Application Level Gateway Information Technology Essay

Application Level Gateway Information Technology Essay This document provides a clear overview of the function of network firewalls in an organization and the authentication methods that they support. The reason why a firewall is needed is given and the benefits and drawbacks of using a firewall, the components of other devices that could be used in place of firewalls are introduced along with the purpose of using them. Finally typical activities are described along with implementation of the firewalls. INTRODUCTION. With the rapid development of the world, the business, marketing, science, engineering even writers and astrologists are intend to use the technology. Therefore we could say that the technology has become the main media among all these fields. YES its true that is quite easy to work with when you get familiar with it. But still we got to know that there are plenty of sand traps in the technology. By the end of this document we will find out few of them and also we will be able to get an in detailed expanded knowledge about them. As we talked earlier, in every field the main media or the attribute is technology. Most of these fields use technology to gather, store, maintain and develop their data. At this point this technology they use become more critical as these data is so much important for the relative company or the organisation. As the world runs faster and its businesses run faster, people have become so much competitive. So it is so important to protect their own data among themselves to compete stronger. So that these organisations aim a secured system for their organisation. In this case FIREWALE plays a major rall. In order to prevent or secure their own data from the outside world, they define their own network that they call a secured network. But networks cannot be simply defined as secured or unsecured. Some organisations store their valuable data in a database and they prevent outsiders from accessing their data or computers from the outside networks. At the same time some organisations need to make information or data available outsiders. But they have some conditions or set of rules. For example these outsiders cannot edit or modify these data. They only can read. We call this READ/WRITE permission. These networks allowed arbitrary access to its data and they use some sort of a mechanism to prevent the original data. This mechanism we call FIREWALE. We all know that with the widespread of the internet along with the World Wide Web (WWW), electronic mail, telnet and file transfer protocol (FTP) each and every person in every corner of the world got the opportunity to communicate with one another in a flash. Sometimes these commutation needs protection. To provide this required protection we use FIREWALES. Since the internet is inherently an insecure network it is so much useful to utilize this kind of method. Sometimes some organisations use their own customised methods since they have their own unique networks. But still the functionalities are the same. BASIC FIREWALL OPERATION and how it works? Figure 1.0 Source: http://www.irislogic.com/Firewall_WP.pdf FIREWALL is a system or a device that enforces a unique access control policy between networks as well as it monitors all data transmission internally and externally of a network. But the main purpose is to keep track of other unauthorized accesses. Also we can limit communication by the direction of the flow, IP address as well as ports. But if we have the access to the firewall, we can simply configure it and enable whatever ports, protocols and computers we want. Also FIREWALLs helps to control the flow of data. For example, it can control the traffic of the TCP layer. So that we can manage the usage of data as well. We can easily set a certain criteria in a firewall. Then it allows all that level of traffic only through the gate or it may deny all traffic unless it meets certain criteria. FIREWALL ARCHITECTURE Firewalls are helping in many ways to structure and protect our network system by introducing the firewall architecture. Basically there are three types of Firewalls Arictectures. Application layer firewalls Dual-Homed Host Figure 1.1 Source: http://www.interhack.net/pubs/fwfaq/firewalls-faq.html Systems with more than one network interface without functioning as routers. In other words where the interface that connected to logically and physically separate network segments. Ex: Application layer firewall. Network layer firewalls Screened Host Figure1.2 Source: http://www.interhack.net/pubs/fwfaq/firewalls-faq.html In screened host architecture, there is no boundary net, no interior router, and often no bastion host. Obviously, there is a host that the outside world talks to, but this host is often not dedicated exclusively to that task. What you have instead is a single router and a services host that provides Internet services to internal and external clients. Ex; Network layer firewalls Screened Subnet Figure 1.3 Source: http://www.interhack.net/pubs/fwfaq/firewalls-faq.html Screen Subnet is a variation of the dual-homed gateway and screened host firewalls. If we want to locate each components separately in a firewall this function plays a big role. When we locate each component of the firewall on a separate system it makes us a greater output and flexibility and it helps to reduce the cost. But, each component of the firewall needs to implement only a specific task, making the systems less complex to configure. Ex: Network layer firewall. Source: http://www.vtcif.telstra.com.au/pub/docs/security/800-10/node58.html BASIC TYPES OF FIREWALL Conceptually, there are two types of firewalls: 1. Network layer 2. Application layer Network Layer Firewalls Basically the external devices of a computer situated between the network and the cable or the modems. Ex: Routers. Figure 1.4 Source: http://www.irislogic.com/Firewall_WP.pdf Application Layer Firewalls Basically the internal components of a computer system. Ex: softwares. Figure 1.5 Source: http://www.irislogic.com/Firewall_WP.pdf BASIC FIREWALL DESIGN DECISIONS When implementing an internet firewall, there are numerous decisions that must be addressed by the Network Administrator. 