Monday, June 3, 2019
How Firewalls Mitigate Attacks
How Firewalls Mitigate AttacksNedeucerk certification is the process by which digital discipline assets are treasureed. If the mesh security department is compromise, severe consequences could occur such(prenominal) as loss of confidential information 6. To protect the nets the goal of security should be maintain integrity, protect confidentiality and ensure availability 5. To begin the net income security process, you contain to archetypal develop security polity and annoy rules. This policy moldiness identify clearly the electronic web security objectives of the organization. Network Security includes security tradement, calculator arrangement security, data security, and entanglement devices security 1.Due to the tremendous growth of E-business and the internet all hand whatever or large organizations finding it very authorised to flummox web presence to compete in to sidereal days market. But marrying to the internet means that companys private network will b e connected to the outside human race 8. This makes the private network vulnerable to attacks from the internet. As in the case of E-business Companys web server must connect to the internet to provide WebPages to customers. This makes the web or charge server susceptible to attacks. The network engineering must defend the network against threats such as viruses, worm, Trojan horse, theft of information, misuse of resources, regain authorisation. Now a days access to the profits without the firewall is same as leaving your house door open to let any wizard come inside. As the information theft or identify theft is all time high, computers networks choose breastplate.To provide defence from the intruders or hackers a special device was needed. That is why the device called Firewall was introduced in rear end in 1988 17. Currently there are many distinct kinds of firewalls in the market. These firewalls non entirely assorted in represent but their functionalities are diff erent as well. For an organization it is hard to pick up one(a) firewall and considered protected against attacks. This report explain you different types of firewalls and their functionality.The following figure displays the firewall is hardened between the earnings and the private network to provide network security and protecting from attacks.Network Security PolicyAs everyone want to protect their network and the information in the network so we should have some kind of rules to define that what is acceptable or what is not acceptable on the network 1. To apply these rules or procedures we setoff need to have a security policy. Having a life-threatening and detailed security is the handsome start of network security. After the creation of policy we need implement this security policy to provide the technical control. Because if this hardware or bundle devices is needed to provide the vindication. A firewall is used to apply this security policy on the networkSecuring Net work with FirewallTechnical controls are the most weighty part of the network security program because it provides a protection against the attacks and covers network safe. Firewall is one of the main types of device to provide technically or physically control the network calling.What is a firewallThe term firewall originally comes from firewalls which protect the fire from spreading to the different part of the building4. A firewall is a device in the network which divide or separate the trusted network (Private network) form the untrusted network (outside network). The firewall finish be special devices such as hardware firewall or may be computer runing firewall parcel.The main aim of the firewall implementation is to protect the network from countless threats and altogether allow authoried calling going in or out of the networks. Firewall apprize be used as standalone devices or washstand be configure on gateway router on the network such as cisco PIX firewall 5.The f ollowing figure display the firewall stress traffic by letting only authorized traffic in the network and rejecting unauthorized traffic at the network boundary.How Firewalls mitigate attacks?The main aim of the firewall technology is to protect the sensitive information moving between the two networks 4. In a real world scenario firewall is readyd between a private network and internet to prevent attacks. Firewall is one of the most essential barriers that sack defend computer networks from many threats. The firewall at the perimeter of the network is the first line of defence against external attacks. To mitigate the attacks the firewall divides the network into two zonesTrusted Zone authorized users in the private network or a private network.Least trusted Zone users from the Internet attempt to access the private network.The simple firewall job is to either permit or deny the traffic found on the access rules 4.Permit the authorized traffic is allowed in the network accordi ng to the predefined access rules.Deny the unauthorized traffic block up at the firewall and information is sent to network administrator or discarded.The higher up figure displays that hoe firewall filter the traffic according to the specified criteria.Protecting network with FirewallFirewalls filter the traffic transfers between two or to a greater extent than two networks. It croup divide the network into protected or unprotected areas.The firewall consider as good firewall if it squeeze out protect network from following vulnerabilitiesFirewall should provide protection against attacks from outside the network. E.g. internet.Firewall should protect the network from any type of internal attacks.Firewall should grant access to the users according to the