Would you leave the front door of your office unlocked overnight? Maybe I’m a cynic, but I don’t trust people that much.
While the Internet has significantly changed the way we work, get our news and entertainment, research, shop – all at our fingertips, it has also left a door open to businesses that anyone can enter – good or bad. A firewall must secure a computer network as well as a lock or security system protects your business from intruders.
What is a firewall?
Originally used in the construction industry to describe a wall that is built to stop fire from spreading throughout a building, the word firewall was first used in the electronic industry in the 1980s.
A network firewall can either be hardware or software running on a configured liaison computer. Two network interfaces are required -- one connected to the Internet (external) and one connected to the network (internal). Acting as a gateway, the firewall sits between the two networks and monitors the information passing through to ensure it meets security criteria. If it does, the information is allowed to pass through and if not, the information is shut out.
A firewall blocks unauthorized access by packet filtering, a process in which it inspects certain parts of each data packet and either denies access or allows the information to pass to the network. All incoming data is assumed harmful until it is proven acceptable.
Packet filtering criteria include source/destination IP addresses, source/destination ports, protocol type or a combination of these. An IP port is a virtual or software-assigned door through which data passes to a particular function. For example, a computer can browse the Internet at the same time as e-mail is downloading using the same IP address because traffic to and from the mail server uses port 110 and 25 and traffic to and from the web server uses port 80. Based upon the computer’s unique IP address, the data packets arrive at the computer and are filtered to the proper location according to port numbers. The protocol analyzes what type of data is present in the packet and determines whether it contains web page data (HTTP) or file transfer data (FTP).
ISO’s Seven Layer Model
The International Organization for Standardization (ISO) developed a seven-layer model for computer networking called the OSI (Open Systems Interconnect) Reference Model, which describes the flow of data within a network. Data going to and from the network passes through the “protocol stack” layer by layer, beginning with the lowest layer (physical connections) and continuing through to the upper layer that contains the user’s applications. Because each layer has specific responsibilities and communications only with the layer above and below, it is important to choose a firewall according to filtering schemes.
The lowest layer at which a firewall can function is Level 3 because Layers 1 and 2 are used only to move the data packets in and out of the device. At Level 3, the firewall is capable of examining the IP address and determining whether the packet has come from a tainted source, but it unable to determine what data the packet contains or with which other packets is may be associated.
A Level 4 firewall understands more about the data packet and can apply more specific filtering criteria. In a Level 7 firewall, the Application Layer, the firewall understands a significant amount of information about the packet and its contents. It seems Level 7 should always be the best option, however, with the higher protocol stack comes the risk of the intruder being able to more seriously damage a network. If the intruder cannot get past Level 3, he can’t gain control of the operating system.
Starve the Intruders of Internal Knowledge
Many firewall use NAT (Network Address Translation) in addition to packet filtering. NAT protects the network by completely masking the IP addresses of computers behind the firewall from the outside world by translating public addresses into private addresses, which are not visible to users on the outside of the network.
Dynamic NAT, which is often used to connect small office networks to the Internet through a broadband service like DSL, allows several computers share an IP addresses by assigning different port numbers to each outgoing request. When a computer behind a firewall requests a web page, the request appears to come from an IP address 208.49.15.264.xxxxx where a port xxxxx is a port number between 61000 and 65535 assigned by a firewall. When the remote server returns the page content, the firewall changes the IP and port address back into the private internal address.
In addition to providing security, dynamic NAT also reduces the number of IP addresses required to connect to the Internet. Because the Internet has grown so rapidly, more IP addresses are being used, creating the serious threat of running out of available IP addresses.
VPN: Best Defense Against IP Spoofing
Firewalls that use only packet filtering to determine which information may pass through and which may not gain entrance can sometimes be tricked into letting in harmful information if the cracker uses a technique called “IP spoofing.” Using this technique, the cracker can forge source IP addresses that appear to have originated from a trusted source. The information is let through unless it fails to meet other filtering criteria.
IP spoofing can be beat by using a VPN (virtual private network) protocol, which encrypts the source addresses and the data in each packet before transmitting the packet. If the data or address is suspected to contain malicious information, the entire packet is rejected and cannot pass through.
The Good News
The good news is that the majority of intruders aren’t specifically interested in your business; they’re just looking for an opportunity. Like a burglar who finds an unlocked door to a house, a cyber intruder will walk in and take whatever he pleases. Conversely, he will move on to easier prey if he knows it will be difficult or impossible to gain entrance.
Cebic Technologies Inc.’s Remote Intelligence™ center offers four separate services: Virus Monitoring, Hardware Monitoring, Security Monitoring and Network Monitoring.
If you have any questions or interest in remote intelligence options, please call 303-987-3679 or visit www.cebic.com.
