SE 4C03 Winter 2005 Network Firewalls Mohammed Bashir Khan - 0150805 Last revised 2005-04-04
1.0 Introduction Firewalls are literally walls which are embedded in the external and internal network interface of a system. A good definition of what Firewall is: A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. [1] Firewalls limit connectivity between different networks to prevent unauthorized users from accessing a private network. Firewalls follow this mechanism to provide network security. Internet is a virtual world of its own where malicious users who hack other networks and other criminals who cause system shutdown of major servers. Due to these criminal activities a firewall is required for securing the internal network to protect resources in the internet. 2.0 How are the firewalls implemented? Firewalls major functionality is to provide security to network interfaces and in the next section we will see the various types of attacks that a network interface encounters. Basically a firewall main task is it may allow all network traffic through unless it meets certain criteria, or it may deny all network traffic unless it meets certain criteria. [4] Figure1 A basic firewall task Essentially there are two types of firewalls, Packet-Filtering Firewall and Applicationlevel gateways firewalls.
Packet-Filtering Firewall Packet filtering firewalls provide network security by filtering network communication based on the information on the TCP / IP headers of packet. The firewall examines the headers and decides if the packets can be accepted and route the packets to its destination or reject the packet. The firewalls decide to accept the packets after examining the following header information: Source IP Destination IP Network Protocol TCP or UDP source and destination port If ICMP protocol then ICMP message type When a packet reaches the packet filtering router, the filter compares the incoming packet to the set of pre-defined rules until a match is found. The IP header and the TCP header is compared are compared with a user-defined table rule base which contains the rules that dictate whether the firewall should deny or permit packets to pass. [5] Application level gateways firewall (Proxy Servers) Application-level gateways firewalls also called proxy-based firewalls operate at the application level. Packets are filtered at the application level in the TCP/IP and OSI layer. These gateways are implemented by making separate proxy application for each service. These proxy services provide basic proxy features and packet analysis. The prosy user is required to provide user ID and confirmation information to the proxy server in order to communicate with the destination service. After authentication the proxy establishes a connection with the destination behind the firewall and acts on behalf of the user, hiding and protecting individual computers on the network behind the firewall. Various application level gateways can provide proxy services like FTP, Telnet, and HTTP. [6] 3.0 What are the types of attacks encountered by firewall? There are essentially four different types of attacks encinctured by firewalls: Tiny fragment attacks Source Routed attacks Denial of service attacks IP spoofing attacks Details regarding these different types of attacks are given below because it will give an understanding on how these firewalls are implemented and what kind of attacks firewalls face. Tiny Fragment attacks With various IP implementations an extremely tiny fragment size is possible to implement on outgoing packets. The fragments size is made very tiny of a TCP packet's TCP header field and it is forced into the second fragment. The filtering rules for the specific patterns will not match and if minimum fragment size is not enforced an unacceptable packet might be passed which would in turn cause a breach in the firewall. [2]
Source Routed attacks Every network packet knows where their destination is but does not specify the route it will take. There is a possibility that sometime the sender of the network packet can specify the information about the route the packet will take to get to its destination which is called source routing. This option is used to bypass the security measures setup by the network interfaces. Denial of service attacks An attack on a network that is designed to bring the network to its knees by flooding it with useless traffic and often useless network packets to exhaust the resource limitation on the network or within an operating system or application. [3].These type of attacks can be implemented using TCP/IP or ICMP protocol. IP spoofing attacks A way to gain unauthorized access to computers using a message with an IP address indicating that the intruder is a trusted host. In this type of attack, an attacker outside the local intranet may pretend to be a trusted computer either by using an IP address that is within the range of IP addresses for the local network or by using an authorized external IP address that has authorized access to specified resources on the local network. 4.0 Firewall Design principles and Conclusion There is various design principles involved in implementing firewalls Attacks that are to be faced should be considered and kept in mind while designing the firewall. Services that are to be provided to the external network from the protected network. The services that are acquired by the protected network from and external network. In conclusion, firewalls are implemented to provide security to the network interface from malicious users and hackers who want to access private networks connected to the Internet. Above mentioned how firewalls are implemented and how they are designed in order to provide internet users with safe network traffic.
References: [1]Definition of Firewall Online Computer Dictionary http://www.webopedia.com/term/f/firewall.html [2]Cisco Systems Glossary http://business.cisco.com/glossary/tree.tafasset_id=92889&word=104034&public_view=true&kbns=2&defmode=.htm [3] Definition of denial of service attacks Online Computer Dictionary http://www.webopedia.com/term/d/dos_attack.html [4] Firewalls - By: Vandana Bhardwaj - April, 2004 http://www.csc.villanova.edu/~vbhardwa/netclass/firewallpaper.html [5] The Complete Reference Network Security Robert Bragg, Mark Rhodes-Ousley, Keith Strassberg McGraw-Hill/Osborne 2004 [6] Firewalls - By: Vandana Bhardwaj - April, 2004 http://www.csc.villanova.edu/~vbhardwa/netclass/firewallpaper.html [7]Keeping Your Site Comfortably: An Introduction to Internet Firewalls By: John P. Wack and Lisa J. Carnahan http://csrc.nist.gov/publications/nistpubs/800-10/node52.html [8] Network Firewalls By: Hao Wang http://optlab.mcmaster.ca/~kartik/sfwr4c03/projects/haowang-project.pdf