- Internet & the Web
Computers' security - Firewalls
Firewalls are devices that are used to filter traffic in or out of a secured internal network, also known as the intranet, from or to the unsecured external network, also known as the internet. Intranet in broader terms means the trusted and secure internal network of the organization while the internet is the entrusted and insecure global interconnection of networks. Firewalls are installed in a network by individuals or organizations to protect their computers that are connected to the internal network from external threats by permitting only selected secure communication with the outside or the internet in other terms.
A firewall sets a demarcation point in a network. It establishes the only point via which traffic can flow. It, therefore, knows all that is getting in and out of an internal network. It is due to this ability that it can guarantee that all insecure connections or traffic will be rejected while traffic termed as grant secure access to the internal network. Firewalls work on a knowledge base that helps them enforce access control to the internal network and by default, they grant access to all the traffic that has been permitted in the firewall policy and deny access to all other unpermitted traffic.
Firewalls can be put into two broad categories based on the number of machines they protect. The first category is host-based firewalls that are used to filter traffic flow in and out of a single computer that they have been installed in. The second category is network-based firewalls, which are installed on a system to filter the traffic flow of all the computers connected to that network. Firewalls come in two types; they can be hardware or software based. These two types will be discussed later on in the paper.
Benefits of Firewalls
The internet is a dangerous place. It is dangerous because all sorts of people with different intentions are there. The list of the bad guys includes hackers, intruders, attackers, spies for industrial espionages and many others. Organizations can only praise firewalls for the protection they offer to networks to help keep the organization, its users, and its trade secrets among many other things secure. The benefits of firewalls are quite many. The following is just a sample from the lot:
1. Traffic monitoring
At the very least, firewalls monitor the traffic flowing into a given network. Most firewalls, however, monitor both ends; traffic entering and leaving a network. In networks, information flows in small chunks called packets. These packets are monitored by the firewalls. Typically, their addresses and contents are analyzed to ascertain that they do not contain hazardous contents or are from entrusted sources. Users in an internal network can also send harmful contents with or without their knowledge and therefore, traffic coming out of the network is also monitored. This ensures that the users outside the network pose no threat to the users inside the network and the same is true the other way round.
2. Blocking malware
Malware is the collective term that refers to all types of harmful and intrusive software. They include viruses, worms, Trojan horses, spyware, and ransomware among other malicious software. They can be in any form, from just lines of executable codes or scripts to entire software. When traffic is being sent both from outside or inside the network, these little malicious intruders can latch onto the contents being sent and that way they can get ‘catapulted’ to another host at the destination and infect it. Thanks to firewalls, their trips are cut short at the firewalls that have various techniques of weeding them out thus preventing any further spreading and infections.
3. Blocking intruders/hackers
Some bugs in operating systems can allow hackers gain remote access to computers within the network and use them to open files, email, delete contents or attack other computers within the network. Thankfully, firewalls have the capability to spot intruders and block them. Using intrusion signatures in their database, firewalls know virtually all the common ways used to intrude a network and thus can foil any attack based on such intrusion mechanisms.
Hardware versus Software Firewalls
Hardware firewalls can be acquired and installed as stand-alone products, but are found in broadband modems and routers. They act as the first line of defense to the internal network. Mostly, hardware firewalls use packet filtering to determine what to allow or reject into an internal network. They examine the header contents of a packet that contains the source and destination address. This information is passed to a knowledge base of the user predefined rules, and this helps determine whether the packet is to be accepted or rejected.
There have been some improvements in current hardware firewall technology. Today, it is not just the traditional packet filtering that is carried out. The modern hardware firewall has an inbuilt Intrusion Prevention Systems. These IPSs boost the security of the internal network by effectively detecting and countering any intrusive activities in the network. When there is a detection of malicious activity by IPS, it blocks the connection and blocks the specific internet protocol (IP) address that the connection came from.
Hardware firewalls are normally recommended for medium and large size businesses, which typically have many computers to secure. This is because of their cost effectiveness. Just a single hardware firewall can secure multiple computers; typically they can secure all the computers in a network they are installed on. There are some issues an individual needs to put into consideration before purchasing a hardware based firewall such as the number of VPN and users in a network. Underestimation of the number could exhaust the capacity of the firewall, affecting the internet connection speeds or jeopardizing the security of very many computers.
Software firewalls are traffic filtering programs installed on individual computers. In contrast with hardware firewalls, they do not secure more than one computer apart from the one they are installed on. They can be customized by the user giving them a level of control over their protective functions and features. Software firewalls, first of all, protect the machine they are installed on from attempts by attackers to intrude it or gain remote control. Secondly, software firewalls protect against malware such as Trojans and worms from entering or leaving the internal network. Thirdly, they can secure user files and printers by having the user define their access controls. Fourthly, they can block insecure individual applications from running on the computer. Many are the times users download harmful programs and run them without knowing the consequences. Software firewalls keep an open eye just to nab such kind of programs. Software firewalls can also incorporate website filtering and some other software-based protection functionalities.
