next up previous
Next: References

Dr. Mark Woodcock
CMSC482 - Project 1
FIREWALLS

--Theresa Fernandes

It is truly amazing what computer systems can do these days and how much sensitive material is handled. It is also amazing what people will do to wreak havoc on those systems, whether it be intentional or just because they have nothing better to do. With the growing knowledge and power of computers, come the inevitable attacks that is sure to make peoples' lives miserable. But what can people do to fortify their systems? To protect it from malicious evil doers? There are several ways they can protect their systems, one of which is through the use of a firewall.

A firewall blocks all unauthorized communication between computers in an organization and computers outside that organization. It is also often used to prevent unnoticed and unauthorized export of proprietary information. It is a system or group of systems that enforces an access control policy between two networks. It is a logical device providing security in its configuration of routers and networks which are placed between an organization's internal network and a connection to an external internet. Firewalls that are well-designed protect the network while allowing authorized users and systems to communicate freely. They provide a single choke point where access controls and auditing can be imposed.

The details of a firewall depend on the network technology, the capacity of the connection, the traffic load, and the organization's policies. Therefore, no single solution works for all organizations. A firewall needs sufficient computational power to examine all incoming and outgoing messages. It requires hardware and software optimized to operate at network speeds. Most commercial routers include a high-speed filtering mechanism that can be used to perform much of the necessary work. Another consideration is the cost of a firewall. The cost which a company can incur for a firewall can range from $10,000 to $100,000. It is important, though, to consider not only the original price but also the cost of maintaining the system. The cost of a system depends on the wants of the company. It must be decided what level of monitoring, redundancy, and control is wanted. A checklist of what should be monitored, permitted, and denied should be formed. That is, the overall objectives should be figured out and then combined with a needs analysis and a risk assessment to help specify what type of firewall should be implemented.

The basic types of firewalls are network level and application level. Network level firewalls make their decisions based on the source and destination addresses, as well as ports in individual IP packets. An important distinction about many network level firewalls is that they route traffic directly through them. In order to use one, it is necessary to have a validly assigned IP address block. Application level firewalls are hosts running with proxy servers, which permit no traffic directly between networks. These also perform elaborate logging and auditing of traffic passing through them. Application level firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network level firewalls.

There are many firewalls which are available, though they all aim towards the same goal, they differ slightly in implementation. A screening router is a basic component of most firewalls. They have the ability to block traffic between networks or specific hosts, on an IP port level. Some firewalls consist of only the screening router between a private network and the Internet. Screening routers are not the most secure solution but are popular because of the permission granted to access the Internet from any point in the private network. A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security. They have extra attention shown to their security. They also may undergo regular audits and may have modified software. A dual homed gateway is a bastion host. It is a system which is placed on both the private network and Internet, with the TCP/IP forwarding being disabled. Hosts on the private network can communicate with the gateway as well as hosts on the Internet, but direct traffic between the networks is blocked. Dual homed gateways are often used and easy to implement; however, this system can be compromised if users are permitted logins, in that, if a login can be obtained, all attacks can be made over the local network. Screened host gateway is implemented using a screening router and a bastion host. The screening router is configured to block traffic to the bastion host on specific ports, permitting only a small number of services to communicate with it. Generally, the screened host gateway is very secure, while being fairly easy to implement. Problems arise when an attacker gains access to the bastion host.

Though firewalls are a good means of security, they cannot protect against everything. Firewalls cannot protect against attacks that do not go through the firewall. They cannot protect against viruses because there are too many ways of encoding binary files for transfer over networks and too many different architectures and viruses to try to search for them all. Firewalls cannot protect against a data-driven attack, in which something is mailed or copied to an internal host where it is then executed. There are other ways firewalls can fail or be compromised. There are some people who are intelligent enough to find a loophole through the firewall which permits them to probe systems in the private network. The worst case is if someone were to not only break into the firewall, but to reconfigure it so that the entire private network is reachable by anyone. This is referred to as destroying a firewall, not just breaking into it. An important measure of how well a firewall resists threat is the information it gathers to help determine the course of attack. It is not a good thing if a firewall is compromised without any trace of how the attack took place. No security system is 100% secure; however, firewalls enhance host security by funneling attackers through a narrow gap where there is a chance of catching or detecting them first.

Even with its shortcomings, firewall technology has become a hot item. Some commercial firewalls are BlackHole, Gauntlet by TIS, Eagle from Raptor Systems, SmartWall by V-One, and SecurityGate by DEC. This list is very short compared to the one which was given for product overview for firewalls. The growing number of producers would indicate a high consumber rate for this type of security. It is up to the prudent consumer to decide if a firewall will meet the needs of their company.





next up previous
Next: References



Theresa Fernandes
Thu Oct 26 23:33:18 EDT 1995