Advantages And Disadvantages Of Firewalls Computer Science Essay

Advantages And Disadvantages Of Firewalls Computer Science EssayA firewall is a boundary or a wall to withstand intruders from attacking the ne 2rk. The firewall is interlocking device that is in between a private earnings and the mesh. The firewall is configured to inspect mesh topology trade that passes between the interlock and the net income. We seat assign rules or protocols to the firewall to allow info to be sh ard. If the protocol isnt included in the approved list it would destroy or immure the packet of data and deny it from entering the profits.When a private network is connected to the internet it allows the people to advance tuition from external sources .when the network is connected to the internet it also allow external uses to enter the private network and steal instruction from the network. To prevent unlicensed access organizations has firewalls to cherish them.There atomic number 18 mainly two types of firewalls. Softwargon firewalls and hardw are firewalls. A firewall provides configurable network access, authentication before accessing serve and former(a) services as well.ScopeI testament be covert only the 3 types of firewall types, the characteristics of firewalls, types of attacks to an organization, other devices that batch be used in place of a firewall.I wont be covering the configuration of firewalls.FirewallWhat is a FirewallThere are basically two types of Firewalls. They are packet and hardware Firewall. A firewall is a bundle package or hardware that percolates all network traffic between your estimator, home network, or comp either network and the internet. As shown in figure 1 the firewall usually sits between a private network and a public network or the internet. As shown in figure 1 a firewall is kept in the boundary of the privet network and the public network or internet.Figure FirewallA firewall in a network ensures that if roundthing bad happens on one side of the firewall, computers on the other side wont be affected. Depending on the firewall type there many features much(prenominal) as antivirus guard, intrusion prevention etc.Type Of attacks(http//technet.microsoft.com/en-us/library/cc959354.aspx)There are many types of attacks to a network. These are whatsoever of themIP Spoofing AttacksIP Spoofing Attacks are where an attacker outside the network whitethorn pretend to be a trusted computer either by using an IP reference point that is within the range of IP selles for the local network or by using an authorized external IP address that has authorized access to specified resources on the local network.Denial of Service Attacks(DoS Attacks)Denials of Service Attacks are attacks just to make a service unavailable for pattern use by flooding a computer or the entire network with traffic until a shutdown occurs because of the overload. The attacker can also layover traffic, which results in a loss of access to network resources by authorized users. Denial of s ervice attacks can be implemented using common internet protocols, such as transmission control protocol and ICMP.Sniffer AttackA sniffer attack is an lotion or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunnelled) packets can be broken open and read unless they are encrypted.Man in the Middle AttackAs the name indicates, a man in the middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently.To prevent such attacks a computer or network should implement a firewall to the connections specifications, so that the firewall result protect the network without been a problem for the employees of the company.Types of Firewall(Google book) portion dawning routers big money get acrossing routers were the first generation of firewall architectures to be invented. Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. As shown in figure 2 a Packet filtering routers go away be placed between the boundary of the private network and the public network or internet. Packet filtering routers can provide a cheap and useful level of security to the network. Depending on the type of router filtering can be done at the incoming, outgoing interfaces or both interfaces. Packet filters work by applying a check of rules to each incoming or outgoing packets.The rules are defined based on the network security policy of the enterprise. According to these set of rules the firewall can forwarded or drop the packet. A packet filtering router is able to filter IP packets based on theSource IP addressDestination IP addressTCP/UDP source behaviorTCP/UDP destination portPacket filters works well for blocking spoofed packets. It also can be used for shut off connectiv es from specific hosts or networksBlock connections to specific hosts or networksBlock connections to specific portsBlock connections from specific portsFigure Packet filtering routersThe 3 types of filtering firewallStatic FilteringIt is one of the oldest firewall architecture and it operates in the network layer. The administrator can define rules which packets are accepted and which packets are denied. The static filter will scan for IP header data and TCP header data.Advantages of Static FilteringLow impact on network performance.Low cost included in many operating systems.Disadvantages of Static FilteringBecause it operates in the network layer it examines only the IP header and TCP header.It is not aware of the packet payload.Offers low level of protection.Dynamic FilteringDynamic Filtering works on the network layer. These firewalls are the most common sort of firewall engineering science .The decision will to deny or allow the packet will be based on the examination of the IP and protocol header. Dynamic filter can differentiate between a new and an open up connection. After a connection is established its information is kept in a tabular array in the router.Advantages of Dynamic FilteringLowest impact on network performanceLow costBecause it can differentiate between a new and an established connection it increases performance.Disadvantages of Dynamic FilteringBecause it operates in the network layer it examines only the IP header and TCP header.Provide low level of protectionStateful InspectionStateful watch is a technology that is similar to dynamic filtering, with the addition of much granular examination of data contained in the IP packetAdvantages of using firewalls based on packet filteringLow cost.Packet filters make use of current network routers.Makes warranter Transparent to End-Users.Easy to install.Packet filters make use of current network routers. Therefore implementing a packet filter security system is typically less complicated than other network security solutions.High speedPacket filters are generally faster than other firewall technologies because they perform fewer evaluations.Disadvantages of using firewalls based on packet filteringPacket filters do not understand application layer protocols.Packet filters does not offer any value-added features, such as HTTP object caching, URL filtering, and authentication because they do not understand the protocols being used.Packet filtering routers are not very secure.Cant discriminate between good and bad packetNew rules may be needed to be added if an employee call for special requirements to connect to the internet.Difficulty of setting up packet filtering rules to the routerThere isnt any sort of user based Authentication.Packet filter cannot authenticate information coming from a specific user.