Firewalls and security
Apr 1, 2002 12:00 PM, By Kevin McNamara, CNE
The Internet provides the best and most efficient means to communicate globally; however, attaching a single computer or group of networked computers to the Internet presents security risks ranging from simple access to personal/company files to total destruction of critical information stored on hard drives. We have read about hackers gaining access into government websites or viruses being spread through e-mails. Any individual, company or government is vulnerable to a security breach. Countermeasures are constantly under development, but hackers continue to find vulnerabilities in PC software and network hardware.
The definition of computer security is �the process of preventing and detecting unauthorized use of a computer workstation or server.� As a general rule, security issues are most prevalent in computers attached to the Internet with dedicated, full-time connections, but can also become a problem with simple dial-in services.
Use a firewall to protect your network and data from unwanted users.
A government-funded organization called the Computer Emergency Response Team Coordination Center (CERT/CC) tracks intruder activity. It has published Overview of Attack Trends, which documents six trends that intruders have used to gain access to PCs since 1988. According to the CERT report (available at www.cert.org), those trends include:
1. An increase in the use of software that permits automated attacks to computer software and hardware systems. The automated attacks involve four phases:
a. Tools that scan for potential victims are more efficient and are more widespread.
b. The same tools used to find potential victims can also identify vulnerabilities as part of the scanning activity.
c. Tools can self-initiate new attack cycles rather than requiring a person to start the process, such as �Code-Red� and �Nimda,� which hit global saturation in less than 18 hours.
d. Using distributed attack tools, hackers can manage and coordinate attacks across multiple Internet systems, which permit the efficient launching of �denial of service� type attacks.
2. The tools used for attacks are becoming increasingly sophisticated. These tools are more difficult to detect using antivirus software or intrusion detection systems. These tools possess three important characteristics:
a. Techniques are available that make it difficult to determine the nature of the attack.
b. Instead of defined sequences, new tools can vary the pattern and behavior of the attack either randomly, pre-defined or controlled directly by the intruder.
c. Attack tools are now modular in nature, allowing portions of the tool to be easily replaced or upgraded in order to quickly evolve and stay ahead of detection technologies.
3. The time to find and exploit the vulnerabilities of software by attackers is decreasing. According to CERT, the number of newly discovered vulnerabilities reported continues to double each year. Software developers are addressing the problem through able patches to their software. It is critical that system administrators understand the vulnerabilities of the specific software used on their network, regularly download and install software updates, etc.
5. Through the use of distributed attack tools, it is possible for an attacker to launch a series of multiple attacks on a single victim.
6. The threat from infrastructure attacks is on the rise. These attacks include:
a. Distributed denial of service attacks where the intruder uses multiple systems to tie-up the victim's network, thus preventing use by legitimate users.
b. The use of worms, or specially written code that is intended to self-propagate, typically without user interaction. Viruses are similar to worms but require a user to take some type of action in order to propagate.
c. Attacks on the Internet Domain Name System (DNS). These potential threats may permit an attacker to gain control of a Web domain for the purposes of redirecting traffic to another site or modifying data on the site.
d. Routers form the basis for moving data across the Internet. Attackers have been able to successfully identify poorly secured routers and use them as a means to generate attacks to other sites or for gathering information.
Another good source for security information can be found at the SANS Institute website, www.sans.org, that, in conjunction with the National Infrastructure Protection Center, has published a top 20 list of potential threats to computers.
In simple terms, firewalls are designed to prevent unauthorized access by casual and malicious users on the public network (Internet) into a private network. The devices fall into three primary types: packet filter, stateful inspection and the application proxy.
The packet filter is the simplest of the three types. Most common, low-cost broadband routers, such as those for cable or DSL modems, generally posses the ability to filter packets based on the user's requirements.
An enhancement to the basic packet filter is called stateful inspection, which permits the evaluation of multipacket flow. An individual connection table is created for each packet stream and then comparisons can be performed across a series of packet streams based on policy established by the firewall administrator.
Firewalls based on application proxy are perhaps the most secure, making servers appear normal to users authenticated on the trusted network, while users outside the trusted network will only see the firewall. The specific IP addresses of networks located behind application proxy firewalls are hidden to the casual user.
The major flaw with firewalls is that they can only protect traffic moving through them. If a user on the private network connects to the Internet in an alternate way, such as a dial-up connection, then security can be compromised.
McNamara,BE Radio'sconsultant on computer technology, is president of Applied Wireless Inc., New Market, MD.
All of the Networks articles have been approved by the SBE Certification Committee as suitable study material that may assist your preparation for the SBE Certified Broadcast Networking Technologist exam. Contact the SBE at (317) 846-9000 or go towww.sbe.orgfor more information on SBE Certification.