Research on Computer Security Based on

Firewall

Prepared By:
Afnan Alnuzaili – Software Engineering
Introduction

If your network is connected to the Internet, a whole host of security issues bubble to the
surface. The Internet connection is a two-way street. Not only does it enable your network’s
users to step outside the bounds of your network to access the Internet, but it also enables
others to step in and access your network.
Unfortunately, the world is filled with threats that causes serious damages to networks, like:
viruses, worms, denial-of-service (DoS) attacks, hackers looking for networks to break into,
they may do it just for fun, or they may do it to steal your customer’s credit card numbers or
to coerce your mail server into sending thousands of spam messages on their behalf.
Whatever their motive, rest assured that your network will be broken into if you leave it
unprotected.
This research presents one of the most basic techniques for securing network’s Internet
connection which is firewalls.
Basic concept of firewall
Firewalls are network devices or software that separates one trusted network from an untrusted network
(e.g., the Internet) by means of rule-based filtering of network traffic.
It is configured to inspect the network traffic that passes between the Internet and your network and only
allows the network protocols that you desire to pass through the firewall. If a protocol isn’t included in the
approved list, the firewall discards the packets of data and prevents them from entering the network.

Figure on the next slide summarizes the main concept of firewall, the figure identifies the firewall as a
separate physical device at the boundary between an untrusted and trusted network, but in reality a
firewall is merely software. This does not mean that physical, separate devices are not firewalls, but merely
that these devices are simply computers running firewall software. Host-based firewalls have found their
way into most operating systems. Windows XP and later versions have a built-in firewall called the Windows
Firewall.

Therefore, it is important to understand that firewalls can exist at different locations within a network, not just
at the perimeter of a network.
Figure 1: A basic firewalled network.
 Main functions of firewall
As network traffic passes through the firewall, the firewall decides which traffic to forward and which traffic not to forward,
based on rules that you have defined. All firewalls screen traffic that comes into your network, but a good firewall should
also screen outgoing traffic.
The following list includes the most common functions of firewalls:

 Block incoming network traffic based on source or destination: Blocking unwanted incoming traffic is the most
common feature of a firewall.

 Block outgoing network traffic based on source or destination: Many firewalls can also screen network traffic from your
internal network to the Internet. For example, you may want to prevent employees from accessing inappropriate Web
sites.
 Block network traffic based on content: More advanced firewalls can screen network traffic for
unacceptable content. For example, a firewall that is integrated with a virus scanner can prevent files that
contain viruses from entering your network. Other firewalls integrate with e-mail services to screen out
unacceptable e-mail.

 Make internal resources available: Although the primary purpose of a firewall is to prevent unwanted
network traffic from passing through it, you can also configure many firewalls to allow selective access to
internal resources, such as a public Web server, while still preventing other access from the Internet to your
internal network.

 Report on network traffic and firewall activities: When screening network traffic to and from the Internet,
it’s also important to know what your firewall is doing, who tried to break into your network, and who tried
to access inappropriate material on the Internet. Most firewalls include a reporting mechanism of some kind
or another.
Setting firewalls
What is the firewall that best fit?
There is no size firewall that works well for every organization. Firewalls usually fall into one of the categories in the
following list. The size of firewall that you install depends on your exact requirements for protection and management.

 Personal firewall: A personal firewall is most often installed as a piece of software on a single computer and
protects just that computer. Personal firewalls also come as separate hardware components, or they may be built
into other network devices, but they all protect a single computer or a very small number of computers. Personal
firewalls also normally have very limited reporting and management features.

 Departmental or small organization firewall: These firewalls are designed to protect all the computers in an office
of limited size that is in a single location. Firewalls in this category have the capacity to screen network traffic for a
limited number of computers, and the reporting and management capabilities are adequate for this function.
 Enterprise firewall: Enterprise firewalls are appropriate for larger organizations, including organizations with
thousands of users that are geographically dispersed. The reporting capabilities include consolidated reports
for multiple firewalls; the management tools enable you to configure multiple firewalls in a single step.

As you are evaluating firewalls, keep in mind that some firewall products can work well in more than one setting.
However, few firewalls — if any — work well in all three settings: personal, departmental, and enterprise.
 Types of Firewalls
Firewalls employ four basic techniques to keep unwelcomed visitors out of your network:

1. Packet filtering

A packet-filtering firewall examines each packet that crosses the firewall and tests the packet according to a set of rules
that you set up. If the packet passes the test, it’s allowed to pass. If the packet doesn’t pass, it’s rejected.
Packet filters are the least expensive type of firewall. As a result, packet-filtering firewalls are very common. However,
packet filtering has a number of flaws that knowledgeable hackers can exploit. As a result, packet filtering by itself
doesn’t make for a fully effective firewall.
Packet filters work by inspecting the source and destination IP and port addresses contained in each Transmission
Control Protocol/Internet Protocol (TCP/IP) packet. TCP/IP ports are numbers assigned to specific services that help to
identify for which service each packet is intended. For example, the port number for the HTTP protocol is 80. As a result,
any incoming packets headed for an HTTP server will specify port 80 as the destination port.
The rules that you set up for the packet filter either permit or deny packets that specify certain IP addresses or
ports. For example, you may permit packets that are intended for your mail server or your web server and
deny all other packets. Or, you may set up a rule that specifically denies packets that are heading for the ports
used by NetBIOS. This rule keeps Internet hackers from trying to access NetBIOS server resources, such as files
or printers.

One of the biggest weaknesses of packet filtering is that it pretty much trusts that the packets themselves are
telling the truth when they say who they’re from and who they’re going to. Hackers exploit this weakness by
using a hacking technique called IP spoofing, in which they insert fake IP addresses in packets that they send
to your network.

