Investigation of Firewalls
National
Aviation Universityand Research Institute of Computer Information
TechnologiesSystems and Networks Department
integrity protection
Work
№1Information Security in Computer Systems
Done
by Kisilova K.S.ERICIT-423by Kudrenko S.O.
2016
Aim: Practical acquaintance with the
capabilities and configuration of firewalls.: To study the principle of
firewalls; purchase firewall-setting skills.
Basic information
firewall is a set of hardware and
software to monitor and filter passing through network packets in accordance
with the prescribed rules. Traffic control is in its filtering that is
selectively passed through the screen, and sometimes even with the
implementation of reforms and the formation of special notices to the sender,
if the data in the pass denied.
A personal
firewall is an application
<https://en.wikipedia.org/wiki/Application_software> which controls
network traffic to and from a computer, permitting or denying communications
based on a security policy
<https://en.wikipedia.org/wiki/Security_policy>. Typically it works as an
application layer firewall <https://en.wikipedia.org/wiki/Application_layer_firewall>.personal
firewall differs from a conventional firewall
<https://en.wikipedia.org/wiki/Firewall_(networking)> in terms of scale.
A personal firewall will usually protect only the computer on which it is
installed, as compared to a conventional firewall which is normally installed
on a designated interface between two or more networks, such as a router
<https://en.wikipedia.org/wiki/Router_(computing)> or proxy server
<https://en.wikipedia.org/wiki/Proxy_server>. Hence, personal firewalls
allow a security policy to be defined for individual computers, whereas a
conventional firewall controls the policy between the networks that it
connects.firewall (figure1) can either be software based or hardware based and
is used to help keep a network secure. Firewalls are used to prevent
unauthorized Internet users from accessing private networks connected to the
Internet, especially intranets. Its primary objective is to control the
incoming and outgoing network traffic by analyzing the data packets and determining
whether it should be allowed through or not, based on a predetermined rule set.
Fig. 1. An
illustration of firewall
of Firewalls
are such
functions of Firewalls:separation of workstations and servers, internal network
segment (internal network) from the external communication channels;stage
identification of requests coming into the network (authentication server,
communication centers, and other components external network);checking and user
access rights to the network of internal resources;of all queries to the
internal network from outside components;monitoring software and data; saving
the network address space (in the internal subnet can be used by the local
system server address);the IP-addresses of internal servers to protect against
hackers;filtering data streams.
of Firewalls
are divided
into different types depending on the following characteristics:the screen
provides the connection between a host and a network or between two or more
different networks;the level of any network protocol flow control takes
place;the active compounds are monitored condition or not.firewalls depending
on the coverage of monitored data streams are divided into:network (or gateway)
screen - the program (or an integral part of the operating system) on the
gateway (server, transmitting traffic between networks) or a hardware solution,
controlling incoming and outgoing data between connected networks.firewall - a
program installed on the user's computer and is designed to protect against
unauthorized access to only this computer.on the level at which the access
control, there is a separation on firewalls operating on:level when filtering
takes place on the basis of the addresses of the sender and recipient of a
package, transport layer port numbers OSI model and static rules, set by the
administrator;layer (also known as stateful) - tracking sessions between
applications, not passing packets violate TCP / IP specifications, commonly
used for malicious operations - scanning resources, hacking through the
incorrect TCP / IP implementation, interruption / delay connections, data
injection.level filtering on the basis of the analysis of the application of
data transmitted within the package. These types of screens allow you to block the
transmission of unwanted and potentially damaging information on the basis of
policies and settings.on the track of the active compounds firewalls are:(easy
filtration), which do not keep track of the current connection (for example,
the TCP), and the filtered data stream based solely on static rules;, stateful
packet inspection (SPI) (filtering, taking into account the context), tracking
the current connections and pass only those packages that match the logic and
algorithms of work of relevant protocols and applications.are two basic types
of firewalls: firewalls of application layer and firewalls with packet
filtering. They are based on different principles of operation, but when
properly configured, the two types of devices ensure the correct implementation
of security features, is blocking traffic banned.
of Firewalls
firewalls
are designed to protect a single host from unauthorised access. They can take
the form of software or hardware.firewalls protect the whole network from
unauthorised access. They can be a dedicated appliance (hardware) which is
installed on the system or a software application or an integration of the
two.firewall applications are installed on top of the operating system and can
be configured for more than one purpose including spam filter and DNS server.
