Firewalls - Introduction

1
Firewalls - Introduction

• What is a firewall?
• Firewalls are frequently thought of as a very
  complex system that is some sort of magical,
  mystical.. Thing. What is it really?
• A machine that is more selective than a router
  that passes data from one network to another.
• Some are more complex, some are less complex, but
  the fundamental point is that they implement a
  specific security policy for the network traffic
  between two (or more) points of a site.

2
Firewalls - Overview

• What are the duties of a firewall?
• Traditional
• Firewalls used to be limited to exact and
  specific functions, mainly acting as a barricade
  between external and internal networks. The jobs
  included
• Relay Mail
• Provide Domain Name Service (DNS) Capabilities,
  and possibly running a split DNS environment
• Filter and otherwise control all traffic flow
  between the outside and the inside. A site will
  design a security model (what types of
  connections are allowed, etc.) and have the
  firewall implement this as closely as possible.
• Note that the firewall in this model is placed at
  the permiter of the network, and that
  inter-machine traffic internally is not effected
  by the firewall.

3
Firewalls - Overview

• What are the duties of a firewall?
• Modern
• As firewalls become more common and essential to
  networks, they have taken on more services, in
  addition to the traditional ones. These include
• Virus Protection Many firewalls now provide
  automatic virus screening for web traffic, E-Mail
  attachments, and other types of connections and
  data transfers across the firewall.
• Mobile Code Protection In addition to more basic
  blocks of mobile code (Java, Script, ActiveX,
  etc.), firewall systems are beginning to offer
  containment for the execution of mobile code.
  These include sandbox machines isolated from the
  rest of the network and restricted environments
  to run the Java VM within.

4
Firewalls - Overview

• What are the duties of a firewall?
• Modern
• (continued)
• Virtual Private Networks (VPN) As companies need
  to interconnect remote offices more securely, and
  do not wish to incur the cost of dedicated
  circuits, they turn to VPNs. A virtual private
  network is an encrypted channel between network
  to network (or remote client to network) that
  automatically encrypts ALL traffic between
  them. This removes the problem of running
  encrypted client/server solutions, and allows
  people to run any software necessary. Remote
  users with notebooks dialing into national
  providers can cryptographically authenticate
  themselves to the firewall, and connect to the
  corporate network with an automatically encrypted
  channel.

5
Firewalls - Overview

• What are the duties of a firewall?
• Modern
• (continued)
• Network Address Translation (NAT) The address
  space limitations with IPv4 has forced the
  emergence of network address translation, where
  internal machines to a company will use private
  addresses (10.x.x.x for example) which will be
  translated into a legal set of addresses at a
  firewall. This increases security as all
  connections must be passed by the firewall, as
  the addresses are not known or routable by the
  general Internet. (This is also useful for home
  networks or for small companies.)
• Intrusion Detection Systems (IDS) Firewalls are
  starting to be smarter about the connections
  that they see, and now can keep track of strange
  activity to decide if the connection should be
  terminated and administrators notified.

6
Firewalls - Types

• In general, there are two types of firewalls
• Application or Proxy Firewall
• This firewall runs on top of a standard operating
  system (although typically secured in some ways)
  and intercepts all traffic. If the firewall is
  running a special proxy or application to handle
  the traffic, the service will decide if the
  traffic should be permitted. If the service
  permits the traffic, it is sent through to the
  destination. In many cases, a user may first
  authenticate to the proxy, and then have to
  authenticate to the internal machine as well.
• If no proxy is running for the service, the
  service decides that the connection should not be
  allowed, or if the user is unable to authenticate
  to the proxy, than the connection is refused by
  the firewall.

7
Firewalls - Types

• Application or Proxy - Examples
• Web Proxy Many companies use web proxies for
  users to connect to the internet. Many proxies
  also cache, to reduce some of the load on the
  network connection. The browser will make the
  connection to the proxy, which will make the
  connection to the web site on behalf of the user.
  If successful, the information is returned to
  the user.

8
Firewalls - Types

• Application or Proxy - Examples
• Telnet Proxy A telnet proxy may behave in
  different manners, depending on which direction
  you come from. If the connection is coming from
  the internal machines, it may be passed silently
  to the remote host. However, if the connection
  originates from outside of the firewall, it may
  be stopped by the firewall, and the user may need
  to perform additional authentication before being
  able to connect to the internal machine.

9
Firewalls - Types

• The other type is
• Packet Filtering or Network Level Firewalls
• These firewalls are almost (or are) completely
  transparent to the users. They will analyze the
  source and destination addresses, as well as the
  source and destination ports for each packet. If
  the packet, according to the rules defined, is
  allowed to pass, it is passed silently. If not,
  it is simply dropped and does not make it
  through.
• Although typically built upon standard operating
  systems as well, these types of firewalls are
  also useful to build into dedicated network
  devices, such as routers or switches.

10
Firewalls - Types

• Network Level - Examples
• Router Blocks - The most basic example are router
  blocks. Routers obviously do not allow proxies
  to be run, and are limited to looking at the
  packet information to decide if a packet should
  be allowed to pass. These are quite trivial, but
  also very useful for many applications. Routers
  are excellent at blocking spoofed internal
  packets at the edge of a network, and any types
  of traffic that should definitely always be
  blocked.

11
Firewalls - Types

• Network Level - Examples
• Commercial Firewalls To distinguish these in
  general, from router level blocks, these
  firewalls are typically much more advanced. They
  look at packet information, but also in many
  cases, will look at the packet contents as well.
  Many firewalls allow access control at the point
  of controlling if files can be read or written
  via an FTP connection.

12
Firewalls - Types

• And the third type.. (third type?)
• Hybrids
• Many firewalls do not explicitly fall within
  either category, rather they have proxies for
  some types of traffic, and allow packet filtering
  for other types. Many people prefer this type of
  system as it has the most flexibility to fit
  emerging protocols, while still allowing the fine
  grained control that a proxy provides.

13
Firewalls - Pro/Con

• Application Firewalls
• Pros
• The proxies allow for a very fine level of
  control over any connection, and content within
  the connection.
• Typically simple (relatively) to setup and
  maintain.
• Cons
• Any new protocol to be supported must have a
  proxy written for it.
• Running the proxy for each connection incurs
  additional overhead, and can slow down network
  access.
• Can have difficulty with UDP traffic and
  UDP-based protocols.

14
Firewalls - Pro/Con

• Network Level Firewalls
• Pros
• In many cases, the firewall is transparent to the
  end users.
• The system can be very quick, since no additional
  programs must be executed.
• Network level firewalls can be embedded into
  networking equipment to give more advanced (above
  router blocks) filtering.
• Cons
• The granularity of control is coarser.

15
Firewalls - Pro/Con

• Hybrid
• The pros and cons of a Hybrid firewall really
  depend on what has been added or changed from
  each basic type of system. Some attributes from
  each system help to cancel out some of the Cons
  for the other type.

16
Firewalls - Basic Configuration

• In general, firewalls are configured in one of
  two ways
• Deny everything that is not expressly permitted.
• Traditional application firewalls fall into this
  category. Services with proxies running would be
  handled, while everything else is dropped.
• Permit everything that is not expressly denied.
• This would be the protection gained from basic
  router-type blocks.
• These types are obviously fundamentally
  different, with the first being generally more
  secure.