Firewalls and Security Ngoc T. NguyenThe denial-or-service attacks recently happen to some famous websites such as Yahoo, eBay, and Amazon revealing an obvious fact that the Internet systems are vulnerable to security threats. Other attack such as hackers can blow a serious damage to companies interm of identity theft, data theft, privacy loss, or data leakage. In fact, thirty one percent of famous Internet hosts are vulnerable to possible attackers. Thirty three percent of these Internet hosts have a high risk of potential problems. And security breaches increase by sixty five percent during the last seven years (Desai et al., 2002). As a result, not only does companies suffer financial damage or outages, but also lose confidence andtrust from customers (Hancock, 2002).Traditional firewalls consist of three main architectures: screening routers, proxy servers, and stateful inspectors. Screening routers filter the information from acceptable domain names and IP addresses, allowing only accepted information to pass through. Proxy servers use user-level authentication procedures that require user identifications and passwords, preventing deception on the screening routers, or detecting intrusion. Statefulinspectors deploy software to inspect information packets, looking for possible harmful viruses that can attack companies’ networks.However, not every firewall is the perfect solution to protect companies from security threats. Each of firewall types has advantages and disadvantages. For screening routers, it is expensive to manage screening routers when the “allowable” address lists expand longer. Besides, screening routers do not provide user-level authentication protection. Attackers can deceive the firewall by sending a packet that acts like an authorized and legal one and attack the system. For proxy servers, they overcome some disadvantages ofthe screening routers. However, proxy servers require establishing a gateway for each November 19, 2002 CS2651Firewalls and Security Ngoc T. Nguyenapplication at the application layer. As a result, this gateway impedes and delays the use of new applications causing inconvenience to authorized users. However using screeningrouters and proxy servers cannot guarantee the security for companies if the threats are coming from harmful viruses such as “Trojan” or “Melissa”. For stateful inspectors, the needs for new virus updates or intrusive applets become regular and continuous (Desai et al., 2002).To make firewalls more effective to fight against security threats, Desai et al. suggest one approach to the firewalls and security problem is that companies should combine three kinds of above firewalls into one single device. However, Verwoerd et al. (2002) point out “firewalls are, by nature, a perimeter defense. Once a firewall has been penetrated, the internal system is unprotected, as demonstrated by Nimda” (p. 1406). To illustrate thevulnerability of firewalls to application attacks, Verwoerd et al. notice “majority of effective attacks abuse public services allowed by the firewall policy, such as the HTTP-based exploits used in both Nimda and Code Red” (p. 1406). To enhance the reliability of firewalls, Desai et al. propose that companies can integrate encryption into the firewall architecture boosting more security protection as follows:- Encrypting passwords will prevent eavesdroppers from copying passwords to foolthe system.- Intruders cannot harm the system because encrypted data when sent to receiving systems bears no meaning if intruders do not have a correct key.- Intruders can intercept the encrypted data. However, that ciphered information is useless unless they have a key to decipher.November 19, 2002 CS2652Firewalls and Security Ngoc T. NguyenHowever, incorporating screening routers, proxy servers, stateful inspectors, and encryption into one single device of firewall does not solve the security problem completely. As Hancock (2002) emphasizes “hacker breaking in is not necessarily a crisis”, and:As long as the hacker is not creating any hazardous situations or destroying anything, seasoned investigators will tell you that it is much more beneficial to watch the hacker over time and collect as much data as possible to develop a goodcase for the arrest and prosecution of the hacker in the courts (p.397).Desai et al. also agree with Hancock that good monitoring “can provide a significant amount of information about one’s system security” by identifying and detecting number of times of threats encountered (p. 138). Botha et al. suggest a new model called the proactive identification model (PAIM) to implement the new approach of monitoring and control. PAIM will include three main components:- Firewall, which has audit log used to “log both authorized and unauthorized accessing of the network”.- Operating system, which has user profiles and audit logs. User profiles and audit logs are “controls” will provide information on the user’s or hacker’s action. These controls will be used to construct two graphs.- Fuzzy engine, process information obtained from the firewall and the operating system in real-time. The fuzzy engine will compute two graphs, template and useraction. The template graph “represents the typical actions of a user (hacker) when carrying out the eight steps of the generic hacking methodology”. The user actionNovember 19, 2002 CS2653Firewalls and Security Ngoc T. Nguyengraph “represents the actual actions of the user (hacker) on the system. And “map the two graphs to determine whether a user (hacker) is performing a hacking attempt (pp. 5-6).According to Botha et al., this model does not only provide the data collecting from hackers for later use in court prosecution, but also send alert message on hacking attempt to the information security officer at the security working station for possible control actions.The two above approaches to firewalls and security do not provide fixed rules to companies to protect their network security. It depends on how companies view their security concerns under two perspectives—technical and public-relations ones. For technical perspective such as password hacking, “it does not reach crisis proportions as a general rule compared to a website defaced [public-relation perspective] … appears in thepublic eye very quickly (Hancock, p. 398). In fact, as Hancock et al. points out “senior managers in most
View Full Document
Unlocking...