access privilege level users posses 4.Firewall should stop unauthorised users to access the resources.Hardware and software product Firewallsthither are two main categories of firewalls Hardware firewall and Software firewall 5 . Depending on the network requirements different firewall is used. Each of these firewalls has its get benefits. Both of these firewalls have the same aim of providing the secure communication. In the organization you can you either hardware or parcel or for better results combination of hardware and software firewall can be used.Hardware FirewallsAs the name hardware explain itself that it is a hardware firewall device. The hardware firewall is a special device which is normally placed near the gateway router of the network or between two networks to control the traffic flow. Before placing it on the network it is configure with the access policy or security rules on the firewall. When it activated on the network it controls of the network traffic going in or out of the network. The hardware firewall examine the incoming portion and compare with the access rules to decide either allow or discard the software system 11. It is mostly used in large businesses and best suit for tra nsnational companies.The following figure displays the hardware firewall providing network security form the Internet.AdvantagesHardware firewall has different operating system which is the independent of normal system such as Microsoft OS. Microsoft windows operating systems and other(a) common OS have much vulnerability 11. But hardware firewalls dont use common OS so it is hard for attacker to have successful attack.The other benefit of this is it faster than the other types of firewalls and easy to implement on the network 11.DisadvantagesThe main disadvantage of the hardware firewall is that it is one excite of trouble. If the hardware firewalls fail than all the traffic on the network will stop. No traffic can go in or out of the network. The other disadvantage is that if attacker hack the firewall he can control the traffic going in or out of the network.The most hardware firewalls cost more than the software firewall and specially trained staff is required to manage the device make the overall cost higher.Also most of these hardware firewalls are designed by different companies so that each of these needs different configuration and maintenance. The network administrative needs to learn close to that specific firewall before placing it into the network and must have hold outledge of how to administer the firewall deceive 11.Software FirewallsSoftware firewall is a special software firewall program that can be install on the devices such as router, server or PC. Once it is installed and configure properly it works that same way as hardware firewall. It examines the traffic and allows or denies access according to the predefined access rules to determine whether the parcel has permission to access the network or not.The consideration must be taken when installing the software firewall on the existing devices because software firewall going to use the CPU and other resources on the devices 11. Make sure the device have sufficient hardware resource s to provide excellent achievement in this environment. If there are not enough resources available for software firewall to operate, this can impact the network performance.Also as the attacks and vulnerabilities changes because attacks see different or new methods to attacks on the network so that the software firewall need to upgraded to provide the complete protection against new threats on the networks. It is best suitable for small businesses and home networks. Because it is easy to implement and no special hardware is required.The following figure displays the computer or router running the software firewall providing network security.AdvantagesAs the software firewall can be installed on the existing network devices so it normally cost less than the hardware firewall. There are many free software firewall programs on the internet which can be downloaded on the PC for free.DisadvantagesSoftware firewalls share the system resources with other natural coverings running on th e computer. It can impact the performance of the computer if there are no enough resources.Most of the times software firewall companies give free firewall application provide basic network protection only. To get the full protection against all attacks you have to pay for the advance serving.The other disadvantage of the software firewall is run on existing operation system, so it can be very vulnerable to have same king of attacks as on operating systems 11.Different Types of FirewallsAfter defining the two study categories of firewall, now the next part of the report explain the types of firewall based upon how firewall filter piece of lands and its behaviour in the network security. In this report TCP/IP archetype is used to define the process of how software programs are treated and filter by different types of firewalls.Packet-filtering FirewallThis was the first type of firewall to protect the networks. Packet filtering firewall check the source and finale IP address of the packet and let the packets in or out according to the security policy of the organization 8. Normally gateway router on the network edge is used to filter these packets. Access control list (ACL) can be configured on the router to act like packet filtering firewall. Based on the access rules router can allow or deny access into the network.The following figure displays the incoming coming packet can be filter based on the specified rules such as IP address, packet types and port exit.AdvantagesIt the simplest form of the firewall and easy to implement