Advantages And Disadvantages Of Firewalls Computer Science Essay

Advantages And Disadvantages Of Firewalls Computer Science Essay A firewall is a boundary or a wall to keep intruders from attacking the network. The firewall is network device that is in between a private network and the internet. The firewall is configured to inspect network traffic that passes between the network and the internet. We can assign rules or protocols to the firewall to allow data to be shared. If the protocol isnt included in the approved list it would destroy or discard the packet of data and deny it from entering the network. When a private network is connected to the internet it allows the people to access information from external sources .when the network is connected to the internet it also allow external uses to enter the private network and steal information from the network. To prevent unauthorized access organizations has firewalls to protect them. There are mainly two types of firewalls. Software firewalls and hardware firewalls. A firewall provides configurable network access, authentication before accessing services and other services as well. Scope I will be covering only the 3 types of firewall types, the characteristics of firewalls, types of attacks to an organization, other devices that can be used in place of a firewall. I wont be covering the configuration of firewalls. Firewall What is a Firewall There are basically two types of Firewalls. They are software and hardware Firewall. A firewall is a software or hardware that filters all network traffic between your computer, home network, or company network and the internet. As shown in figure 1 the firewall usually sits between a private network and a public network or the internet. As shown in figure 1 a firewall is kept in the boundary of the privet network and the public network or internet. Figure Firewall A firewall in a network ensures that if something bad happens on one side of the firewall, computers on the other side wont be affected. Depending on the firewall type there many features such as antivirus guard, intrusion prevention etc. Type Of attacks (http://technet.microsoft.com/en-us/library/cc959354.aspx) There are many types of attacks to a network. These are some of them IP Spoofing Attacks IP Spoofing Attacks are where an attacker outside the network may pretend to be a trusted computer either by using an IP address that is within the range of IP addresses for the local network or by using an authorized external IP address that has authorized access to specified resources on the local network. Denial of Service Attacks(DoS Attacks) Denials of Service Attacks are attacks just to make a service unavailable for normal use by flooding a computer or the entire network with traffic until a shutdown occurs because of the overload. The attacker can also block traffic, which results in a loss of access to network resources by authorized users. Denial of service attacks can be implemented using common internet protocols, such as TCP and ICMP. Sniffer Attack A sniffer attack is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunnelled) packets can be broken open and read unless they are encrypted. Man in the Middle Attack As the name indicates, a man in the middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. To prevent such attacks a computer or network should implement a firewall to the companys specifications, so that the firewall will protect the network without been a problem for the employees of the company. Types of Firewall (Google book) Packet filtering routers Packet filtering routers were the first generation of firewall architectures to be invented. Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. As shown in figure 2 a Packet filtering routers will be placed between the boundary of the private network and the public network or internet. Packet filtering routers can provide a cheap and useful level of security to the network. Depending on the type of router filtering can be done at the incoming, outgoing interfaces or both interfaces. Packet filters work by applying a set of rules to each incoming or outgoing packets.The rules are defined based on the network security policy of the enterprise. According to these set of rules the firewall can forwarded or drop the packet. A packet filtering router is able to filter IP packets based on the Source IP address Destination IP address TCP/UDP source port TCP/UDP destination port Packet filters works well for blocking spoofed packets. It also can be used for Block connections from specific hosts or networks Block connections to specific hosts or networks Block connections to specific ports Block connections from specific ports Figure Packet filtering routers The three types of filtering firewall Static Filtering It is one of the oldest firewall architecture and it operates in the network layer. The administrator can define rules which packets are accepted and which packets are denied. The static filter will scan for IP header data and TCP header data. Advantages of Static Filtering Low impact on network performance. Low cost included in many operating systems. Disadvantages of Static Filtering Because it operates in the network layer it examines only the IP header and TCP header. It is not aware of the packet payload. Offers low level of protection. Dynamic Filtering Dynamic Filtering works on the network layer. These firewalls are the most common sort of firewall technology .The decision will to deny or allow the packet will be based on the examination of the IP and protocol header. Dynamic filter can differentiate between a new and an established connection. After a connection is established its information is kept in a table in the router. Advantages of Dynamic Filtering Lowest impact on network performance Low cost Because it can differentiate between a new and an established connection it increases performance. Disadvantages of Dynamic Filtering Because it operates in the network layer it examines only the IP header and TCP header. Provide low level of protection Stateful Inspection Stateful inspection is a technology that is similar to dynamic filtering, with the addition of more granular examination of data contained in the IP packet Advantages of using firewalls based on packet filtering Low cost. Packet filters make use of current network routers. Makes Security Transparent to End-Users. Easy to install. Packet filters make use of current network routers. Therefore implementing a packet filter security system is typically less complicated than other network security solutions. High speed Packet filters are generally faster than other firewall technologies because they perform fewer evaluations. Disadvantages