Short notes on Firewall.

-

 Firewalls and Its Types: 

  • The most commonly accepted network protection is a barrier—a firewall between the corporate network and the outside world (untrusted network).
  •  A firewall is a method of placing a device—a computer or a router— between the network and the Internet to control and monitor all traffic between the outside world and the local network. 
  • Typically, the device allows insiders to have full access to services. 
  • While granting access from the outside only selectively, based on log-on name, password, IP address, or other identifiers as shown in the figure below. 



  •  In general, a firewall is a protection device to shield vulnerable areas from some form of danger. 
  •  In the context of the Internet, a firewall is a system—a router, a personal computer, a host, or a collection of hosts—set up specifically to shield a site or subnet from protocols and services that can be abused from hosts on the outside of the subnet. 
  •  A firewall system is usually located at a gateway point, such as a site's connection to the Internet, but can be located at internal gateways to provide protection for a smaller collection of hosts or subnets. 

  • Generally, firewalls operate by screening packets and/or the applications that pass through them, provide controllable filtering of network traffic, allow restricted access to certain applications, and block access to everything else.
  • The actual mechanism that accomplishes filtering varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one to block incoming traffic and the other to permit outgoing traffic. 
  • Some firewalls place a greater emphasis on blocking traffic, and others emphasize permitting traffic. 

(Firewalls in Practice) 
  • Firewalls range from simple traffic logging systems that record all network traffic flowing through the firewall in a file or database for auditing purposes to more complex methods such as IP packet screening routers, hardened fire-wall hosts, and proxy application gateways.
  •  The simplest firewall is a packet-filtering gateway or screening router. Configured with filters to restrict packet traffic to designated addresses, screening routers also limit the types of services that can pass through them. 
  • More complex and secure are application gateways. 


Types of Firewall

1. IP Packet Screening Routers: 

• This is a static traffic routing service placed between the network service provider's router and the internal network.

 • The traffic routing service may be implemented at an IP level via screening rules in a router or at an application level via proxy gateways and services. 

• Figure below shows a secure firewall with an IP packet screening router. 





 • The firewall router filters incoming packets to permit or deny IP packets based on several screening rules. 

• These screening rules, implemented into the router are automatically performed.

 • Rules include target interface to which the packet is routed, known source IP address, and incoming packet protocol (TCP, UDP, ICMP).

 • ICMP stands for Internet Control Message Protocol, a network management tool of the TCP/IP protocol suite. 

 Disadvantages

 • Although properly configured routers can plug many security holes, they do have several disadvantages. 

• First, screening rules are difficult to specify, given the vastly diverse needs of users. 

• Second, screening routers are fairly inflexible and do not easily extend to deal with functionality different from that preprogrammed by the vendor.

 • Lastly, if the screening router is circumvented by a hacker, the rest of the network is open to attack. 



 2. Proxy Application Gateways: 

• A proxy application gateway is a special server that typically runs on a firewall machine.

 • Their primary use is access to applications such as the World Wide Web from within a secure perimeter as shown in the figure below. 



• Instead of talking directly to external WWW servers, each request from the client would be routed to a proxy on the firewall that is defined by the user. 

• The proxy knows how to get through the firewall. 

• An application-Level proxy makes a firewall safely permeable for users in an organization, without creating a potential security hole through which hackers can get into corporate networks.

 • The proxy waits for a request from inside the firewall, forwards the request to the remote server outside the firewall, reads the response, and then returns it to the client. • In the usual case, all clients within a given subnet use the same proxy. 

• This makes it possible for the proxy to execute efficient caching of documents requested by many clients. 

• The proxy must be in a position to filter dangerous URLs and malformed commands. 


 3. Hardened Firewall Hosts: 

• A hardened firewall host is a stripped-down machine that has been configured for increased security. 

• This type of firewall requires inside or outside users to connect to the trusted applications on the firewall machine before connecting further. 

• Generally, these firewalls are configured to protect against unauthenticated interactive logins from the external world.

