FIREWALL:A inside look
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
A firewall can be hardware, software, or both
since they provide a single block point, where security and auditing can be imposed. Firewalls provide an important logging and auditing function; often, they provide summaries to the administrator about what type/volume of traffic has been processed through it. This is an important benefit: Providing this block point can serve the same purpose on your network as an armed guard does for your physical premises.
The National Institute of Standards and Technology (NIST) 800-10 divides firewalls into three basic types:
These three categories, however, are not mutually exclusive, as most modern firewalls have a mix of abilities that may place them in more than one of the three.
A firewall proxy server is an application that acts as an intermediary between tow end systems. Firewall proxy servers operate at the application layer of the firewall, where both ends of a connection are forced to conduct the session through the proxy. They do this by creating and running a process on the firewall that mirrors a service as if it were running on the end host.
Because firewall proxy servers centralize all activity for an application into a single server, they present the ideal opportunity to perform a variety of useful functions. Having the application running right on the firewall presents the opportunity to inspect packets for much more than just source / destination addresses and port numbers. This is why nearly all modern firewalls incorporate some form of proxy-server architecture. For example, inbound packets headed to a server set up strictly to disburse information (say, a FTP server) can be inspected to see if they contain any write commands (such as the PUT command). In this way, the proxy server could allow only connections containing read commands.
Packet filters are the most basic traffic control mechanism of the three technologies. By inspecting layer 3 and layer 4 information, these filters allow traffic to pass through, provided that the source and destination information match the configured rule. The types of information in layers 3 and 4 that are used by packet filters include
Source IP address
Destination IP address
Protocol, such as TCP, UDP, IP, and ICMP
Packet filters can be implemented using access control lists (ACL), which are commonly found on most Cisco IOS routers.
The packet filter (Cisco IOS) examines every packet against the ACL for matches. If a match is found, the packet is either permitted or denied passage through the interface. If a match is not found, the packet is implicitly denied passage. Packet filters process information only up to layer 4, making them very fast and efficient. However, packet filters t track the TCP session information generated when two computers are communicating with one another. When computers first start to communicate using TCP, they perform a three-way handshake, which is used to establish the TCP session. Because these sessions are monitored by packet filters, the computers become vulnerable to spoofing.
A Stateful inspection firewall also monitors the state of the connection and compiles the information in a state table. Because of this, filtering decisions are based not only on administrator-defined rules (as in static packet filtering) but also on context that has been established by prior packets that have passed through the firewall.
Basic Functions of firewall
A firewall in the networking world should examine the traffic that is entering into the network and pass the “Wall” based on some rules defined by the network and its resources. It acts as a security guard, who normally sits at the main gate, and checks your identity and access privileges and lets you in. Depending on the type of organization, the guards may screen people who are exiting the gate too. Many of the Internet and Information security concepts can be described using some of these practical example. In its simplest form, a firewall is a combination of hardware and software devices, which bifurcate the internal network from the outside networks (Internet) and blocks certain traffic and allows some specific traffic. However, it has three basic functions (depending upon its type):
A firewall filters the IP packets. The IP headers of all the packets that enter or exit the network firewall are inspected. Firewall makes an explicit decision on each packet that enters as to whether to allow the packet or deny the packet.
Stateful Packet Filtering: Here the packet filtering goes beyond basic packet filtering. This keeps track of state of connection flows for all the packets, in both directions. It also keeps track of all the IP addresses currently connected at any point of time. Application Level Gateways (Proxy): A firewall is also capable of inspecting application level protocols. This requires the firewall to understand certain specific application protocols.
VPN:Virtual private network
A VPN or Virtual Private Network is a network connection that enables you to create a secure connection over the public Internet to private networks at a remote location. With a VPN, all network traffic (data, voice, and video) goes through a secure virtual tunnel between the host device (client) and the VPN provider’s servers, and is encrypted. VPN technology uses a combination of features such as encryption, tunnelling protocols, data encapsulation, and certified connections to provide you with a secure connection to private networks and to protect your identity.
VPN connections technically give you all the benefits of a Local Area Network (LAN), which is similar to that found in many offices but without requiring a hard-wired connection.
Early VPNs were often set up to give individual employees secure remote access to their company networks, hence the name “virtual private network”. By connecting to the company’s network, an individual employee can access all the company’s resources and services as if the employee were inside the company.
