Firewalls in network security and computer systems

Firewalls

Computers have become an increasingly crucial component in how people live and do business. For this reason, protecting the valuable data contained on a computer has become evermore important. Firewalls have become a commonplace protection for many, organizations and individuals alike.

This paper will give an overview what a firewall is, as well as investigate some of the major computer software vendors that offer firewall products and some that are hardware based. Which products are best suited to a small LAN with no publicly accessible resources, will be discussed, as will which are best suited to a small LAN that contains one publicly accessible web site, and which are best suited to large organizations with E-commerce web sites and internal resources accessed by strategic partners.

Firewall Overview:

To determine which firewall products are most appropriate for a given scenario, one must first understand what a firewall is. "The security experts say a firewall is a dedicate machine that checks every network packet passing through, and that either drops or rejects certain packets based on rules set by the system administrator" (Wouters, 1997). In addition to this hardware-based definition, the development of firewall applications has expanded this concept of firewall to include anything, hardware or software, that actually does the filtering of packets.

Firewalls have "the basic task of controlling traffic between different zones of trust" ("Firewalls (networking)," 2005). These zones typically include: the Internet and an internal network. The Internet is defined typically as a zone with no trust, while an internal network is typically a zone of high trust. The goal of a firewall is to control the connectivity between these differing levels of trust zones.

There are two types of firewalls that are usually distinguished between. A personal firewall is a software application that filters the traffic entering and exiting a single computer. A traditional firewall most often runs on a dedicated device and is positioned between two or more networks. This type of firewall filters all of the traffic entering and exiting the connected networks ("Firewalls (networking)," 2005).

Within traditional firewalls, there are two primary categories: network layer firewalls and application layer firewalls. Organizations may choose to overlap these two categories. "Network layer firewalls operate at a (relatively low) level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules ("Firewalls (networking)," 2005).

These rules can be established by the firewall administrator or can be default rules that occur in some inflexible firewall systems. Network firewalls are now often built into many operating systems and network appliances.

The other category of traditional firewalls is application-layer firewalls. These work on the application level of the TCP/IP stack, which includes: all browser traffic, all telnet, and all ftp traffic. It intercepts packets that travel between an application. In theory, application-layer firewalls can stop unwanted outside traffic, from ever reaching the protected machine. "By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach" ("Firewalls (networking)," 2005).

A proxy device may act as a firewall, as it responds to input packets, like an application, and blocks others. These devices may it difficult for someone to tamper with an internal system, via an external network. "Misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines ("Firewalls (networking)," 2005).

There are several considerations that need to be considered when choosing a personal firewall for the enterprise environment. First, one must consider if complete protection is offered. This includes inbound protection, where the firewall only opens PC ports for authorized network traffic, while blocking any intrusion attempts and hiding endpoint PCs from port scans. Outbound protection must also be offered to prevent unauthorized applications and malicious code from capturing and sending enterprise data to hackers. E-mail protection must be offered in the form of quarantining suspicious e-mail attachments and protecting address books from hijackers. Instant message protection should also be offered and custom security zones should be offered to "segment network traffic and restrict access on trusted LANs while maintaining high security for Internet connections" (Silver & Pescatore, 2004).

The second facet one should consider is whether or not the firewall can protect itself. Oftentimes, hackers try to disable the firewalls. As such, a comprehensive firewall should include disabling protection, tamper resistance, so that hackers cannot change a firewall's configuration, and protection against application spoofing (Silver & Pescatore, 2004).

A firewall should also offer compliance tools to enforce policy compliance. This includes running and up-to-date comprehensive enforcement criteria, enforcement of the presence or absence of a parameter, and enforcement on endpoints independent of access.

There must also be integration with all leading gateway vendors and centralized enforcement reporting (Silver & Pescatore, 2004).

Major Software and Hardware Firewall Manufacturers:

There are several, notable firewall manufacturers, including those who offer software solutions and those who offer hardware solutions. Symantec is one of the leading information security providers in the world. Founded in 1982, Symantec's objective is to "be a trusted security partner for individuals and enterprises around the world" ("Symantec corporate," n.d.).

With approximately 6,000 employees, Symantec offers a wide variety of software, appliances and services that are designed to help everyone from individuals to large organizations secure and manage their it infrastructure. The company has operations currently in more than 35 countries. and, they provide security products, services and solutions to more than 120 million users around the globe ("Symantec corporate," n.d.).

With threats to information systems coming from all sides and growing in number and complexity, enterprise customers know that hardening network perimeters is not enough. Symantec provides best-of-breed security solutions for all tiers of a network: at the gateways between the network and the outside world, at the servers that act as the network's vital organs, and at end-user devices including desktop PCs, laptops and handhelds ("Symantec corporate," n.d.).

This includes firewall solutions to protect data and assets, while not slowing performance of the network.

Zone Labs is another leading provider of firewall technology. They supply Internet security to everyone from individual consumers to global enterprises. "Zone labs is a leading creator of endpoint security solutions protecting millions of PCs and the valuable, personally-identifiable information on those PCs, from hackers, spyware and data theft" ("About Zone," 2005).

Cisco Systems is perhaps the largest company that specializes in networking for the Internet. Cisco Internet Protocol-based networking solutions are the foundation of most leading business, education, government, and private networks. "Cisco hardware, software, and service offerings are used to create Internet solutions that allow individuals, companies, and countries to increase productivity, improve customer satisfaction and strengthen competitive advantage" ("News @ Cisco," 2005).

Cisco was founded in 1984 and has since grown to become the industry leaders in the development of Internet Protocol-based networking technologies. it's focus has always been on networking innovation. With more than 34,000 employees worldwide, Cisco offers a variety of unique products and services that create smarter, faster, and more secure networks ("News @ Cisco," 2005).

Which Products are Best Suited to a Small LAN Without Publicly Accessible Resources:

There are a variety of firewall products that are suited to a small LAN without publicly accessible resources. However, one of the best is Symantec's Norton Personal Firewall 2005. Symantec's Norton Personal Firewall 2005 is an easy to use software that instantly makes any PC invisible ("Norton Personal," n.d.).

This software offers a variety of features. It allows the user to block confidential information, yet still send out personal data to trusted sites. It automatically turns the firewall back on after a pre-determined amount of time, should it need to be turned off temporarily. It automatically blocks suspicious incoming traffic and prevents data being sent without the users knowledge. The Norton Personal Firewall only allows authorized programs to connect to the Internet. and, LiveUpdate automatically checks for the newest protection updates, when the user is online ("Key feature," n.d.).

ZoneAlarm Pro-is another excellent choice, offered by Zone Labs. It too is easy to use and blocks hackers as well as other unknown threats. It systematically identifies hackers and blocks their access attempts, while making the user's PC invisible to anyone on the Internet. It offers an automatic program configuration that automatically decides whether or not to allow Internet access to individual programs, and it has expert level controls for those who are savvier and would like precise control of their security settings. Suspicious inbound mail is quarantined and halts outbound mail with potential viruses. It also anonymously tracks hacker attempts so that they may be reported to authorities ("ZoneAlarm," 2005).