Wat is a Firewall ???

Discussion in 'Computer Forum' started by my_name_is_Neo, Sep 11, 2006.

Thread Status:
Not open for further replies.
  1. A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device or a software program running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to.
    A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact that by segmenting a network into different physical subnetworks, they limited the damage that could spread from one subnet to another just like firedoors or firewalls.

    Hardware firewall providing protection to a Local Network

    image : http://www.hosturpics.com/img/74a8727b6db62b0376467df0fe55603e/firewall.gif

    Computer with Firewall Software
    Computer running firewall software to provide protection

    image : http://www.hosturpics.com/img/a5a142f5301a1fe7d2fcc08bd86ecb37/firewall1.gif

    What does a firewall do?

    A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.

    What can't a firewall do?

    A firewall cannot prevent individual users with modems from dialling into or out of the network, bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced. These are management issues that should be raised during the planning of any security policy but that cannot be solved with firewalls alone.
    The arrest of the Phonemasters cracker ring brought these security issues to light. Although they were accused of breaking into information systems run by AT&T Corp., British Telecommunications Inc., GTE Corp., MCI WorldCom, Southwestern Bell, and Sprint Corp, the group did not use any high tech methods such as IP spoofing (see question 10). They used a combination of social engineering and dumpster diving. Social engineering involves skills not unlike those of a confidence trickster. People are tricked into revealing sensitive information. Dumpster diving or garbology, as the name suggests, is just plain old looking through company trash. Firewalls cannot be effective against either of these techniques.
     
  2. Who needs a firewall?

    Anyone who is responsible for a private network that is connected to a public network needs firewall protection. Furthermore, anyone who connects so much as a single computer to the Internet via modem should have personal firewall software. Many dial-up Internet users believe that anonymity will protect them. They feel that no malicious intruder would be motivated to break into their computer. Dial up users who have been victims of malicious attacks and who have lost entire days of work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity presents itself.
    How does a firewall work? There are two access denial methodologies used by firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria. The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that analyse the application data to determine if the traffic should be allowed through. How a firewall determines what traffic to let through depends on which network layer it operates at. A discussion on network layers and architecture follows.

    image : http://www.hosturpics.com/img/613301a649236dc3ac23075a0c83d6cf/firewall2.gif

    What are the OSI and TCP/IP Network models?

    To understand how firewalls work it helps to understand how the different layers of a network interact. Network architecture is designed around a seven layer model. Each layer has its own set of responsibilities, and handles them in a well-defined manner. This enables networks to mix and match network protocols and physical supports. In a given network, a single protocol can travel over more than one physical support (layer one) because the physical layer has been dissociated from the protocol layers (layers three to seven). Similarly, a single physical cable can carry more than one protocol. The TCP/IP model is older than the OSI industry standard model which is why it does not comply in every respect. The first four layers are so closely analogous to OSI layers however that interoperability is a day to day reality.

    Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. In the OSI model this is the network layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with routing packets to their destination. At this layer a firewall can determine whether a packet is from a trusted source, but cannot be concerned with what it contains or what other packets it is associated with. Firewalls that operate at the transport layer know a little more about a packet, and are able to grant or deny access depending on more sophisticated criteria. At the application level, firewalls know a great deal about what is going on and can be very selective in granting access

    image : http://www.hosturpics.com/img/c8efeae71bedd91f9a7c5cbea388a928/firewall3.gif

    It would appear then, that firewalls functioning at a higher level in the stack must be superior in every respect. This is not necessarily the case. The lower in the stack the packet is intercepted, the more secure the firewall. If the intruder cannot get past level three, it is impossible to gain control of the operating system.

    image : http://www.hosturpics.com/img/5c8c083a753b83a45def4762760b2445/firewall4.gif

    Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system's TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then "open the doors" from the inside.

