Firewalls

1
Firewalls
2
Introduction

• A firewall is a network component that provides a
  security barrier between networks or network
  segments.
• Firewalls are generally set up to protect a
  particular network or network component from
  attack or unauthorized access by the outside
  world.
• If your Intranet connects to the Internet, you
  need to control the kinds of information that can
  pass between the Internet and your private
  network.

3

• However, firewalls may also be set up to protect
  vital corporate data or resources from internal
  attack or incompetence. The hardware, software
  and procedures that provide access control make
  up a firewall.
• A firewall can serve the following functions
• Limit Internet access to email only
• Control who can Telnet into your Intranet/network
• Limit the kinds of traffic that can pass between
  your Intranet and Internet.
• To help ensure this, firewalls are generally
  designed to be special purpose machines.

4
Categories

• Three broad categories of firewalls are
  distinguished
• 1. Packet-Filtering
• 2. Application-Level
• 3. Circuit-Level
• .

5

• 1. Packet Filtering Firewalls
• The firewall accepts or rejects packets based on
  the packet sender address, receiver address and
  port number.

6

• Packet filtering policies may be based upon any
  of the following
• Allowing or disallowing packets on the basis of
  the source IP address
• Allowing or disallowing packets on the basis of
  their destination port
• Allowing or disallowing packets according to
  protocol.

7
2. Application-Level Firewalls

• These firewalls handle packets for each Internet
  service separately, usually by running a program
  called a proxy server.
• Only a few chosen programs need to be
  scruntinized, for example Telnet, Email, and FTP.
• If the gateway does not implement the proxy code
  for a specific application, the service is not
  supported and cannot be forwarded across the
  firewall.
• The gateway will ask the user for the name of the
  remote host to be accessed.

8
(No Transcript)
9

• The gateway strips off the information that
  identifies the source of the packet, contacts the
  application on the remote host and relays the
  data between the two endpoints.
• When the replies return, the proxy server returns
  the replies back to the computer port that sent
  them.
• To the rest of the Internet, all packets appear
  to be from the proxy server so no information
  leaks out about private computers on the Intranet.

10

• A proxy server can easily log all the packets
  that pass from your Intranet to the Internet and
  vice versa. This is useful in case of any major
  destruction from the outside or from within your
  internal network.

11
3. Circuit-Level Firewalls

• This can be a standalone system or it can be a
  specialized function performed by an
  application-level gateway for certain
  applications.
• A circuit-level gateway does not permit and
  end-to-end TCP connection rather, the gateway
  sets up two TCP connections, one between itself
  and the TCP user on an inner host and one between
  itself and a TCP user on an outside host (more
  secure no information about computers on the
  local network is released).

12
Inside Host
13

• Once the connections are established, the gateway
  typically relays TCP segments from one connection
  to the other.
• Determines whether the connection between both
  ends is valid according to configurable rules,
  then opens a session and permits traffic only
  from the allowed source and possibly only for a
  limited period of time. Whether a connection is
  valid may for example be based upon
• destination IP address and/or port
• source IP address and/or port
• time of day
• protocol
• user
• password

14
Circuit-Level Firewall

• Every session of data exchange is validated and
  monitored and all traffic is disallowed unless a
  session is open.
• To conclude, in a typical organisation, a hybrid
  infrastructure is usually implemented
  incorporating the features of all categories.

15
Example 1 One type of setup that may be
incorporated within an organisation. The host
computer has two network cards and may either be
an application firewall or a circuit-level
firewall.
16
Example 2 The router would hold a number of
policies. Only computer to be seen by the
Internet is the Host Computer. Host computer is
the only computer that the router can see.
17
Viruses, Anti-Virus Software Virus Free
Guidelines
18
Introduction

• A virus is a small bit of computer code that is
  self-replicating and that is designed to hide
  inside other programs.
• The virus travels within these programs and it is
  invoked whenever the program is invoked.
• Because the virus is self-replicating, it will
  make a copy of itself whenever the program is
  invoked and it can then infest other program or
  files.

19

• In addition to self-replications, the virus may
  also have instructions to cause unexpected
  effects or damage to a computer or its files.
• There are thousands of different viruses loose,
  and the new ones appear almost daily.
• Virus scanning and destruction software must be
  updated periodically to handle new viruses as
  they appear.
• Viruses can be categorised by where they reside
  and how they work.

20
Virus Categories

• Viruses generally infect either or both of two
  locations
• File viruses infect files - generally executable
  ones. When these files are executed, the virus
  begins to spread.
• Boot Sector virus infect the disks boot sector.
  This means they will replicate each time the
  machine boots.
• Multipartite viruses infect both locations.

21
Anti-Virus Software

• This software is used for detecting or removing a
  computer virus. The software looks for
  suspicious activity such as unnecessary disk
  access, attempts to intercept a BIOS, or other
  low level calls, attempts to format disks or
  delete files.
• Some anti-virus programs are TSR ( terminate and
  stay resident) programs which monitor computer
  activity constantly looking for indications of a
  virus.

22

• In some cases, these types of programs can be
  very processor intensive and can conflict with
  other software applications.
• Other anti-virus software are intended to be run
  periodically. When they are run, the program
  looks for tell-tale signs (known as signatures)
  of a particular virus.
• These programs are minimally disruptive on the
  other hand, their effectiveness is directly
  proportional to the frequency with which they are
  used.

23

• Because, the coding of computer viruses is
  constantly changing, the software should be
  updated regularly.
• Different anti-virus software is available that
  uses expert system rules to look for behavioral
  characteristics of viruses. This software will
  put out virus bait to get an existing virus to
  try and infect the bait.
• For the most complete virus checking system,
  obtain commercial virus checking software such as
  McAfee Virus Scan. Often such software comes
  with online services that automatically briefs
  the software with the latest virus development.

24

• Although anti-virus software cannot guarantee
  that it will find a virus that it is not
  specifically aware of, the better software
  contains heuristic capability that will alert
  you of files it deems suspicious.

25
Guidelines for Virus Free Systems

• 1. Install Anti-Virus Software.
• 2. Obtain anti-virus software from a reputable
  vendor.
• 3. Check regularly for patches, warning and new
  versions at the vendor Web site.
• 4. Scanning your machine often if not permanently
  for viruses.
• 5. Browsing at well known and safe Web sites is
  a good policy.

26

• 6. Always check emails, and files downloaded from
  the Internet.
• 7. Always ensure any extra software installed
  onto a machine is from a reputable vendor.
• 8. Ensure all software packaging is sealed and
  shows no sign of previous interference.
• 9. Ensure all Internet tools are checked by the
  anti-virus software package.