Firewalls - Measuring Handsome Security

Are you a security guy? If your answer is yes, it sounds good to me but even if your answer is No, you can work on security by grasping much important and valuable information about security and protection. Believe in me security is a tough job and if you are carefree person then you must think again on your choice. I have started working on security from my home PC and did many experiments to protect my data. One thing I like to share with you all guys, security is something relative rather absolute. In simpler terms, perfect security is a myth. How many of you have decided to leave this job by reading this. If you have decided to leave then let me have some questions to you. Why you are living in this filthy world full of bad guys? Why we always concentrate on good police? Have you ever heard of perfect world? Dear, we must have to offer our good part and nothing else. Additionally I will supplement you with free advice, Hope is a good thing. I think we must proceed toward our core topic.

Our bosses are really funny; first they appoint best security guys and then pay premier wages to these hackers.

(Muhammad Irfan Basharat; Dec 15, 2006)

Firewall is a thing; I will explain why I have said it a thing, which will help us to filter incoming as well as outgoing traffic. So it’s a kind of boundary that makes sure not to allow anyone unknown to work freely with us. It’s a military police who will stop all sort of traffic, even a General’s vehicle, if ordered. We use different incoming and outgoing filters in it. If packet of information is flagged by the filter, it is not allowed through. Sound good, let’s move ahead.

There are two different types of firewalls

1. Software Firewalls
2. Hardware Firewalls
   

Software Firewalls

Have you ever used filter for cleaning your water? I think you have grasped an idea. Software firewalls are used to filter system as well as network traffic to entertain only authorized traffic. Unprofessional home users usually install this software and then think that now they are safe. Truth is, installing these softwares can protect you but never guard you as per your requirement. You know why? You have never set true configuration of your firewall.

There are many misconceptions attached to firewalls present even in the professional people. People usually believe that firewall can protect them from viruses, worms, Trojans etc but it is not true. Firewall just ease between your applications and the networking components of the operating system and decides what it will let through and what it will not. If you have got good concepts of OSI reference model, you can find two flavors of filtering in software firewalls.

• Packet Level filtering
• Process level filtering
  

Packet level filtering is happened at Network layer and Transport layer of OSI reference model. Without going into details, let me tell you how packet filtering occur. Actually it involves an intermediate driver known as NDIS (Network Driver Interface Specification). This driver sits between NIC driver and TCP/IP and behaves as a virtual adapter. Every packet, when reaches at network layer, must has to satisfy this intermediate adapter or driver. Packet are analyzed and validated by mapping original configuration before accepting or rejecting further communication.

Process level filtering is another useful way to filter traffic, yet more efficient but little security free as compared to above one. This type of filtering works on upper layers i.e. Transport layer and above of OSI reference model. Here we deal with processes rather to the packets. Some of my friends might get confused grasping these terms. So for beginners, a packet can be or cannot be a process or you may say that every single process can have many packets; at least I don’t know any process offering only one packet. In this, firewall look at the process and validate or invalidate that process by measuring configuration. I have already told you that a process may have many packets so here firewall always sits at higher layer of OSI reference model. Firewall intercepts applications and/or Dynamic link libraries (DLL) by helping friendly relations with kernel. Whenever windows sockets (WinSock) are used for communication process and transport protocols get their share in, firewall look for the process and then validate or validate that function according to configuration. The job is done by analyzing communication from specific applications. If no prior local or global configuration is found for specific application then firewall asks for some basic level configuration. It then assigns a process ID (PID) to that process. Now whenever that process will start again, firewall look for PID of the process attempting to send or receive data, and analyze its characteristics against the rule set.

If you ask me which firewall is best, I will reply ………. No Comments. Just joking, actually some firewalls work with one way filtering and some with other but there are some which can work with both way filtering. So my answer is now pretty clear but. We usually see this BUT, it irritates us all many times. Coming to the point, best firewall never guarantee best security. You must sit carefully because there are many problems attached to filtering processes too. Let’s have a look at some.

1. We have seen in movies that a good man can be compromised by some bad guys. Same is true for processes, suppose HUMBLE.exe process is configured as pious. Every time firewall look at the process just think it is a good one but what, if some SIN.dll attaches it self to my humble one. You got my point, so be careful even you have installed the best of the bests of industry.
2. Firewalls sometimes cannot help you, if HUMBLE.exe code is altered in a way that now it also work for bad processes.
   

Let’s look at some of industry’s best software firewalls.

1. Zone Alarm
2. Tiny Firewall
3. Kerio Firewall
4. McAfee Personal Firewall
5. Kaspersky Anti-Hacker
6. IPCop Firewall
7. Outpost Firewall Pro
   

Hardware Firewalls

A hardware firewall is a physical component resides between different networks to minimize intrusion and/or data corruption. Just like an ordinary router or any other network device, we can configure these to make sure our essence reliability. When any traffic needs to communicate to other network, firewall checks its selection access criteria to make decision. There filtering criteria is more or less same to the software firewall filtering criteria. There are two different approaches to ensure network integrity. One is by capitalizing such configuration which allows all traffic unless it meet certain criteria or one can configure to deny certain traffic. The processes used to allow or block traffic may include the following

• Simple packet-filtering
• Multifaceted application proxies
• Stateful inspection systems

In simple packet filtering, we control specified access to the defined network by configuring traffic access to optimized level. We usually use Access control lists (ACL’s) for filtering purposes. If you have any background of working with routers, you can easily grasp an idea as inspection is done on a same pattern of verifying source address, destination address, source pot, destination port and/or protocol.

Proxies are stand-in deputies of their higher orders. Just like, Proxy servers operate between different devices of private network and public network. Private networks are always assumed as more protected networks then public networks. Whenever protected network member need to communicate to unprotected network or some private network by using middle public network, we use proxy servers. These proxies let public network to see their existence instead actual user hiding behind proxy. This help in hiding network information from intruder.

Stateful inspection system is also called as dynamic inspection firewalls (SIF or DIF) as they authenticate sessions instead of applications, programs or hosts. Every time any program creates new session must be authenticated by preconfigured firewall. SIF maintain a table, which contain information regarding TCP and UDP active sessions. This information is in the form of tables having variety of entries like Session’s source IP, Session’s destination IP and Port number. Incase of TCP session, sequence numbers are also included. It must be noted that even all TCP and UDP sessions are not maintained by SIF but those satisfying preconfigured requirements. As we have talked of TCP, it’s obvious that these also work on same methodology of three way handshaking, which ultimately minimize hacking activities but what do you think of Denial of service (DOS). This topic is out of scope of current writing so let’s leave it and move around some popular hardware firewalls.

1. CISCO PIX
2. Nokia IP350
3. Checkpoint Firewall 1NG
4. Juniper Networks NetScreen hardware firewall
   

Step By Step Implementation

Following are the key steps to figure out a successful firewall implementation.

1. Design your network traffic.
2. Determining hostile traffic.
3. Determine inbound and outbound access methodologies.
4. Designing security and privacy level for each segment of network.
5. If for any reason security should be compromised but you cannot close your eyes from security then you must consider a con. Try to figure out less security but implement that node or segment in a way so that one cannot come across your entire network by compromising that insecure area.
   

It must be noted that a good design will always lead toward successful security. We know that designing is far more superior then implementation. If you have got any experience of software engineering, you will find that a bad design always lead toward worse code implementation and it is same for network design as well. You know why, because man can never run away from mistakes. The reason being we must need a good design. Believe in me, even the best design can only optimize leading results not best one.

The scariest part of security is to secure that security.

(Muhammad Irfan Basharat; Dec 15, 2006)