(http//www.cse.iitk.ac.in/research/mtech1997/9711107/node14.html) duty tour level gatewaysCircuit level gateways are the second generation of firewall architecture s. Circuit level gateways work at the session layer of the OSI model. It is basically a packet filter with additional features. In figure 3 shows a go level gateway works. The circuit level gateway examines and validates TCP and UDP sessions before if open up a connection or circuit by the firewall. So it will provide more security than the static packet and dynamic packet filter. The decisions to accept or deny packet is based on examining the Source address Destination address finishing or protocol Source port number Destination port numberFigure Circuit level gateways(William Stallings,)Advantages of firewalls based on Circuit level gatewaysLess impact on network performance.Breaks direct connection between the untrusted host and trusted client.Higher level security than the packet filter firewalls..Disadvantages of firewalls based on Circuit level gatewaysDoes not examine the packet payload.Low to moderate security level.Application level gatewaysThe third generation of firew all architectures is called Application level gateways. Application level gateways are capable of inspecting the entire application data portion of an IP packet. When a computer sends a request to the internet the firewall inspects the entire packet against the rules configured by the network or firewall administrator and then regenerates the entire Internet request before sending it to the destination horde on the Internet. The returned result will then again will be inspected, if the result meet the requirement of the rules then it will be allowed to pass with the network and into the network, then the firewall will create a response packet and send it to the corresponding computer. If the result does not meet the requirement of the rules then it will be blocked from passing through the network. The figure 4 shows an Application level gateway.Figure Application level gatewaysAdvantages of Application level gatewaysThe application placeholder can inspect the entire application p ortion of the IP packet. This inspection happens both when the Internet request is sent and when the reply packet from the Internet innkeeper is returned.Highest level of securityBecause the application proxy understands the application protocol, it can create a much more detailed log file of what is sent through the firewall. Packet filter log files know only about the IP packet header information.The internal computer and the server on the Internet neer have a real connection, because the firewall inspect the packet and then regenerates it.Proxy services understand and enforce high-level protocols, such as HTTP and FTP.Proxy services can be used to deny access to certain network services, while permitting access to others.Disadvantages of Application level gatewaysApplication level gateways require commodious memory and processor resources compared to other firewall technologies.Have to create filter rule for each application individually.Must be written very carefullyVendors must(prenominal) keep up with latest protocols software package firewallFor home users software firewalls are the most popular firewall choices. In figure 5, 6 and 7 are some of the most popular software firewalls in the market. Software firewalls are installed on your computer or server computer like any other software .The firewall can be customize it if necessary allowing you some control over its function and protection features. A software firewall will protect your computer from unauthorized access to the network or home pc and in most software firewall it provides protection against Trojan programs, e-mail worms, antivirus, antispyware and intrusion noteion etc.Software firewalls will only protect the computer they are installed on and not the whole network, so each computer will need to have a software firewall installed on it.There are vast numbers of software firewalls to choose from. A good software firewall will run in the compass on your system and use only a small am ount of system resources. It is important to monitor a software firewall once installed and to download any updates available from the developer.Norton Internet SecurityFigure Norton Internet SecurityZone Alarm Extreme SecurityFigure Zone Alarm Extreme SecurityKaspersky Internet SecurityFigure Kaspersky Internet SecurityHardware FirewallsAs seen in figure 8 hardware firewalls can be purchased as a stand-alone product, in present hardware firewalls are integrated in broadband routers. These will be very important for people with broadband connection for their company network. Hardware firewalls can provide better security and reduce the performance loss by using dedicated memory and processing advocate .They also can protect every machine on a local network. Most hardware firewalls will have a minimum of quartette network ports to connect other computers. A hardware firewalluses packet filtering to examine the header of a packet to determine its source and destination. This informat ion is compared to a set of administrator created rules that determine whether the packet is to be forwarded or dropped.Figure Hardware FirewallsFirewall CharacteristicsDesign goals of a firewallEvery firewall has design goals. Because if the firewalls does not achieve these design goals the firewall will be a huge security risk to an organizations network.According to the security policy only Authorized traffic should pass through the firewall.All inward and outbound traffic should pass through the firewall.The firewall should be immune to penetration.Four general techniques to control accessService controlDetermines the types of Internet services that can be accessed, inbound or