for more:- www.PPTSworld.com A TECHNICAL PAPER ON NETWORK SECURITY USING FIREWALLS PRESENTED BY: GUDLAVALLERU ENGINEERING COLLEGE GUDLAVALLERU for more:- www.PPTSworld.com for more:- www.PPTSworld.com INTRODUCTION: This paper discusses the need for and the concept of network security. Some solutions to implement network security like firewalls, back-ups etc., are discussed. It mainly emphasizes on packet filtering firewalls, their advantages and disadvantages. It concludes with the difficulties encountered in the implementation of network security. Keywords: network security, threats and sources, firewalls, packet filtering. The requirements of information security have undergone three major changes in the last three decades. The first major change was the introduction of the computer. The need for protecting files and information became evident. Collection of tools and procedures designed to protect data and to control access to computing resources has the generic name computer security. The second major change was the introduction of distributed systems, networks, and facilities for data communication. The third change is the current, rapid development of wireless networks and mobile communications. Wireless security is therefore of high priority today. Network security measures are neededto protect data during transmission and storage to control access to networks and network nodes. Some terminology commonly used within network security can be defined as follows: • Data Integrity Protection against change. • Data Availability Protection against disruption of services. • Data Confidentiality Protection against unauthorized data. • Privacy Refers to the ability of a sender to remain anonymous. • Accountability for more:- www.PPTSworld.com for more:- www.PPTSworld.com The clear identification of responsibility. • Authorization Refers to the process of awarding, monitoring. “Taxonomy Diagram” shows the fundamental properties of network security - integrity, protection, and security administration – as an interactive, animated Network Security tree (Figure 2). for more:- www.PPTSworld.com for more:- www.PPTSworld.com Types and Sources of Network Threats - for more:- www.PPTSworld.com for more:- www.PPTSworld.com 1) Denial-of-Service -The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests. 2) Unauthorized Access - The goal of these attacks is to access some resource that your machine should not provide the attacker. 3) Executing Commands Illicitly - An attacker might wish to make configuration changes to a host for which he gains administrator privileges. 4) Destructive Behavior - There are two major categories(a)Data Diddling. It is the data diddler who actually works behind the scene manipulating all the data, which would be unaware to the actual user. (b)Data Destruction. –It includes the destruction of data. Solutions1) Hope you have backups This is coordinated with a disaster recovery plan. 2) Don’t put data where it doesn't need to be - Information that doesn't need to be accessible from the outside world sometimes is. 3) Avoid systems with single points of failure -In security degree of redundancy is good, which helps in protection of any organization. 4) Watch for a person who is in knowledge of the current operating system patches. for more:- www.PPTSworld.com for more:- www.PPTSworld.com Internet Firewalls Encryption helps to solve many security problems. However, it is not a complete solution and is often complimented with a firewall to restrict the types of access permitted between a company’s internal network and the rest of the Internet (i.e. a firewall protects against unwanted Internet traffic). In order to provide some level of separation between an organization's Intranet and the Internet, firewalls have been employed. A firewall is a system or group of systems that enforces an access control policy between two networks. In principle, the firewall can be thought of as a pair of mechanisms: one, which exists to block traffic, and the other, which exists to permit traffic. To be effective, all network traffic either entering or leaving the organization must pass through the firewall. In turn, the firewall implements a defined security policy that rejects any traffic that does not adhere to the policy. Finally, the firewall is itself constructed to be immune to security attacks. Firewalls help to define a security perimeter; as such they can lower the cost of providing adequate security. NEED FOR A FIREWALLProbably the most important thing to recognize about a firewall is that it is designed to prevent unauthorized access to or from a private network connected to the Internet, especially intranets. They can be implemented in both hardware and software, or a combination of both. They sit between two or more networks and mediate traffic. General-purpose computer used to control access between the internal (private) network (Intranet) and the Internet (or any other untrusted network). Types of Firewalls 1) Application Gateways -Also known as proxy gateways, application proxy or application-level proxy, it is an application program that runs on a firewall system between two networks. These are made up of bastion hosts that run special software to act as a proxy server. 2) Packet Filtering -Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so for more:- www.PPTSworld.com for more:- www.PPTSworld.com without any sort of restrictions. Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer (typically, the transport or session layer). Due to the lower overhead and the fact that packet filtering is done with routers, which are specialized computers optimized for tasks related to networking, a packet filtering gateway is often much faster than its application layer cousins. Figure 6 shows a packet-filtering gateway. Packet filtering is a network security mechanism that works by controlling what data can flow to and from a network. To transfer information across a network, the information has to be broken up into small pieces of data called as packets, each of which is sent separately. Packets traversing an Internet work (a network of networks) travel from router to router until they reach their destination. A router has to make a routing decision about each packet it receives; it has to decide how to send that packet on towards its ultimate destination. In general, a packet carries no information. The packet tells the router where it wants to go, but not how to get there. Routers communicate with each other using "routing protocols" such as the Routing Information Protocol (RIP) to build routing tables in memory to determine how to get the packets to their destinations. When routing a packet, a router compares the packet's destination address to entries in the routing table and sends the packet onward as directed by the routing table. A packet filtering firewall filter inspection takes place at the network or transportation layers, and they are application independent. It is the least secure form of firewall, as they do not take account of the communication performed