Firewall: Packet FilteringCS265 Project ReportProf: Dr. Mark StampCS265 Security EngineerinIndexIntroductionMajor Types of Network AttacksFIREWALLSBasic Firewall OperationProfessional Firewalls Have Their Own IP LayerFirewall TypesFiltering features available in different operating systems:Circuit level GatewayApplication level GatewayStateful Multilayer Inspection FirewallConclusionReferencesFirewall: Packet Filtering Prof Dr. Mark StampBy: Deepali HolankarFirewall: Packet FilteringCS265 Project ReportProf: Dr. Mark StampBy Deepali HolankarDate submitted: April 14, 2003.CS265 Security EngineerinSJSU Spring 2003 1 April 14, 2003Firewall: Packet Filtering Prof Dr. Mark StampBy: Deepali HolankarIndexIntroduction Major Types of Network Attacks Firewall Basic Firewall OperationProfessional FirewallsDifferent Firewall TypesPacket FilteringFeatures available for filtering in different Operating systemsCircuit SwitchingApplication Layer GatewayReferencesSJSU Spring 2003 2 April 14, 2003Firewall: Packet Filtering Prof Dr. Mark StampBy: Deepali HolankarIntroductionIn this age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security does not matter. The explosive growth in computer systems and their interconnections via networks has increased the dependency of both organizations and individuals on the information stored and communicated using these systems. This has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and to protect systems from network-based attacks.Major Types of Network AttacksTCP SYN flooding and IP spoofing attacksSmurfingDistributed Denial of Service attacks (DDoS)Mail spamDNS spoofing (Malicious Cache poisoning)FIREWALLSMajor Networking Security Technologies include using one or more of the following techniques: encryption, firewall, and virtual private networks.The scope of the paper is limited to one security technology for the networked world: Firewalls. A computer firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device or a software program running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A network firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest computer firewalls were simple routers. An Internet firewall examines all traffic routed between your network and the Internet to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A network firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source, destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.SJSU Spring 2003 3 April 14, 2003Firewall: Packet Filtering Prof Dr. Mark StampBy: Deepali HolankarThere are two access denial methodologies used by computer firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria. The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Computer Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. Theymay also use complex rule bases that analyse the application data to determine if the traffic should be allowed through. How a computer firewall determines what traffic to let through depends on which network layer it operates at. A discussion on network layers and architecture follows. Basic Firewall Operation How does a network firewall interact with OSI and TCP/IP Network models?Network Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. In the OSI model this is the network layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with routing packets to their destination. At this layer a firewall can determine whether a packet is from a trusted source, but cannot be concerned with what it contains or what other packets it is associated with. Firewalls that operate at the transport layer know a little more about a packet, and are able to grant or deny access depending on more sophisticated criteria. At the application level, firewalls know a great deal about what is going on and can be very selective in granting access. It would appear then, that firewallsSJSU Spring 2003 4 April 14, 2003Firewall: Packet Filtering Prof Dr. Mark StampBy: Deepali Holankarfunctioning at a higher level in the stack must be superior in every respect. This is not necessarily the case, however. The lower in the stack the packet is intercepted, the more secure the firewall. If the intruder cannot get past level three, it is impossible to gain control of the operating system.Professional Firewalls Have Their Own IP Layer Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system’s TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then “open the doors” from the inside. According To Byte Magazine, traditional firewall technology is susceptible to misconfiguration on non-hardened operating systems. More recently,
View Full Document
Unlocking...