FIREWALL AND NETWROK SECURITY

http://www.mobrien.com/firewall_r.html

What is a firewall?

Firewall: Heretofore wall designed to prevent the

spread of fire through a building. In tech-speak and
compuer science, a firewall is any one or a blend of
security schemes that prevent unauthorized users from
gaining access to a computer network or that monitor
transfers of information to and from the network. In
other words, a system or combination of systems that
enforces a boundary between two or more networks. 

Network-Level Firewall

 A firewall in which traffic is examined at the network protocol packet level.

Personal firewall is a technology that helps prevent intruders from accessing data on your
PC via the Internet or another network by keeping unauthorized data from entering or
exiting your system. 

Firewalls for the Lay Person

Firewalls can block malicious attacks and protect your computer from outside threats. A
firewall can prevent an unauthorized user from accessing your PC, either from the Internet
or from within your local network. It blocks some Trojan programs and many hostile
applications that seek to take over your computer. New packages aimed at home users and
small businesses are inexpensive and require little setup on your part. 

When you're connected to the Internet, you're sending and receiving information in small
units called packets. A packet contains the addresses of the sender and the recipient along
with a piece of data, a request, a command, or almost anything having to do with your
connection to the Internet. 

As with any mail, not every parcel that arrives at your computer is something you want to
open. A firewall examines each data packet sent to or from your computer to see if it meets
certain criteria. It then either passes or blocks the packet. The criteria a firewall uses for
passing packets along depends on the kind of firewall you use. The most common type
you'll find for home and small business use is called an application gateway firewall, or
proxy, which acts like a security guard.

Anything you send or receive stops first at the firewall, which filters packets based on IP
addresses [Internet protocol that identifies each and every computer specifically] and
content, as well as the specific functions of an application. For instance, if you're running an
FTP [File Transfer Protocol] program, or using the more advanced browsers with built-in FTP
(you maybe didn't even know) the proxy could permit file uploads while blocking other FTP
functions, such as viewing or deleting files. 

You can also set the firewall to ignore all traffic for FTP services but allow all packets
generated during Web browsing. 

Other types of firewalls include packet filters, which examine every packet for an approved
IP address; circuit-level firewalls, which allow communication only with approved computers
and Internet service providers; and the newest type, stateful inspection firewalls, which
note the configuration of approved packets and then pass or block traffic based on those
characteristics. Packet-filter, circuit-level, and stateful inspection firewalls are mostly found
in corporate network setups. They require major upkeep, so they aren't suitable for most
smaller companies and home users.

http://broadcast.rackspace.com/downloads/pdfs/FirewallOverview.pdf http://broadcast.rackspace.com/
downloads/pdfs/FirewallOverview.pdf

Network Security - Firewalls

Securing Your Network from Malicious Activity

At Rackspace, we are committed to ensuring the security of your hosted solution. You store
valuable and confidential information on our equipment, so we offer a number of services to
guarantee that it stays secure. With highly qualified security engineers maintaining our network,
outstanding Cisco firewalls, our Firewall Control Panel, Intrusion Detection Systems and our 1-
Hour Hardware Replacement Guarantee, you are assured that Rackspace can provide you with

the security that you need.

No matter what level of security you require, a dedicated firewall is an important first step in securing your
hosted environment.

How It Works

A dedicated firewall acts as a protective barrier to keep destructive forces away from your
mission-critical data. A Rackspace Security Engineer assists you with making sure the rules you

need applied to our network aWhat is a Firewall Incapable of Doing?

Firewalls are incapable of determining whether network content has a harmful purpose.
Frequently they are unable to safeguard against attacks from within (although they may log
the activity on the network, if the culprit utilizes the internet connection to commit the
offense). If a connection does not pass through the firewall, it cannot be protected by it. To
put it another way, should a person link up to the Internet via a computer modem and
phone, the network firewall is unable to offer them any safeguard. Firewalls offer minimal
safeguarding from attacks which are not already identified, and basic firewalls furnish
inadequate security from contact with online viruses.

Authentication of a network user

All that user authentication implies is a means of establishing as valid or verifying the
claimed identity. Usernames and passwords furnish this verification, however this is not
very powerful user authentication. If a connection is not private, like an Internet hook-up
that lacks encryption, usernames and passwords may be duplicated and replayed. Strength
in terms of user authentication necessitates the utilization of encryption, like SSL
certificates. These certificates stop 'replay attacks' from occurring, for instance when a
username and password are obtained and 'replayed' for purposes of admittance or
accessibility.

