Investigation of Firewalls

Investigation of Firewalls

National Aviation Universityand Research Institute of Computer Information TechnologiesSystems and Networks Department

integrity protection

Work №1Information Security in Computer Systems

Done by Kisilova K.S.ERICIT-423by Kudrenko S.O.

2016

Aim: Practical acquaintance with the capabilities and configuration of firewalls.: To study the principle of firewalls; purchase firewall-setting skills.

Basic information

firewall is a set of hardware and software to monitor and filter passing through network packets in accordance with the prescribed rules. Traffic control is in its filtering that is selectively passed through the screen, and sometimes even with the implementation of reforms and the formation of special notices to the sender, if the data in the pass denied.

A personal firewall is an application <https://en.wikipedia.org/wiki/Application_software> which controls network traffic to and from a computer, permitting or denying communications based on a security policy <https://en.wikipedia.org/wiki/Security_policy>. Typically it works as an application layer firewall <https://en.wikipedia.org/wiki/Application_layer_firewall>.personal firewall differs from a conventional firewall <https://en.wikipedia.org/wiki/Firewall_(networking)> in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router <https://en.wikipedia.org/wiki/Router_(computing)> or proxy server <https://en.wikipedia.org/wiki/Proxy_server>. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects.firewall (figure1) can either be software based or hardware based and is used to help keep a network secure. Firewalls are used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set.

Fig. 1. An illustration of firewall

of Firewalls

are such functions of Firewalls:separation of workstations and servers, internal network segment (internal network) from the external communication channels;stage identification of requests coming into the network (authentication server, communication centers, and other components external network);checking and user access rights to the network of internal resources;of all queries to the internal network from outside components;monitoring software and data; saving the network address space (in the internal subnet can be used by the local system server address);the IP-addresses of internal servers to protect against hackers;filtering data streams.

of Firewalls

are divided into different types depending on the following characteristics:the screen provides the connection between a host and a network or between two or more different networks;the level of any network protocol flow control takes place;the active compounds are monitored condition or not.firewalls depending on the coverage of monitored data streams are divided into:network (or gateway) screen - the program (or an integral part of the operating system) on the gateway (server, transmitting traffic between networks) or a hardware solution, controlling incoming and outgoing data between connected networks.firewall - a program installed on the user's computer and is designed to protect against unauthorized access to only this computer.on the level at which the access control, there is a separation on firewalls operating on:level when filtering takes place on the basis of the addresses of the sender and recipient of a package, transport layer port numbers OSI model and static rules, set by the administrator;layer (also known as stateful) - tracking sessions between applications, not passing packets violate TCP / IP specifications, commonly used for malicious operations - scanning resources, hacking through the incorrect TCP / IP implementation, interruption / delay connections, data injection.level filtering on the basis of the analysis of the application of data transmitted within the package. These types of screens allow you to block the transmission of unwanted and potentially damaging information on the basis of policies and settings.on the track of the active compounds firewalls are:(easy filtration), which do not keep track of the current connection (for example, the TCP), and the filtered data stream based solely on static rules;, stateful packet inspection (SPI) (filtering, taking into account the context), tracking the current connections and pass only those packages that match the logic and algorithms of work of relevant protocols and applications.are two basic types of firewalls: firewalls of application layer and firewalls with packet filtering. They are based on different principles of operation, but when properly configured, the two types of devices ensure the correct implementation of security features, is blocking traffic banned.

of Firewalls

firewalls are designed to protect a single host from unauthorised access. They can take the form of software or hardware.firewalls protect the whole network from unauthorised access. They can be a dedicated appliance (hardware) which is installed on the system or a software application or an integration of the two.firewall applications are installed on top of the operating system and can be configured for more than one purpose including spam filter and DNS server. Examples of personal software firewalls include ZoneAlarm and Comodo; network capable software firewalls include Linus IPTables and Checkpoint NG.Firewalls are dedicated appliances that physically sit between two networks; for example, the internet and the organisation's network. An example of a dedicated appliance could be the CISCO PIX or a Netgear router (for SO/HO).Filtering Firewall analyse network traffic at the transport layer. It will look at each packet entering or leaving the network and accepts or rejects it based on user defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.2 <#"871036.files/image002.gif">. 2. Packet-Filtering Firewall

Fig. 3. Application/Proxy Firewall

Address Translation is a functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defence against network reconnaissance.Inspection occurs when certain key parts of packets are compared to a database of trusted information.part: Outpost Firewall Prodate: December 1, 2015: 9.3 (4934.708.2079)(MB): 35.3 (x86) / 42.9 (x64)Firewall Pro Features. Safeguards your PC against hackers and data leaks.Detection. Prevents targeted attacks from local networks and the Internet.Protection. Blocks new and sophisticated malware before your antivirus can identify it.and Application Guard. Secures IDs and passwords used with most popular applications against unauthorized access. Protects key system settings and program data from misuse.protection against malware. Outpost is equipped with proven self-protection against deactivation by malware.Monitor. Advanced activity monitoring shows real-time program activity and connection status.4 shows the Outpost Firewall Pro view.

Fig. 4. Outpost Firewall Pro menu

5 shows the Outpost Firewall Pro available settings.

