Abstract will explain in each one. I
Abstract In this report, I will explain what securitytechnologies are and how firewalls in particular are useful for organisationsor individuals. Firewalls are an essential for computer systems due to theamount of harm that can be caused with the power of networks in the currentgeneration we are in. There are a lot of in-depth information to providewith how firewalls function and what abilities they have, to ensure they canprotect at their highest level.
There are many types of firewalls, withdifferent configurations within them, as they all have a main purpose, which isto protect, but also have additional parts as they are used for different reasons.Examples include what the firewall may accept or deny specifically. It alsodepends on how secure the administrator of the network wants the firewall tobe, as they may only need a certain type of firewall. The report will include the types of firewalls usedin networks, as well as what functions they can provide, which I will explainin each one. I will also provide diagrams to give a better example of how thesework in a network to provide a layout. An example is a client, firewall, and theinternet communicating with each other. What are Security Technologies? Securitytechnologies is a field that involves IT and security, due to it getting moreadvanced in the past years. This is a field that has techniques involvingcryptography, methods, protocols and communication with networks, to ensurethat they are secure.
This is because there are threats that put these atdanger, like viruses and attacks. (Amine,Ait Mohamed and Benatallah, 2013) Thereare many ways to protect networks with tools, but this does not mean they areimmune to the penetration of their security. They only assist with helping thenetworks secure. With the number of tools increasing that help penetratenetworks, more tools are needed to prevent this happening. (Cisco, n.d.
) Firewall Objective Afirewall is a what is in between the network and another, that filters theaccess allowed. There is a protected network and the public network, which iswhere the firewall is placed. The job of the firewall is to observe the trafficthe two networks have and to evaluate if the data is according to the criteria itallows.
If it is not, then it is simply disallowed. Firewalls have manyadvanced features, such as packet filtering, ports, and filtering for certainprotocols. (Boudriga, 2010) History of Firewalls The term “Firewall” simplycomes from the way construction of a wall is used to prevent a fire. In aconstruction purpose, the firewall needs to provide time for people to escapethe fire or extinguish it. The way this can be compared to the internet is thatthe firewall needs to take a large amount of heat. This can be compared to anattack on a network or damage intended to target a firewall. An organisationshould always have a firewall on their network to ensure high security.
Arouter that has packet and filtering for protocols is not sufficient enough forprotecting the network, as these can be circumvented easily by intruders. Theserouters were also not meant to be for ensuring high amounts of security as theyare just routers for routing network traffic. Routers are getting more secure,but it is an essential to have a firewall to protect the network from anexternal one that is untrusted. (Canavan,2002) Generations of Firewalls There are types of firewallsand many generations, which I will thoroughly explain.
PacketFilters: Packet-filteringis what has the accepting and denying rules, which is what allows and disallowspackets in a network. A firewall can forward the packet to where it isdesignated, can prevent itself sending the packet, or completely block thepacket to send an error condition to the machine it is sent from. These arebased on the network interface card, and the IP address of the host, includingthe IP address of the packets destination and network layer source. Whether thepacket is also being retrieved or sent out is another variable. (Ziegler and Constantine, 2001) Packet-filteringis a gateway of security that is incredibly useful; these are often included inrouter software on default. It is inexpensive and with most internet providers,which is beneficial for households. (Cheswick,Rubin and Bellovin, 2003) StatefulFilters: Statefulfirewalls are similar to packet-filtering, except they can track the traffic ata very close and high level.
Packet-filtering firewall can only analyse asingle packet, but a stateful can analyse the traffic fully, which means itchecks the ports, destination, existing traffic, and much more. This firewallcan also act like a packet-filtering one, which means it can check the trafficbetween a website for example and a user. If the connection should not becontinued, it will prevent further connections. (Andress, n.d.) Application Layer: An application firewall isused for protocol analysing, for network traffic on one application or more. (Scarfone and Hoffman, 2009) An example of applicationfirewalls in action is if an email is received and contains an attachment, suchas an exe file extension, it can deny it if the organisation does allow it.
Thesame can be recognised for ports, such as an instant message sent over apeculiar one. It can prevent connections with certain actions, like a certaincommand in file transfer (FTP), too. If a web page contains java or flash,application firewalls can allow is disallow this to be shown, not forgettingthe security of the website trusted by certain certification authorities. Thewebsite could have SSL certificates from authorities the firewall does notallow, so would not be shown. Application firewalls canprevent attacks such as DoS and malware which are performed within protocolssuch as HTTP, as they are application protocols. The firewall can detectcommands that are in sequences it is not expecting, which could be the samecommand being sent repetitively.
The advantage of this firewall is that it iscommon for many types of protocols: HTTP,SQL, SMTP, VoIP, etc. (Scarfone and Hoffman, 2009) Network-based and Host-based Firewalls Network-based: Network-based firewalls areused to protect a network or subnet. These are not intended to protectcomputers. The way a network firewall works is that a system runs the firewallprogramme and network antivirus. There are on-box and off-boxapproaches. On box: The features areinstalled as an add-on to the machine or added into the firewall software. Off box: The features are onseparate systems and work with the firewall installed on the computer. (Shinder, Shinder and Grasdal, 2004) Network-based firewalls haveincreased security as the system can detect suspicious traffic.
