Firewalls & Intrusion Detection Systems

Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.

The bottom line is that a Firewall will keep Hackers/ Intruders out!


If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term "Firewall" used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall."

What is a firewall? A firewall is a network component that allows a single point of access between your internal network and "the evil Internet." Most of the time you only need your network to be connected to the outside for a very small number of things.

The primary advantage of a firewall is the security officer can concentrate their efforts on single point of entry rather than hundreds or thousands of access points.

The primary disadvantage of a firewall (well, not really a disadvantage but an unfortunate side effect) is the security officer will generally not spend much time at all on the security of the internal network. Thus if the firewall is every compromised or another access point is discovered they are totally open to attack.

Firewalls are usually constructed out of a workstation with two (or more) interfaces. This can be done with anything from a PC with two ethernet cards to a dedicated hardware platform designed specifically for firewall applications.

Some examples of services that an internal network might want to share with the outside world include:





Time Service

Remote Access (Telnet, rlogin, etc)

Types of firewalls
There are two main types of firewalls: Filtering and Proxy

Filtering Firewall

A filtering firewall will decide to forward a packet based on certain criteria such as source, destination, packet type, originating and destination port number and others.

For example I can allow anyone on the outside to connect to port 25 so they can send mail directly to internal machines or port 80 so they can get data directly off web servers.

This is generally a bad idea since you're giving anyone complete access to your sendmail daemons and web servers. If there exists any hole in anything running on port 25 (doesn't even have to be sendmail) then you're vulnerable and the firewall is useless. A much better idea is to use a proxy firewall.

Proxy Firewall

A proxy firewall is one that explicitly acts on behalf of the machine on either the internal or external net. For example I could run a proxy mail gateway on my firewall that will pass mail traffic on a message basis and not have to worry about outsiders directly connecting to my internal net. The same would go for a proxy web server. Most proxy web server can also act as a caching server and greatly speed up web connections.

Proxy firewalls also allow much more logging capabilities since the firewall is the component that is doing the processing of the messages.


Some of the good news about firewalls is that they "scale" fairly well. That is, if you have more traffic or security concerns than your firewall can handle, you can throw another firewall at it.

Actually, if you support multiple protocols (or services, as in HTTP, FTP, SMTP, etc.), you can gain not only performance enhancement, but also some additional security assurance (isolation of function makes configuration/maintenance easier).

So, if your traffic demands it, separate your services (protocols, or even specific servers) by type of access -- it's not difficult to configure your routers to accommodate this type of set-up. And it's more secure (e.g., easier to understand and maintain; and harder to penetrate) than trying to funnel all traffic through a single firewall.

Firewalls may be essential, but you must remember that:

Firewalls are re-active and they generally lag technology (i.e., it takes some time before the latest protocol is recognized, filtered, and/or proxied by the firewall

Firewalls do not relieve one of concern for security of internal hosts

Firewalls may give a false sense of security

Firewalls must be properly configured, well managed, and intensely monitored

Firewalls require constant monitoring, updating, maintenance, and testing. Configuration rules can be complex

Intrusion Detection Systems

The threat to networks posed by hackers is growing exponentially. The reasons - fun, social status, boredom, financial gain and so on - aren't important. You simply can't have random people accessing your files at will. You wouldn't buy a house without a front door. The same rational applies to the network.

A firewall is not enough. All it does is filter incoming and outgoing traffic based on defined rules. If traffic looks legal, then it passes through. The firewall has no concept of what suspicious traffic looks like. Intrusion Detection Systems (IDS) sit on the network or host machines and check all traffic seen. Comparing the results to a database of attack signatures in a similar way to AV products, the IDS system can alert and prevent an attack. Security scanners also use a database of attacks, this time running the attacks against host machines and generating reports detailing the vulnerabilities found. Testing tools like this can be difficult, so we decided to install a fresh copy of Windows NT and IIS, with only SP6 applied. This leaves the OS open to a fairly large number of flaws such as the unicode bug for IIS, which allows arbitrary code to be run on the server.

Layer 4 Solutions, Inc. configures, implements and updates all types of IDS software from Venders like CHECKPOINT and SYMANTEC.

Layer 4 Solutions, Inc. provides Hardware and Software solutions that can make you feel safe when your computer is connected to the Internet. From 56k Dialup to T3/Fiber Connections, we can give you that "Peace of Mind" that an Alarm Company gives you when your away from your house. If your business is big or small remember that Layer 4 Solutions are Security Experts. We can build, implement and update ALL of your businesses Firewall & IDS needs!

Contact Layer 4 Solutions for all of your Businesses & Personal Computer Backup needs!