≡ Menu

Firewalls What Are They About?

Firewalls

Today networking can go two ways in business. Either people talking to each other or to have computers communicate with each other. It the Information Technology area mostly involves around having computers to talk to each other. For example, during a party everyone is communicating with each other and people seems tend to gather in small groups. It is similar to with computers, a party which translates to a LAN or Local Area Network is a grouping of computers. Every computer on the internet which is a larger party is connected to smaller groups of computers called a LAN.

The Internet is a very large computer network, and your LAN is a smaller network think of the visualization shown above. A Party really known as the Internet any one can go to anybody and talk to computer. Your LAN is a private group of computers or friends that talks with each other. It is really not safe to have your LAN open to the Internet because of the fact that any one who you don?t know can get on your LAN and find out some information that can break your intranet. A way to block people from entering your LAN is by using a firewall. A Firewall is a special gateway that allows certain traffic to pass though and into your intranet.

There are many different types of firewalls, they could be both hardware software and they have some drawbacks and advantages. As shown above that firewalls could block ports from coming in or block certain packets from coming in to your LAN. Using packet filtering is great but, it is expectable to some attacks especially from users that fakes the type of packet and fools the firewall. Generally some routers have the capability of running a firewall. Routers use either Packet filtering or port blocking depending on the router. Some are software that runs in the Operating System. Routers usually create a NAT which means network address translation. NAT keeps your private network from getting out to the public. It basically what makes a router a firewall? Routers usually have two interfaces one is public and the other is private. The private side is the side that is protected from the firewall; the public side has an IP that any one can see it, one public IP too many private address. The Cons of having a firewall is that it is a single point of failure. This means that if that point fails your whole network goes down. You should consider when creating your subnets to hide that single point of failure because if attackers gain access to your network they run packet snifters to break that point which will bring your network down.

Now, remember that routers are firewalls that block certain packets or ports but, If you are hosting something such as a web site. How do you host when your firewall is protecting your LAN? That?s when DMZ?s come into place. DMZ which stands for demilitarized zone, it allows you to create a special protected area to allow hosting of some sort. Usually you would place the computer or server between two routers and have one of the routers to forward all ports or just special ports to that computer to host. DMZ mode comes useful when you are running DNS or HTTP. Of all things there are holes, and firewalls have holes too. Some of the holes are that you can spoof your internal MAC Address. Meaning that the router or firewall would think it is a computer that it can trust and it let through. The two most common attacks.

Operating System attacks and Networking attacks. Operating System attack are bugs that are in your Operating System. The only way to protect your self it to run updates for the operating system when they come out. For example everyone know that Microsoft Windows has a lot of bugs, what do windows users do? They go to http://windowsupdates.microsoft.com to reduce the further problems. Networking Attacks are the physical attacks on your computer. It happens when you are connected to a network. These types of attacks cannot be patched; they include flooding of your computer, spoofing/redirection, and voluntarily breaking of the connection. The way you can protect yourself from these things is to either run a personal firewall which normal users should not buy them without knowing about it first. Or setup up a router with firewall capabilities which is better to do. Personal firewalls are software based they can provide some protection but, it is very limited in protection. Meaning they have many weaknesses it is best to go with hardware that acts like a firewall. One attack that can be used is the Denial of Service attack, it causes the targeted computer to disconnect from the network or just crash.

The pros as irchelp.org talks about in having a personal firewall is that ?a personal firewall can prevent certain Denial Of Service attacks, most notably disconnects due to spoofed unreach aka “click” – this is perhaps its most important (and some would say only unique) contribution to your security.? This means that personal firewalls are weak and provide a little protection. They also talk about the personal firewall can block certain services such as NetBIOS naming. The con of having a personal firewall is that since it is running as a software part on top of the operation system it can be disabled and reconfigured by malicious software. In conclusion, when you setup a network you should take all the precautions necessary to protect your network. Use firewalls to help protect your network and try to buy a hardware that will act as a firewall. Personal Firewalls don?t protect that much. With out a firewall on the network you are acceptable to every different attack and you will be available to everyone on the internet.

Barbish J. Joseph, "FreeBSD Handbook Chapter 14 Security",
http://www.freebsd.org Updated by Davis Brad;
Retrieved: November 11, 2004 

Bradley Tony, "What Is a Firewall?" 
http://netsecurity.about.com,
Retrieved: November 11, 2004.

Curtin Matt and Ranum J. Marcus, 
"Internet Firewalls: Frequently Asked Questions",
http://www.faqs.org; Revised 2000 Dec 1; 
Revision: 10.0; Retrieved: November 11, 2004 

Encarta Online, "Local Area Network", 
http://encarta.msn.com; 
Retrieved: November 11, 2004; 

Lo Joseph Ph.D; "Denial of Service or 'Nuke' Attacks",
http://www.irchelp.org
Revised 2003 Jan 6; 
Retrieved: November 11, 2004

Robertson D. Paul, Curtin Matt, and Ranum J. Marcus,
 "Internet Firewalls: Frequently Asked Questions" 
Retrieved: November 11, 2004 

Tyson Jeff, "How Firewalls Work", 
http://www.howstuffworks.com 
Retrieved: November 11, 2004.

{ 0 comments… add one }

Leave a Reply