    According To Byte Magazine*, traditional firewall technology is susceptible to misconfiguration on non-hardened OSes. More recently, however, "...firewalls have moved down the protocol stack so far that the OS doesn't have to do much more than act as a bootstrap loader, file system and GUI". The author goes on to state that newer firewall code bypasses the operating system's IP layer altogether, never permitting "potentially hostile traffic to make its way up the protocol stack to applications running on the system".
     
  3. why ??????
     
  4. cumming soon

    cumming soon Banned

    who asked? btw thanks
     
  5. What different types of firewalls are there?

    Firewalls fall into four broad categories: packet filters, circuit level gateways, application level gateways and stateful multilayer inspection firewalls.

    Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator. Rules can include source and destination IP address, source and destination port number and protocol used. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Most routers support packet filtering. Even if other firewalls are used, implementing packet filtering at the router level affords an initial degree of security at a low network layer. This type of firewall only works at the network layer however and does not support sophisticated rule based models. Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering

    image : http://www.hosturpics.com/img/4d9a9384283c84445127d002903df193/firewall5.gif

    Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets

    Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model. Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, an application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. Because they examine packets at application layer, they can filter application specific commands such as http:post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which know anything about the application level information. Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer

    Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. They allow direct connection between client and host, alleviating the problem caused by the lack of transparency of application level gateways. They rely on algorithms to recognize and process application layer data instead of running application specific proxies. Stateful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel
     
  6. vini

    vini Repeat Offender

    stop this copy paste..
    thanks but nobody needs ur help...what is google for?
     
  7. g0g0l

    g0g0l ! SpAm

    Tell me......How to bypass someone's Firewall :grin:
    That ud b better ;)
     
  8. ^ good question...batao....
     
  9. lost in matrix.....ha ha....
     
  10. cumming soon

    cumming soon Banned

    give him time to search copy paste. one helluve job
     
  11. g0g0l

    g0g0l ! SpAm

    ^^lol....:grin:
     

  12. u stupid fool...

    i was'nt even finished yet... if u cud have understud...

    sorry i was disconnected back then

    u bunch of !d!ots
     

  13. sorry... but u sud know tat i've completed my Ethical Hackin...

    -n- i'm far far betterthan u think

    i wud have told u... but tats illegal...

    so i can't

    chk da pic... if u cud understand... try it... lolzzz... if u cud
     

    Attached Files:

    • Neo.JPG
      Neo.JPG
      File size:
      133.5 KB
      Views:
      11
  14. erutu

    erutu terminally awesome

    Yesh! Now I'm a master in hacking. Look out IGT server-taker-carers.
     
  15. i don't wish 2 remain in this place any more... bunch of stupids

    SORRY BABUN... but i don't think i'll be postin anymore...

    ur friendz r !d!ots... -n- they have no sense of self respect...

    just don't mess with me... leavin this place as it is just because 2 of my best friendz like this place... or else it wud not have been so preety...

    u sud never mess with a guy like me


    tats it... end of story... bye bye
     

  16. sorry... but u sud know tat i've completed my Ethical Hackin...

    -n- i'm far far betterthan u think

    i wud have told u... but tats illegal...

    so i can't

    chk da pic... if u cud understand... try it... lolzzz... if u cud
     

    Attached Files:

    • Neo.JPG
      Neo.JPG
      File size:
      133.5 KB
      Views:
      3
  17. well all ya stupid ppl... tats it end of story... bye bye...

    SORRY BABUN... but i'll not post again...

    leavin ur IGT as it is... but tell ur stupid friendz not 2 mess wih me...

    -n- ya... tell babuly tat i was here
     
  18. g0g0l

    g0g0l ! SpAm

    N00bs make life hell...........
     
  19. g0g0l

    g0g0l ! SpAm

    Thank u for not posting anymore...U n00b......

    BTW:- My post >> :grin: ;)
     
  20. erutu

    erutu terminally awesome

    Why did he get banned? He didn't do anything apart from make claims about knowing how to hack.
     
Thread Status:
Not open for further replies.

Share This Page