Examples of personal software firewalls include ZoneAlarm and Comodo; network
capable software firewalls include Linus IPTables and Checkpoint NG.Firewalls
are dedicated appliances that physically sit between two networks; for example,
the internet and the organisation's network. An example of a dedicated
appliance could be the CISCO PIX or a Netgear router (for SO/HO).Filtering
Firewall analyse network traffic at the transport layer. It will look at each
packet entering or leaving the network and accepts or rejects it based on user
defined rules. Packet filtering is fairly effective and transparent to users,
but it is difficult to configure. In addition, it is susceptible to IP
spoofing.2 <#"871036.files/image002.gif">. 2. Packet-Filtering Firewall
Fig. 3.
Application/Proxy Firewall
Address
Translation is a functionality to hide the true address of protected hosts.
Originally, the NAT function was developed to address the limited number of
IPv4 routable addresses that could be used or assigned to companies or
individuals as well as reduce both the amount and therefore cost of obtaining
enough public addresses for every computer in an organization. Hiding the
addresses of protected devices has become an increasingly important defence
against network reconnaissance.Inspection occurs when certain key parts of
packets are compared to a database of trusted information.part: Outpost
Firewall Prodate: December 1, 2015: 9.3 (4934.708.2079)(MB): 35.3 (x86) / 42.9
(x64)Firewall Pro Features. Safeguards your PC against hackers and data leaks.Detection.
Prevents targeted attacks from local networks and the Internet.Protection.
Blocks new and sophisticated malware before your antivirus can identify it.and
Application Guard. Secures IDs and passwords used with most popular
applications against unauthorized access. Protects key system settings and
program data from misuse.protection against malware. Outpost is equipped with
proven self-protection against deactivation by malware.Monitor. Advanced
activity monitoring shows real-time program activity and connection status.4
shows the Outpost Firewall Pro view.
Fig. 4.
Outpost Firewall Pro menu
5 shows the
Outpost Firewall Pro available settings.
Fig. 5.
Outpost Firewall Pro available settings
. 6. Outpost Firewall Pros canning
Fig. 7.
Outpost Firewall Pro scanning for Spyware
.8 Outpost Firewall Prostate
Fig. 9. Set
password to restrict changes of settings.
Fig. 10.
Password is needed to get access to settings
Fig. 11.
Modify rules: Block applicationspecific IP-address
BlockList. A
valuable tool for individuals, network administrators, and concerned parents,
IP Blocklist lets you block incoming/outgoing connectivity to specific URLs.
The blocked entries list can be defined manually or imported as an aggregated
list from Outpost community sources.
Fig. 12. Add
Host to IP Blocklist
and Folders
Integrity Protection
and Folder
Lock. The folder lock works by blocking access to designated folders and files
on your computer. Not only does this safeguard the privacy of the information
contained in those files by denying access by other users on a shared computer,
but it can also be used to lock the contents of an entire folder against
tampering by malware
. 14. Firewall notifies when
someone attempts to open “locked” file
Block
Outpost’s ID Block prevents specific predefined text strings from leaving the
computer. Such strings might include credit card account information, social
security numbers, address, and other personal information that could facilitate
identity theft. Any data specified here cannot be transmitted through channels
such as web, email, or chat, effectively preventing compromise and leakage.
Blocking Outpost monitors the traffic from major ad networks and can optionally
place restrictions on ads originating from specific networks, keeping your web
viewing simpler, faster, and easier to read. Blocking String blocking enables
you to compile a set of text strings which will cause any web page containing
those text strings to be blocked. These “stop-words” can be applied either to
web addresses or site contents, so care should be taken when using this
control.
