web technologies, assignment 2 - 123seminarsonly.com · web viewweb technologies, assignment 2 page...
Post on 19-May-2018
215 Views
Preview:
TRANSCRIPT
Web Technologies, Assignment 2
FIREWALLS
To
Dr. Ahmed Elfatatry
Web Technologies Assignment 2
First Term 2011-2012
By
Yasser M M Gharib
Page 1 of 15 Yasser Gharib
Web Technologies, Assignment 2
FIREWALLContents
1. Introduction 3
2. Definition 5
3. FIREWALL TYPES 5
a. Hardware Firewalls 5
b. Software Firewalls 5
4. Firewall Techniques 6
a. Packet Filtering 7
b. Circuit Relay 8
c. Application Gateway 9
5. Conclusion 10
6. References 11
7. Appendix Firewall Products 11
a. Packet Filtering & Stateful Inspection Firewalls 11
b. Application Firewalls 11
c. Multifunction Firewalls 13
d. Other Types Of Firewalls 15
Page 2 of 15 Yasser Gharib
Web Technologies, Assignment 2
1. Introduction (1)
There are many creative ways that unscrupulous people use to access or abuse
unprotected computers:
Remote login – Ability to someone to connect to your computer and control it in
some form. This can range from being able to view or access your files to
actually running programs on your computer.
Application backdoors - Some programs have special features that allow for
remote access. Others contain bugs that provide a backdoor, or hidden access,
that provides some level of control of the program.
SMTP session hijacking – Simple Mail Transport Protocol (SMTP) is the most
common method of sending e-mail over the Internet. By gaining access to a list
of e-mail addresses, a person can send unsolicited junk e-mail (spam) to
thousands of users. This is done quite often by redirecting the e-mail through the
SMTP server of an unsuspecting host, making the actual sender of the spam
difficult to trace.
Operating system bugs - Like applications, some operating systems have
backdoors. Others provide remote access with insufficient security controls or
have bugs that an experienced hacker can take advantage of.
Denial of service - You have probably heard this phrase used in news reports on
the attacks on major Web sites. This type of attack is nearly impossible to
counter. What happens is that the hacker sends a request to the server to connect
to it. When the server responds with an acknowledgement and tries to establish a
session, it cannot find the system that made the request. By inundating a server
with these unanswerable session requests, a hacker causes the server to slow to a
crawl or eventually crash.
E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends
you the same e-mail hundreds or thousands of times until your e-mail system
cannot accept any more messages.
Page 3 of 15 Yasser Gharib
Web Technologies, Assignment 2
Macros - To simplify complicated procedures, many applications allow you to
create a script of commands that the application can run. This script is known as
a macro. Hackers have taken advantage of this to create their own macros that,
depending on the application, can destroy your data or crash your computer.
Viruses - Probably the most well-known threat is computer viruses. A virus is a
small program that can copy itself to other computers. This way it can spread
quickly from one system to the next. Viruses range from harmless messages to
erasing all of your data.
Spam - Typically harmless but always annoying, spam is the electronic
equivalent of junk mail. Spam can be dangerous though. Quite often it contains
links to Web sites. Be careful of clicking on these because you may accidentally
accept a cookie that provides a backdoor to your computer.
Redirect bombs - Hackers can use the Internet Control Message Protocol (ICMP) to
change (redirect) the path information takes by sending it to a different router.
This is one of the ways that a denial of service attack is set up.
Source routing - In most cases, the path a packet travels over the Internet (or
any other network) is determined by the routers along that path. But the source
providing the packet can arbitrarily specify the route that the packet should
travel. Hackers sometimes take advantage of this to make information appear to
come from a trusted source or even from inside the network.
To determine and stop these threats we use firewall, So What is Firewall and its
type, location of this type, advantage and disadvantage of each type.
Page 4 of 15 Yasser Gharib
Web Technologies, Assignment 2
2-DefinitionFirewall is simply a software or hardware device that handles or mediates traffic
flow between one network and others, performing security checks on that traffic in
accordance with a predetermined security policy. If traffic fails to match the
security policy, then it is not allowed through the firewall. The security policy is
usually enforced by a firewall rule set, against which traffic is checked.(1)
Firewall checks for specified content, malformed or abnormal traffic at some layer of the
protocol hierarchy or checks that help determine that the traffic comes from the claimed source.(1)
The purpose of the firewall is to protect entities in one network from threats originating
in another network.(2)
3-FIREWALL TYPES (4) Firewalls can be either hardware or software.
a. Hardware Firewalls
Hardware firewalls can be purchased as a stand-alone product but more
recently hardware firewalls are typically found in broadband routers, and
should be considered an important part of the system and network set-up,
especially for anyone on a broadband connection. Hardware firewalls can be
effective with little or no configuration, and they can protect every machine
on a local network.