of using firewalls based on packet filtering Packet filters do not understand application layer protocols. Packet filters does not offer any value-added features, such as HTTP object caching, URL filtering, and authentication because they do not understand the protocols being used. Packet filtering routers are not very secure. Cant discriminate between good and bad packet New rules may be needed to be added if an employee needs special requirements to connect to the internet. Difficulty of setting up packet filtering rules to the router There isnt any sort of user based Authentication. Packet filter cannot authenticate information coming from a specific user. (http://www.cse.iitk.ac.in/research/mtech1997/9711107/node14.html) Circuit level gateways Circuit level gateways are the second generation of firewall architectures. Circuit level gateways work at the session layer of the OSI model. It is basically a packet filter with additional features. In figure 3 shows a circuit level gateway works. The circuit level gateway examines and validates TCP and UDP sessions before if open up a connection or circuit through the firewall. So it will provide more security than the static packet and dynamic packet filter. The decisions to accept or deny packet is based on examining the  ·Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Source address  ·Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Destination address  ·Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Application or protocol  ·Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Source port number  ·Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Destination port number Figure Circuit level gateways (William Stallings,) Advantages of firewalls based on Circuit level gateways Less impact on network performance. Breaks direct connection between the untrusted host and trusted client. Higher level security than the packet filter firewalls.. Disadvantages of firewalls based on Circuit level gateways Does not examine the packet payload. Low to moderate security level. Application level gateways The third generation of firewall architectures is called Application level gateways. Application level gateways are capable of inspecting the entire application data portion of an IP packet. When a computer sends a request to the internet the firewall inspects the entire packet against the rules configured by the network or firewall administrator and then regenerates the entire Internet request before sending it to the destination server on the Internet. The returned result will then again will be inspected, if the result meet the requirement of the rules then it will be allowed to pass through the network and into the network, then the firewall will create a response packet and send it to the corresponding computer. If the result does not meet the requirement of the rules then it will be blocked from passing through the network. The figure 4 shows an Application level gateway. Figure Application level gateways Advantages of Application level gateways The application proxy can inspect the entire application portion of the IP packet. This inspection happens both when the Internet request is sent and when the reply packet from the Internet server is returned. Highest level of security Because the application proxy understands the application protocol, it can create a much more detailed log file of what is sent through the firewall. Packet filter log files know only about the IP packet header information. The internal computer and the server on the Internet never have a real connection, because the firewall inspect the packet and then regenerates it. Proxy services understand and enforce high-level protocols, such as HTTP and FTP. Proxy services can be used to deny access to certain network services, while permitting access to others. Disadvantages of Application level gateways Application level gateways require great memory and processor resources compared to other firewall technologies. Have to create filter rule for each application individually. Must be written very carefully Vendors must keep up with latest protocols Software firewall For home users software firewalls are the most popular firewall choices. In figure 5, 6 and 7 are some of the most popular software firewalls in the market. Software firewalls are installed on your computer or server computer like any other software .The firewall can be customize it if necessary allowing you some control over its function and protection features. A software firewall will protect your computer from unauthorized access to the network or home pc and in most software firewall it provides protection against Trojan programs, e-mail worms, antivirus, antispyware and intrusion detection etc.  Software firewalls will only protect the computer they are installed on and not the whole network, so each computer will need to have a software firewall installed on it. There are vast numbers of software firewalls to choose from. A good software firewall will run in the background on your system and use only a small amount of system resources. It is important to monitor a software firewall once installed and to download any updates available from the developer. Norton Internet Security Figure Norton Internet Security Zone Alarm Extreme Security Figure Zone Alarm Extreme Security Kaspersky Internet Security Figure Kaspersky Internet Security Hardware Firewalls As seen in figure 8 hardware firewalls can be purchased as a stand-alone product, in present hardware firewalls are integrated in broadband routers. These will be very important for people with broadband connection for their company network. Hardware firewalls can provide better security and reduce the performance loss by using dedicated memory and processing power .They also can protect every machine on a local network. Most hardware firewalls will have a minimum of four network ports to connect other computers. A hardware firewall  uses packet filtering to examine the header of a packet to determine its source and destination. This information is compared to a set of administrator created rules that determine whether the packet is to be forwarded or dropped. Figure Hardware Firewalls Firewall Characteristics Design goals of a firewall Every firewall has design goals. Because if the firewalls does not achieve these design goals the firewall will be a huge security risk to an organizations network. According to the security policy only Authorized traffic should pass through the firewall. All inbound and outbound traffic should pass through the firewall. The firewall should be immune to penetration. Four general techniques to control access Service control Determines the types of