on the network. When Packet filtering firewall is placed in the network it will not slow the network down and users of the network will not feel the difference in network performance.DisadvantagesThis was the first type of firewall introduced for the networks. As it check the layer 3 address in the packet and let the packet in or denied access according to the security policy. IP spoofing is proficiency to spoof the IP address to any IP address you like to change. Hackers can use IP spoofing software to get the access through the packet filtering firewall.The other problem with packet filtering firewall is that it does not know who is utilize the service.Recommended UsagePacket filtering firewall is used in low security environment or when the cost is an issue. It can be implemented on the router to save money but this kind of firewall should not be used in high security environment. unassailable for small businesses or filter traffic within the organization.Stateful Inspection FirewallThe stateful firewall checks and monitors the state of the fellowships between source and end sharpen 4. It is the most complex type of firewall. This type of firewall can monitor all kinds of connections e.g. connection initiation, connection termination and information transfer 4. It can perform the multilayer inspection. In multilayer inspection the packets first checked at the Internet Protocol layer (Layer 3 of the TCP/IP model) if the packet is granted access than it can overly perform the second check at the application layer (Layer 5 of the TCP/IP model).It can inspect the TCP or UDP sessions and keep monitor these session between the source and destination. When the packet first arrived at the firewall it inspects the protocols in the packet and authorized or denied the packet according to the network security policy. If the packet is authorized than it keeps the information about the sources, destination, port number and TCP sequence number in the record table. E.g. Cisco Pix firewallThe following figure displays the incoming coming packet can be filter based on the specified application rules.AdvantagesIt is more secure than the packet filtering because it can not only do the deep inspection of the packets but also keeps records of each session.DisadvantagesIt can slow the network down because all traffic goes through firewall and this kind of firewall is expensive.The other disadvantag e is the when packet inside the network go outside the hackers can capture the packet and examines the internal IP address in the packet header. This can give hacker some information about the IP address scheme used in the network. This information leads towards the some sort of attack on the network. But NAT can be used to steady down this problem with stateful firewall.Recommended UsageThis kind of firewall is good for networks that required high level of security. Mostly used by the medium and large coat organization where scrutinize of each session is required. natural covering-level GatewayApplication level firewall was design to provide more security to the network by checking all layers of the TCP/IP model. As the packet switching firewall only examine the incoming packet up to Internet protocol layer of but application layer firewall provide security checking up to application layer.The application firewall is a dedicated computer also known as proxy server. Proxy server proxy for external services request for internal services and proxy exchange information with internal network 1. The main advantage is that it hides the internal network from the outsiders.A proxy service has two important components proxy server and proxy client 3The job of the proxy server is to accept connection from one side of the network and connect to the other side of the network. Proxy Server first checks if the connection or force is allowed or not, if force is allowed than the proxy server makes the second connection to the destination horde on the other side of the network.In this way the source swarm is connected indirectly to destination soldiers via proxy server. This indirect connection between source and destination hide the valuable information about the internal network to pass on to external network.AdvantageAs Application layer firewall filter up to application later, it can understand variety of different application so that checks can be perform on the mental object of the different application traffic for effect results.DisadvantagesIf there are too many users in the network proxy services may slow the network down.The following figure displays the incoming coming packet can be filter based on the specified application rules. For mannikin you can stop the HTTP traffic and allow all other protocol. With the application firewall you have more control to filter traffic based on the protocols.Recommended UsageThis kind of firewall is good for networks that required high level of security such as Banking. Mostly used by the medium and large size organization. It cost more than the packet filtering firewall.Circuit-Level GatewayCircuit level firewall is more advance form of packet filtering firewall because it can examine the incoming packet in more detail. It also provides more protection against attacks as compare with packet filtering firewall. Circuit level firewall not only checks the IP address, port number but it also checks th e TCP wag status between source and destination hosts and keep record of the TCP handshake 12. This type of firewall checks TCP handshake connection status before authorizing the access.The enlistment level firewall works at the TCP layer (Layer 4 of TCP/IP model). Because it need to examines the TCP handshake between hosts and open the session