Реферат: Internet Firewalls Essay Research Paper Internet FirewallsIntroductionThe

Internet Firewalls Essay, Research Paper

Internet Firewalls:

Introduction

The Internet is a complex web of interconnected servers and workstations that span the globe, linking millions of people and companies. But there is a dark side: The convenient availability of valuable and sensitive electronic information invites severe misuse in the form of stolen, corrupted, or destroyed data found therein. Compounding this problem is the unfortunate fact that there are ample opportunities to intercept and misuse information transmitted on the Internet. For example, information sent across telephone lines can not only be seen, but also can be easily manipulated and retransmitted, or software can be developed to do something as fundamental as deny Internet service. Preventing unauthorized access is a cost that should be factored into every Internet equation. What follows is an explanation of Internet security and the concept of Firewalls.

What Makes the Internet Vulnerable?

Let’s look at some of the most common security threats:

Impersonating a User or System – To authenticate Internet users, a system of user-Ids and passwords is used. Anyone intent on gaining access to the Internet can repeatedly make guesses until the right combination is found, a simple but time consuming process made all the easier by programs which systematically try all character combinations until the correct one is eventually generated. User-IDs and passwords can also be trapped by finding security holes in programs; a person looking to abuse the Internet finds these holes and uses the information leaked through them for his or her own personal agenda. Even someone who has been entrusted with high-level network access, such as a system administrator, can misuse his or her authorization to gain access to sensitive areas by impersonating other users.

Eavesdropping – By making a complete transcript of network activity, sensitive data such as passwords, data, and procedures for performing certain functions can be obtained. Eavesdropping is can be accomplished through the use of programs that monitor the packets of information transmitted across the network; or, less often, by tapping network circuits in a manner similar to telephone wiretapping. Regardless of technique, it is very difficult to detect the presence of an intruder.

Packet Replay – The recording of transmitted message packets over the network is a significant threat for programs requiring authentication sequences because an intruder saves and later replays (retransmits) legitimate authentication sequences to gain access to a system.

Packet Modification – This significant integrity threat involves one system intercepting and modifying a packet destined for another system; more significantly, in many cases, packet information can be just as easily destroyed as it can be modified.

Denial of Service – Multi-user, multi-tasking operating systems are subject to denial of service attacks where one user can render the system unusable by hogging a resource or by damaging or destroying resources so that they cannot be used. Service overloading, message flooding, and signal grounding are three common forms of denial-of-service attacks. While system administrators must protect against these types of threats without denying access to legitimate users, they are very hard to prevent. Many denial-of-service attacks can be hindered by restricting access to critical accounts, resources, and files, and by protecting them from unauthorized users. Many invasive Internet opportunities exist for access to corporate and personal information. These instances do occur and care should be taken to guard against them. This is the function of a firewall: To provide a barrier between an Internet server and anyone intent on invading its sensitive data.

Countering the Threat with a Firewall

As the name implies, an Internet Firewall is a system set up specifically to shield a Web site from abuse and to provide protection from exposure to inherently insecure services, probes, and attacks from other computers on the network. A Firewall can be thought of as a pair of mechanisms: one, which exists to block traffic, and the other that exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. A major Firewall benefit is centralized security through which all Internet access must pass, which is far easier to maintain since there are fewer servers to update and fewer places in which to find suspected security breaches. The most important thing to remember is that a Firewall should be designed to implement an access control policy that best fits your specific needs to protect your unique data and resources.

Components of a Firewall

Now, let’s looks at the individual components of a Firewall and how they operate: First, it is important to realize that the term Firewall defines a security concept rather than a specific device or program. A Firewall takes many forms, from a router that filters TCP/IP packets based on information in the packet to sophisticated packet filtering, logging, and application gateway servers which closely scrutinize requested functions. Often firewalls are a collection of systems, each providing a piece of the overall security scheme. Acer has stepped up to the challenge by manufacturing gateway servers for a broad range of Firewall applications. The AcerAltos product family, from the entry-level applications AA900 Single Pentium and AA900Pro Single Pentium Pro servers to the mid-range AA9000 Dual Pentium and AA9000Pro Dual Pentium Pro servers, to the AA19000 Dual Pentium Pro server, fit any size Firewall application. AcerAltos servers can provide the reliability and fault tolerance required by demanding Firewall applications.

Packet Filtering – Accomplished by using a packet filtering router designed to examine each packet as it passes between the router’s input/output interfaces, services can be limited or even disabled, access can be restricted to and from specific systems or domains, and information about subnets can be hidden. The following packet fields are available for examination:

+ Packet type – such as IP, UDP, ICMP, or TCP

+ Source IP address – the system from which the packet was sent

+ Destination IP address – the system to which the packet is being sent

+ Destination TCP/UDP port – a number designating a service such as telnet, ftp, smtp, nfs, etc.

+ Source TCP/UDP port – the port number of the service on the host originating the connection

The decision to filter certain protocols and fields depends on the site security policy; i.e., which systems should have Internet access and the type of access permitted. The Firewall’s location will influence this policy; for example, if a Firewall is located on a site’s Internet gateway, the decision to block inbound telnet access still permits access to other site systems, or, if it is located on a subnet, the decision to block inbound telnet to the subnet will prevent access from other site subnets.

While some services such as FTP or telnet are inherently risky, blocking these services completely may be too harsh a policy; however, not all systems, though, require access to all services. For example, restricting telnet or FTP access from the Internet to only those systems requiring such access can improve security without affecting user convenience. On the other hand, while services such as Network News Transfer Protocol (NNTP) or Network Time Protocol (NTP) may seem to pose no threat, restricting these protocols helps create a cleaner network environment, thereby reducing the likelihood of exploitation from yet-to-be-discovered vulnerabilities and threats.

Unfortunately, Packet Filtering routers suffer from a number of weaknesses: The filtering rules can be difficult to specify; testing must be done manually; the filtering rules can be very complex depending on the site’s access requirements; and no logging capability exists, thus if a router’s (lack of) rules were to still let dangerous packets through, they may go undetected until a break-in has occurred. In addition, some routers filter only on the destination address rather than on the source address.

Event Logging-Used to detect suspicious activity that might lead to break-ins, a host system with packet-filtering capability can more readily monitor traffic than a host in combination with a packet-filtering router, unless the router can be configured to send all rejected packets to a specific logging host. In addition to standard logging that would include statistics on packet types, frequency, and source/destination address, the following types of activity should be captured:

+ Connection Information to include the point of origin, destination, username, time of day, and duration.

+ Attempts Use of Any Banned Protocols such as TFTP, domain name service zone transfers, portmapper, and RPC-based services, all of which would be indicative of probing or attempts to break in.

+ Attempts to Spoof Internal Systems to identify traffic from an outside system attempting to masquerade as an internal system.

+ Routing Re-Directions to identify access from unauthorized sources (unknown routers).

--> ЧИТАТЬ ПОЛНОСТЬЮ <--