Cpsc547: Presentation

Firewalls

"In more than eighty percent of the computer crimes investigated by the FBI, unauthorized access was gained through the Internet" --- FBI[1]

"In any given year, US government systems are illegally, though not necessarily maliciously, accessed at least 300,000 times." --- Robert Ayers[1]

One in five respondents to a Information Week/Ernst & Young Security Servey admitted that intruders had broken into, or tried to brake into, their corporate networks during the last twelve months.[1]


What is a Firewall?

General Definition ...

A firewall is a system or group of systems that enforces an access control policy between two networks.

More Specifically ...

A firewall is a system that is placed between two networks and possesses the following properties[1]:

  1. All traffic from inside to outside, and vice-versa, must pass through it.
  2. Only authorized traffic, as defined by the local security policy, is allowed to pass through it.
  3. The system is immune to penetration.

In other words ...

A firewall is a mechanism to protect a trusted network from an untrusted network. Typically, the trusted network is the organization's internal network and the untrusted network is the Internet.


The Basic Types of Firewalls

The Network Level Firewall

The Application Level Firewall


What can a Firewall Protect Against?

Generally, firewalls are configured to protect against unauthorized interactive logins from the "outside" world.

Some firewalls completely block traffic from the outside to the inside, but allow the inside to communicate freely with the outside.

Others block some of the traffic from the outside to the inside, and block some traffic from the inside to the outside.


What can't a Firewall protect Against?

A firewall cannot protect against threats that do not go through the firewall.

Examples:

In other words, for a firewall to work, it must be part of a consistent overall organizational security architecture.


Internal Firewalls

Firewalls do not just protect your network from the Internet ...

The problem of internal hacking (unauthorized access by authorized users) consistently outweighs the problem of external hacking.[1]

Two situations concerning internal network access:

  1. Your company has separate but connected networks for different departments. Is it necessary for all users to have access to all of the networks or should a firewall restrict access?
  2. Your company has established a strategic partnership with another company and the other company needs to access some of your internal information. A firewall should control, and possibly record, your partners accesses.


A Firewall is more than Hardware and Software

A firewall is both the policy, and the implementation of that policy, in terms of network configuration.

There are two levels of network policy that influence the design, installation, and used of a firewall:

Network Service Access Policy

A higher-level, issue-specific policy which defines those services that will be allowed or explicitly denied from the restricted network, plus the way in which these services will be used, and the conditions or exceptions to this policy.[1]

Firewall Design Policy

A lower-level policy which describes how the firewall will actually go about restricting the access and filtering the services as defined in the network service access policy.[1]


Questions to Ask

To arrive at a network policy a company should ask itself the following questions[1]:

  1. Which Internet services does the organization plan to use?
  2. Where will the services be used (locally, dial-in, by remote organizations)?
  3. What additional needs, such as encryption or dial-in support, may be supported?
  4. What risks are associated with providing these services and accesses?
  5. What is the cost, in terms of controls and impact on network usability, of providing protection?


Other Concerns ...

A companies overall security policy should also consider:

A company should develop an overall security strategy, of which a firewall is a part.

[ Information Security | Passwords | Hackers | Security Tools | Firewalls | Data Encryption | Viruses | Piracy | HOME ]

References

[1] NCSA Firewall Policy Guide Version 1.01
[2] Internet Firewall FAQ by Marcus J. Ranum