Firewalls

views updated May 17 2018

Firewalls

A firewall is a computer security device that is situated between a small business's internal network and the Internet. It can work at either the software or the hardware level to prevent unwanted outside access to the company's computer system. Matthew Sarrel, writing for PC Magazine, provided the following definition: "A firewall must contain a stateful packet inspection (SPI) engine, which examines the content of packets and grants access to your network only if the traffic appears legitimate. Firewalls can also block inappropriate inbound and outbound traffic based on rules or filters. Internet Protocol (IP) filtering, for example, can block employees behind the firewall from accessing or receiving mail from specific IP addresses. Also, traffic can be blocked based on your network card's unique identifier, called a MAC (media access control) address. Many firewalls can control traffic using keyword and domain filters, letting you block traffic to specific sites. More sophisticated firewalls let you create complex rules." The firewall thus basically acts as a guard, identifying each packet of information before it is allowed to pass through. It is one of the most effective forms of protection yet developed against hackers operating on the Internet. A "stateful" engine, by the way, is electronics parlance for software able to remember its earlier states, usually by saving values in memory.

Ideally, a firewall will detect intruders, block them from entering the company's computer network, notify the system administrator, record information about the source of the attempted break-in, and produce reports to help authorities track down the culprits. Since firewalls can be set to monitor both incoming and outgoing Internet traffic, they can also be used to prevent employees from accessing games, newsgroups, or adult sites on the Internet.

Despite the potential advantages of firewalls, however, some small businesses remain unprotected. Owners sometimes believe that firewalls are too expensive or demand too much technical expertise. Others believe that no hacker would be interested in the information contained on their computers. Wrong! Intruders often seek unprotected computers to serve as unknowing transmitters for spam mail. Later the company may discover this when many sites that have protected themselves refuse the company's own mail. Many hackers also seek to disrupt companies' operations just for the hell of it. A small business may lose valuable information or cause itself no end of hassle by failing to erect a firewall.

EVALUATING THE NEED FOR A FIREWALL

Any computer connected to the Internet is vulnerable to hackers. Networked computers require more robust protection than free-standing machines. The free-standing machine connected to the Internet may be sufficiently protected by software arrangementsand the protection provided to its e-mail by the Internet portal operator.

Although firewalls have a number of potential advantages, they do not provide foolproof protection and also have some potential disadvantages. As Steffano Korper and Juanita Ellis wrote in The E-Commerce Book, firewalls cannot protect against computer viruses or against data theft by authorized users of a company's computer network. In addition, firewalls have some expense. Ideally they will be installed by a service organization.

Some small businesses avoid the need for a firewall by using a simple security measure known as "air gapping." This means that the company's computer network is kept completely separate from the Internet. One method of air gapping involves accessing the Internet only from a standalone computer not connected to the internal network; that machine, of course, will not hold any valuable or confidential information. This approach may be cheap but will not serve an organization that actively uses the Internet in its business operations. Another method involves only running Web servers that outsiders can reach on a secure system belonging to an Internet Service Provider (ISP).

TYPES OF FIREWALL PROTECTION

The hardware security systems that act as firewalls vary in configuration and sophistication. One relatively simple device involves using a routerwhich controls the sending and receiving of messagesequipped with packet filters to examine the messages. This system can be configured to block traffic to or from certain Internet destinations or all unknown destinations. This type of security system is relatively inexpensive and easy to set up, but it also offers only minimal protection from hackers. A slightly more sophisticated and secure system is a proxy server. A proxy server works by stopping all incoming and outgoing traffic for inspection before forwarding it. One advantage of this type of system is that it can create a log of all messages sent and received. Proxy servers can be difficult to install, however, and can also make Internet use less convenient for employees.

Both routers and proxy servers have one major disadvantage in terms of the security they provide. These systems base their evaluation and approval of messages on the header, which lists the sender, recipient, source, and destination. But hackers can easily create false headers to fool the filtering systems. One way to overcome this problem is through type enforcement, which also scans the content of messages. Another system, already mentioned, is the stateful inspection firewall; it uses an even more sophisticated method of verifying the sources of messages. Finally, it is possible to use any combination of routers, filters, proxy servers, and firewalls to create a layered security system. A large company like Motorola, for example, might place a firewall at the outside of the system, and connect it to a gateway computer, and then connect that machine to a router with packet filters, and finally connect the router to the internal computer network.

TIPS ON BUYING A FIREWALL

Before purchasing a firewall, a small business owner should consider what type of information must be protected, and how severe the consequences of an attack might be. These factors will help determine how much money and time the company should spend on the firewall purchase. It is important to remember that the true costs of a firewall include installation and setup, training, maintenance, and regular updates. In addition, understanding the distinctions between different productsand installing the product properlyrequires technical expertise and may involve hiring an outside computer expert.

