Oops, it has been quite a while since i last wrote... now writing again. Well, today's topic is firewall which is really sth very impt to protect information on the computers. Basically, a firewall is a barrier to keep destructive forces away from your property.
Firewalls use one or more of the methods below to ctrl traffic in and out of the network:
- Packet filtering - Packets(small chunks of data) are analysed against a set of filters. Packets that made it through the filters are sent to the requesting sysytem and the others are discarded.
- Proxy service - Info from the internet is retrieved by the firewall and then sent to the requesting system and vice versa.
- Stateful inspection - Basically examine contents of each packet and then compare the key parts of packet to a database of trusted info.If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Making the Firewall Fit
- Ip addresses - Each machine is assigned an unique address known as ip add which are 32 bits numbers(eg: 216.27.61.137). If certain IP add is reading too many files from the server, the firewall can block traffic to and from the IP address.
- Domain names - basically string of characters which seem to be easier to read than IP address. Can be blocked also.
- Protocols - pre-defined way that 'someone or sth' who/which wants to use a service talks with that service. Some common protocols that you can set firewall filters for include:
- IP(internet protocol) - the main delivery system for info over the internet.
- HTTP(hyper text transfer protocol) - used for webpage.
- FTP(file transfer protocol) - used to download and upload of files.
- telnet - used to perform commands on a remote comp.
- TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
- Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server
- Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. for instance, you could ask the firewall to block any packet that contains the word "tele" in it.
A software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet.
There is also the hardware version of firewall.In this case, the firewall itself is the gateway. "A good example is the Linksys Cable/DSL router. It has a built-in ethernet card and hub. Computers in your home network connect to the router, which in turn is connected to either a cable or dsl modem. "
What it protects you from
Remote login - This is when someone is able to connect to ur comp and ctrl it in some ways(viewing files or copying files).
Application backdoor - backdoor is the hidden access that provides some level of ctrl of the prog.
SMTP (Simple Mail Transport Protocol) session hijacking - It is the most common method of sending email over the internet and by gaining acess to a list of email addresses, someone can send unsolicited junk emails to lots of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.
operating system bugs - some OS have backdoors while others provide remote access with insufficient security controls or have bugs that an experienced hacker can easily take adv.
denial of service - This type of attack is nearly impossible to counter. The hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. Byflooding a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.
email bombs - someone would send u the same email message a thousand times or so to make ur email system crash
macros(script of comms the apllication can run on) - Hackers take adv by creating macros that may destroy data or crash the comp.
viruses- basically a small program that can copy itself to other computers.
spam - normally harmless but irritating to the core. Be careful of clicking on the junk emails because you may accidentally accept a cookie that provides a backdoor to your computer!
Redirect bombs - hackers can use ICMP(Internet Control Message Protocol) which is used to change the path info by sending it to other routers. This is one way in which denial or serv works.
Source routing -" In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default. "
Proxy Servers and DMZ
A function which is often combined with the firewall is a proxy server. Proxy server is used to access webpages by other comp. When another comp makes a request of a webpage, it is retrieved by the proxy server and the info would be sent to the requesting comp therefore there is no direct contact with anything on the home network.
Proxy server can make internet access more efficient. This is so as the webpage is cached(stored) on the proxy server when u access it so that the next time u access it it will load faster ...Sometimes, you would want remote users to access ur network such as website, online business and FTP download and upload. Thus, you would want to create DMZ(demilitarized zone)Think of DMZ as a front yard where u can put ur things outside the firewall and the more valuable thing swould be properly secured in ur house. "Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ. "
This is abt it. Anyway, I would strongly recommend ppl to use firewall like Zonealarm(free) , or if u have any firewall software be sure to test it at www.grc.com.