Firewalls & Intrusion
Basically, a firewall is a barrier to keep destructive forces away
from your property. In fact, that's why its called a firewall. Its job
is similar to a physical firewall that keeps a fire from spreading from
one area to the next.
The bottom line is that a Firewall will keep
Hackers/ Intruders out!
If you have been using the Internet for any length of time,
and especially if you work at a larger company and browse the Web while
you are at work, you have probably heard the term "Firewall"
used. For example, you often hear people in companies say things like,
"I can't use that site because they won't let it through the firewall."
What is a firewall? A firewall is a network component that allows
a single point of access between your internal network and "the evil
Internet." Most of the time you only need your network to be connected
to the outside for a very small number of things.
The primary advantage of a firewall is the security officer can concentrate
their efforts on single point of entry rather than hundreds or thousands
of access points.
The primary disadvantage of a firewall (well, not really a disadvantage
but an unfortunate side effect) is the security officer will generally
not spend much time at all on the security of the internal network. Thus
if the firewall is every compromised or another access point is discovered
they are totally open to attack.
Firewalls are usually constructed out of a workstation with two (or more)
interfaces. This can be done with anything from a PC with two ethernet
cards to a dedicated hardware platform designed specifically for firewall
Some examples of services that an internal network might want to share
with the outside world include:
Remote Access (Telnet,
Types of firewalls
There are two main types of firewalls: Filtering
A filtering firewall will decide to forward a packet based on certain
criteria such as source, destination, packet type, originating and destination
port number and others.
For example I can allow anyone on the outside to connect to port 25 so
they can send mail directly to internal machines or port 80 so they can
get data directly off web servers.
This is generally a bad idea since you're giving anyone complete access
to your sendmail daemons and web servers. If there exists any hole in
anything running on port 25 (doesn't even have to be sendmail) then you're
vulnerable and the firewall is useless. A much better idea is to use a
A proxy firewall is one that explicitly acts on behalf of the machine
on either the internal or external net. For example I could run a proxy
mail gateway on my firewall that will pass mail traffic on a message basis
and not have to worry about outsiders directly connecting to my internal
net. The same would go for a proxy web server. Most proxy web server can
also act as a caching server and greatly speed up web connections.
Proxy firewalls also allow much more logging capabilities since the firewall
is the component that is doing the processing of the messages.
Some of the good news about firewalls is that they "scale" fairly
well. That is, if you have more traffic or security concerns than your
firewall can handle, you can throw another firewall at it.
Actually, if you support multiple protocols (or services, as in HTTP,
FTP, SMTP, etc.), you can gain not only performance enhancement, but also
some additional security assurance (isolation of function makes configuration/maintenance
So, if your traffic demands it, separate your services (protocols, or
even specific servers) by type of access -- it's not difficult to configure
your routers to accommodate this type of set-up. And it's more secure
(e.g., easier to understand and maintain; and harder to penetrate) than
trying to funnel all traffic through a single firewall.
Firewalls may be essential, but you must remember that:
Firewalls are re-active
and they generally lag technology (i.e., it takes some time before the
latest protocol is recognized, filtered, and/or proxied by the firewall
Firewalls do not
relieve one of concern for security of internal hosts
Firewalls may give
a false sense of security
Firewalls must be
properly configured, well managed, and intensely monitored
constant monitoring, updating, maintenance, and testing. Configuration
rules can be complex
Intrusion Detection Systems
The threat to networks posed by hackers is growing exponentially.
The reasons - fun, social status, boredom, financial gain and so on -
aren't important. You simply can't have random people accessing your files
at will. You wouldn't buy a house without a front door. The same rational
applies to the network.
A firewall is not enough. All it does is filter incoming and outgoing
traffic based on defined rules. If traffic looks legal, then it passes
through. The firewall has no concept of what suspicious traffic looks
like. Intrusion Detection Systems (IDS) sit on the network or host machines
and check all traffic seen. Comparing the results to a database of attack
signatures in a similar way to AV products, the IDS system can alert and
prevent an attack. Security scanners also use a database of attacks, this
time running the attacks against host machines and generating reports
detailing the vulnerabilities found. Testing tools like this can be difficult,
so we decided to install a fresh copy of Windows NT and IIS, with only
SP6 applied. This leaves the OS open to a fairly large number of flaws
such as the unicode bug for IIS, which allows arbitrary code to be run
on the server.
Layer 4 Solutions, Inc. configures, implements and updates all types of
IDS software from Venders like CHECKPOINT
and SYMANTEC .
Layer 4 Solutions, Inc. provides Hardware and Software solutions that
can make you feel safe when your computer is connected to the Internet.
From 56k Dialup to T3/Fiber Connections, we can give you that "Peace
of Mind" that an Alarm Company gives you when your away from your
house. If your business is big or small remember that Layer 4 Solutions
are Security Experts. We can build, implement and update ALL of your businesses
Firewall & IDS needs!
Contact Layer 4
Solutions for all of your Businesses & Personal Computer Backup needs!