Fig. 5. Outpost Firewall Pro available settings

. 6. Outpost Firewall Pros canning

Fig. 7. Outpost Firewall Pro scanning for Spyware

.8 Outpost Firewall Prostate

Fig. 9. Set password to restrict changes of settings.

Fig. 10. Password is needed to get access to settings

Fig. 11. Modify rules: Block applicationspecific IP-address

BlockList. A valuable tool for individuals, network administrators, and concerned parents, IP Blocklist lets you block incoming/outgoing connectivity to specific URLs. The blocked entries list can be defined manually or imported as an aggregated list from Outpost community sources.

Fig. 12. Add Host to IP Blocklist

and Folders Integrity Protection

and Folder Lock. The folder lock works by blocking access to designated folders and files on your computer. Not only does this safeguard the privacy of the information contained in those files by denying access by other users on a shared computer, but it can also be used to lock the contents of an entire folder against tampering by malware

 . 14. Firewall notifies when someone attempts to open “locked” file

Block Outpost’s ID Block prevents specific predefined text strings from leaving the computer. Such strings might include credit card account information, social security numbers, address, and other personal information that could facilitate identity theft. Any data specified here cannot be transmitted through channels such as web, email, or chat, effectively preventing compromise and leakage. Blocking Outpost monitors the traffic from major ad networks and can optionally place restrictions on ads originating from specific networks, keeping your web viewing simpler, faster, and easier to read. Blocking String blocking enables you to compile a set of text strings which will cause any web page containing those text strings to be blocked. These “stop-words” can be applied either to web addresses or site contents, so care should be taken when using this control.

Fig. 15. Additional tools window

policy

firewall passes through itself all traffic, taking a decision in relation to each passing package: give him the opportunity to pass or not. To firewall could implement this operation, it is necessary to define a set of filtering rules. The decision on whether to filter through a firewall specific protocols and addresses received depends on the protected network security policy. A firewall is a set of components that can be configured to implement the chosen security policy.security policy of each organization should include two components:policy to network services;implementation firewalls.requirements for firewalls cover the following areas:at the network layer; filtering at the application layer;up the filtering rules and administration; means of network authentication; implementation of logs and records.and disadvantages of firewallsare used for the organization of secure virtual private networks. Several LANs that are connected to a global, combined into a single secure virtual private network. Data transfer between the local networks is invisible to users and the confidentiality and integrity of the transmitted information must be provided using encryption, digital signatures, etc. When transferring data can be encrypted, not only the contents of the package, but also some of the header fields.the firewall:the information transmitted irrespective of the resources and communication media (satellite channels, optical communication lines, telephone connections, microwave links);performs the protection of any application, without requiring them to change; transparent to the end user;allows for scalable security system with the ability to further their capacity and sophistication as the organization grows and to improve the security policy requirements;individual network information systems and applications, regardless of the topology of networks that they use;enterprise information systems from attack from the external environment;protects information from being intercepted and changes not only in the external open connections, but also in the internal networks of the corporation;be easily reconfigured with the development of corporate information security policy, add resources, technology upgrades, increase corporate network.

Conclusions

performing this laboratory work you will know 10 commandments:

. To identify and control applications in any port: The network applications are able to run on non-standard ports or skip ports. That is why the firewall you choose should classify the application traffic on all ports at all times, by default.

. To identify and control the security circumvention tools: A small number of applications, such as external proxies or non-encrypted tunnels unrelated to the VPN, can intentionally evade the security policies of your company. Therefore your firewall must identify these evasion applications.

. To decrypt the outgoing SSL traffic and to control the SSH: Nowadays most applications use SSL, so it is necessary to decipher, classify, control and explore all traffic on the network with this security protocol by means of a firewall that can also set control policies over decryption in thousands of simultaneous connections, with predictable performance. It should also monitor the use of the SSH protocol (for remote access and secure data backup) and determine whether it is being used for port forwarding.

. To provide functional control of applications: A wide variety of platforms like Google, Facebook or Microsoft offer users a set of applications that can carry serious threats. Your next firewall must continually classify each application and perform systematic supervision of the state, in order to understand their different roles and risks.

. To systematically administer the unknown traffic: The firewall that you require must classify traffic on all ports and manage it systematically through customized signatures by sending a PCAP of the commercial applications for further analysis.

. To look for threats in all applications and all ports: This requires a firewall that tracks an application, regardless of the port or encryption, which allows or denies as appropriate, and to analyze the components tested for potential attacks.

. To perform regular inspections of all users, regardless of location or device: Your company’s firewall should allow visibility of applications and the control of the remote traffic in any connection environment.

. To simplify network security with application control: The addition of more security management devices will not reduce the administrative effort of your company, or decrease the response time to incidents. The important thing is to have a firewall that allows the construction of policies to directly support all your business initiatives.

. To offer the same capacity and performance with full control of applications: Your firewall should have a hardware designed to perform processing tasks, meaning to say, a specific system dedicated to networking, security and content analysis.

. To support the same firewall functions, in the form of hardware or virtual: Today we face a growing development of virtualization and the cloud, which introduces new security challenges. For that reason, a next generation firewall is necessary, capable of protecting traffic flowing in and out of the data center and in virtualized environments.