When buying software firewalls, the main concern is the number of functionalities they offer. Typically, one should go for the ones that offer most features in anticipation of all threats that may be faced.There might be some differences between hardware and software firewalls, but both perform similar tasks. They act as the barrier between the computer and the insecure Internet.
Various Methods of Controlling Traffic
Firewalls use various methods to control traffic flow in and out of the network system. This include:
Packet filtering involves the use of Access Control Lists (ACLs). ACLs are typically rules that read the header contents of a packet. They then analyze and determine whether the IP address in the header is trusted, if it is not, that packet gets rejected and dropped. The advantage of ACLs is their scalability; one can add or remove IP addresses easily to or from the list respectfully. They are also very fast in performance because they only examine the packet header. The disadvantage of ACLs is that they only read the header of the packet to get the IP address and analyze it.However, there is technology that enables attackers to forge the IP address to appear as if it is from a trusted IP address.
The firewall impersonates the destination address of the computer being secured and thus data from the internet is received by the firewall at first (Palo Alto Networks, 2015). It then analyzes and inspects it, and if it is found to be safe, the firewall sends it to the real destination. The same process is repeated for data from the computer being secured when it is sending a reply.The reply passes through the firewall then it is sent to the external destination. In this kind of firewall mechanism, there are two TCP connections that are established, the first one between the firewall and packet source, and the other one between the firewall and the packet destination.
Stateful or dynamic packet inspection firewall technique works by the maintenance of a table of the active UDP and TCP sessions. Each entry into the table keeps a record of a session, source IP address, IP address destination, current TCP sequence number, and port numbers. Traffic is inspected by checking the destination port and tracking of the traffic state for each interaction of a given open connection. This ensures that the incoming traffic is a reply to a request by computers in the internal network. This prevents illegitimate traffic from just flowing into the network.
Firewalls are easily customizable. This shows that an individual can remove or add filters based on different circumstances such as:
Internet Protocol Address
Any computer connected to a network is manually or automatically given a distinctive address, an IP address. They are usually 32-bit numbers, which are displayed as four “dotted decimal numbers.” A normal IP address looks like this: 220.127.116.11. Firewalls may be configured to accept or deny traffic from given IP addresses that are associated with insecure traffic. For instance, if a given IP address outside a network tries to attack the server, the firewall is capable of blocking that specific IP address.
Since IP addresses are difficult to recall, and they change regularly, servers have human-readable names, known as the domain names. It is easier for an individual to remember www.bbc.com as compared to 18.104.22.168. Firewalls have the ability to block specific domain names and give access to certain names. Domain names can be added to the blacklist of firewalls and any traffic from that domain name is automatically rejected and dropped by the firewall.
A protocol is a predefined way in which a computer program talks with a service it wants to use. For example, a web browser requesting for internet service. Protocols are mostly in the textual form, and they describe how the server and client will talk/communicate. The following are examples of protocols that can be set for firewall filters:
a. Transmission Control Protocol (TCP) – breaks apart and rebuilds information traveling over the Internet.
b. Internet Protocol (IP) - This is the main system used for data delivery.
c. File Transfer Protocol (FTP) – for uploading and downloading files.
d. Hyper Text Transfer Protocol (HTTP) - It is used more often for website pages.
e. User Datagram Protocol (UDP) - Its function is streaming videos and audio, mostly for data that needs no response.
f. Simple Mail Transport Protocol (SMTP) - Its main function is sending text-based data such as emails.
g. Internet Control Massage Protocol (ICMP) - ICMP main function is interchanging information between routers.
h. Simple Network Management Protocol (SNMP) - The main function is collecting system data from a remote PC.
i. Telnet - Telnet is used for the command performance on remote computers.
A company has the capability to set up single or two machines to handle given protocol and prohibit the protocol on all other PC.
Servers make their services available over specific ports. For example, the FTP port of a server might be port 81 while the web server is on port 80. A firewall might be set up to block access to port 81 and that makes it inaccessible for any other machine both inside and outside the internal network to access FTP services.Network administrators generally have the option of adding or removing to/from the firewall filters ports that are blocked from access.
It is necessary to ensure that computers are secured by using firewalls at all times. The question becomes, which is the best firewall, hardware or software. The answer is both; the safest option is to have both running. Hardware firewalls are costly but secure more computers; it is best to buy hardware firewalls that can accommodate all the computers in the organization (Rmay, 2014). All servers need to be secured using firewalls and if possible, they may be redundant. This assures of protection of vital services and files of an organization. Software firewalls on user computers should be configured as per their needs.