Firewall-to-firewall encryption

Virtual Private Network, or VPN, is the term most often used for an encrypted connection.
Privacy is achieved by using encoded inputs. Of course, it isn't really private. The private
communication is carried by a public network such as the Internet. VPNs were in use before
firewalls, but as the technology has grown, VPNs have come into play more. A VPN option is
expected by most people when dealing with a firewall vendor.

Other firewall functions:

 Firewalls are more and more being used to screen content. Some firewalls also now
scan for viruses. If you use a firewall for virus scanning, it can slow down your
performance, though. You have to scan for viruses all the time, because each
desktop is different and sometimes the firewall can't always protect you from
everything that you do. Especially when it comes to any removable disks.
 URL Screening: Firewall regulated accessibility to the internet as well as content
filtering of both files and messages appears to be a practical extension of a firewall.
 The drawback of utilizing a firewall for URL or content filtering is minimized
performance.
 To restrict the size of network space that any single user can occupy, or restrict the
amount of the network's bandwidth that may be utilized for given purposes.

re safe ones while still accomplishing your business need of

supplying public access to desired data. However, you establish and are the sole owner of the set
of rules that defines unwanted traffic. Based on this set of rules, information that is sent to your
server is inspected and then filtered (fig.1).

Additional Options
In addition to filtering traffic, our dedicated firewalls allow for a more secured form of
communication with the implementation of a Virtual Private
Network (VPN). A VPN encrypts all information between designated hosts and your Rackspace
environment. This is a useful tool for securely
extending your network across mobile users, business partners and corporate networks
worldwide.
Why a Dedicated Firewall?
Unlike shared firewall devices that leave the possibility of unauthorized access by any other
customer sharing the same firewall, a dedicated firewall
provides protection exclusively to your server, and ultimately, a greater level of security.*
Additional options such as a VPN or a DMZ are not
available with a shared firewall.
Although a software firewall has its place, it does not offer the same level of security as a
dedicated firewall. Because setting up a software firewall
can be tedious and complicated, a high level of user error is common and can create issues such
as server shut-down, user lockout and system
vulnerability. These situations are avoidable with a Rackspace dedicated firewall.

http://www.acm.org/crossroads/xrds2-1/security.html

Network Security, Filters and Firewalls

by Darren Bolding
This article is a general introduction to network security issues and solutions in the
Internet; emphasis is placed on route filters and firewalls. It is not intended as a guide
to setting up a secure network; its purpose is merely as an overview. Some knowledge
of IP networking is assumed, although not crucial.

In the last decade, the number of computers in use has exploded. For
quite some time now, computers have been a crucial element in how we
entertain and educate ourselves, and most importantly, how we do
business. It seems obvious in retrospect that a natural result of the
explosive growth in computer use would be an even more explosive
(although delayed) growth in the desire and need for computers to talk
with each other. The growth of this industry has been driven by two
separate forces which until recently have had different goals and end
products. The first factor has been research interests and laboratories;
these groups have always needed to share files, email and other information across
wide areas. The research labs developed several protocols and methods for this data
transfer, most notably TCP/IP. Business interests are the second factor in network
growth. For quite some time, businesses were primarily interested in sharing data
within an office or campus environment, this led to the development of various
protocols suited specifically to this task.
Within the last five years, businesses have begun to need to share data across wide
areas. This has prompted efforts to convert principally LAN-based protocols into
WAN-friendly protocols. The result has spawned an entire industry of consultants
who know how to manipulate routers, gateways and networks to force principally
broadcast protocols across point-to-point links (two very different methods of
transmitting packets across networks). Recently (within the last 2 or 3 years) more and
more companies have realized that they need to settle on a common networking
protocol. Frequently the protocol of choice has been TCP/IP, which is also the
primary protocol run on the Internet. The emerging ubiquitousness of TCP/IP allows
companies to interconnect with each other via private networks as well as through
public networks.

This is a very rosy picture: businesses, governments and individuals communicating

with each other across the world. While reality is rapidly approaching this utopian
picture, several relatively minor issues have changed status from low priority to
extreme importance. Security is probably the most well known of these problems.
When businesses send private information across the net, they place a high value on it
getting to its destination intact and without being intercepted by someone other than
the intended recipient. Individuals sending private communications obviously desire
secure communications. Finally, connecting a system to a network can open the
system itself up to attacks. If a system is compromised, the risk of data loss is high.