b. Software Firewalls
For individual home users, the most popular firewall choice is a software
firewall. Software firewalls are installed on computer (like any software) and
can customize; allowing you some control over its function and protection
features. A software firewall will protect computer from outside attempts to
control or gain access computer, and, depending on choice of software
firewall
Advantages of a software firewall(3)
Page 5 of 15 Yasser Gharib
Web Technologies, Assignment 2
Free of charge or low-priced to install
Easy to install
Professional skills not required for configuration
Levels of admission can be locate
Advantages of a hardware firewall(3)
Centralized management achievable
Secure
Speedy
Fewer interference; can be maintained with no affecting other regions of
network and does not make the applications to be time-consuming.
Disadvantages of a software firewall(3)
Might make the applications slow
Might be intense on computer system resources
Can be hard to eliminate
Every host wants to be updated repeatedly
No centralized administration
Disadvantages of a hardware firewall(3)
Costly to buy
Specialist knowledge may be necessary to install and configure
Takes up substantial space
Difficult to upgrade
4. Firewall Techniques: The most basic type firewall performs Packet Filtering.
A second type of firewall, which provides additional security, is called a Circuit
Relay.
Another and still more involved approach is the Application Level Gateway.
Page 6 of 15 Yasser Gharib
Web Technologies, Assignment 2
a. Packet Filtering (6) All Internet traffic travels in the form of packets. A packet is a quantity of data of
limited size, kept small for easy handling. When larger amounts of continuous data
must be sent, it is broken up into numbered packets for transmission and
reassembled at the receiving end. All your file downloads, Web page retrievals,
emails -- all these Internet communications always occur in packets.
A packet is a series of digital numbers basically, which conveys these things:
The data, acknowledgment, request or command from the originating
system
The source IP address and port
The destination IP address and port
Information about the protocol (set of rules) by which the packet is to be
handled
Error checking information
Usually, some sort of information about the type and status of the data
being sent
Page 7 of 15 Yasser Gharib
Web Technologies, Assignment 2
Often, a few other things too.
In packet filtering, only the protocol and the address information of each packet is
examined. Its contents and context (its relation to other packets and to the intended
application) are ignored. The firewall pays no attention to applications on the host
or local network and it "knows" nothing about the sources of incoming data.
Filtering consists of examining incoming or outgoing packets and allowing or
disallowing their transmission or acceptance on the basis of a set of configurable
rules, called policies.
Packet filtering policies may be based upon any of the following:
Allowing or disallowing packets on the basis of the source IP address
Allowing or disallowing packets on the basis of their destination port
Allowing or disallowing packets according to protocol.
This is the original and most basic type of firewall.
Packet filtering alone is very effective as far as it goes but it is not foolproof
security. It can potentially block all traffic, which in a sense is absolute security.
But for any useful networking to occur, it must of course allow some packets to
pass. Its weaknesses are:
Address information in a packet can potentially be falsified or "spoofed" by the
sender
The data or requests contained in allowed packets may ultimately cause
unwanted things to happen, as where a hacker may exploit a known bug in a
targeted Web server program to make it do his bidding, or use an ill-gotten
password to gain control or access.
Advantage of packet filtering is its relative simplicity and ease of
implementation.
Disadvantage:
The challenge with packet-filtering firewalls is that ACLs are static, and packet
filtering has no visibility into the data portion of the IP packet.(7)
Page 8 of 15 Yasser Gharib
Web Technologies, Assignment 2
b. Circuit Relay (6) Also called a "Circuit Level Gateway," this is a firewall approach that validates
connections before allowing data to be exchanged.
What this means is that the firewall doesn't simply allow or disallow packets but
also determines whether the connection between both ends is valid according to
configurable rules, then opens a session and permits traffic only from the allowed
source and possibly only for a limited period of time. Whether a connection is valid
may for examples be based upon:
destination IP address and/or port
source IP address and/or port
time of day
protocol
user
password
Every session of data exchange is validated and monitored and all traffic is
disallowed unless a session is open.
Circuit Level Filtering takes control a step further than a Packet Filter.
Advantages of a circuit relay is that it can make up for the shortcomings of the
ultra-simple and exploitable UDP protocol, wherein the source address is never
validated as a function of the protocol. IP spoofing can be rendered much more
difficult.
Disadvantage is that Circuit Level Filtering operates at the Transport Layer and
may require substantial modification of the programming which normally provides
transport functions (e.g. Winsock).
c. Application Gateway (6) In this approach, the firewall goes still further in its regulation of traffic.
Page 9 of 15 Yasser Gharib
Web Technologies, Assignment 2
The Application Level Gateway acts as a proxy for applications, performing all
data exchanges with the remote system in their behalf. This can render a computer
behind the firewall all but invisible to the remote system.
