitive information exposure to unauthorized hosts.The flow of data between two n etworks or between two hosts can be controlled.By the deep examination of the data packet certain protocols can allowed or deny in the network.Security policy rules can be configuring to provide technical control.As all the network traffic goes through firewall, placing the firewall at the edge of the network gives one period of entry for all data. It makes easy to manage one point control connection to outside world.Limitations of FirewallsAs firewall is the single point of entry for all traffic, failure of firewall can cause the disconnection from the internet or other connected networks.Some of the new attacks may not be detected by the firewalls.Hackers try different ways to bypass the firewalls by checking the weakness or vulnerabilities of the specific firewall and attack according to the type of firewall.By placing the firewall on the network edge can slow down the network performance because firewall has to check each packet going in to out of the network.If the firewall con figuration is not right it may not stop the attacks.If the packet is encrypted firewall cannot understandConclusionThere is no one firewall which can be placed on the network and network will be 100% secure. So do not rely on just one firewall to provide all kind of protection. In the network use multiple protection devices such as IPS or IDS with the firewall to defence against other attacks. The most important to have network security policy and all users must agree to follow this policy. The firewall devices must be configured according to the security policy of the organization. The network administer should continually review the firewall as the level of the threats changes frequently. The best firewall should reduce the risk of attacks and easier to manage setting. The cost is another important point when selecting the firewall. Lastly when selecting the firewall network requirements, choice of service and performance should be the main consideration because it is the focal p oint for the traffic going in or out of the network. Too many users and extra load on the firewall can degrade the performance of the self-coloured network. So during selection of the firewall consideration of network requirements is the most important stage.

No comments:

Post a Comment