The primary function of a firewall is to centralize system access controls. If remote users, authorized or not, can access the internal networks without traversing the firewalls, their effectiveness is diminished. If a traveling employee has the ability to connect to his office workstation, circumventing the organization's firewall architecture, then an attacker can do the same. Firewalls have the ability to allow network services to be passed or blocked; consequently, system administrators must consult with firewall administrators relative to which services are necessary for business operations. All unnecessary services must be disabled, denied, or blocked.
Firewalls provide several layers and types of protection:
- Firewalls can block unwanted traffic, essentially partitioning the inside network from the outside network.
- Firewall can direct incoming traffic to more trustworthy internal systems.
- Firewall can conceal vulnerable systems that cannot be secure from the Internet.
- Firewall can provide audit trails logging traffic to and from the organization's private networks and the Internet.
- Firewalls can conceal information such as system addresses, network devices, and user identification from the Internet.
Authentication
Firewalls located at the perimeter of the organization's network, interfacing between the Internet and the internal networks, do not provide user authentication. Host-based firewalls usually provide these types of user authentication:
User names and passwords. User names and unique passwords are compared against authorized user lists and verified by correct passwords. This is one of the least secure methods.
One-time passwords. One-time passwords using software or hardware tokens produce a new password for each user session. Old passwords cannot be reused if they were stolen, intercepted, or borrowed. This method is one where the user must know something and must possess something before gaining access.
Digital certificates. Digital certificates use a certificate generated using public key encryption from a trusted third party. This access method is one where the user must know something and have something.
Firewall Types
Packet-filtering firewalls are gateways located at network routers that have packet-screening abilities based on policy rules granting or denying access based on several factors:
Information packet source address. It is capable of denying system access from specific source addresses; for example, it is possible to deny outside entry of any information packet having a source address of a competing company.
Information packet destination address. It is capable of denying access to any internal workstation or host based on its IP address; for example, all traffic can be blocked attempting to connect to the client list file server.
Service port. Firewalls are capable of blocking or allowing access to specific services; for example, connection attempts to workstation TCP Port 139 are denied.
Packet-filtering firewalls offer minimum security but very low cost. They can be an appropriate choice for a low-risk network environment. However, there are some drawbacks:
- They do not protect against IP or DNS address spoofing.
- Attackers will have direct access to any host on the internal network once access has been granted by the firewall.
- Strong user authentication is not a feature supported with many packet-screening firewalls.
- They do not generally provide complete or useful logging features.
Application Firewalls
Application firewalls use server programs, called proxies, running on the firewall. These proxies arbitrate transactions between interior and exterior networks. They accept requests, examine them, and forward legitimate requests to internal hosts that provide appropriate service. Application firewalls generally support functions as user authentication and logging features. Application firewalls require that a proxy is configured for each applicable service such as FTP, HTTP, etc.
Application-level firewalls generally offer the solution of network address translation (NAT). This feature may be configured so that outbound traffic appears as if the traffic had originated from the firewall itself. In this fashion, all IP addresses of the hosts behind the firewall are protected from discovery in that once they depart the firewall outbound, they all have the same IP address.
- Application firewalls supporting proxies for different services prevent direct access to internal network services, protecting the business against insecure or poorly configured internal servers.
- Application firewalls generally offer strong user authentication.
- Application firewalls generally provide detailed logging of user activities.
0 comments:
Post a Comment