College Finder
English flagItalian flagKorean flagChinese (Simplified) flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flag
By N2H




Firewall

March 31, 2008

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting and have a nice day!

In the era of the Internet being necessary for business, companies have found out that they need to think long and hard about the security implications of an internet connection. One needs to find a form of security policy that includes the number of machines and systems with Internet connection.A firewall is a set of tools (firmware i.e. hardware and software) designed to prevent unauthorized access to a network. A typical firewall is based on 2 architectures i.e. the “choke router” and the “bastion host”CHOKE ROUTER
This involves using a router to limit access i.e. using access control list to control which IP packets are routed and to where. You can use it to deny access to your network for specific types or to make sure that specific packets are delivered to specific machines.BASTION HOST
This is a computer that is used for only one purpose and that is to pass packets between your network and the Internet. It is a dedicated machine with two separate NICS, It acts as an active router linking the private network to the Internet, monitoring the state of the connection and blocking packets that do not meet the rules defined. This machine should not be used for anything else e.g. checking e-mails. The Bastion host must be configured to prevent any packets from being routed directly between its networks interfaces.

THE DMZ

The DMZ lies between the choke router and the bastion hosts. It is a partially protected area where one can install public services. Machines in the DMZ should be used for only one purpose and should not be fully trusted e.g. web server, FTP Server. Any extra service should be disabled and user accounts kept to a minimum. Some DMZ are mode secure by hosting a third NIC to host-public services and using a firewall to protect them rather than a choke router.

CHOOSING A FIREWALL

There are two technologies that are used to build a firewall i.e. packet filters and application gateways.
One can use packet filtering technologies which can allow or prevent access to specific services from specific machines. It can be done on the sites access routers (high level) or in a specific firewall. A router alone cannot effectively monitor all incoming and outgoing IP packets thus protocols like FTP that use more than one data stream present a problem. It gets worse when using connectionless protocol like UDP.

Circuit level or application gateway are used to act as routers that pass only specific packets onto specific machines (e.g HTTP requests to a web server or SMTP to mail server). Circuit level gateways open a virtual circuit on receiving a valid handshake but don’t analyze packet traffic.

Once a firewall has been built you can add extra features like virus checker between an email gateway and your SMTP mailer so all encapsulated files are virus checked before entry to the system.

NB: A proxy server is not a firewall, they make it easy to connect to the Internet but don’t protect it from intrusion.
RUNNING A FIREWALL:

Once a firewall is chosen, one then defines the rules of procedure you will use to defend your system. Test your firewall regularly by using scanning tools.


Page copy protected against web site content infringement by Copyscape

Written by admin · Filed Under Information technology 

Comments

Got something to say?

You must be logged in to post a comment.

FireStats icon Powered by FireStats