It can allow or disallow traffic according to very specific rules, for instance
permitting some commands to a server but not others, limiting file access to certain
types, varying rules according to authenticated users and so forth. This type of
firewall may also perform very detailed logging of traffic and monitoring of events
on the host system, and can often be instructed to sound alarms or notify an
operator under defined conditions.
Advantage: Application-level gateways are generally regarded as the most secure
type of firewall. They certainly have the most sophisticated capabilities.
Disadvantage is that setup may be very complex, requiring detailed attention to the
individual applications that use the gateway.
An application gateway is normally implemented on a separate computer on the
network whose primary function is to provide proxy service.
5. Conclusion:All firewalls regardless of type have one very important thing in common: they
receive, inspect and make decisions about all incoming data before it reaches other
parts of the system or network. That means they handle packets and they are
strategically placed at the entry point to the system or network the firewall is intended
to protect. They usually regulate outgoing data as well. The types and capabilities of
firewalls are defined essentially by:
Where they reside in the network hierarchy (stack);
how they analyze and how they regulate the flow of data (packets);
and additional security-related and utilitarian functions they may perform.
Some of those additional functions:
o data may be encrypted/decrypted by the firewall for secure
communication with a distant network
Page 10 of 15 Yasser Gharib
Web Technologies, Assignment 2
o Scripting may allow the operator to program-in any number of specialized
capabilities
o The firewall may facilitate communications between otherwise
incompatible networks.
6- Reference:1. http://computer.howstuffworks.com/firewall3.htm
2. http://www.cpni.gov.uk/Documents/Publications/
2005/2005007_TN1004_Understanding_firewalls.pdf
3. http://forums.techarena.in/networking-security/1376397.htm
4. http://www.webopedia.com/DidYouKnow/Hardware_Software/2004/firewall_types.asp
5. iac.dtic.mil/iatac/download/firewalls.pdf
6. http://www.pc-help.org/www.nwinternet.com/pchelp/security/firewalls.htm
7. http://www.networkworld.com/subnets/cisco/060109-ch1-cisco-secure-firewalls.html
8. Appendix Firewall Products(5)
For more details see (iac.dtic.mil/iatac/download/firewalls.pdf)a. Packet Filtering & Stateful Inspection Firewalls
Deerfield.com VisNetic Firewall for Servers eSoft InstaGate FirewallGCIS Firewall Sentinel™ and Proxy Sentinel™Intertex SurfinBird IX FW SeriesIPFIREWALL (IPFW)Mac® OS X Server ipfw and Application FirewallsNetfilterNetSib NetworkShield FirewallNuFirewallPacket FilterQbik WinGate Proxy ServerReaSoft Network Firewall Soft in Engines Bandwidth Management and Firewall Sphinx Software Windows Firewall Control Plus Server Edition TRENDnet -Port Gigabit Firewall RouterWindows Firewall Untangle Firewall
b. Application FirewallsAlcatel-Lucent OmniAccess Web Services Gateway
Page 11 of 15 Yasser Gharib
Web Technologies, Assignment 2
Alt-N SecurityGateway for Exchange/SMTP ServersAnchiva Secure Web Gateway A Series and Web Application Firewall S SeriesApplicure dotDefenderArmorlogic Profenseart of defence hyperguardAxway MailGateBalaBit IT Security ZorpBarracuda® Spam & Virus Firewall Barracuda® Web Application FirewallsBee Ware i-SuiteBugSec WebSniperCisco® ACE Web Application FirewallCisco® ACE XML GatewaysCisco® IOS FirewallCisco® IronPort® Email Security Appliances Citrix® NetScaler® Application Firewall™CloudShield DNS DefenderDeny All rWeb Deny All rFTP Deny All sProxy DigiPortal ChoiceMail Enterprise and ChoiceMail Small BusinesseEye SecureIISExcelerate SpamGateF® BIG-IP® Application Security ManagerFortinet® FortiWeb™ Web Application and XML FirewallsForum Sentry XML GatewayGreenSQL Express, Light, Pro, and Database FirewallHorizon Network Security™ SPAM Cracker™
IBM® WebSphere® DataPower XML Security Gateway XS Igaware Web Filtering ApplianceIMGate Mail FirewallImperva SecureSphere Database FirewallImperva SecureSphere File FirewallImperva SecureSphere Web Application Firewall Intel® SOA Expressway Service Gateway Korsmeyer Extensible Messaging PlatformLayer SecureSpan™ XML FirewallModSecurityMONITORAPP DB INSIGHT SG™.