Internet services that can be accessed, inbound or outbound Direction control Determines the direction in which particular service requests are allowed to flow User control Controls access to a service according to which user is attempting to access it Behavior control Controls how particular services are used. Advantages of Using a Firewall A Company network or a home computer will have number of advantages when using a firewall. They are more cost effective than securing each computer in the corporate network since there are often only one or a few firewall systems to concentrate on. There are some firewalls which are able to detect viruses, Trojans, worms and spyware etc. There are Disadvantages of Using a Firewall Even if a firewall helps in keeping the network safe from intruders, but if a firewall is not used properly it would give a false impression to you that the network is safe. The main disadvantage of a firewall is that it cannot protect the network from attacks from the inside. They often cannot protect against an insider attack. Firewalls cannot protect a network or pc from viruses, Trojans, worms and spyware which spread through flash drives, potable hard disk and floppy etc. They may restrict authorized users from accessing valuable services. They do not protect against backdoor attacks. They cannot protect the network if someone uses a broadband modem to access the internet. (http://www.linktionary.com/f/firewall.html)must see Other devices that could be used in place of firewalls Antivirus Software Antivirus software is a programme detects and prevents malicious software programs such as viruses and worm. Malicious software programs are designed to infiltrate the computer network through the internet connection and cause damage to the system. These programmes are installed without the users knowledge. To prevent such programmes from been installed an antivirus has to be installed in every computer on the network. To prevent the latest malware from infecting the computers the antivirus software has to be up to date with the latest antivirus definitions from the developer. E.g.:- Norton antivirus, Kaspersky antivirus etc. Spyware Software Spyware is a type of malware that is installed in the pc without the knowledge of the user, it secretly collects personal information and monitors browsing activities of the computer user. Like antivirus software spyware software has to be updated regularly with the latest definitions. Most antivirus softwares has spyware protection. E.G.:-Spyware doctor, Norton antivirus etc. The purpose of using these devises Critical Analysis In todays world there are so many security risk a computer network cannot be fully protected. Even if a firewall gives protection from outside intruders it cannot protect the network from the inside. I have analyse the network security and come to a conclusion that network to be secured, they should use a hardware firewall to inspect all the outbound and inbound request and a software firewall to protect from other threats such as malware, Trojans, viruses, worms etc. In todays world there are many hackers who would want to hack a company for fun or for money and there are thousands of viruses rereleased to the internet every day. Threats can attack a network of computers in many ways, for example if the firewall allows emails to be sent and received and if an infected email is sent by an intruder, it will pass through the firewall and infect all the computers in that privet network. A software firewall may be considered as an antivirus guard which has a firewall, so this means that this type of software firewalls has more features than just only the firewall. It may have antivirus, spyware, intrusion, browser, email protection and may have many other features as well. As Ive taken the example of the email when the email is been received it will be scanned and filtered if it is detected as spam mail or it will be allowed to enter the network. Because the viruses are becoming more advance the software firewalls has become more advance in detecting threats. Some antivirus software uses three main different approaches to detect threats. They mainly use definition based detection. This is where the software detects viruses and other threats by checking for a known malicious code with the definitions and be removed or deleted. The second main approach is where the software uses is behaviour based detection. This is where the software looks at the installed software or downloaded softwares behaviour. If the software behaviours in suspicious manner where it is collection personal information without the users knowledge it will be removed. Behaviour based detection is more of an advance approach for antivirus software because it does not need the virus definitions to detect threats, it will detect threats even before the virus definitions are been downloaded. The third main approach is cloud based detections. This is where the antivirus company keeps a record of known suspicious and dangerous software in their databases, which has been collected by the antivirus company over the past years. If a user downloads software the antivirus guard will check the downloaded software with their companys databases of known suspicious and dangerous software to see if it is a threat or not to the user. These three approaches of a software firewall will help keep the network safer if the hardware firewall fails to detect threats. These antivirus help protect the network from intrusions through another computer or vulnerabilities in a software installed on a computer. This feature scans all ports the network traffic that enters and exits your computer and compares this information to a set of signatures or definitions. These signatures contain the information that identifies an attackers attempt to exploit a known operating system or program vulnerability. If the information matches an attack signature, Intrusion Prevention will automatically discard the packet and breaks or blocks the connection with the computer that sent the data. A privet network should have a good antivirus programme with all the above mention features and more. Antivirus software like Norton, BitDefender etc are superior antivirus softwares. So I think if there are both hardware and software firewalls in place in the network it will be more secure to threats and vulnerabilities. This is because if the threat is not detected by the hardware firewall there is a chance that the software firewall will detect it. Because these firewall are becoming more sophisticated with advance technology to detect threats these firewalls will be the next defence if the hardware firewall fails to detect the threat. Conclusion