No one can deny the fact that the dynamic rise of the Internet has brought the world closer. But at the same time, it has left us with different kinds of security threats. To ensure the confidentiality and integrity of valuable information of a corporate network from the outside attacks, we must have some robust mechanism. This is where the Firewall comes into picture.
It can be compared with a security guard standing at the entrance of a minister’s home. He keeps an eye on everyone and physically checks every person who wishes to enter the house. It won’t allow a person to enter if he/she is carrying a harmful object like a knife, gun etc. Similarly, even if the person doesn’t possess any banned object but appears suspicious, the guard can still prevent that person’s entry.
The firewall acts as a guard. It guards a corporate network acting as a shield between the inside network and the outside world. All the traffic in either direction must pass through the firewall. It then decides whether the traffic is allowed to flow or not. The firewall can be implemented as hardware and software, or a combination of both.
Types of Firewalls:
- Packet Filters –
It works in the network layer of the OSI Model. It applies a set of rules (based on the contents of IP and transport header fields) on each packet and based on the outcome, decides to either forward or discard the packet.
For example, a rule could specify to block all incoming traffic from a certain IP address or disallow all traffic that uses UDP protocol. If there is no match with any predefined rules, it will take default action. The default action can be to ‘discard all packets’ or to ‘accept all packets’.
Security threats to Packet Filters:
- IP address Spoofing:
In this kind of attack, an intruder from the outside tries to send a packet towards the internal corporate network with the source IP address set equal to one of the IP address of internal users.
Firewall can defeat this attack if it discards all the packets that arrive at the incoming side of the firewall, with source IP equal to one of the internal IPs.
- Source Routing Attacks:
In this kind of attack, the attacker specifies the route to be taken by the packet with a hope to fool the firewall.
Firewall can defeat this attack if it discards all the packets that use the option of source routing aka path addressing.
- Tiny Fragment Attacks:
Many times, the size of the IP packet is greater than the maximum size allowed by the underlying network such as Ethernet, Token Ring etc. In such cases, the packet needs to be fragmented, so that it can be carried further. The attacker uses this characteristic of TCP/IP protocol. In this kind of attack, the attacker intentionally creates fragments of the original packet and send it to fool the firewall.
Firewall can defeat this attack if it discards all the packets which use the TCP protocol and is fragmented. Dynamic Packet Filters allow incoming TCP packets only if they are responses to the outgoing TCP packets.
- IP address Spoofing:
- Application Gateways –
It is also known as Proxy server. It works as follows:
- Step-1: User contacts the application gateway using a TCP/IP application such as HTTP.
- Step-2: The application gateway asks about the remote host with which the user wants to establish a connection. It also asks for the user id and password that is required to access the services of the application gateway.
- Step-3: After verifying the authenticity of the user, the application gateway accesses the remote host on behalf of the user to deliver the packets.
- Stateful Inspection Firewalls –
It is also known as ‘Dynamic Packet Filters’. It keeps track of the state of active connections and uses this information to decide which packets to allow through it, i.e., it adapts itself to the current exchange of information, unlike the normal packet filters/stateless packet filters, which have hardcoded routing rules.
- Circuit-Level Gateways –
It works at the session layer of the OSI Model. It is the advanced variation of Application Gateway. It acts as a virtual connection between the remote host and the internal users by creating a new connection between itself and the remote host. It also changes the source IP address in the packet and puts its own address at the place of source IP address of the packet from end users. This way, the IP addresses of the internal users are hidden and secured from the outside world.