Firewall
March 31, 2008
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting and have a nice day!
In the era of the Internet being necessary for business, companies have found out that they need to think long and hard about the security implications of an internet connection. One needs to find a form of security policy that includes the number of machines and systems with Internet connection.A firewall is a set of tools (firmware i.e. hardware and software) designed to prevent unauthorized access to a network. A typical firewall is based on 2 architectures i.e. the “choke router” and the “bastion host”CHOKE ROUTER
This involves using a router to limit access i.e. using access control list to control which IP packets are routed and to where. You can use it to deny access to your network for specific types or to make sure that specific packets are delivered to specific machines.BASTION HOST
This is a computer that is used for only one purpose and that is to pass packets between your network and the Internet. It is a dedicated machine with two separate NICS, It acts as an active router linking the private network to the Internet, monitoring the state of the connection and blocking packets that do not meet the rules defined. This machine should not be used for anything else e.g. checking e-mails. The Bastion host must be configured to prevent any packets from being routed directly between its networks interfaces.
THE DMZ
The DMZ lies between the choke router and the bastion hosts. It is a partially protected area where one can install public services. Machines in the DMZ should be used for only one purpose and should not be fully trusted e.g. web server, FTP Server. Any extra service should be disabled and user accounts kept to a minimum. Some DMZ are mode secure by hosting a third NIC to host-public services and using a firewall to protect them rather than a choke router.
CHOOSING A FIREWALL
There are two technologies that are used to build a firewall i.e. packet filters and application gateways.
One can use packet filtering technologies which can allow or prevent access to specific services from specific machines. It can be done on the sites access routers (high level) or in a specific firewall. A router alone cannot effectively monitor all incoming and outgoing IP packets thus protocols like FTP that use more than one data stream present a problem. It gets worse when using connectionless protocol like UDP.
Circuit level or application gateway are used to act as routers that pass only specific packets onto specific machines (e.g HTTP requests to a web server or SMTP to mail server). Circuit level gateways open a virtual circuit on receiving a valid handshake but don’t analyze packet traffic.
Once a firewall has been built you can add extra features like virus checker between an email gateway and your SMTP mailer so all encapsulated files are virus checked before entry to the system.
NB: A proxy server is not a firewall, they make it easy to connect to the Internet but don’t protect it from intrusion.
RUNNING A FIREWALL:
Once a firewall is chosen, one then defines the rules of procedure you will use to defend your system. Test your firewall regularly by using scanning tools.
Routers
March 31, 2008
Routers
A router is a device that connects multiple networks and routes packets from one network to another. A router may be used to inter network similar or dissimilar networks (e.g. Ethernet, or token ring). An inter-network is composed of subnets (sub-networks). The main feature of a router include:
- Routers work at the network layer. They are able to identify source and destination network addresses within packets.
- Routers are able to keep track of multiple active paths between any given source and destination network.
- Routers provide excellent traffic management using sophisticated path selection, they select the best routes based on traffic loads, line speeds, number of hops or administrator preset cost. The parameters used for determining routes for packets is generally known as metrics.
- Routers can share status and routing information with other routers, and can listen to the network and identify which connections are busiest or not working. They rate network traffic avoiding slow or malfunctioning connections.
- Routers do not forward any information that does not have a correct network address. They do not forward bad data, they also filter broadcast traffic by not routing broadcast pockets.
Note:
A router may be a dedicated box with a port to each of the networks, or it may be a NOs server with multiple interface cards. (This is known as multi-timed).
Routers often support multiple protocols (e.g. TCP/IP, IPX/SPX), but not all protocols are routable e.g. NetBeul and DLC.
Routable protocols differ from non-routable protocols in that they contain information in each packet relating to the network address of the source and destination routes.
Choosing a routing Path:
A routing algorithm is used to build a routing table for forwarding packets. There are 2 types of algorithms used.
(a) Non Adaptive:
The choice of route is normally configured into the router. This is run as static routing.
b) Adaptive:
Routing decisions are based on traffic levels, connection speeds and a number of hops, or administrator preset costs. Routing information is obtained from other routers. This is known as dynamic routing.
