CHAPTERFIREWALLS22.1 The Need for Firewalls22.2 Firewall Characteristics22.3 Types of FirewallsPacket Filtering FirewallStateful Inspection FirewallsApplication-Level GatewayCircuit-Level Gateway22.4 Firewall BasingBastion HostHost-Based FirewallsPersonal Firewall22.5 Firewall Location and ConfigurationsDMZ NetworksVirtual Private NetworksDistributed FirewallsSummary of Firewall Locations and Topologies22.6 Recommended Reading and Web Site22.7 Key Terms, Review Questions, and Problems22-1M23_STAL7044_05_SE_C22.QXD 12/3/09 12:15 PM Page 22-122-2 CHAPTER 22 / FIREWALLSThe function of a strong position is to make the forces holding it practicallyunassailable.—On War, Carl Von ClausewitzOn the day that you take up your command, block the frontier passes, destroy theofficial tallies, and stop the passage of all emissaries.—The Art of War, Sun TzuKEY POINTS◆ A firewall forms a barrier through which the traffic going in each directionmust pass. A firewall security policy dictates which traffic is authorized topass in each direction.◆ A firewall may be designed to operate as a filter at the level of IP packets,or may operate at a higher protocol layer.Firewalls can be an effective means of protecting a local system or network of systemsfrom network-based security threats while at the same time affording access to the out-side world via wide area networks and the Internet.22.1 THE NEED FOR FIREWALLSInformation systems in corporations, government agencies, and other organizationshave undergone a steady evolution. The following are notable developments:• Centralized data processing system, with a central mainframe supporting anumber of directly connected terminals• Local area networks (LANs) interconnecting PCs and terminals to each otherand the mainframe• Premises network, consisting of a number of LANs, interconnecting PCs,servers, and perhaps a mainframe or two• Enterprise-wide network, consisting of multiple, geographically distributedpremises networks interconnected by a private wide area network (WAN)• Internet connectivity, in which the various premises networks all hook into theInternet and may or may not also be connected by a private WANInternet connectivity is no longer optional for organizations. The informationand services available are essential to the organization. Moreover, individual userswithin the organization want and need Internet access, and if this is not provided viatheir LAN, they will use dial-up capability from their PC to an Internet serviceprovider (ISP). However, while Internet access provides benefits to the organization,M23_STAL7044_05_SE_C22.QXD 12/3/09 12:15 PM Page 22-2it enables the outside world to reach and interact with local network assets. Thiscreates a threat to the organization. While it is possible to equip each workstationand server on the premises network with strong security features, such as intrusionprotection, this may not be sufficient and in some cases is not cost-effective. Considera network with hundreds or even thousands of systems, running various operatingsystems, such as different versions of UNIX and Windows. When a security flaw isdiscovered, each potentially affected system must be upgraded to fix that flaw. Thisrequires scaleable configuration management and aggressive patching to functioneffectively. While difficult, this is possible and is necessary if only host-based securityis used. A widely accepted alternative or at least complement to host-based securityservices is the firewall.The firewall is inserted between the premises network and theInternet to establish a controlled link and to erect an outer security wall or perime-ter.The aim of this perimeter is to protect the premises network from Internet-basedattacks and to provide a single choke point where security and auditing can beimposed. The firewall may be a single computer system or a set of two or moresystems that cooperate to perform the firewall function.The firewall, then, provides an additional layer of defense, insulating the inter-nal systems from external networks. This follows the classic military doctrine of“defense in depth,” which is just as applicable to IT security.22.2 FIREWALL CHARACTERISTICS[BELL94b] lists the following design goals for a firewall:1. All traffic from inside to outside, and vice versa, must pass through the firewall.This is achieved by physically blocking all access to the local network exceptvia the firewall. Various configurations are possible, as explained later in thischapter.2. Only authorized traffic, as defined by the local security policy, will be allowed topass. Various types of firewalls are used, which implement various types of secu-rity policies, as explained later in this chapter.3. The firewall itself is immune to penetration.This implies the use of a hardenedsystem with a secured operating system. Trusted computer systems are suitablefor hosting a firewall and often required in government applications.[SMIT97] lists four general techniques that firewalls use to control access andenforce the site’s security policy. Originally, firewalls focused primarily on servicecontrol, but they have since evolved to provide all four:• Service control: Determines the types of Internet services that can beaccessed, inbound or outbound. The firewall may filter traffic on the basis ofIP address, protocol, or port number; may provide proxy software that receivesand interprets each service request before passing it on; or may host the serversoftware itself, such as a Web or mail service.• Direction control: Determines the direction in which particular servicerequests may be initiated and allowed to flow through the firewall.22.2 / FIREWALL CHARACTERISTICS 22-3M23_STAL7044_05_SE_C22.QXD 12/3/09 12:15 PM Page 22-322-4 CHAPTER 22 / FIREWALLS• User control: Controls access to a service according to which user is attempt-ing to access it. This feature is typically applied to users inside the firewallperimeter (local users). It may also be applied to incoming traffic from exter-nal users; the latter requires some form of secure authentication technology,such as is provided in IPsec (Chapter 19).• Behavior control: Controls how particular services are used. For example, thefirewall may filter e-mail to eliminate spam, or it may enable external access toonly a portion of the information on a local Web server.Before proceeding to the details of firewall types and