Another weakness of packet filtering is that it examines each packet in isolation without considering what
packets have gone through the firewall before and what packets may follow. In other words, packet filtering is
stateless. Rest assured that hackers have figured out how to exploit the stateless nature of packet filtering to
get through firewalls

In spite of these weaknesses, packet-filter firewalls are completely transparent to users, efficient and
inexpensive.
2. Stateful packet inspection (SPI)

Stateful packet inspection (SPI) is a step up in intelligence from simple packet filtering. A firewall with stateful
packet inspection looks at packets in groups rather than individually. It keeps track of which packets have passed
through the firewall and can detect patterns that indicate unauthorized access. In some cases,
the firewall may hold on to packets as they arrive until the firewall gathers enough information to make a
decision about whether the packets should be authorized or rejected.
Stateful packet inspection was once found only on expensive, enterprise-level routers. Now, however, SPI
firewalls are affordable enough for small or medium-sized networks to use.

3. Circuit-level gateway

A circuit-level gateway manages connections between clients and servers based on TCP/IP addresses and port
numbers. After the connection is established, the gateway doesn’t interfere with
packets flowing between the systems. For example, you can use a Telnet circuit-level gateway to allow Telnet
connections (port 23) to a particular server and prohibit other types of connections to that server. After the
connection is established, the circuit-level gateway allows packets to flow freely over the connection. As a result,
the circuit-level gateway can’t prevent a Telnet user from running specific programs or using specific commands.
4. Application gateway

An application gateway is a firewall system that is more intelligent than a packet-filtering firewall, stateful packet
inspection, or circuit-level gateway firewall. Packet filters treat all TCP/IP packets the same. In contrast, application
gateways know the details about the applications that generate the packets that pass through the firewall.
For example, a web application gateway is aware of the details of HTTP packets. As a result, it can examine more than
just the source and destination addresses and ports to determine whether the packets should be allowed to pass
through the firewall. In addition, application gateways work as proxy servers. Simply put, a proxy server is a server that
sits between a client computer and a real server. The proxy server intercepts packets that are intended for the real server
and processes them. The proxy server can examine the packet and decide to pass it on to the real server, or it can reject
the packet. Or, the proxy server may be able to respond to the packet
itself without involving the real server at all.
For example, web proxies often store copies of commonly used web pages in a local cache. When a user requests a web
page from a remote web server, the proxy server intercepts the request and checks whether it already has a copy of the
page in its cache. If so, the web proxy returns the page directly to the user. If not, the
proxy passes the request on to the real server.

Application gateways are aware of the details of how various types of TCP/IP servers handle sequences of TCP/IP packets
to make more intelligent decisions about whether an incoming packet is legitimate or is part of an attack. As a result,
application gateways are more secure than simple packet-filtering firewalls, which can deal with only one packet at a
time.
Firewall best practices

Here’s what Doug Lowe considers to be best practices for deploying firewalls in your organization:
 Always protect external connections with a firewall appliance: This is rule number one.
Never allow any type of connection to the outside world that isn’t protected by a firewall.

 Don’t skimp when it comes to firewalls There are plenty of areas in your budget where you
can make compromises to cut operating costs, but firewalls are not one of them. Firewalls are
expensive, but they’re far less expensive than the cost of a successful cyberattack. In addition
to the security features provided by the firewall, also consider the throughput capabilities of
the firewall. Usually, more expensive models within a particular vendor’s firewall offerings
have the same features but at higher performance. If your Internet connection can support 1
Gbps, don’t hamper it with a firewall that can only support 300 Mbps of net throughput —
you won’t be getting the benefit of that 1 Gbps Internet pipe.
 Use firewall appliances in pairs for redundancy: If your firewall appliance dies, your entire
organization will be without Internet access until the firewall is repaired. To reduce or
eliminate this downtime, use firewalls in pairs, with one designated as the primary firewall
and the other as a standby that can step in if the primary firewall fails. If possible, configure
these firewalls with
automatic fail-over. If that’s not possible, at least make sure that the procedure for
manually flipping the firewall is readily available (post it on the wall near the firewall) so
that you can get back online quickly. (Usually, this procedure is simply a matter of switching
the cable that carries the external Internet feed from the bad router over to the standby
router).

 Block everything by default: Block everything, then explicitly allow only those services that
are used by your organization. Newer firewall appliances have web-based interfaces that
make this process easy.
 Document your firewall rules: Whenever you create a firewall rule to allow a specific type of traffic,
document the reason for the rule. Rules to allow traffic are created for a specific purpose For example,
your accounting department may use an application that requires you to open a specific port. Years later,
when the accounting department switches to a different application, the rule that opened that port will
still exist. And if you don’t document the reason that the rule was created, you won’t know whether you
can remove the rule.

 Periodically review your firewall logs and configuration: Firewalls keep logs that can help you understand
your network traffic. Review them regularly to ensure your firewall is performing as designed. You may
discover rules that aren’t being used, and you may discover gaps in your configuration that create risky
exposure.

 Enable the built-in Windows Defender Firewall on your endpoint computers: This practice may seem
redundant, because all your computers are behind advanced firewall appliances. But when it comes to
cybersecurity, redundancy is a good thing. The Windows Defender Firewall may block something that
slipped through your firewall router.
References

1. Networking All-in-One For Dummies®, 8th Edition Published by: John Wiley & Sons, Inc.

2. Firewalls For Dummies®, 2nd Edition Published by Wiley Publishing, Inc.

3. Cyber Security Essentials, Published by James Graham,