Firewall protection comes in a wide variety of forms. Some basic firewall software is available for free on the World Wide Web. These simple packages can be downloaded and installed fairly easily, but they provide fewer options for users and do not offer technical support in case of problems. Many other software solutions are available at retail computer stores or via mail order. These firewalls are also easy to install and often feature technical support. The most sophisticated firewalls are complete hardware systems that can cost thousands of dollars. These systems usually include a number of additional features. For example, they often can be used as routers for directing traffic among computers in a network. Some of the top firewall vendors include Ascend, Cisco, Sterling Commerce, CyberGuard, LanOptics, and Microsoft.

Besides meeting the small business's basic computer security needs, a firewall should work with your hardware and software, as well as that used by your ISP. It also should not slow down your Internet connection too noticeably. The most versatile products conform to the Open Platform for Secure Enterprise Connectivity (OPSEC), a standard that is supported by many top vendors and that makes it easier to combine security products from different sources.

When evaluating possible firewalls, it may be helpful to look for product reviews in computer magazines or on the World Wide Web. Once the purchase decision has been made and the firewall is up and running, it is important to test the product. Many firewalls are breached by hackers due to faulty installation or configuration. In fact, Emery recommends having a team of technically minded employees try to break into the system from outside. This exercise may help the internal experts understand the strengths and limitations of the firewall, as well as how it fits into the context of the small business's overall computer security policy.

see also Internet Security

BIBLIOGRAPHY

Cert Coordination Center. Carnegie Mellon Software Engineering Institute. Available from http://www.cert.org. Retrieved on 29 April 2006.

Korper, Steffano, and Juanita Ellis. The E-Commerce Book: Building the E-Empire. Academic Press, 2000.

Passmore, David. "Inside-Out Security. Business Communications Review. March 2006.

Rae-Dupree, Janet. "Risky Business Online." U.S. News & World Report. 4 September 2000.

Sarrel, Matthew D. "Business Body Armor: All sorts of enemy combatants want to penetrate your network, but you can turn attacks aside with the right combo of hardware and tactics." PC Magazine. 7 March 2006.

Smith, Tim. "Firewalls Explained." Computer Act!ve. 2 February 2006.

                            Hillstrom, Northern Lights

                              updated by Magee, ECDI

Firewalls

views updated May 21 2018

Firewalls

Firewalls

In computer terms, a firewall is a boundary system that sits between two networks and enforces a security policy that determines what information is allowed to pass between them. The networks in question are typically a corporate, or private, local area network (LAN) and the public Internet. The security policy can be very simple, allowing most communication to pass through, or can be very complex, allowing only specifically designated traffic from specifically designated hosts to cross the boundary.

A firewall acts like a security guard that monitors all incoming and outgoing traffic and makes decisions about whether or not certain traffic is allowed. These decisions are based on the security policy. Under the simplest, least restrictive security policy, everything is allowed except that which is explicitly denied. Under the most complex, most restrictive policy, everything is denied except that which is explicitly allowed. What this means in practical terms is that a firewall may be relatively simple to configure and manage, or it can be very complex and time-consuming to maintain.

Firewalls can be implemented at the network, transport, or application layers of the TCP/IP Protocol Suite . The level of sophistication that a security policy can enforce depends on the layer at which the firewall is implemented. The TCP/IP protocol suite, sometimes referred to as the DoD (Department of Defense) model, divides the network into four layers. From the bottom up, they are the physical or hardware layer, which describes the way networks are connected together; the network layer, which defines the addresses of the network and its hosts (computers that are part of the network, whether workstations or servers) and manages the routing of packets between networks; the transport layer, which provides end-to-end communication between services and establishes the reliability of the connection between networks and hosts; and the application layer, which is responsible for the actual services provided by a network such as e-mail, authentication method, and file transfer capability.

Network Layer Firewalls

At the network layer, a firewall controls access by examining the addresses or ports that the data packet is coming from or going to. This is the most basic type of firewall and is called a packet filtering firewall. Not only can packets be filtered based on the IP address of a host, they can also be filtered based on the port number of the service desired. For example, a security policy for a packet filtering firewall might be configured to allow all incoming packets from any address only if they are destined for SMTP (Simple Mail Transfer Protocol) port 25, which is the service that processes e-mail. This would allow the network to accept incoming e-mail from anywhere on the Internet. But anyone trying to access the FTP (File Transfer Service) that operates on port 21 would be denied.

On the other hand, if it was determined that a network called "spam-me.com" was sending unwanted e-mail, the security association could be extended to deny any incoming packets from that specific network, while still allowing SMTP traffic from all other networks. At this layer, the firewall does no analysis of the data contained in the packets, nor does it provide any ability to hide the addresses of the internal systems on outgoing packets. A packet filtering firewall is the least effective of all the types of firewalls available.

