Introduction to Firewall
Before you start
Definition of Firewall
A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic.
Characteristics of Firewall
A firewall is a device that allows multiple networks to communicate with one another according to a defined security policy. They are used when there is a need for networks of varying levels of trust to communicate with one another. For example, a firewall typically exists between a corporate network and a public network like the Internet. It can also be used inside a private network to limit access to different parts of the network. Wherever there are different levels of trust among the different parts of a network, a firewall can and should be used. Firewalls are similar to routers in that they connect networks together. Firewall software runs on a host, which is connected to both trusted and untrusted networks. The host operating system is responsible for performing routing functions, which many operating systems are capable of doing. The host operating system should be as secure as possible prior to installing the firewall software.
This not only means knowing how the operating system was installed but also making sure that all of the security patches are applied and that unnecessary services and features are disabled or removed. More details about these security issues are provided in Chapter 3. Firewalls are different from routers in that they are able to provide security mechanisms for permitting and denying traffic, such as authentication, encryption, content security, and address translation. Although many routers provide similar capabilities (such as high-end devices from Cisco), their primary function is to route packets between networks. Security was not part of their initial design but rather an afterthought. A firewall’s primary function is to enforce a security policy, and it is designed with this in mind.
A Firewall Cannot
-
Malicious use of authorized services: A firewall cannot, for instance, prevent someone from using an authenicated Telnet session to compromise your internal machines or from tunnelling an unauthorized protocol through another authorized protocol. -
Clients not experiencing the firewall: A firewall can just confine associations that experience it. It can't shield you from individuals who can go around the firewall, for instance, through a dial-up server behind the firewall. It likewise can't keep an inner gatecrasher from hacking an inward framework. To identify and foil these sorts of dangers, you may require a legitimately configured interruption discovery/avoidance framework. -
Social Engineering: If intruders can somehow obtain passwords they are not authorized to have or otherwise compromise authentication mechanisms through social engineering mechanisms, the firewall won’t stop them. For example, a hacker could call your users pretending to be a system administrator and ask them for their passwords to “fix some problem”.
No comments:
Post a Comment