between hosts.The source host start the connection, when the packet arrived at the gateway the gateway examines the connection information in the IP packet. The gateway find the match of the packet with the in security policy predefined on the gateway. If the packet gets permission to enter in the network the gateway makes the 2nd connection to the destination host. When the IP packet arrives at the destination it has the source address as the address of the gateway 12.The following figure displays the traffic is only allowed if the session is initiated by the authorized host on the network otherwise all other traffic will be denied.Advanta gesThe circuit level gateway provides better protection against some attacks such as IP spoofing which packet filtering firewall cannot detect.It checks each TCP session and open the port manage all the incoming and outgoing connection. Because of that no unauthorized traffic allowed in the network it is considers protected network.The other main circuit level gateway benefit is that it hides the IP address of the trusted network from the un-trusted networks because outside host only get the source IP as the gateway address. E.g. Network Address Translation (NAT)DisadvantagesThe main problem with this kind of firewall is that it does not check the nub of the packet. This means that the in the packet the content may be some kind of virus or worm. Because of this reason authorized host mistake can bring virus in the network.Recommended UsageThis kind of firewall is good for networks that required high level of security. Mostly used by the medium and large size organization. Network r outer can be used to act as a firewall but for large organizations separate firewall devices is recommended.Comparison between different firewallsFirewall type or cost vary depends on the size of the organization and type or access required. My investigation is based upon for medium size company. Now a day firewalls are very advance piece of equipment that has most the function in one device. E.g. IDS, IPSHardware firewallSo many different types are available in market, depend on the type can filter based upon IP addressYes it canDepends upon the security policy the firewall can filter incoming or outgoing traffic.These are mostly proprietor devices so the network administrator must learn to manage.Cisco ACE 4710 HARDWARE-0.5GBPS-1001083Expensive because it comes with the special hardware device.Software firewallYESYes it can filterYes it is easy to operate.Cisco PIX Firewall Software248Relatively cheaper that hardware firewallPacket filtering firewallYESNOBasic firewall cannot filt er ports.If configure to filter it can check either incoming or outgoing or both(prenominal) traffic.Yes it is easy to operate.Netgear SRX5308-100EUS ProSafe Quad WAN Gigabit SSL VPN Firewall347One of the basic type, you can find this firewall cheaper.Stateful firewallYESYESYESYESCisco ASA 5505 Security appliance Unlimited Firewall Edition Bundle441.36Expensive but provide good level of protectionApplication level firewallYESYESEasy to manage graphical user interface based interface which makes it to configureSonicWALL NSA 220644.00Expensive but provide good level of protectionCircuit level firewallYESYESYESEasy to manage GUI based interface which makes it to configureCisco ASA 5505 Firewall Edition Bundle security appliance566.15Expensive but provide good level of protection recommendation and ImplementationFirewall design principlesThe first thing to remember that firewall is good only if it is configured properly but before buying and placing the firewall in the network you sh ould know the answer of the following questions.What type of network it is and what are the network requirements?What is kind of information you have in the network?What level of protection is required?Where to place the firewall in the network?Firewall BasingThere are many choices to place the firewall in the network. The following part of the report explains the best placement of the firewall.Bastion HostThe bastion host is a computer system that is used on the network especially on the local area network. It is normally installed after the first firewall. This system is designed in such a way that all the traffic has to go through it. As all communication of the private LAN go through it is designed to harden against attacks from outside. It runs the secure version of operating system and record of the audit information 18.The following figure displays the bastion host in the network. All traffic in or out of the private LAN is going through the bastion host. interpret 11 Bastio n host example Ref 13Host-Based FirewallsThe host based firewall is designed to protect the individual host in the network 4. This kind of firewall mostly used for the servers 18 or other important host in the network to provide another layer to defense against the attacks. Host based firewall normally comes with the operating system or because it is software based so you can also buy and install on the host.This is the most effect solution to prevent the individual host in the network. Because most of the attacks now a days comes from the inside of the organization network. So the firewall at the boundary cannot protect from these internal attacks. By installing the host based firewall on host can defend host against security violation and control the traffic according to the access rules. As it is on the host itself it can protect host from both inside and external attacks. The other benefit of host based firewall is that it can be designed and configure according to the host requ irement. The reason is that as some host on the network has different operating system or different needs e.g. servers.The