What is a firewall?
The term Firewall comes from a design technique in construction to prevent, limit fire. In the information technology network, a firewall is a technology that is integrated into the network to prevent unauthorized access, to protect internal information resources and to limit unwanted intrusion into the system. Firewall is a mechanism to protect the Trusted network from untrusted networks.
Firewall is placed between the intranet of a company, an organization, a branch or a nation, and the Internet. The main role is to protect information, prevent unwanted access from the Internet and prohibit access from the Intranet to certain addresses on the Internet.
Main functions
The main function of the firewall is to control the flow of information between the Intranet and the Internet. Establish a mechanism to control the flow of information between the intranet and the Internet. Detail:
Allow or prohibit access to services (from the Intranet to the Internet).
Allow or prohibit access to services (from the Internet to the Intranet).
Monitor network traffic between the Internet and the intranet.
Control access address, ban access address.
Control user access and user access.
Control the content of information flowing over the network.
The components
A standard firewall consists of one or more of the following components:
Packet filtering (packet-filtering router)
Application-level gateway or proxy server
Circuite level gateway
Packet filtering (Paket filtering router)
Principles
When it comes to interconnecting data between networks through a firewall, that means that the firewall works closely with the TCI / IP protocol. Because this protocol works by breaking down the data received from the applications on the network, or more precisely, services that run on protocols (Telnet, SMTP, DNS, SMNP, NFS). ) into data packets, and then assign these packets addresses that can be identified and retransmitted at the destination to which they are sent, so that the types of firewalls are also very relevant to packets and packets. their address number.
Packet filters allow or deny each packet that it receives. It checks the entire data segment to determine if that piece of data satisfies one of the rules of packet filtering. These packet filter rules are based on the information at the beginning of each packet (packet header), which is used to allow the transmission of packets on the network. That is:
IP source address (IP Source address)
IP address address (IP Destination address)
Communication procedures (TCP, UDP, ICMP, IP tunnel)
TCP / UDP source port (TCP / UDP source port)
TCP / UDP destination port (TCP / UDP destination port)
ICMP message type (ICMP message type)
Inbound interface (incomming interface of packet)
Outcomming interface of packet
If the packet filtering rules are satisfied then the packet is passed through the firewall. Otherwise the packet will be dropped. As a result, the firewall can prevent connections to certain servers or networks, or block access to the local network from unauthorized locations. In addition, port control allows the firewall to only allow certain types of connections to certain types of servers, or only certain services (Telnet, SMTP, FTP ...). Permitted to run on the local network.
Advantage
Most firewall systems use packet filters. One of the advantages of packet filtering is that it is low cost because the packet filtering mechanism is included in every router software.
In addition, the packet filter is transparent to the user and applications, so it does not require any special training.
Limit
Defining package filtering rules is quite a hassle; Network administrators require detailed knowledge of Internet services, types of packet headers, and specific values that can be received per site. As the demand for filtration grows, filtering rules become more complex and difficult to manage and control.
Because it is based on the packet header, it is clear that packet filters do not control the packet's contents. Packets that pass through can still carry out actions intended to steal information or sabotage the bad guys.
Application-level getway
Principles
This is a type of firewall designed to increase the control over the types of services the protocol allows access to the network. Its mechanism of action is based on the so-called Proxy service. Proxy services are special code sets that are installed on the gateway for each application. If the network administrator does not install the proxy code for an application, the corresponding service will not be provided and therefore can not pass information through the firewall. In addition, proxy code can be configured to support only certain features in the application that the network administrator considers acceptable while rejecting other features.
An application gateway is considered to be a bastion host, because it is specifically designed to withstand attacks from the outside. The security measures of a bastion host are:
Bastion hosts always run the secure version of the operating system software. These security versions are designed specifically for the purpose of combating attacks on the operating system, as well as ensuring firewall integrity.
Only services that the administrator considers necessary are installed on the bastion host, simply because if a service is not installed, it can not be attacked. In general, only a limited number of applications for Telnet, DNS, FTP, SMTP and user authentication services are installed on the bastion host.
Bastion hosts may require different levels of authentication, such as user passwords or smart cards.
Each proxy is configured to allow access to only certain hosts. This means that the command set and feature set for each proxy are valid only for some servers across the system.
Each proxy maintains a diary that records the entire details of traffic through it, each connection, the length of the connection. This log is very useful in tracking down or stopping the vandal.
Each proxy is independent of other proxies on the host bastion. This makes it easy to install a new proxy, or to remove a proxy that is having problems.
Advantage
Allows the network administrator to fully control each service on the network, because the proxy application restricts the order and determines which servers can be accessed by the service.
Allows the network administrator to fully control which services are allowed, because the absence of proxies for the corresponding services means that the services are locked.
The application gateway allows for very good authentication, and it logs information about system access.
The law of filtering filltering for application gateways is easier to configure and test than packet filters.
Limit
Ask users to change their behavior, or change software installed on the client for access to proxy services. For example, Telnet access through the application port requires two steps to connect to the server rather than just one step. However, there are also some client software that allows applications on the application port to be transparent, by allowing the user to point to the destination machine rather than the application port on the Telnet command.
Circuit-Level Gateway
A loop port is a special function that can be implemented by an application gateway. The loop gate simply relay TCP connections without any action or packet filtering.
The following illustration illustrates an action that uses telnet connection through the gateway. The simple loop gateway forwards telnet connections through the firewall without performing any inspection, filtering, or manipulation of Telnet routines. The loop port is working like a wire, copying the bytes between internal connections (inside connection and outside connections. However, since this connection appears from the firewall, it hides information about the local network.
Roundabouts are used for outbound connections, where network administrators truly trust internal users. The biggest advantage is that a bastion host can be configured as a mixture that provides application gateways for incoming connections, and round ports for outgoing connections. This makes the FireWire system easy to use for those on the local network who want to access Internet services directly, while still providing firewall functionality to protect the local network from unauthorized access. attack outside.
Limitations of the firewall
Firewall is not smart enough to be able to read each type of information and analyze its good or bad content. Firewall can only prevent the intrusion of unwanted information sources, but must specify the address parameters.
Firewall can not block an attack if this attack does not "go through". it. Specifically, firewalls can not withstand a dial-up attack, or leaking information due to illegal data being copied to a floppy disk.
Firewalls can not withstand data-drivent attacks. When some programs are routed electronically, the racket through the firewall enters the secured network and starts operating here.
An example is computer viruses. Firewall can not do the task of scanning the virus on data transferred through it, due to the speed of work, the continuous appearance of new viruses and because of many ways to encrypt the data, leaving the ability to check. control of the firewall.
However, Firewall is still the most widely adopted solution.