Transport Layer Firewalls

For firewalls at the transport layer, the decisions made by the security policy can be more complex and therefore offer more security. Sometimes referred to as circuit level or proxy firewalls, these types of firewalls can verify the source and destination of the communicating devices before opening the connection. After that initial verification, it is assumed that all further communication is allowed until the session is closed.

With this type of firewall, the addresses for the internal or private network can be hidden behind the address of the device providing the proxy service. The result is that only the address of the firewall is made public, preventing unauthorized individuals or hosts from knowing too much about the private network. The hiding of the internal addresses is called Network Address Translation (NAT) and is the feature most commonly implemented on firewalls at this level. This type of firewall can also provide proxy port IDs for network services, so that on the private network, common service destination ports can be changed but the sources trying to communicate with those services are unaware of the change.

As an example, incoming e-mail destined for the firewall's IP address and Port 25 is transparently routed to a host with a different IP address that may even have the SMTP service assigned to a port other than Port 25. This effectively hides the e-mail server so intruders can not find it. But even if they do discover the address of the mail server, they would still need to discover the port number to which the service has moved. This makes the job of attacking the mail server much more difficult.

Application Layer Firewalls

Firewalls that operate at the application layer offer the most security of all possible configurations. Sometimes called Stateful Packet Filtering firewalls, these devices can perform an analysis on the contents of an individual data packet in order to do a more thorough job determining what is to be allowed or denied. For example, if the firewall allowed incoming Hypertext Transfer Protocol (HTTP) packets to be passed to the network, a malicious user could hide a Trojan Horse in a web page. A Trojan Horse is a malicious program hidden inside of a program that the network accepts as harmless. In this case, it could be an applet embedded in a web page. When the web page reaches its destination, the applet is released and causes harm to the network or host. A simple Packet Filtering Firewall would let the packet in because it appears to be on the allowed list but the Stateful Packet Filtering Firewall would look inside the packet and see that there is an embedded application and choose to deny that packet entry to the network.

Regardless of which layer the firewall functions at, the actual firewall can be either a software solution or a dedicated appliance. There is typically degradation in performance when running a firewall as software on a computer that runs other applications. Also, the firewall is typically exposed to the Internet so the computer and its other applications will be exposed as well. Dedicated appliances generally offer the most secure solution as a firewall, and provide the best performance. But they are more costly and can be more complicated to configure. Software or hardware, application, transport or network layer, no matter the type or level of implementation, a firewall is a necessary part of today's networking technology to provide a measure of security and privacy for data and the people who use it.

see also E-commerce; Security; Security Software; World Wide Web.

Cynthia Tumilty Lazzaro

Bibliography

Blacharski, Dan. Network Security in a Mixed Environment. Foster City, CA: IDG Books Worldwide, Inc., 1998.

Strebe, Matthew, and Charles Perkins. Firewalls 24seven, 2nd ed. San Francisco: Sybex Books, 2002.

Internet Resources

Smith, Gary. "A Brief Taxonomy of Firewalls." SANS Institute. May 2001. <http://rr.sans.org/firewall/taxonomy.php>

Tyson, Jeff. "How Firewalls Work." Marshall Brain's How Stuff Works. <http://www.howstuffworks.com/firewall.htm>

Firewall

views updated May 23 2018

Firewall ★★ 2006 (PG-13)

The 60something Ford does the heroic family man thing again. Here he plays Jack Stanfield, a security specialist at a Seattle bank, whose family is held hostage by psycho thief Bill Cox (Bettany) and his gang. Cox needs Jack to circumvent his own security system so that $100 million can be transferred to an offshore account. Jack, of course, decides to thwart their nefarious plan and save his family. Ford is his usual stalwart self, but the movie is a paintbynumbers disappointment that brings nothing new to the wellworn genre 120m/C DVD, Bluray Disc, HD DVD . US Harrison Ford, Paul Bettany, Virginia Madsen, Mary Lynn Rajskub, Robert Patrick, Robert Forster, Alan Arkin, Carly Schroeder, Jimmy Bennett, Vince Vieluf, Kett Turton, Vincent Gale, Nikolaj CosterWaldau; D: Richard Loncraine; W: Joe Forte; C: Marco Pontecorvo; M: Alexandre Desplat.

firewall

views updated May 21 2018

fire·wall / ˈfīrˌwôl/ • n. a wall or partition designed to inhibit or prevent the spread of fire. ∎  any barrier that is intended to thwart the spread of a destructive agent: a firewall to prevent further cases of mad cow disease. ∎  Comput. a part of a computer system or network that is designed to block unauthorized access while permitting outward communication.

firewall

views updated Jun 11 2018

firewall A system designed to control the passage of information from one network into a second network. Typically a firewall will be used as a means of reducing the risk of unwanted access to sensitive systems, where one carefully regulated network contains the sensitive systems and is connected to a larger less-regulated network. A firewall can be effective if access to the firewall itself is carefully regulated.