outboundDirection controlDetermines the direction in which particular service requests are allowed to flowUser controlControls access to a service according to which user is attempting to access itBehavior controlControls how particular services are used.Advantages of Using a FirewallA Company network or a home computer will have number of advantages when using a firewall.They are more cost effective than securing each computer in the corporate network since there are lots only one or a few firewall systems to concentrate on.There are some firewalls which are able to detect viruses, Trojans, worms and spyware etc.There areDisadvantages of Using a FirewallEven if a firewall helps in keeping the network safe from intruders, only when if a firewall is not used properly it would give a false impression to you that the network is safe. The main disadvantage of a firewall is that it cannot protect the network from attacks from the inside.They often cannot protect against an insider attack.Firewalls cannot protect a network or pc from viruses, Trojans, worms and spyware which spread through flash drives, potable hard disk and floppy etc.They may restrict authorized users from accessing valuable services.They do not protect against backdoor attacks.They cannot protect the network if someon e uses a broadband modem to access the internet.(http//www.linktionary.com/f/firewall.html)must see early(a) devices that could be used in place of firewallsAntivirus SoftwareAntivirus software is a programme detects and prevents malicious software programs such as viruses and worm. Malicious software programs are designed to infiltrate the computer network through the internet connection and cause damage to the system. These programmes are installed without the users knowledge. To prevent such programmes from been installed an antivirus has to be installed in every computer on the network. To prevent the latest malware from infecting the computers the antivirus software has to be up to date with the latest antivirus definitions from the developer.E.g.- Norton antivirus, Kaspersky antivirus etc.Spyware SoftwareSpyware is a type of malware that is installed in the pc without the knowledge of the user, it secretly collects personal information and monitors browsing activities of the c omputer user. Like antivirus software spyware software has to be updated regularly with the latest definitions. Most antivirus softwares has spyware protection.E.G.-Spyware doctor, Norton antivirus etc.The function of using these devisesCritical AnalysisIn todays world there are so many security risk a computer network cannot be fully protected. Even if a firewall gives protection from outside intruders it cannot protect the network from the inside. I have analyse the network security and come to a result that network to be secured, they should use a hardware firewall to inspect all the outbound and inbound request and a software firewall to protect from other threats such as malware, Trojans, viruses, worms etc.In todays world there are many hackers who would want to hack a company for fun or for money and there are thousands of viruses rereleased to the internet every day.Threats can attack a network of computers in many ways, for example if the firewall allows emails to be sen t and received and if an infected email is sent by an intruder, it will pass through the firewall and infect all the computers in that privet network. A software firewall may be considered as an antivirus guard which has a firewall, so this means that this type of software firewalls has more features than just only the firewall. It may have antivirus, spyware, intrusion, browser, email protection and may have many other features as well. As Ive taken the example of the email when the email is been received it will be scanned and filtered if it is detected as spam mail or it will be allowed to enter the network.Because the viruses are becoming more advance the software firewalls has become more advance in detecting threats. Some antivirus software uses three main different approaches to detect threats. They mainly use definition based detection. This is where the software detects viruses and other threats by checking for a known malicious code with the definitions and be removed or d eleted. The second main approach is where the software uses is behaviour based detection. This is where the software looks at the installed software or downloaded softwares behaviour. If the software behaviours in umbrageous manner where it is collection personal information without the users knowledge it will be removed. Behaviour based detection is more of an advance approach for antivirus software because it does not need the virus definitions to detect threats, it will detect threats even before the virus definitions are been downloaded.The third main approach is cloud based detections. This is where the antivirus company keeps a record of known suspicious and dangerous software in their databases, which has been collected by the antivirus company over the past years. If a user downloads software the antivirus guard will check the downloaded software with their companys databases of known suspicious and dangerous software to see if it is a threat or not to the user. These three approaches of a software firewall will help keep the network safer if the hardware firewall fails to detect threats.These antivirus help protect the network from intrusions through another computer or vulnerabilities in a software installed on a computer. This feature scans all ports the network traffic that enters and exits your computer and compares this information to a set of signatures or definitions. These signatures contain the information that identifies an attackers attempt to exploit a known operating system or program vulnerability. If the information matches an attack signature, Intrusion Prevention will automatically discard the packet and breaks or blocks the connection with the computer that sent the data. A privet network should have a good antivirus programme with all the above mention features and more. Antivirus software like Norton, BitDefender etc are superior antivirus softwares.So I think if there are both hardware and software firewalls in place in the netwo rk it will be more secure to threats and vulnerabilities. This is because if the threat is not detected by the hardware firewall there is a chance that the software firewall will detect it. Because these firewall are becoming more sophisticated with advance technology to detect threats these firewalls will be the next defence if the hardware firewall fails to detect the threat.Conclusion