These can alsocan increase bandwidth according to the amount a client uses, whereas ahost-based firewall needs to be replaced if it is exceeded. (Wideband,2017) Host-based: Network-based firewalls donot have protection for the traffic inside a network that is trusted, sohost-based firewalls on computers individually are needed. Host-based firewallscan protect the host from being accessed or attacked that are being donewithout authorisation. (Microsoft, 2010) Proxy Firewalls Proxy firewalls have thehighest level of security and packets are not passed through the proxy unlikeother firewall types. The proxy imitates a link like a normal connectionprocess. An example is a computer connecting to a proxy; the proxy willgenerate a new connection (which is a mirror one). This means that the packetdoes not directly access the network to pass through the firewall, and that intrudingis more difficult, meaning packet information is harder to gather.
They alsocache, log, filter and control the requests from a client to ensure safety of anetwork from viruses and intruding. Proxies open a socket on aserver to allow a connection to pass through it. The gateway of a proxy gets arequest from a client in the firewall and it is sent it to a remote server,which is a server on a different network. Then, the server response is read andthe client will have it sent back to their system.
Within a network, the sameproxy is often used by the client computers so that proxy can cache the datareceived effectively. (Bullguard, n.d.) Network Address Translation Firewalls Network address translation,also known as NAT, is a way to translate the IPV4 address of multiple computerswithin a network into the IPV4 addresses on the computers on a differentnetwork.
This requires a NAT enabled router that is between a private networkand public network. (Microsoft, n.d.) NAT Firewalls are used forsorting out IP Addresses. Routers use the NAT to change the IP address onpackets of data, so the router knows which device to send the data to, as theremay be multiple devices connected on the network. The packets that are notrecognised are discarded. NAT is used to ensure the right packets of data aresent to the right devices or systems. (Walters,2017) Basic TCP/IP Flow TCP/IPtraffic is split up into packets and the firewall needs to analyse each one tocheck if it needs to forward the packet to the destination or deny it.
There isthe IP header, TCP/UDP, and the data of the packet. The IP is what has the IPaddress, which is the sender. Then there is the destination which is the clientwho receives it. The TCP/UDP is the source of the port of the sender andrecipient, so the applications can be analysed in the traffic. TCP can alsohave sequence numbers and other information.
The TCP/UDP ports have thelocations for the destination of the data for the packet that will eventuallyget to the receiver. An example is a browser and a web server. If a web serverhas received a HTTP request from a browser, the request has the client computerinformation, the IP address and port that it was sent from. The port is used toidentify what sent the request, which is the browser. The web server then sendsthe response using the source port the client has, which will be thedestination port for it to send to.
Then, the clients operating system willrecognise the port number which belongs to the session of the browser. Usually,the port is higher than 1024 and lower than 5000. (Northrup, n.
d.) Appendix Appendix A: Figure 1: BasicPacket Filter (Newman, 2003) Here, this image describesthe packet filtering process. The client IP’s are set to the IP address of192.168.
1.0/24 and are connecting to the router. The filtering process begins,and as the layers allow the IP to pass through, the traffic is not denied andcan connect successfully.
Layer 3 is the network and Layer 4 is the transportlayer. Figure 2: Layersof the OSI Model (Microsoft, n.d.) Appendix B: Figure 3:Stateful Firewall (Learn and Develop,2017) Ways attackers can interrupta network is by breaking the TCP 3-way handshake. A stateful firewall canprevent this from happening (Learn andDevelop, 2017). An example is an ACK scan which is a way to attack a packetfilter, but a stateful firewall recognises this. (Capec, 2017) Appendix C: Figure 4: Webapplication firewall (Web ApplicationFirewall (WAF), 2017) ApplicationFirewalls are used to prevent attacks on web applications. Some attacks as anexample could be SQL or cross site scripting.
An application firewall providessecurity to this and will ensure administrators to be safe from theseintrusions. The Figure 4 shows how attacks are denied but a valid request isaccepted. (Wallace, 2017). Thesevalid requests are then passed onto the sites. The L7 indicates Layer 7, which dealswith the content of the messages. (NGINX,n.
d.)Appendix D: Figure 5: Proxy Firewall Process (How the Proxy Works, n.d.) Theproxy in the Figure 5, shows how the client connects to the proxy, then theproxy sends the request to the server, reads the responding request, then sendsit to the client. (Postcastserver, n.d.
) Appendix E: Figure 6: NAT Operation (Rodriguez, 2004) Thisdiagram (Figure 6), shows how the internet is connecting a local area network(LAN), the firewall sees the interface and translates it to trust it to allowaccess for the network. A single address is used here which is used forsecurity purposes, as there is only one entry point to gain access from theinternet. (Rodriguez, 2004)