Page 133 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 133
Unit 9: Firewalls
information is flagged by the filters, it is not allowed through. Let’s say that you work at a Notes
company with 500 employees. The company will therefore have hundreds of computers that all
have network cards connecting them together.
In addition, the company will have one or more connections to the Internet through something
like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly
accessible to anyone on the Internet. A person who knows what he or she is doing can probe
those computers, try to make FTP connections to them, try to make telnet connections to them
and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the
machine and exploit the hole.
With a firewall in place, the landscape is much different. A company will place a firewall at
every connection to the Internet (for example, at every T1 line coming into the company). The
firewall can implement security rules.
Example: One of the security rules inside the company might be:
Out of the 500 computers inside this company, only one of them is permitted to receive public
FTP traffic. Allow FTP connections only to that one computer and prevent them on all others.
A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In
addition, the company can control how employees connect to Websites, whether files are allowed
to leave the company over the network and so on. A firewall gives a company tremendous
control over how people use the network.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
1. Packet filtering: Packets (small chunks of data) are analyzed against a set of filters. Packets
that make it through the filters are sent to the requesting system and all others are discarded.
2. Proxy service: Information from the Internet is retrieved by the firewall and then sent to
the requesting system and vice versa.
3. Stateful inspection: A newer method that doesn’t examine the contents of each packet but
instead compares certain key parts of the packet to a database of trusted information.
Information traveling from inside the firewall to the outside is monitored for specific defining
characteristics, then incoming information is compared to these characteristics. There are many
creative ways that unscrupulous people use to access or abuse unprotected computers:
1. Remote login: When someone is able to connect to your computer and control it in some
form. This can range from being able to view or access your files to actually running
programs on your computer.
2. Application backdoors: Some programs have special features that allow for remote access.
Others contain bugs that provide a backdoor, or hidden access, that provides some level of
control of the program.
3. SMTP session hijacking: SMTP is the most common method of sending e-mail over the
Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk
e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail
through the SMTP server of an unsuspecting host, making the actual sender of the spam
difficult to trace.
4. Operating system bugs: Like applications, some operating systems have backdoors. Others
provide remote access with insufficient security controls or have bugs that an experienced
hacker can take advantage of.
LOVELY PROFESSIONAL UNIVERSITY 127
