Firewalls and security

February 1, 2003


Computer networks are increasingly vulnerable to security threats,and e-mail is perhaps the most critical threat.

Industry analyst IDC predicts that by 2005 there will be 1.2 billione-mail boxes and 36 billion person-to-person e-mails each day. VirtualPrivate Networks (VPNs) permit remote workers to access companynetworks through high-speed broadband connections such as cable andDSL. The proliferation of remote PCs attached to company networks opensnew holes, which can be exploited by hackers.

Security issues

The reality of Internet security was characterized by CERT, theComputer Emergency Response Team: 1) the expertise of intruders isincreasing, 2) the sophistication of attacks and available tools andtool-kits is increasing, and 3) the effectiveness of intruders isincreasing due to the amount of information passed to lessknowledgeable intruders, making them more effective.

CERT lists the following as potential compromises to a network:

1) Trojan Horse (viruses) — There is an increase in incidentsinvolving viruses, which can be difficult to control because users caneasily take actions without understanding the consequences. 2) Internetsniffers can intercept traffic over a physical network, which permitsintruders to examine network traffic between machines, gather usernames and passwords and capture e-mails. 3) Large scale attacks areused by knowledgeable intruders to scan large numbers of hosts forvulnerabilities. 4) Distributed attack tools can scan large numbers ofhosts and networks, identify machines with vulnerabilities, compromisethe host and install distributed attack tools on the host machine,gaining information such as user names and passwords, which can then besent invisibly to the intruder. 5) Distributed DoS (denial of service)attack tools amplify the ability of a hacker to propagate sufficienttraffic over a network to effectively slow or stop any legitimatecommunication using multiple computers.

Network survivability

By definition, survivability is “the capability of a system tofulfill its mission, in a timely manner, in the presence of attacks,failures or accidents.” In practice, the result of a system'ssurvivability is determined by the ultimate impact of an event, i.e.server failure, attack, rather than its specific cause.



As the complexity of potential threatsincreases, so must the measures taken to ensure system security.

For the purpose of evaluating the survivability of a network,determine the computing environment in which it operates —bounded or unbounded. Bounded systems are those that the user has totalcontrol over, such as a company network that is not connected to theInternet. Unbounded systems are those where each participant has anincomplete view of the whole. Unbounded systems are generally comprisedof a connected group of unbound systems, i.e. different networkscommunicating through the Internet.

Firewall

One of the most effective methods to secure bounded networks thathave an Internet connection (unbounded network) is to use a firewall. Afirewall is typically a hardware device, but may also be software,which acts like a gatekeeper from the outside world and can filtercertain data traffic entering the network. Firewalls can be based onthree methods:

Packet filtering. Packets of data are compared to a filterspecification. If the data contained within the packets match thecriteria, then they may be allowed to pass or be rejected.

Stateful inspection. Uses a connection table to track datatraffic over multiple flows of data traffic. Stateful inspectioncompares key portions of the packet against a database of trustedinformation. For example, the firewall might compare trafficoriginating from inside the firewall to incoming traffic.

Application proxy. This firewall does not permit data to godirectly through, rather, it acts like a server to clients within thefirewall and like a client to servers outside the firewall. This makesthe resource within the firewall look invisible to the outsideworld.


McNamara, Radio's consultant on computer technology, ispresident of Applied Wireless Inc., New Market, MD.


All of the Networks articles have been approved by the SBECertification Committee as suitable study material that may assist yourpreparation for the SBE Certified Broadcast Networking Technologistexam. Contact the SBE at (317) 846-9000 or go to www.sbe.org for moreinformation on SBE Certification.



Want to read more stories like this?
Get our Free Newsletter Here!

Comments