It can be useful to break network security into two general classes:

 methods used to secure data as it transits a network

 methods which regulate what packets may transit the network

While both significantly effect the traffic going to and from a site, their objectives are
quite different.

Transit Security

Currently, there are no systems in wide use that will keep data secure as it transits a
public network. Several methods are available to encrypt traffic between a few
coordinated sites. Unfortunately, none of the current solutions scale particularly well.
Two general approaches dominate this area:

Virtual Private Networks: This is the concept of creating a private network by using

TCP/IP to provide the lower levels of a second TCP/IP stack. This can be a confusing
concept, and is best understood by comparing it to the way TCP/IP is normally
implemented. In a nutshell, IP traffic is sent across various forms of physical
networks. Each system that connects to the physical network implements a standard
for sending IP messages across that link. Standards for IP transmission across various
types of links exist, the most common are for Ethernet and Point to Point links (PPP
and SLIP). Once an IP packet is received, it is passed up to higher layers of the
TCP/IP stack as appropriate (UDP, TCP and eventually the application). When a
virtual private network is implemented, the lowest levels of the TCP/IP protocol are
implemented using an existing TCP/IP connection. There are a number of ways to
accomplish this which tradeoff between abstraction and efficiency. The advantage this
gives you in terms of secure data transfer is only a single step further away. Because a
VPN gives you complete control over the physical layer, it is entirely within the
network designers power to encrypt the connection at the physical (virtual) layer. By
doing this, all traffic of any sort over the VPN will be encrypted, whether it be at the
application layer (such as Mail or News) or at the lowest layers of the stack (IP,
ICMP). The primary advantages of VPNs are: they allow private address space (you
can have more machines on a network), and they allow the packet
encryption/translation overhead to be done on dedicated systems, decreasing the load
placed on production machines.

Packet Level Encryption: Another approach is to encrypt traffic at a higher layer in

the TCP/IP stack. Several methods exist for the secure authentication and encryption
of telnet and rlogin sessions (Kerberos, S/Key and DESlogin) which are examples of
encryption at the highest level of the stack (the application layer). The advantages to
encrypting traffic at the higher layer are that the processor overhead of dealing with a
VPN is eliminated, inter-operability with current applications is not affected, and it is
much easier to compile a client program that supports application layer encryption
than to build a VPN. It is possible to encrypt traffic at essentially any of the layers in
the IP stack. Particularly promising is encryption that is done at the TCP level which
provides fairly transparent encryption to most network applications.

It is important to note that both of these methods can have performance impacts on the
hosts that implement the protocols, and on the networks which connect those hosts.
The relatively simple act of encapsulating or converting a packet into a new form
requires CPU-time and uses additional network capacity. Encryption can be a very
CPU-intensive process and encrypted packets may need to be padded to uniform
length to guarantee the robustness of some algorithms. Further, both methods have
impacts on other areas (security related and otherwise- such as address allocation,
fault tolerance and load balancing) that need to be considered before any choice is
made as to which is best for a particular case.
Traffic Regulation

The most common form of network security on the Internet today is to closely
regulate which types of packets can move between networks. If a packet which may
do something malicious to a remote host never gets there, the remote host will be
unaffected. Traffic regulation provides this screen between hosts and remote sites.
This typically happens at three basic areas of the network: routers, firewalls and hosts.
Each provides similar service at different points in the network. In fact the line
between them is somewhat ill-defined and arbitrary. In this article, I will use the
following definitions:

Router traffic regulation: Any traffic regulation that occurs on a router or terminal

server (hosts whose primary purpose is to forward the packets of other hosts) and is
based on packet characteristics. This does not include application gateways but does
include address translation.

Firewall traffic regulation: Traffic regulation or filtering that is performed via

application gateways or proxies.

Host traffic regulation: Traffic regulation that is performed at the destination of a

packet. Hosts are playing a smaller and smaller role in traffic regulation with the
advent of filtering routers and firewalls.

Filters and access lists

Regulating which packets can go between two sites is a fairly simple concept on the
surface- it shouldn't be and isn't difficult for any router or firewall to decide simply
not to forward all packets from a particular site. Unfortunately, the reason most people
connect to the Internet is so that they may exchange packets with remote sites.
Developing a plan that allows the right packets through at the right time and denies
the malicious packets is a thorny task which is far beyond this article's scope. A few
basic techniques are worth discussing, however.