Fig. 15.
Additional tools window
policy
firewall
passes through itself all traffic, taking a decision in relation to each
passing package: give him the opportunity to pass or not. To firewall could
implement this operation, it is necessary to define a set of filtering rules.
The decision on whether to filter through a firewall specific protocols and
addresses received depends on the protected network security policy. A firewall
is a set of components that can be configured to implement the chosen security
policy.security policy of each organization should include two
components:policy to network services;implementation firewalls.requirements for
firewalls cover the following areas:at the network layer; filtering at the
application layer;up the filtering rules and administration; means of network
authentication; implementation of logs and records.and disadvantages of
firewallsare used for the organization of secure virtual private networks.
Several LANs that are connected to a global, combined into a single secure
virtual private network. Data transfer between the local networks is invisible
to users and the confidentiality and integrity of the transmitted information
must be provided using encryption, digital signatures, etc. When transferring
data can be encrypted, not only the contents of the package, but also some of
the header fields.the firewall:the information transmitted irrespective of the
resources and communication media (satellite channels, optical communication
lines, telephone connections, microwave links);performs the protection of any
application, without requiring them to change; transparent to the end
user;allows for scalable security system with the ability to further their
capacity and sophistication as the organization grows and to improve the
security policy requirements;individual network information systems and
applications, regardless of the topology of networks that they use;enterprise
information systems from attack from the external environment;protects
information from being intercepted and changes not only in the external open
connections, but also in the internal networks of the corporation;be easily
reconfigured with the development of corporate information security policy, add
resources, technology upgrades, increase corporate network.
Conclusions
performing
this laboratory work you will know 10 commandments:
. To
identify and control applications in any port: The network applications are
able to run on non-standard ports or skip ports. That is why the firewall you
choose should classify the application traffic on all ports at all times, by
default.
. To identify
and control the security circumvention tools: A small number of applications,
such as external proxies or non-encrypted tunnels unrelated to the VPN, can
intentionally evade the security policies of your company. Therefore your
firewall must identify these evasion applications.
. To decrypt
the outgoing SSL traffic and to control the SSH: Nowadays most applications use
SSL, so it is necessary to decipher, classify, control and explore all traffic
on the network with this security protocol by means of a firewall that can also
set control policies over decryption in thousands of simultaneous connections,
with predictable performance. It should also monitor the use of the SSH
protocol (for remote access and secure data backup) and determine whether it is
being used for port forwarding.
. To provide
functional control of applications: A wide variety of platforms like Google,
Facebook or Microsoft offer users a set of applications that can carry serious
threats. Your next firewall must continually classify each application and
perform systematic supervision of the state, in order to understand their
different roles and risks.
. To
systematically administer the unknown traffic: The firewall that you require
must classify traffic on all ports and manage it systematically through
customized signatures by sending a PCAP of the commercial applications for
further analysis.
. To look
for threats in all applications and all ports: This requires a firewall that
tracks an application, regardless of the port or encryption, which allows or
denies as appropriate, and to analyze the components tested for potential
attacks.
. To perform
regular inspections of all users, regardless of location or device: Your
company’s firewall should allow visibility of applications and the control of
the remote traffic in any connection environment.
. To
simplify network security with application control: The addition of more
security management devices will not reduce the administrative effort of your
company, or decrease the response time to incidents. The important thing is to
have a firewall that allows the construction of policies to directly support
all your business initiatives.
. To offer
the same capacity and performance with full control of applications: Your
firewall should have a hardware designed to perform processing tasks, meaning
to say, a specific system dedicated to networking, security and content
analysis.
. To support
the same firewall functions, in the form of hardware or virtual: Today we face
a growing development of virtualization and the cloud, which introduces new
security challenges. For that reason, a next generation firewall is necessary,
capable of protecting traffic flowing in and out of the data center and in
virtualized environments.