Since then, VPNs have evolved to provide the same level of secure communication between any device on the internet. Today using VPN is increasingly popular among consumers as a means to protect their privacy online, secure their browsing sessions, and get unrestricted access to content or websites that are otherwise blocked or censored.
1. Remote Access VPN-
•Remote access VPN allows a user to connect to a private network and access its services and resources remotely. The connection between the user and the private network happens through the Internet and the connection is secure and private.
•Home users, or private users of VPN, primarily use VPN services to bypass regional restrictions on the Internet and access blocked websites.
•Remote Access VPN is useful for business users as well as home users.
•A corporate employee, while traveling, uses a VPN to connect to his/her company’s private network and remotely access files and resources on the private network.
2. Site – to – Site VPN-
A Site-to-Site VPN is also called as Router-to-Router VPN and is mostly used in the corporates.
Companies, with offices in different geographical locations, use Site-to-site VPN to connect the network of one office location to the network at another office location.
When multiple offices of the same company are connected using Site-to-Site VPN type, it is called as Intranet based VPN.
When companies use Site-to-site VPN type to connect to the office of another company, it is called as Extranet based VPN.
Basically, Site-to-site VPN create a virtual bridge between the networks at geographically distant offices and connect them through the Internet and maintain a secure and private communication between the networks.
Since Site-to-site VPN is based on Router-to-Router communication, in this VPN type one router acts as a VPN Client and another router as destination.
The above two VPN types are based on different VPN security protocols. Each of these VPN protocols offer different features and levels of security, and are explained below:
1. Internet Protocol Security or IPsec:
Internet Protocol Security or IPsec is used to secure Internet communication across an IP network. IPsec secures Internet Protocol communication by authenticating the session and encrypts each data packet during the connection.
IPsec operates in two modes, Transport mode and Tunnelling mode, to protect data transfer between two different networks. The transport mode encrypts the message in the data packet and the tunnelling mode encrypts the entire data packet. IPsec can also be used with other security protocols to security system.
2. Layer 2 Tunneling Protocol (L2TP):
L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is usually combined with another VPN security protocol like IPSec to create a highly secure VPN connection. L2TP creates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and handles secure communication between the tunnel.
3. Point – to – Point Tunneling Protocol (PPTP):
PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates the data packet. It uses a Point-to-Point Protocol (PPP) to encrypt the data between the connection. PPTP is one of the most widely used VPN protocol and has been in use since the time of Windows 95. Apart from Windows, PPTP is also supported on Mac and Linux.
4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS):
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN connection where the web browser acts as the client and user access is restricted to specific applications instead of entire network. SSL and TLS protocol is most commonly used by online shopping websites and service providers. Web browsers switch to SSL with ease and with almost no action required from the user, since web browsers come integrated with SSL and TLS. SSL connections have https in the beginning of the URL instead of http.
OpenVPN is an open source VPN that is useful for creating Point-to-Point and Site-to-Sit connections. It uses a custom security protocol based on SSL and TLS protocol.
6. Secure Shell (SSH):
Secure Shell or SSH creates the VPN tunnel through which the data transfer happens and also ensures that the tunnel is encrypted. SSH connections are created by a SSH client and data is transferred from a local port on to the remote server through the encrypted .
When you connect to the network through a VPN, the data is kept secured and encrypted. In this way the information is away from hackers’ eyes.
●Remote control-In case of a company, the great advantage of having a VPN is that the information can be accessed remotely even from home or from any other place. That’s why a VPN can increase productivity within a company.
● Share files- A VPN service can be used if you have a group that needs to share files for a long period of time.
●Online anonymity-Through a VPN you can browse the web in complete anonymity. Compared to hide IP software or web proxies, the advantage of a VPN service is that it allows you to access both web applications and websites in complete anonymity.
●Unblock websites & bypass filters-VPNs are great for accessing blocked websites or for bypassing Internet filters. This is why there is an increased number of VPN services used in countries where Internet censorship is applied.
●Change IP address- If you need an IP address from another country, then a VPN can provide you this.
●Better performance- Bandwidth and efficiency of the network can be generally increased once a VPN solution is implemented
Once a VPN network is created, the maintenance cost is very low. More than that, if you opt for a service provider, the network setup and surveillance is no more a concern.