 Restricting access in, but not out: Almost all packets (besides those at the
lowest levels which deal with network reachability) are sent to destination
sockets of either UDP or TCP. Typically, packets from remote hosts will
attempt to reach one of what are known as the well known ports. These ports
are monitored by applications which provide services such as Mail Transfer
and Delivery, Usenet News, the time, Domain Name Service, and various login
protocols. It is trivial for modern routers or firewalls only to allow these types
 of packets through to the specific machine that provides a given service.
Attempts to send any other type of packet will not be forwarded. This protects
the internal hosts, but still allows all packets to get out. Unfortunately this
isn't the panacea that it might seem.
 The problem of returning packets: Let's pretend that you don't want to let
remote users log into your systems unless they use a secure, encrypting
application such as S/Key. However, you are willing to allow your users to
attempt to connect to remote sites with telnet or ftp. At first glance, this looks
simple: you merely restrict remote connections to one type of packet and
allow any type of outgoing connection. Unfortunately, due to the nature of
interactive protocols, they must negotiate a unique port number to use once a
connection is established. If they didn't, at any given time, there could only be
one of each type of interactive session between any given two machines. This
results in a dilemma: all of a sudden, a remote site is going to try to send
packets destined for a seemingly random port. Normally, these packets would
be dropped. However, modern routers and firewalls now support the ability to
dynamically open a small window for these packets to pass through if packets
have been recently transmitted from an internal host to the external host on
the same port. This allows connections that are initiated internally to connect,
yet still denies external connection attempts unless they are desired.
 Dynamic route filters: A relatively recent technique is the ability to
dynamically add entire sets of route filters for a remote site when a particular
set of circumstances occur. With these techniques, it is possible to have a
router automatically detect suspicious activity (such as ISS or SATAN) and deny
a machine or entire site access for a short time. In many cases this will thwart
any sort of automated attack on a site.

Filters and access lists are typically placed on all three types of systems, although they
are most common on routers.

Address Translation: Another advancement has been to have a router modify

outgoing packets to contain their own IP number. This prevents an external site from
knowing any information about the internal network, it also allows for certain tricks to
be played which provide for a tremendous number of additional internal hosts with a
small allocated address space. The router maintains a table which maps an external IP
number and socket with an internal number and socket. Whenever an internal packet
is destined for the outside, it is simply forwarded with the routers IP number in the
source field of the IP header. When an external packet arrives, it is analyzed for its
destination port and re-mapped before it is sent on to the internal host. The procedure
does have its pitfalls; checksums have to be recalculated because they are based in
part on IP numbers, and some upper layer protocols encode/depend on the IP number.
These protocols will not work through simple address translation routers.

Application gateways and proxies: The primary difference between firewalls and
routers is that firewalls actually run applications. These applications frequently
include mail daemons, ftp servers and web servers. Firewalls also usually run what are
known as application gateways or proxies. These are best described as programs
which understand a protocol's syntax, but do not implement any of the functionality of
the protocol. Rather, after verifying that a message from an external site is
appropriate, they send the message on to the real daemon which processes the data.
This provides security for those applications that are particularly susceptible to
interactive attacks. One advantage of using a firewall for these services is that it
makes it very easy to monitor all activity, and very easy to quickly control what gets
in and out of a network.

Conclusion

There are two basic types of network security, transit security and traffic regulation,
which when combined can help guarantee that the right information is securely
delivered to the right place. It should be apparent that there is also a need for ensuring
that the hosts that receive the information will properly process it, this raises the entire
specter of host security: a wide area which varies tremendously for each type of
system. With the growth in business use of the Internet, network security is rapidly
becoming crucial to the development of the Internet. Soon, security will be an integral
part of our day to day use of the Internet and other networks.

http://www.planetmagpie.com/networksupport/networksecurity.aspx

Network Security: Firewall Configuration, Perimeter Security

The truth is, serious network problems don't happen often. But when they do, everything stops. Sometimes it's not
preventable (e.g. a disaster occurs). Sometimes it is. Hacking attempts, spammers, self-reproducing viruses…you
can minimize the risk of all these with proper network security.

Modern security practices recommend two primary elements of protection: a firewall regulating traffic in and out, and
perimeter security guarding the gates.
Network Firewalls – Work Safely
What is a Firewall?
A firewall is a software- or hardware-based barrier against unauthorized access to your network. Firewalls inspect all
the traffic going through them. "Legitimate" traffic is let through, while "malicious" traffic is rejected. Firewalls use a
set of rules to distinguish what's legitimate and what's malicious. 

If your company is online, you need a firewall. Hopefully you already have one. But is it properly configured? Firewalls
are like castle moats – people can get across if there are shallow spots.