disadvantage to have host based firewall on host is that host processes each packet which is CPU intensive. This traffic checking process can slow the performance of the individual host.The following figure display each host in the network has host-based firewall to gives extra protection to the individual host according to their needs.Figure 12 Host based Firewall Ref 14Personal FirewallIt is application software that can be installed on the computer or host. Once activated on the computer it examines the traffic going in or out of the computer. User control this firewall through GUI based application and configures the required level of security. It can allow or deny the traffic as defined by the user. There are many free individual(prenominal) firewalls available on the internet which can be downloaded from the internet. E.g. AVG antivirus is free and comes with basic personal firewall.The other thing you must remember that it is design to protect one host, this means that personal firewall need to install on every host on the network. This is not very climbable in the large network that is why it is mostly use for personal computers in homes or for small office.The following figure display the example of the Norton personal firewall.Figure 13 Personal Firewall Example Ref 15Firewalls in network designThere are many solutions available here are some of the important onesDemilitarized Zone (DMZ) designThe Demilitarized Zone (DMZ) is the special area which is designed between two networks. DMZ provides protection against outside and inside attacks. The external firewall is used to protect the network and the internal firewall is used protect the network from inside attacks the secure area is created between the two firewalls. In the large organizations this area is used to keep the servers such as web server or file servers so that the authorized outside users can access the network. In really you are creating cardinal zonesOutside zone (Internet)Intermediate zone (DMZ)Inside zone (Private network)You can see from the figure below that two firewalls are use to create DMZ.Figure 14 Firewall Implementation in DMZ design Ref 17Fault tolerant firewall designThe following design can be used to provide dishonor tolerant solution. In the following design two firewalls are used. One of the firewall is in wide awake mode (main firewall) and the other one is passive mode (standby firewall). If the active firewall fails the passive firewall takes control. This is best solution to provide the network security and redundancy.Figure 15 Example of fault tolerant firewall implementation Ref 16Test the firewallAfter firewall is installed in the network, you should always test that how effect it is and what are the vulnerabilities of this firewall. Testing the firewall can be done by using the network testing tools such as netwo rk penetration tools or Port scanning tools. These tools are available in the BackTrack software version 5 for network testing. If you able to hack you own network and bypass the firewall, its means that firewall is effective. In this way you can able to find the vulnerabilities of the firewall and work on these weaknesses to resolve the network security issue.Overall benefits and limitations of firewallsBenefits of using firewall in the NetworkPrevent unauthorized personals in the network.Prevent sensitive information exposure to unauthorized hosts.The flow of data between two networks or between two hosts can be controlled.By the deep examination of the data packet certain protocols can allowed or deny in the network.Security policy rules can be configuring to provide technical control.As all the network traffic goes through firewall, placing the firewall at the edge of the network gives one point of entry for all data. It makes easy to manage one point control connection to outsi de world.Limitations of FirewallsAs firewall is the single point of entry for all traffic, failure of firewall can cause the disconnection from the internet or other connected networks.Some of the new attacks may not be detected by the firewalls.Hackers try different ways to bypass the firewalls by checking the weakness or vulnerabilities of the specific firewall and attack according to the type of firewall.By placing the firewall on the network edge can slow down the network performance because firewall has to check each packet going in to out of the network.If the firewall configuration is not right it may not stop the attacks.If the packet is encrypted firewall cannot understandConclusionThere is no one firewall which can be placed on the network and network will be 100% secure. So do not rely on just one firewall to provide all kind of protection. In the network use quadruple protection devices such as IPS or IDS with the firewall to defence against other attacks. The most impo rtant to have network security policy and all users must run to follow this policy. The firewall devices must be configured according to the security policy of the organization. The network administer should continually review the firewall as the level of the threats changes frequently. The best firewall should disregard the risk of attacks and easier to manage setting. The cost is another important point when selecting the firewall. Lastly when selecting the firewall network requirements, quality of service and performance should be the main consideration because it is the central point for the traffic going in or out of the network. Too many users and extra load on the firewall can degrade the performance of the entire network. So during selection of the firewall consideration of network requirements is the most important stage.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.