The routing table contains the following information.
- Address of all known networks
- Interface of the router used to forward packets to the network.
- Next router in the path to the network.
- Metric or cost of using this path. If multiple paths exist, use the path with the lowest metric.
Static and Dynamic Routers:Static Routers:
Static routers require the administrator to manually configure routes through each network (The routers do not communicate amongst themselves).
This configuration is only possible with a small number of routers and does not provide the flexibility of dynamic routing. Its advantage is that complete control remains with the network administrator.
Dynamic Routers:
These routers automatically discover routes by communicating with each other. They require minimal configuration since their routing table are built and modified through these communications. It’s high flexible and can reach to changes in the internetwork e.g. route
Dynamic routers use routing protocols to manage information.
- Open shortest path first (OSPF) uses a link state algorithm to calculate routes based on the number of hops, line speed, traffic and cost.
- Network link state protocol (NLSP): This is the equivalent of OSPF for network environment.
- Routing Information Protocol (RIP): This method uses distance vector algorithm to determine routes. This is less efficient than link state algorithm because
The entire routing table is broadcasted instead of just the changes which result in large and often multiple packets (there is a maximum of 25 entries per R.P. packet).
The entire routing table is broadcasted at regular interval (every 30 seconds) resulting in considerable network traffic.
The routing table are slow to stabilize when a change in the internetwork occurs.
Brouters
These are routers that can also bridge. A router routes any routable protocol - supported, but bridges any other frames. These devices combines the best of both a bridge and a router.
Network topologies
March 31, 2008
Physical and Logical Topologies:
A network topology is the shape or structure of a network. Physical topology describes the actual appearance or layout of the network. Logical topology describes the flow of data through the network. There are various types of network topologies:
a) Star
Each node is connected to a central device using a point to point link. Central devices are usually known as hubs or concentrators. The hub receives signals from a node and repeats the signal to other nodes.
When more than one hub is required, they are inter-linked using a single cable known as a backbone. The performance of the network is maintained by using a backbone cable that is capable of higher data speeds than the rest of the network e.g. using fiber optic cable to link hubs, while UTP cable is used to link workstations.
Cascaded hubs are also commonly used. The hubs may be linked together using twisted pair crossover cables or in some cases, a button on the hub is used to effect the crossover at a particular point.
Advantages:
- They are easy to configure and reconfigure
- They are easy to troubleshoot because all data goes to a central point.
- Easy to manage and monitor the network.
- Fault in the media, network card or node (device) are automatically isolated.
Disadvantages:
- A hub failure results in failure of all entire section of the network. It provides for a single point of failure.
- Its time consuming to install because there is a separate segment per route.
- It requires more cable relative to other topologies.
b) BUS:
This is a linear topology with all nodes attached directly to the main cable (backbone). The bus is terminated at both ends of the cable to absorb the signal from the cable.
Advantages:
- It is easy to install and use established standards.
- They require little cable compared with other topologies
Disadvantages:
- They are difficult to reconfigure
- They are difficult to troubleshoot
- All devices are affected by media faults
c) RING
Computers are connected in a circle. The ring comprises a series of point to point links between each device. Computers are either attached directly to the ring or indirectly via an intermediary device such as Multi-station Access Unit (MSAU).
Twisted pair cable connects the computer to the MAU. Signals pass from device to device in a single direction. The common implementations of a ring topology are: IBM’s token ring and Fiber Distributed Data Interface (FDDI) or Copper Distributed Data Interface(CDDI).
Advantages:
- Ring networks use a relatively small amount of cable.
- They are simple to install.
- Two ring systems (using dual counter-rotating rings) can be used to provide fault tolerance.
Disadvantages:
- Difficult to reconfigure
- Troubleshooting can be difficult
- Media or device failure can affect all devices.
d) Hybrid
This is combining two different topologies within the same network to benefit from the advantage of both topologies. There can be star bus or star ring.
e) Mesh:
Mesh is commonly used in WAN. It is often found in public networks like the Internet. It require every device has a point to point connection to every other device on the network.