Tips on Configuring a Firewall that Works

 Set firewalls to monitor incoming AND outgoing packets. If malware sneaks onto one computer, it can
send information outside the network and make it appear harmless.
 Opt for a hardware firewall, such as Cisco. Hardware firewalls are more powerful, and give you more
control over protecting your Web traffic than a software-based firewall.
 If Spam Protection is available on your firewall, enable it. Spam firewalls are proving popular in keeping
the nastier emails out (viruses, botnets).
 Standardize all wireless connections on WPA. Not only does the WPA Protocol have better security than
WEP, but this way you can recognize (and block) if someone else tries to break in using WEP or an
unencrypted connection.

Because we work with several hardware & software vendors, PlanetMagpie isn't locked into one choice of firewall.
Our recommendations are based on your existing network environment, and what level of firewall protection you
need.

Perimeter Security – Guard Your Network from Invaders

Money losses from lack of security include identity theft , information theft, lost business from server/network crashes,
lost productivity from slowdowns due to viruses/malware/etc.

Every company has a network perimeter – where their network ends and the Internet begins. Thanks to wireless and
VPN technology, this boundary can seem fuzzy. If its security is fuzzy though, you risk losing money, productivity and
confidential data.

Lack of perimeter security poses a lot of dangers. These are just a few reasons to be concerned:

 If you make a software product (applications, scripts), it could be stolen.

 Your computers could be taken over and turned into "zombies" (computers used to send out spam and
viruses automatically)
 Your website or intranet, if hosted locally, could be removed or replaced.
 Your SQL databases could suffer an injection attack, causing data loss and/or severe security compromises.
 Do any employees work remotely? Your VPN connections are at risk for hacking.
 Losses from lack of security include identity theft, data loss, lost business from server/network crashes, &
lost productivity from slowdowns caused by virus/malware infections.
http://ezinearticles.com/?Network-Security---Firewalls&id=2085485

What Does a Firewall Do?

Firewalls are absolutely vital for keeping network security in force. The firewall stops and
controls the traffic that comes between your network and the different sites you go to. A
firewall is an integral part of a company's network protection, and it acts to keep in force
the network security policy. It can log inter-network activity with efficiency. It can also
reduce a network's vulnerability. Whenever an organization is connected to the Internet but
is not using a firewall, any host on the network has direct access to all resources on the
internet. If you don't have a firewall, every host online can attack every host in your
network.

What is a Firewall Incapable of Doing?

Firewalls are incapable of determining whether network content has a harmful purpose.
Frequently they are unable to safeguard against attacks from within (although they may log
the activity on the network, if the culprit utilizes the internet connection to commit the
offense). If a connection does not pass through the firewall, it cannot be protected by it. To
put it another way, should a person link up to the Internet via a computer modem and
phone, the network firewall is unable to offer them any safeguard. Firewalls offer minimal
safeguarding from attacks which are not already identified, and basic firewalls furnish
inadequate security from contact with online viruses.

Authentication of a network user

All that user authentication implies is a means of establishing as valid or verifying the
claimed identity. Usernames and passwords furnish this verification, however this is not
very powerful user authentication. If a connection is not private, like an Internet hook-up
that lacks encryption, usernames and passwords may be duplicated and replayed. Strength
in terms of user authentication necessitates the utilization of encryption, like SSL
certificates. These certificates stop 'replay attacks' from occurring, for instance when a
username and password are obtained and 'replayed' for purposes of admittance or
accessibility.

Firewall-to-firewall encryption

Virtual Private Network, or VPN, is the term most often used for an encrypted connection.
Privacy is achieved by using encoded inputs. Of course, it isn't really private. The private
communication is carried by a public network such as the Internet. VPNs were in use before
firewalls, but as the technology has grown, VPNs have come into play more. A VPN option is
expected by most people when dealing with a firewall vendor.
Other firewall functions:

 Firewalls are more and more being used to screen content. Some firewalls also now
scan for viruses. If you use a firewall for virus scanning, it can slow down your
performance, though. You have to scan for viruses all the time, because each
desktop is different and sometimes the firewall can't always protect you from
everything that you do. Especially when it comes to any removable disks.
 URL Screening: Firewall regulated accessibility to the internet as well as content
filtering of both files and messages appears to be a practical extension of a firewall.
The drawback of utilizing a firewall for URL or content filtering is minimized
performance.
 To restrict the size of network space that any single user can occupy, or restrict the
amount of the network's bandwidth that may be utilized for given purposes.