|
A firewall is a great start. Firewalls can
be both hardware and software based. There are many different firewall
vendors some of the bigger names are Cisco, Symantec, and
Checkpoint. The difficult part is configuring the firewall. This
is where many intruders bypass security, because the firewall is poorly
configured. I would like to
mention that there are many Open Source programs and operating systems
that offer great firewall software. I personally believe that OpenBSD
has one of the most secure operating systems and firewall configurations
if done right. FreeBSD also has firewall software, it is called IPTABLES.
IPTABLES offers packet filtering, NAT and you can even change packets in
Linux. I have to say you can do anything you want in Linux, because the
source code is right there. It’s a beautiful thing. Linux also uses
this; you can build a firewall with the old system sitting in your
garage and two Linux compatible network cards.Linux can be hardened,
this means to make the operating system more secure. I like the tool
Bastille Linux its is developed by Jeff Beale. To really get a grasp on
firewalls you need to understand TCP/IP and allot of different protocols
to know if you should allow or deny them into your network. IP addresses
identify hosts on the Internet they look like this 127.214.234.54.
Firewalls can block IP addresses, ports, protocols and even keywords
that come into packets. Hackers that want into you network have many
different tools at their disposal to try to bypass firewalls. One common
attack is known as Denial Of Service or DOS attacks. The attacker simply
floods your network, firewalls with so many packets that it cannot
handle them and sometimes crashes. Firewalls are available with DOS
filtering to keep these attacks low, and start dropping packets.
Firewalls do not protect you from
internal threats such as employees bringing in viruses from home. Or
remote users using VPN's (virtual Private Networks) bypassing your
firewall. Think about if you bring your son to work and he downloads
music on your fast company internet connection only to introduce your
corporate network with a worm or even worst a Trojan horse. Service
ports that are open to the public such as Port 80 HTTP, have know
vulnerabilities on the Internet. FTP has many vulnerabilities as well.
Are there different types of
firewalls?
Yes. There are hardware and software
firewalls. You might be even using Zone Alarm or Black Ice Defender.
These are software based firewalls, the more I study firewall technology
I realize that everything truly is a software firewall. A computer is
nothing without software to tell it what to do.
Packet Filters
Packet Filters look at source and
destination addresses. This is where firewall rule sets come in to play.
The firewall administrator must determine which source and destination
ports and addresses to allow or deny. The security administrator needs
to keep up to date with alerts on vulnerabilities as new holes are found
and created daily. A technique known as spoofing can sometimes fool
firewalls but making it appear that a packet is coming from inside the
protected network when in fact it is an attacker changing the source
address.
Application Gateways
Application Gateways are like errand
boys. You request a file and the application gateway grabs it for
you.This is great for logging connections, and setting up authentication
as well.
Statefull Packet Inspection
Statefull Packet Inspection is a
technique used by Cisco PIX firewalls and Checkpoint Firewalls these
firewalls look at the data coming across the network. It can also
authenticate connections, users can usually not notice that the firewall
is in place. Allot of firewalls now allow you to configure VPN's which
is awesome if you have remote workers and satellite offices and need to
transfer data securely.
Intrusion Detection is also something
to consider, I like SNORT. SNORT can detect known attacks against your
system and does a great job at logging them if set up correctly. There
are thousands of different software and hardware solutions you can
purchase for you home or network. I happen to like Open Source, because
I like learning and knowledge and the Open Source community has taught
me more than the corporate world ever will. A book I would like to
recommend that is great for learning firewalls is called simply enough
Building Internet Firewalls, it is by O'reilly. That is all for now. One
last tip, backup, backup, backup.
|
