Firewall is the in between security device that controls communication between a public network internet and a private network. A firewall can either be a piece of software or hardware. Based on policies laid down according to the organizations, the firewall permits outbound and inbound network traffic. The firewalls have predefined rules which allow access to authorized connections and blocks unauthorized connections. It also provides a log of events pertaining to network traffic which is reviewed by the administrator to detect any anomalies.
Firewalls are commonly used as a perimeter security measure for networks. They safeguard the entry points into the private networks. Their main purpose was to protect the private network from any external threat. In case an intruder was successful in bypassing the firewall he could easily gain access to the internal network systems. Also surveys have reported that organizations need to concentrate equally on internal threats to prevent breach of security. Cyber criminals use sophisticated technology to carry unauthorized intrusions and a single firewall is not enough to contain them.
By following a multilayered approach, also known as defense- in- depth, one can minimize malicious attacks thus securing the cyber infrastructure. Security can be fortified by possessing more than one line of defense. Use of distributed firewall for defense- in- depth philosophy. The primary focus of defense-in-depth strategy is using multiple overlapping security measures. This ensures that even if an attacker has overcome one security measure, he has to face the next level of security to gain access.
Rather than deploying a single firewall, a better approach would be to compartmentalize network security and use multiple firewalls to protect internal systems from unauthorized attacks. Different security measures such as content filtering, intrusion detection and internal firewalls constitute a good defense-in-depth plan. The focus of such a plan would however still pay on its implementation of firewall policies. The quality of a good defense-in dept system should encompass the following: A) Restricted access to networks and employee monitoring would be carried out.
b) Information laden crucial servers would be given limited access. c) Use of internal firewalls to monitor the important servers. d) In case a threat arose, it would be on an a local machine rather than involving the complete network. With the use of strong internal firewalls, one can secure the network. Thus an attacker would have to deal with several layers of security to gain access to vital information. If an attacker ends up breaking one layer of security, he will still has to encounter the second layer. An ideal situation to prevent internal threats is to use distributed firewalls.
In this strategy every network has a firewall device to monitor it. A central server would be used to enforce individual firewall policy on each system in the network. Therefore, this centralized approach in the defense-in-depth mechanism, ensures that there exists a security blanket in terms of firewalls over each component of the network. The security of the entire network and servers remains uncompromised even if a single machine falls prey to internal threat. The security infrastructure of information centric organizations can be strengthened by using this layered concept of internal firewalls.
To implement the fundamental principle behind defense in depth, multiple networks in organizations to have clear cut defined boundaries. It is much easier to divide a huge network into small sized networks and exercise control over them. Firewall policies Firewall policies are rules governing network traffic between the internet and private network. Access to services are provided by set of rules laid down by the administrator, thus preventing internal networks from viruses attacks and malicious intents. An example of firewall policy is the one which is applied to University of Alberta. Outsiders can access the firewall by using access.
cs. ualberta. ca via the secure shell network protocol. Once the users login, their computer systems is indentified as a trusted system. This status will ensure that all data packets originating from the system are not restricted by the firewall. The status holds true till the user is logged in the firewall. Outbound traffic would be data packets sent from university network to external network and incoming traffic would be packets arriving from external network to university network. The firewall policies laid down by the University for the Security of the intranet is as follows: a) Allow any kind of valid outbound traffic
b) Restrict inbound traffic. c) Accept connections only from trusted machines. d) Reject connections from unknown machines or machines not identified as trusted. e) Allow incoming traffic from TCP port 22. f) Permit incoming of (ICMP)packet types 0,3,8. Block any other packets from entering the intranet. The above said firewall policy measure provides perimeter network security to the university. The complete network has a firewall blanket which will prevent any suspicious data or connection entering the university network. Analysis of how the policies will assist in the mitigation of network attacks.
The login to the firewall of the University of Alberta is via a secure channel. Secure shell protocol deters interception and tinkering of data since it uses encryption while it is being transmitted. All legitimate connections made from the university network in accordance with security guidelines would be allowed. Since only trusted machines. i. e those using ssh protocols are allowed to establish connection with university network, any unauthorized connection from any other IP address will get rejected by the firewall. Packets are allowed inside the network only if they are session related.
The restriction that only those packets are allowed inside the network if they are connected to the outgoing packets. Connection inside the network can be established by the trusted TCP 22 port further alleviating the security. Only those ICMP packets containing messages such as destination unreachable and connection request are allowed. The policy takes care of protecting the network from unauthenticated intrusion. However there are no restrictions on internal communications within the network which also pose potential threat to security of the systems. Timeout mechanisms also need to be outlined otherwise clogging of firewall may take place
Conclusion Firewalls provide a very needed solution to protect violation of information. However there is an ever growing need to realize that security is a dynamic process. By just formulating and implementing firewall policies is not enough. These policies need to be constantly reviewed as technology keeps changing and so do the threats. By implementing diverse security technologies, organizations can shield themselves better from attack. Thought defense-in-depth is cumbersome to implement, one step forward would be to at least have internal firewalls for systems within the network.
Thus an attacker will have to face the daunting task of finding his way through a layer of security policies. References Achieving Defense-in-Depth with Internal Firewalls. . Retrieved June 12, 2009. http://www. sans. org/reading_room/whitepapers/firewalls/achieving_defenseindepth_with_internal_firewalls_797? show=797. php&cat=firewalls Firewall Policy. Retrieved June 12, 2009 . http://www. cs. ualberta. ca/doc/Policy/firewall. pdf Defence in depth. Retrieved June 12, 2009. http://en. wikipedia. org/wiki/Defense_in_deptha