| It seems nowadays if you are not online, you | | | | worst a Trojan horse. Service ports that are |
| don't exist. It really does not matter what | | | | open to the public such as Port 80 HTTP, have |
| type of company you run, you should have an | | | | know vulnerabilities on the Internet. FTP has |
| online presence to let your prospects and | | | | many vulnerabilities as well. |
| clients know about your company and services. | | | | |
| When you decide to take the leap onto the | | | | Are there different types of firewalls? |
| Internet there are some precautions you | | | | |
| should take. I have friends who say all the | | | | Yes. There are hardware and software |
| time, I really have nothing to hide or worry | | | | firewalls. You might be even using Zone Alarm |
| about. This may be true, but malicious users | | | | or Black Ice Defender. These are software |
| like to deface websites.Which can ruin you | | | | based firewalls, the more I study firewall |
| and your businesses reputation. | | | | technology I realize that everything truly is |
| | | | a software firewall. A computer is nothing |
| This is a paper about firewalls protecting | | | | without software to tell it what to do. |
| your company from outside threats and | | | | |
| unauthorized access. | | | | Packet Filters |
| | | | |
| A firewall is a great start. Firewalls can be | | | | Packet Filters look at source and destination |
| both hardware and software based. There are | | | | addresses. This is where firewall rule sets |
| many different firewall vendors some of the | | | | come in to play. The firewall administrator |
| bigger names are Cisco, Symantec, and | | | | must determine which source and destination |
| Checkpoint. The difficult part is configuring | | | | ports and addresses to allow or deny. The |
| the firewall. This is where many intruders | | | | security administrator needs to keep up to |
| bypass security, because the firewall is | | | | date with alerts on vulnerabilities as new |
| poorly configured. | | | | holes are found and created daily. A |
| | | | technique known as spoofing can sometimes |
| I would like to mention that there are many | | | | fool firewalls but making it appear that a |
| Open Source programs and operating systems | | | | packet is coming from inside the protected |
| that offer great firewall software. I | | | | network when in fact it is an attacker |
| personally believe that OpenBSD has one of | | | | changing the source address. |
| the most secure operating systems and | | | | |
| firewall configurations if done right. | | | | Application Gateways |
| FreeBSD also has firewall software, it is | | | | |
| called IPTABLES.IPTABLES offers packet | | | | Application Gateways are like errand boys. |
| filtering, NAT and you can even change | | | | You request a file and the application |
| packets in Linux. I have to say you can do | | | | gateway grabs it for you.This is great for |
| anything you want in Linux, because the | | | | logging connections, and setting up |
| source code is right there. It's a beautiful | | | | authentication as well. |
| thing. Linux also uses this; you can build a | | | | |
| firewall with the old system sitting in your | | | | Statefull Packet Inspection |
| garage and two Linux compatible network | | | | |
| cards.Linux can be hardened, this means to | | | | Statefull Packet Inspection is a technique |
| make the operating system more secure. I like | | | | used by Cisco PIX firewalls and Checkpoint |
| the tool Bastille Linux its is developed by | | | | Firewalls these firewalls look at the data |
| Jeff Beale. To really get a grasp on | | | | coming across the network.It can also |
| firewalls you need to understand TCP/IP and | | | | authenticate connections, users can usually |
| allot of different protocols to know if you | | | | not notice that the firewall is in place. |
| should allow or deny them into your network. | | | | Allot of firewalls now allow you to configure |
| IP addresses identify hosts on the Internet | | | | VPN's which is awesome if you have remote |
| they look like this 127.214.234.54. Firewalls | | | | workers and satellite offices and need to |
| can block IP addresses, ports, protocols and | | | | transfer data securely. |
| even keywords that come into packets. Hackers | | | | |
| that want into you network have many | | | | Intrusion Detection is also something to |
| different tools at their disposal to try to | | | | consider, I like SNORT. SNORT can detect |
| bypass firewalls. One common attack is known | | | | known attacks against your system and does a |
| as Denial Of Service or DOS attacks. The | | | | great job at logging them if set up |
| attacker simply floods your network, | | | | correctly. There are thousands of different |
| firewalls with so many packets that it cannot | | | | software and hardware solutions you can |
| handle them and sometimes crashes. Firewalls | | | | purchase for you home or network. I happen to |
| are available with DOS filtering to keep | | | | like Open Source, because I like learning and |
| these attacks low, and start dropping | | | | knowledge and the Open Source community has |
| packets. | | | | taught me more than the corporate world ever |
| | | | will. A book I would like to recommend that |
| Firewalls do not protect you from internal | | | | is great for learning firewalls is called |
| threats such as employees bringing in viruses | | | | simply enough Building Internet Firewalls, it |
| from home. Or remote users using VPN's | | | | is by O'reilly. That is all for now. One last |
| (virtual Private Networks) bypassing your | | | | tip, backup, backup, backup. |
| firewall. Think about if you bring your son | | | | |
| to work and he downloads music on your fast | | | | Benjamin Hargis CEO MCP Phuture Networks |
| company internet connection only to introduce | | | | |
| your corporate network with a worm or even | | | | Free Computer Advice! |