1. The stance of the firewall This decision reflects the policy of how your company or organization wants to operate the system. It may take one of two completely opposed stances: Everything not specifically permitted is denied firewall should block all traffic, and that each desired service or application should be implemented on a case-by-case basis. This is the recommended approach. Since this creates a very secure environment. But some could say this limits the number of options. Everything not specifically denied is permitted firewall should forward all traffic, and that each potentially harmful service should be shut off on a case-by-case basis. This is more complex than the previous. 2. The overall security policy of the organization The security policy must be based on a carefully conducted security analysis, risk assessment, and business needs analysis. If an organization does not have a detailed security policy, the most carefully expertise firewall can be avoided to expose the entire private network to attack. 3. The financial cost of the firewall That depends on the financial stability of the organization. How much can they afford for the security? A commercial firewall system provides increased security but may highly cost, depending on its complexity and the number of systems protected. If an organization has the in-house expertise, a home-developed firewall can be constructed from public domain software, but there are still costs in terms of the time to develop and deploy the firewall system. Finally, all firewalls require continuing support for administration, general maintenance, software updates, security patches, and incident handling. Source: http://www.itmweb.com/essay534.htm#Introduction COMPONENTS OF THE FIREWALL SYSTEM Packet filtering Circuit gateways Application level proxy Stateful packet inspection Internet connection firewall Hybrid firewall PACKET FILTERING FIREWALL Figure 1.6 A packet filtering firewall works on the network layer of the ISO protocol and this examine the information contained in the header of a packet which includes the source address and the destination address and the application it has to be sent. It is important to know that these types of FIREWALLs only examine the header information. If some corrupted or unwanted data sent from a trusted source, then this type of firewall is no good. Because when a packet passes the gate or the filtering process, it is always passed on to the destination. Therefore we could say that these types of firewalls are so much vulnerable to IP spoofing. In other words, a hacker can make his transmission to the private LAN easily and gain the access. ADVANTAGES OF PACKET FILTERS 1. Easy to install 2. Supports High Speed 3. Makes Security Transparent to End-Users DISADVANTAGES OF PACKET FILTERS 1. Leaves Data Susceptible to Exposure 2. Offers Little Flexibility 3. Offers No User-based Authentication 4. Maintains no state related to communication Source: http://www.cse.iitk.ac.in/research/mtech1997/9711107/node14.html CIRCUIT LEVEL GATEWAY Figure 1.7 Circuit gateway firewalls work on the transport level of the protocol. These firewalls are fast and transparent, but no protection from attacks. Same as the previous Packet filtering firewall, circuit gateway firewalls do not check the actual data in a packet. But surprisingly this can hide the LAN behind it to the outsiders. In other words, this makes the LAN behind the firewall invisible. ADVANTAGES OF CIRCUIT LEVEL GATEWAYS 1. Less impact on network performance 2. Breaks direct connection between the untrusted host and trusted client 3. Higher level security than the static and dynamic filter. DISADVANTAGES OF CIRCUIT LEVEL GATEWAYS 1. Lack of application protocol checking. 2. Low to moderate security level. APPLICATION LEVEL GATEWAY (OR PROXY SERVER) Figure 1.8 Source: http://www.irislogic.com/Firewall_WP.pdf This is the slowest and most awkward firewall is the Application level proxy. As it says, this works on the application level of the protocol stack. Since it operates on the application layer, this can act more wisely and perform the job more intelligently than packet filtering and circuit gateway firewalls. These firewalls are more suitable for enterprise firewalls rather than home use. Application level proxy determines so many useful things such as, if the connection requested is permitted, what application their computer will be used and what are permitted to use at this stage. Not only that but also this firewall protects internal computers from outside sources by hiding them from external viewing. Therefore outside viewers has to conduct all communications via the internal proxy server. That is why this method exceeds the average computer use and not much suitable for home use. ADVANTAGES OF APPLICATION LEVEL GATEWAYS 1. The firewall verifies that the application data is of a format that is expected and can filter out any known security holes. 2. Can allow certain commands to the server but not others, limit file access and authenticate users, as well as perform regular packet filtering duties. 3. Fine-grained control of connections is possible, including filtering based on the user who originated the connection and the commands or operations that will be executed. It can provide detailed logs of all traffic and monitor events on the Host system. 4. The firewall can be set up to trigger real time alarms when it detects events that are regarded as potentially suspicious or hostile. DISADVANTAGES OF APPLICATION LEVEL GATEWAYS 1. Loss of transparency to applications and slower response time. 2. Each application requires a unique program or proxy, making the process resource intensive. Source: http://www.dslreports.com/faq/3065 STATEFUL MULTILAYER INSPECTION FIREWALL Figure1 .8 Source: http://www.irislogic.com/Firewall_WP.pdf Stateful packet inspection examines the state of the communication. This ensures that the stated destination has already acknowledged the communication from the source. So that all the source computers become known and trusted sources to the receiving computer. In addition to that, this firewall closes all ports until it gets authorized and acknowledged by the receiving computer. So that this gives more protection from outside hackers. ADVANTAGES OF SMI FIREWALL 1. Offer a high level of security control by enforcing security policies at the Application socket or port layer as well as the protocol and address level. 