COMPUTER NETWORK SECURITY PART 5
back again in the network security article we just discussed for part 5
V. FIREWALL
1. Firewall Definition
A firewall or a wall is a system or device that allows network traffic that is considered safe to pass through and prevents unsafe network traffic.Generally, a wall-fire is applied in a dedicated machine, which runs on the gateway between the local network and other networks. The fires are generally also used to control access to anyone who has access to private networks from outside parties.
Currently, the term firewall is a common term that refers to a system that regulates communication between two different networks. Given that today many companies have access to the Internet and of course the legal networks in it, the protection of the company's digital capital from attacks by hackers, sneakers, or other data thieves becomes intrinsic.
2. Types of Firewalls
taxonomy of the firewall Taxonomy Firewall Firewall is divided into two types, namely as follows
- Personal Firewall:
Personal Firewall is designed to protect a computer connected to the network from unwanted access. This type of firewall has recently evolved into a collection of programs aimed at completely securing computers, with the addition of some additional security features such as virus protection, anti-spyware, anti-spam, and more. Even some other firewall products are equipped with a network intrusion detection system (INtrusion Detection System) detection function. Examples of these types of firewalls are Microsoft Windows Firewall (which is integrated in Windows XP Service Pack 2, Windows Vista and Windows Server 2003 Service Pack 1) operating systems, Symantec Norton Personal Firewall, Kerio Personal Firewall, and others. Personal Firewall generally only has two main features, namely Packet Filter Firewall and Stateful Firewall.
- Network Firewall:
Network Firewall is designed to protect the network as a whole from various attacks. It is commonly found in two forms, a dedicated device or as a software that is installed on a server. Examples of these firewalls are Microsoft Internet Security and Acceleration Server (ISA Server), Cisco PIX, Cisco ASA, IPTables in GNU / Linux operating systems, pf in the family of Unix BSD operating systems, and SunScreen from Sun Microsystems, Inc. which are bundled in the Solaris operating system. Network Firewall generally has several main features, which is what is owned by personal firewall (packet filter firewall and stateful firewall), Circuit Level Gateway, Application Level Gateway, and also NAT Firewall. Network Firewall is generally transparent (not visible) from users and uses routing technology to determine which packets are allowed, and which packets to reject.
3. Firewall function
Fundamentally, a firewall can do the following:
- Manage and control network traffic
The first function that a firewall can perform is that it must be able to manage and control network traffic that is allowed to access a private network or a firewall-protected computer. Firewalls do so, by inspecting packets and monitoring the connections being made, then filtering the connections based on the packet inspection and connection results.
- Authenticate against access
The second fundamental function of a firewall is that firewalls can authenticate against access. The TCP / IP protocol is built on the premise that the protocol supports open communication. If two hosts know each other's IP address, then they are allowed to communicate with each other. In the early days of Internet development, this can be regarded as a blessing. But now, as more and more are connected to the Internet, maybe we do not want anyone who can communicate with our system. Therefore, the firewall comes with an authentication function using several authentication mechanisms, as follows:
Firewall can request user input about user name and password. This method is often referred to as extended authentication or xauth. Using an xauth user attempting to establish a connection will be prompted for input on its name and password before it is finally allowed by the firewall.Generally, once a connection is allowed by the security policy within the firewall, the firewall no longer needs to input the password and its name unless the connection is lost and the user tries to reconnect.
The second method is to use digital certificates and public keys. The advantage of this method compared to the first method is the authentication process can occur without user intervention. In addition, this method is faster in order to perform the authentication process.However, this method is more complicated because it requires many components as well as the implementation of public key infrastructure.
The next method is to use a Pre-Shared Key (PSK) or key that has been notified to the user. Compared with digital certificates, PSKs are easier to implement because they are simpler, but PSKs also allow authentication to occur without user intervention. By using PSK, each host will be assigned a predefined key which is then used for the authentication process. The disadvantage of this method is that PSK keys are rarely updated and many organizations often use the same key to connect to remote hosts, so this is tantamount to undermining the authentication process. In order to achieve a high degree of security, most organizations also use a combination of PSK methods with xauth or PSK with digital certificates.
By implementing the authentication process, the firewall can guarantee that connections can be allowed or not. Although if the packet has been allowed by using packet inspection (PI) or based on connection state (SPI), if the host does not pass the authentication process, the packet will be discarded.
- Protect resources within a private network
One of the tasks of a firewall is protecting resources from possible threats. This protection can be obtained by using some access control rules, SPI usage, application proxy, or a combination of them to prevent protected hosts from being accessed by suspicious hosts or from suspicious network traffic. However, firewalls are not the only method of protection against resources, and entrusting the protection of resources against threats against firewalls exclusively is one of the fatal errors. If a host running a particular operating system that has an unpatched security hole connected to the Internet, the firewall may not be able to prevent the host from being exploited by other hosts, especially if the exploit uses the traffic that the firewall has allowed (in its configuration). For example, if a packet-inspection firewall allows HTTP traffic to a web server running a web service that has an unpatched security hole, a fraudulent user may create an exploit to tear down the web server because the web server the concerned has an unpatched security hole. In this example, the web server ends up causing the protection offered by the firewall to be useless. This is caused by a firewall that can not distinguish between suspicious HTTP requests or not. Moreover, if the firewall is not used application proxy. Therefore, protected resources must be maintained by patching the security holes, otherwise protected by the firewall.
- Record all occurrences, and report to the administrator
Package inspection process Packet inspection is a process performed by a firewall to 'block' and process data in a packet to determine whether the packet is allowed or rejected, based on the access policy that an administrator applies to. The firewall, before deciding whether to reject or accept outside communications, must inspect each packet (both incoming and outgoing) in each interface and compare it with the access policy list. Packet inspection can be done by looking at the following elements, when determining whether to reject or accept communication:
- The IP address of the source computer
- The source port on the source computer
- IP address of destination computer
- The destination data port on the destination computer
- IP protocol
- Information of headers stored in the package
- Connection and Connection State
In order for two TCP / IP hosts to communicate with each other, they must create mutual connections with each other. This connection has two purposes:
1. The computer can use the connection to identify itself to another computer, ensuring that other systems that do not make the connection can not send data to the computer. Firewalls can also use connection information to determine what connections are allowed by the access policy and use them to determine whether the data packet will be accepted or rejected.
2. Connection is used to determine how the two hosts will communicate with each other (whether by using connection-oriented, or connectionless connection).