Page 12 of 15 Yasser Gharib
Web Technologies, Assignment 2
MONITORAPP Web INSIGHT SG™
Netop NetFilterOracle® Database FirewallPhantom Technologies iBoss Enterprise Web FilterPhantom Technologies iBoss Home Internet Parental ControlPhantom Technologies iBoss Pro Internet Content iFilter PrismTech Xtradyne I-DBC IIOP Firewall PrismTech Xtradyne WS-DBCPrivacyware ThreatSentryProofpoint Email Firewall™Qualys® IronBee™
Radware AppWall®RedCondor Message Assurance GatewaysRetell Sense Voice FirewallSafeNet® eSafe Mail Security GatewaySafeNet® eSafe Web Security Gatewayseaan.net MXtruder SPAMINA Email Service Firewall and Email Service Firewall for MSP/ISPsSpamTitanSpamWall Antispam FirewallTrustwave WebDefend®
Vicomsoft InterGate Policy ManagerwebScurity WebApp.secure™
c. Multifunction FirewallsAker FirewallAlcatel-Lucent VPN Firewall Brick™
Arkoon Security FAST Network Processor AppliancesAstaro™ Security GatewaysBarracuda® NG FirewallBluegrassNet Voice SP Firewall/SIP Proxy Check Point Power-™ AppliancesCheck Point IP AppliancesCheck Point Safe@Office UTM AppliancesCheck Point Series ApplianceCheck Point UTM-™ AppliancesCisco ASA Series Adaptive Security AppliancesCyberoam® UTM AppliancesClavister® Enterprise Security Gateway SeriesD-Link NetDefend Firewall/VPN UTM Appliances
Page 13 of 15 Yasser Gharib
Web Technologies, Assignment 2
EdenWall Security AppliancesEGG Network Security ApplianceEndian UTM Software, Hardware, and Virtual Appliances .Entensys UserGate Proxy & FirewallFortinet® FortiGate® AppliancesGajShield Unified Performance & Threat Management Appliances GeNUGate Two-Tier FirewallGeNUScreen Firewall & VPN ApplianceGibraltar Security GatewaysGlobal Technology Associates Firewall/VPN AppliancesGlobal Technology Associates GB-Ware HC SecPath and SecBlade Halon SX Series FirewallsHitec FyrewallHP ProCurve Threat Management Services (TMS) zl ModuleHuawei Quidway Eudemon Firewall Series IBM Security Server Protection and Virtual Server Protection for VMwareIdeco GatewayIgaware Network ProtectorIngate Firewall®InJoy Firewall™ Professional and EnterpriseiPolicy Intrusion Prevention FirewallsIPCopJuniper Networks ISG Series Integrated Security Gateways.Juniper Networks NetScreen Juniper Networks SRX Services GatewaysJuniper Networks SSG Series AppliancesKerio® Control McAfee Firewall EnterpriseMicrosoft Forefront Threat ManagementGateway Microsoft® Internet Security and Acceleration Server mnwallNETASQ U-Series and NG-Series AppliancesNetCopNETGEAR® ProSafe Wired and Wireless VPN Firewalls NETGEAR® ProSecure® Unified Threat Management (UTM) Gateway Security AppliancesNetSentron® NS Lite and NS ProNovell BorderManager®
Page 14 of 15 Yasser Gharib
Web Technologies, Assignment 2
OSecurity SifoWorks™ Firewall/IPsec VPN AppliancesPaisley Systems Frontdoor Firewall AppliancePalo Alto Networks Enterprise FirewallsPanda GateDefender Integra SB pfSensePLANET Security GatewaysSchweitzer Engineering Laboratories SEL- Ethernet Security GatewaySECUI.com eXshield and NXG FirewallsSECUI.com eXshield and NXG UTM AppliancesSecure Crossing Zenwall-SecureLogix® ETM® System with TeleWall and Voice FirewallSecurepoint Firewall UTM Gateways SmoothWall® Advanced Firewall and SmoothWall UTMSmoothWall® ExpressSOHOware BroadScan™ UTM Internet Security Appliance SonicWALL® NSA and TZ Series Network Security AppliancesStoneSoft StoneGate™ Firewall/VPN Appliances and Virtual Firewall/VPN AppliancesTeamF SecureFrst Security Gateway SolutionTrlokom OmniVPN and Katana GatewayTutus Fنrist Firewall Ubiq-FreedomUntangle Server with Lite, Standard, or Premium PackageVordel® GatewayVyatta CoreWatchGuard® Extensible Threat Management SeriesXRoads EdgeWAN Cloud Firewall AppliancesZentyal Gateway Zentyal UTMZyXEL ZyWALL Unified Security Gateways and Internet Security Appliances
d. Other Types Of FirewallsEdenWall Virtual Security Appliance
Page 15 of 15 Yasser Gharib
top related