2. Typically offer good performance 3. Offering transparency to end user Ensure that all packets must be a port of an authorizes communication session DISADVANTAGES OF SMI FIREWALL 1. It is more expensive than the other firewalls. That means it required to purchase additional hardware software. 2. More Complex than the others Source: http://www.scribd.com/doc/7627655/Internet-Firewalls INTERNET CONNECTION FIREWALL http://i.msdn.microsoft.com/Aa366124.icsicf01(en-us,VS.85).png Internet connection firewall is the new form of security that windows XP provide. This circumvents hackers from scanning the local server or computers by use of packet filtering. This technology can make some holes on the firewall and allow the traffic through to certain ports. The major difference in this firewall is, this provides only inbound protection. In other words, data that travels from the internet to the machine not the data that travels from the machine to internet. HYBRID FIREWALL http://www.networkworld.com/gif/2002/0401TechUpdate.gif Hybrid firewall is a combination of two firewalls that we mentioned before. This was developed using the application gateway and a packet filtering firewall. Generally this firewall is implemented by adding a packet filtering firewall into the application layer to enable a quick access to the internet. But still there could be greater risks from inside network attacks and previously unknown viruses and or attacks. DRAWBACKS USING A FIREWALL Drawbacks of firewalls. As I mentioned before firewalls are playing a major role to avoid unauthorized parties from accessing the private network or computer. Although firewalls are having strength to protect against the attacks but some attacks such as eavesdropping or interception of emailing cannot protect avoided by firewalls. That means firewalls will not provide much protection on each and every attack. So that we could say firewalls have benefits as well as drawbacks too. Here are some drawbacks. Drawbacks of software firewalls. Slow down applications May be heavy on system resources. Difficult to remove. Cannot protect against attacks that do not go through the firewall Cost is high Cannot protect against threats posted by traitors or unwritten users of the system or the network Drawbacks of hardware firewalls. Expensive to purchase. Need of Specialist knowledge Upgrading is difficult. Cost is high BENEFITS USING A FIREWALL As we discussed earlier, firewalls are a kind of filters that we use or add to filter data which pass from and into our network or computer while we using or surfing the internet. This helps to protect private LANs from hostile intrusions from internet Allows network administrators to customise access rights of their network users Helps with the information management Protect private information Manage the filtration level Monitors what information gets in and what gets out More importantly, this protects the network or the computer from harmful viruses, spyware and other malicious programs that can be infected from the internet. Firewall can save important and valuable data Sometimes some programs can simply attack on the whole system and destroy all valued data. In such cases firewall can keep a choke point that can be useful when retrieving the data. This choke point could be a starter to save that whole lot of important data. In other words this choke point could be an alarm point that monitors and alarms about the risk. Firewall can offer a central point of contact for information delivery service to customers IMPLEMENTING THE FIREWALL SYSTEM Determine the access denial methodology to use Start with a gateway that has no traffic and no holes or brick walls in it Determine inbound access policy The NAT router will block all inbound traffic that has no relate to the requested data from the original LAN. To make the LAN more secure, it is required to determine which packet should be allowed into the LAN. This may require a certain criteria Determine the outbound access policy If the user only needs the access to the web, then you may need a high level of security with manually selected sites on each web browser on each machine. But this would defer when using a NAT router with no inbound mapping of traffic from the internet. Then we can allow users to use the internet freely as they wish. Determine of the dial in or dial out policy is required Dial in always requires a secure remote access PPP server outside the firewall. Somehow if a dial-out requires then the dial-out machine should be individually secured to make hostile connections impossible through the dial- out connection. Why buy a firewall product and how After above questions are being answered, then we can decide whether to buy a product or it is ok to implement or configure a product by ourselves. This will always depends on the size or the capacity of the network and the availability of the resources such as expertise and requirements. Alternatives Virus guard Zone alarms Software firewalls Routers Virus guard Virus guard is simply a program which runs in the background of a computer to protect the computer from malicious distrusted programs that can arrived through emails and other file transfer methods. Zone alarm Zone alarm is originally a software firewall which has an inbound intrusion detection system. This also has the ability to control the outbound connection system. Software firewalls Firewalls can be both software and hardware. The ideal firewall consist of both software and hardware firewalls. These firewalls are installed in the computer itself. Therefore these are more popular in individual use. But the downside of this is that, this only protects the computer that it has been installed, not the network that the computer is in. Routers As it sounds routers are used to rout data packets between networks. This device is capable of read the information each packet and direct them to the correct place or correct network where it belongs. Conclusion In this report I would like to