Firewalls Introduction l What is a firewall Firewalls

Firewalls - Introduction l What is a firewall? – Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical. . Thing. What is it really? – A machine that is more selective than a router that passes data from one network to another. » Some are more complex, some are less complex, but the fundamental point is that they implement a specific security policy for the network traffic between two (or more) points of a site. 1

Firewalls - Overview l What are the duties of a firewall? – Traditional » Firewalls used to be limited to exact and specific functions, mainly acting as a barricade between external and internal networks. The jobs included: l l l Relay Mail Provide Domain Name Service (DNS) Capabilities, and possibly running a “split DNS” environment Filter and otherwise control all traffic flow between the outside and the inside. A site will design a security model (what types of connections are allowed, etc. ) and have the firewall implement this as closely as possible. » Note that the firewall in this model is placed at the permiter of the network, and that inter-machine traffic internally is not effected by the firewall. 2

Firewalls - Overview l What are the duties of a firewall? – Modern » As firewalls become more common and essential to networks, they have taken on more services, in addition to the traditional ones. These include: l l Virus Protection: Many firewalls now provide automatic virus screening for web traffic, E-Mail attachments, and other types of connections and data transfers across the firewall. Mobile Code Protection: In addition to more basic blocks of mobile code (Java, *Script, Active. X, etc. ), firewall systems are beginning to offer containment for the execution of mobile code. These include sandbox machines isolated from the rest of the network and restricted environments to run the Java VM within. 3

Firewalls - Overview l What are the duties of a firewall? – Modern » (continued) l Virtual Private Networks (VPN): As companies need to interconnect remote offices more securely, and do not wish to incur the cost of dedicated circuits, they turn to VPNs. A virtual private network is an encrypted channel between network to network (or remote client to network) that automatically encrypts *ALL* traffic between them. This removes the problem of running encrypted client/server solutions, and allows people to run any software necessary. Remote users with notebooks dialing into national providers can cryptographically authenticate themselves to the firewall, and connect to the corporate network with an automatically encrypted channel. 4

Firewalls - Overview l What are the duties of a firewall? – Modern » (continued) l l Network Address Translation (NAT): The address space limitations with IPv 4 has forced the emergence of network address translation, where internal machines to a company will use private addresses (10. x. x. x for example) which will be translated into a legal set of addresses at a firewall. This increases security as all connections must be passed by the firewall, as the addresses are not known or routable by the general Internet. (This is also useful for home networks or for small companies. ) Intrusion Detection Systems (IDS): Firewalls are starting to be “smarter” about the connections that they see, and now can keep track of strange activity to decide if the connection should be terminated and administrators notified. 5

Firewalls - Types l In general, there are two types of firewalls: – Application or Proxy Firewall » This firewall runs on top of a standard operating system (although typically secured in some ways) and intercepts all traffic. If the firewall is running a special proxy or application to handle the traffic, the service will decide if the traffic should be permitted. If the service permits the traffic, it is sent through to the destination. In many cases, a user may first authenticate to the proxy, and then have to authenticate to the internal machine as well. » If no proxy is running for the service, the service decides that the connection should not be allowed, or if the user is unable to authenticate to the proxy, than the connection is refused by the firewall. 6

Firewalls - Types l Application or Proxy - Examples – Web Proxy: Many companies use web proxies for users to connect to the internet. Many proxies also cache, to reduce some of the load on the network connection. The browser will make the connection to the proxy, which will make the connection to the web site on behalf of the user. If successful, the information is returned to the user. 7

Firewalls - Types l Application or Proxy - Examples – Telnet Proxy: A telnet proxy may behave in different manners, depending on which direction you come from. If the connection is coming from the internal machines, it may be passed silently to the remote host. However, if the connection originates from outside of the firewall, it may be stopped by the firewall, and the user may need to perform additional authentication before being able to connect to the internal machine. 8

Firewalls - Types l The other type is: – Packet Filtering or Network Level Firewalls » These firewalls are almost (or are) completely transparent to the users. They will analyze the source and destination addresses, as well as the source and destination ports for each packet. If the packet, according to the rules defined, is allowed to pass, it is passed silently. If not, it is simply dropped and does not make it through. » Although typically built upon standard operating systems as well, these types of firewalls are also useful to build into dedicated network devices, such as routers or switches. 9

Firewalls - Types l Network Level - Examples – Router Blocks - The most basic example are router blocks. Routers obviously do not allow proxies to be run, and are limited to looking at the packet information to decide if a packet should be allowed to pass. These are quite trivial, but also very useful for many applications. Routers are excellent at blocking spoofed internal packets at the edge of a network, and any types of traffic that should definitely always be blocked. 10

Firewalls - Types l Network Level - Examples – Commercial Firewalls: To distinguish these in general, from router level blocks, these firewalls are typically much more advanced. They look at packet information, but also in many cases, will look at the packet contents as well. Many firewalls allow access control at the point of controlling if files can be read or written via an FTP connection. 11

Firewalls - Types l And the third type. . (third type? ) – Hybrids » Many firewalls do not explicitly fall within either category, rather they have proxies for some types of traffic, and allow packet filtering for other types. Many people prefer this type of system as it has the most flexibility to fit emerging protocols, while still allowing the fine grained control that a proxy provides. 12

Firewalls - Pro/Con l Application Firewalls – Pros: » The proxies allow for a very fine level of control over any connection, and content within the connection. » Typically simple (relatively) to setup and maintain. – Cons: » Any new protocol to be supported must have a proxy written for it. » Running the proxy for each connection incurs additional overhead, and can slow down network access. » Can have difficulty with UDP traffic and UDP-based protocols. 13

Firewalls - Pro/Con l Network Level Firewalls – Pros: » In many cases, the firewall is transparent to the end users. » The system can be very quick, since no additional programs must be executed. » Network level firewalls can be embedded into networking equipment to give more advanced (above router blocks) filtering. – Cons: » The granularity of control is coarser. 14

Firewalls - Pro/Con l Hybrid – The pros and cons of a Hybrid firewall really depend on what has been added or changed from each basic type of system. Some attributes from each system help to cancel out some of the Cons for the other type. 15

Firewalls - Basic Configuration l In general, firewalls are configured in one of two ways: – Deny everything that is not expressly permitted. » Traditional application firewalls fall into this category. Services with proxies running would be handled, while everything else is dropped. – Permit everything that is not expressly denied. » This would be the protection gained from basic router-type blocks. l These types are obviously fundamentally different, with the first being generally more secure. 16