by different applications. for more:- www.PPTSworld.com for more:- www.PPTSworld.com Packet filtering is based on: The address of the source and destination data. The session and application protocols being used to transfer the data. NEED FOR PACKET FILTERING The main advantage of packet filtering is leverage: it allows you to provide, in a single place, particular protections for an entire network. Routers also present a useful chokepoint all of the traffic entering or leaving a network. Only filtering routers can provide certain protections. Protocols Are Usually Bi-directional-Protocols is usually bi-directional; they almost always involve one side sending an inquiry or a command, and the other side sending a response of some kind. What Does a Packet look like? A packet has two parts: the header and the body. The header contains protocol information relevant to that layer, while the body contains the data for that layer which often consists of a whole packet from the next layer in the stack. Each layer treats the information it gets from the layer above it as data, and applies its own header to this data. At each layer, the packet contains all of the information passed from the higher layer; nothing is lost. This process of preserving the data while attaching a new header is known as encapsulation. for more:- www.PPTSworld.com for more:- www.PPTSworld.com Filtering by Address The simplest, although not the most common, form of packet filtering is filtering by address. Filtering in this way lets you restrict the flow of packets based on the source and/or destination addresses of the packets, without having to consider what protocols are involved. Such filtering can be used to allow certain external hosts to talk to certain internal hosts, for example or to prevent an attacker from injecting forged packets (packets handcrafted) so they appear to come from somewhere other than their true source into your network. Risks of Filtering by Source Address It's not necessarily safe to trust source addresses because source addresses can be forged. Unless you use some kind of cryptographic authentication between you and the host you want to talk to, you won't know if you're really talking to that host, or to some other machine that is pretending to be that host. The filters we've discussed above will help you if an external host is claiming to be an internal host, but they won't do anything about an external host claiming to be a different external host. There are two kinds of attacks that rely on forgery: source address and man in the middle. In a basic source address forgery attack, an attacker sends you packets that claim to be from some trusted person, hoping that you would take some action without expecting to get any packets from you. In fact, your responses will go to whoever the attacker is pretending to be, not to the attacker. There are plenty of attacks that can be carried out without the attacker needing to see the results directly. For example, suppose an attacker issues a command to your system that causes it to email your password file to him; if your system is going to send the attacker the password file in the mail, there is no need for him to see it during the attack itself. for more:- www.PPTSworld.com for more:- www.PPTSworld.com In many circumstances - particularly those involving TCP connections - the real machine (that the attacker is pretending to be) will react to your packets by trying to reset the bogus connection. Obviously, the attacker doesn't want this to happen. He has to ensure the attack completes before the real machine gets the packets you're sending, or before you get the reset packets from the real machine. There are a number of ways to ensure this - for example: 1) Carrying out the attack while the real machine is down 2) Crashing the real machine so the attack can be carried out 3) Flooding the real machine while the attack is carried out 4) Confusing the routing between the real machine and the target 5) Using an attack where only the first response packet is required, so that the reset doesn't matter. Filtering by Service Blocking incoming forged packets, as discussed previously, is just about the only common use of filtering solely by address. Most other uses of packet filtering involve filtering by service, which is somewhat more complicated. We're going to take a detailed look at Telnet. Telnet allows a user to log in to another system, as if the user had a terminal directly connected to that system. Outbound Telnet Service-In outbound Telnet service, in which a local client (a user) is talking to a remote server for handling both outgoing and incoming packets. Inbound Telnet Service-In this a remote client (a remote user) communicates with a local Telnet server. Advantages of Packet Filtering 1) One screening router can help protect an entire network you gain tremendous leverage on network security 2) Packet filtering doesn't require user knowledge or cooperation , custom software or configuration of client machines, nor does it require any special training or procedures for users. for more:- www.PPTSworld.com for more:- www.PPTSworld.com 3) Packet filtering is widely available in many routers hardware and software routing products, both commercial and freely available over the Internet Disadvantages of Packet Filtering1) Current filtering tools are not perfect-Despite the widespread availability of packet filtering in various hardware and software packages, packet filtering is still not a perfect tool. 2) The packet filtering rules tend to be hard to configure. Although there is a range of difficulty, it mostly runs from slightly mind-twisting to brain-numbingly impossible. 3) Once configured, the packet filtering rules tend to be hard to test. 4) The packet filtering capabilities of many of the products are incomplete, making implementation of certain types of highly desirable filters difficult or impossible. CONCLUSIONSNetwork security implies restrictions such as network traffic filtering with firewall technology, defence against distribution of malicious programs like virus prevention. Security is a very difficult topic. Everyone has a different idea of what ``security'' is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization. It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand what can be improved, and it's important to let them know why what have been done has been, the sorts of risks that are deemed unacceptable, and what has been done to minimize the organization's exposure to them. Security is everybody's business, and only with everyone's cooperation, an intelligent policy, and consistent practices, will it be achievable. for more:- www.PPTSworld.com for more:- www.PPTSworld.com REFERENCES: .NET Messenger Service (2002). Free Instant Messaging service. Retrieved November 29, 2002 from the World Wide Web http://messenger.microsoft.com/default.asp?mkt=en-us Bluetooth. (2001). the Official Bluetooth Wireless Info Site. Retrieved November 29, 2002 from the World Wide http://www.bluetooth.com/ for more:- www.PPTSworld.com