 • This, more than anything, helps prevent unauthorized users from logging into machines on the network. 

• The hardened firewall host method can provide a greater level of audit and security, in return for increased configuration cost and decreased 'level of service (because a proxy needs to be developed for each desired service). 


                                  OR,

 Firewall 

  • A firewall provides a defense, sometimes the first line of defense, between a corporate network and the Internet.
  •  All corporate access to and from the Internet flows through the firewall. 
  • The network and computers being protected are inside the firewall, and any other network is outside.
  •  The networks inside the firewall are called trusted, whereas networks outside the firewall are called untrusted. 
  • In the TCP/IP protocol stack, a firewall works in the application layer. Thus, it provides a software solution. 
  •  Firewalls are computers that have the following characteristics: 

- All traffic from inside to outside and outside to inside must pass through it. 

-  Only authorized traffic is allowed to pass through it. 

- The firewall itself must be immune to penetration.


 Classification of Firewalls 

a) Packet filters:- Examine all packets flowing back and forth through the firewall 

b) Gateway servers 

- Filter traffic based on the requested application such as Telnet, FTP, and HTTP. 

- A gateway might permit incoming FTP requests, but not outgoing FTP requests. 

- A gateway might prevent employees inside a firewall from downloading any program outside the firewall. 

 c) Proxy servers 

- Communicate on behalf of the private network 

- Serve as a huge cache for Web pages

Comments

Post a Comment

Popular posts from this blog

Suppose that a data warehouse for Big-University consists of the following four dimensions: student, course, semester, and instructor, and two measures count and avg_grade. When at the lowest conceptual level (e.g., for a given student, course, semester, and instructor combination), the avg_grade measure stores the actual course grade of the student. At higher conceptual levels, avg_grade stores the average grade for the given combination. a) Draw a snowflake schema diagram for the data warehouse. b) Starting with the base cuboid [student, course, semester, instructor], what specific OLAP operations (e.g., roll-up from semester to year) should one perform in order to list the average grade of CS courses for each BigUniversity student. c) If each dimension has five levels (including all), such as “student < major < status < university < all”, how many cuboids will this cube contain (including the base and apex cuboids)?

-
Image
a) A Snowflake Shema is shown in figure below: b) The specific OLAP operations to be performed: 1. Roll-up on course from course_id to department. 2. Roll-up on a student from student_id to university. 3. Dice on course, student with department ="CS" and university = "biguniversity" 4. Drill-down on a student from the university to student_name. c) N = 4 dimensions The cube will contain 54 = 625 cuboids.
Read more

Pure Versus Partial EC

-
Image
Pure Versus Partial EC EC takes several forms depending on the degree of digitization (the transformation from physical to digital). Companies utilizing pure EC conduct all of their business online. Businesses utilizing partial EC conduct a portion of their business online and a portion of their business off-line OR,    Pure E-electronic commerce refers to a situation where a business transacts its business activities PURELY online. that is, the goods or services sold do not have any physical presence. take a business that sells software, for example, you just pay and download, or one that sells music files online. Partial E-Commerce on the other hand refers to a slightly opposite situation where a business has an online presence, but still has a physical location for the goods and services it sells. For example, Amazon, Walmart, and any other you can think of. you buy the goods online but receive them physically.                   ...
Read more

Discuss classification or taxonomy of virtualization at different levels.

-
Image
Taxonomy of virtualization Virtualization is mainly used to emulate the execution environment, storage, and networks. The execution environment is classified into two: – Process-level – implemented on top of an existing operating system.  – System-level – implemented directly on hardware and does not or minimum requirement of the existing operating system. OR,  Virtualization covers a wide range of emulation techniques that are applied to different areas of computing. A classification of these techniques helps us better understand their characteristics and use  V irtualization is mainly used to emulate  ● Execution Environments: To provide support for the execution of the programs eg. OS, and Application.  ○ Process Level: Implemented on top of an existing OS that has full control of the hardware  ○ System Level: Implemented directly on Hardware and do not require support from existing OS.  ● Storage: Storage vi...
Read more