06-08-2014, 12:30 PM
Firewall
[attachment=66642]
Introduction
A firewall is a specialized version of a router. Apart from routing functions and rules, a router can be configured to perform the firewall functionality, with the help of additional software resources
The characteristics of good firewall implementation can be described as follows
All traffic form inside to outside and vice versa, must pass through the firewall .to achieve this all the access to the local network must first be physically blocked and access only via the firewall should be permitted.
Only the traffic authorized as per the local policy should be allowed to pass through.
The firewall itself must be strong enough, so as to render attacks on it.
Packet Filters
The first paper published on firewall technology was in 1988, when engineers from Digital Electronic Corporation(DEC) developed filter systems known as packet filter firewalls.
As the name suggests, a packet filter applies a set of rules to each packet and based on the outcome, decides to either forward or discard the packet. it is also called screening router or screening filter.
Such a firewall implementation involves a router which is configured to filter packets going in either direction (the local network to the outside world and vice versa).
Function Performed
packet filters performs some basic steps which are as follows:
Receive each packet as it arrives .
Pass the packet through a set of rules, based on the contents of the IP and the transport header field of the packet. if there is a match with one of the set rules, decide whether to accept or discard the packet based on that rule.
If there is no match with any rule, take the default action. the default can be discard all packet or accept all packet.
Stateless Packet Filter
Stateless firewalls require less memory, and can be faster for simple filters that require less time to filter than to look up a session. They may also be necessary for filtering stateless network protocols that have no concept of a session.
A stateless packet filter, makes decisions on a packet-by-packet basis and you cannot create rules that can filter packets based on a relationship between one packet and another
Stateful Packet Filters
It is a dynamic packet filter allows the examination of packet based on the current state of the network. that is, it adapts itself to the examination of packets based on the current exchange of information, unlike the normal packet filters, which have routing rules hard coded. For instance , we can specify a rule with the help of a dynamic packet filter as follows
“ Allow incoming TCP packets only if they are responses to the outgoing TCP packets that have gone through our network”
Application Gateway
because it acts like a proxy and decides about the flow of application level traffic.
Application gateway is also called a Bastion Host. Usually bastion host is a key point in the security of a network.
The application gateways work as follows:
An internal user contacts the application gateway using TCP/IP application, such as HTTP or TELNET.
The application gateway ask the user about the remote host with which the user wants to set up a connection for actual communication(its domain name or IP address, etc).
Circuit Gateway
It is a variation of the application gateway, called as circuit gateway. which perform some additional functions as compared to those performed by an application gateway. A circuit gateway , in fact ,creates a new connection between itself and the remote host.
The user is not aware of this and thinks that there is a direct connection between itself and the remote host.
It changes the source IP address in the packets from the end user’s IP address to its own.
Network Address Translation
NAT attempts to solve the problem of the shortage of IP addresses.NAT allows a user to have a large number of IP addresses internally but only a single IP address externally.
only the external traffic needs the external address. internal traffic can work with the internal address.
Single host makes requests on behalf of all internal users
internal users can have any IP address within the range of internal IP addresses.
Only works at the TCP/IP level
NAT Implementation
NAT router has two addresses. one external IP address and the other is internal IP address.
External world knows the router based on the router’s external address where as internal hosts refer to the router based on the router’s internal IP address.
NAT router performs the job of address translation.for this purpose NAT router does following:
For all incoming packets, the NAT router replaces the destination address of the packet with the internal address of the final receiving host.
For all outgoing packets, the NAT router replaces the source address of packet with external address of the NAT router
Choosing the Choke's Protocols
The choke is an intelligent filter: it is usually set up so that only the gate machine can talk to the outside world. All messages from the outside that are directed to internal machines other than the gate are rejected.
The gate determines destinations, then handles requests or forwards them as appropriate. For instance, SMTP (mail) requests can be sent to the gate, which resolves local aliases and then sends the mail to the appropriate internal machine.
you can set up your choke so that only specific kinds of messages are sent through. You should configure the choke to reject messages using unknown protocols.