|
A firewall is a great start. Firewalls can be both
hardware and software based. There are many different firewall vendors some of
the bigger names are Cisco, Symantec, and Checkpoint. The
difficult part is configuring the firewall. This is where many intruders bypass
security, because the firewall is poorly configured.
I would like to mention that there are many Open
Source programs and operating systems that offer great firewall software. I
personally believe that OpenBSD has one of the most secure operating systems and
firewall configurations if done right. FreeBSD also has firewall software, it is
called IPTABLES. IPTABLES offers packet filtering, NAT and you can even change
packets in Linux. I have to say you can do anything you want in Linux, because
the source code is right there. It’s a beautiful thing. Linux also uses this;
you can build a firewall with the old system sitting in your garage and two
Linux compatible network cards.Linux can be hardened, this means to make the
operating system more secure. I like the tool Bastille Linux its is developed by
Jeff Beale. To really get a grasp on firewalls you need to understand TCP/IP and
allot of different protocols to know if you should allow or deny them into your
network. IP addresses identify hosts on the Internet they look like this
127.214.234.54. Firewalls can block IP addresses, ports, protocols and even
keywords that come into packets. Hackers that want into you network have many
different tools at their disposal to try to bypass firewalls. One common attack
is known as Denial Of Service or DOS attacks. The attacker simply floods your
network, firewalls with so many packets that it cannot handle them and sometimes
crashes. Firewalls are available with DOS filtering to keep these attacks low,
and start dropping packets.
Firewalls do not protect you from internal
threats such as employees bringing in viruses from home. Or remote users using
VPN's (virtual Private Networks) bypassing your firewall. Think about if you
bring your son to work and he downloads music on your fast company internet
connection only to introduce your corporate network with a worm or even worst a
Trojan horse. Service ports that are open to the public such as Port 80 HTTP,
have know vulnerabilities on the Internet. FTP has many vulnerabilities as well.
Are there different types of firewalls?
Yes. There are hardware and software firewalls.
You might be even using Zone Alarm or Black Ice Defender. These are software
based firewalls, the more I study firewall technology I realize that everything
truly is a software firewall. A computer is nothing without software to tell it
what to do.
Packet Filters
Packet Filters look at source and destination
addresses. This is where firewall rule sets come in to play. The firewall
administrator must determine which source and destination ports and addresses to
allow or deny. The security administrator needs to keep up to date with alerts
on vulnerabilities as new holes are found and created daily. A technique known
as spoofing can sometimes fool firewalls but making it appear that a packet is
coming from inside the protected network when in fact it is an attacker changing
the source address.
Application Gateways
Application Gateways are like errand boys. You
request a file and the application gateway grabs it for you.This is great for
logging connections, and setting up authentication as well.
Statefull Packet Inspection
Statefull Packet Inspection is a technique used
by Cisco PIX firewalls and Checkpoint Firewalls these firewalls look at the data
coming across the network. It can also authenticate connections, users can
usually not notice that the firewall is in place. Allot of firewalls now allow
you to configure VPN's which is awesome if you have remote workers and satellite
offices and need to transfer data securely.
Intrusion Detection is also something to
consider, I like SNORT. SNORT can detect known attacks against your system and
does a great job at logging them if set up correctly. There are thousands of
different software and hardware solutions you can purchase for you home or
network. I happen to like Open Source, because I like learning and knowledge and
the Open Source community has taught me more than the corporate world ever will.
A book I would like to recommend that is great for learning firewalls is called
simply enough Building Internet Firewalls, it is by O'reilly. That is all for
now. One last tip, backup, backup, backup.
|
