Logo

Navigation
  • Home
  • Services
    • ERP Solutions
    • Implementation Solutions
    • Support and Maintenance Solutions
    • Custom Solutions
    • Upgrade Solutions
    • Training and Mentoring
    • Web Solutions
    • Production Support
    • Architecture Designing
    • Independent Validation and Testing Services
    • Infrastructure Management
  • Expertise
    • Microsoft Development Expertise
    • Mobile Development
    • SQL Server Database and BI
    • SAP BI, SAP Hana, SAP BO
    • Oracle and BI
    • Oracle RAC
  • Technical Training
    • Learn Data Management
      • Business Intelligence
      • Data Mining
      • Data Modeling
      • Data Warehousing
      • Disaster Recovery
    • Learn Concepts
      • Application Development
      • Client Server
      • Cloud Computing Tutorials
      • Cluster Computing
      • CRM Tutorial
      • EDI Tutorials
      • ERP Tutorials
      • NLP
      • OOPS
      • Concepts
      • SOA Tutorial
      • Supply Chain
      • Technology Trends
      • UML
      • Virtualization
      • Web 2.0
    • Learn Java
      • JavaScript Tutorial
      • JSP Tutorials
      • J2EE
    • Learn Microsoft
      • MSAS
      • ASP.NET
      • ASP.NET 2.0
      • C Sharp
      • MS Project Training
      • Silverlight
      • SQL Server 2005
      • VB.NET 2005
    • Learn Networking
      • Networking
      • Wireless
    • Learn Oracle
      • Oracle 10g
      • PL/SQL
      • Oracle 11g Tutorials
      • Oracle 9i
      • Oracle Apps
    • Learn Programming
      • Ajax Tutorial
      • C Language
      • C++ Tutorials
      • CSS Tutorial
      • CSS3 Tutorial
      • JavaScript Tutorial
      • jQuery Tutorial
      • MainFrame
      • PHP Tutorial
      • VBScript Tutorial
      • XML Tutorial
    • Learn Software Testing
      • Software Testing Types
      • SQA
      • Testing
  • Career Training
    • Career Improvement
      • Career Articles
      • Certification Articles
      • Conflict Management
      • Core Skills
      • Decision Making
      • Entrepreneurship
      • Goal Setting
      • Life Skills
      • Performance Development
      • Personal Excellence
      • Personality Development
      • Problem Solving
      • Relationship Management
      • Self Confidence
      • Self Supervision
      • Social Networking
      • Strategic Planning
      • Time Management
    • Education Help
      • Career Tracks
      • Essay Writing
      • Internship Tips
      • Online Education
      • Scholarships
      • Student Loans
    • Managerial Skills
      • Business Communication
      • Business Networking
      • Facilitator Skills
      • Managing Change
      • Marketing Management
      • Meeting Management
      • Process Management
      • Project Management
      • Project Management Life Cycle
      • Project Management Process
      • Project Risk Management
      • Relationship Management
      • Task Management
      • Team Building
      • Virtual Team Management
    • Essential Life Skills
      • Anger Management
      • Anxiety Management
      • Attitude Development
      • Coaching and Mentoring
      • Emotional Intelligence
      • Stress Management
      • Positive Thinking
    • Communication Skills
      • Conversation Skills
      • Cross Culture Competence
      • English Vocabulary
      • Listening Skills
      • Public Speaking Skills
      • Questioning Skills
    • Soft Skills
      • Assertive Skills
      • Influence Skills
      • Leadership Skills
      • Memory Skills
      • People Skills
      • Presentation Skills
    • Finding a Job
      • Etiquette Tips
      • Group Discussions
      • HR Interviews
      • Interview Notes
      • Job Search Tips
      • Resume Tips
      • Sample Resumes
 

Network Security Firewall and Architecture

By Chandra Vennapoosa | on November 26, 2011 |
Networking

Firewalls are one of the first security protocols implemented in the network and in computers. Developed in the late 80s, it has become the standard security measure for network administrator as well as for private individuals.

Topics

  • Intrusion and IPS
  • The Need of a Firewall
  • Components of a Firewall
  • Selecting the Right Firewall
  • Firewall and Architecture
  • The Protection of Layer 7
  • Shopping for a Firewall

Firewalls are essentially an application that filters content which is being transmitted. Network administrators can set the parameters as to what will be accepted and transmitted. Although it could be used in different settings, firewalls are basically used to protect computers and other devices from intrusion and hacking.

Firewalls also provides security in the sense that it provides proxy for communication. With the use of a proxy, the identity of the network or computer will remain unknown as a single identity could be used as a tool in attacking the computer.

Intrusion and IPS

In a network setting, firewall goes hand in hand with IPS or Intrusion Prevention System. This simple protocol could be used in a network for filtering and controlling the flow of information. However, IPS is only limited to attacks that identify themselves as one. On the other hand, firewalls are used in a network to screen the information that tries to enter from the outside. It is also used to prevent outside information and application to extract the sensitive information from the network.

The Need of a Firewall

Understand the need for a firewall requires understanding of the dangers of an external communication. Everyday, hackers around the world are creating something new and devising schemes so that they could enter the computer and hack the network. Because of the internet, these schemes could be easily implemented and hack the network or computer in no time. However, these attacks require that the network or computer identify itself to the attacker. Without the information, the hacking tool will never have any idea who to attack.

Since most attacks cover themselves as a website or a user friendly application, users would tend to provide them information as this is the only way users will be able to use their services. But instead of providing them with the right information, a separate or proxy information is used. Hackers may have some information but it is not the right information.

Stronger firewalls will also have the ability to provide information as to how the information is streamlined. Through this, network administrators could detect the source of intrusion. The intrusion might be external but it still triggered from the inside. With the use of the firewall, the transfer of data is detected so that additional security measures if necessary will be made.

Components of a Firewall

Content Filtering – One of the most powerful features of a firewall is the ability to protect the user from outside intrusion through e-mails, attachments and other content related information. This is however, a fairly new feature in firewalls but this feature is available almost any firewall available in the market today. With this ability, Trojans, spam e-mails, unknown activeX programs and even file names that are not in terms with the set parameters will be blocked through firewalls.

Proxy – Network administrator use proxies as a tool for security with a price. Since it adds another host which will divert network attacks, it practically slows down execution of the application. When proxy is properly implemented, it builds another layer of security to the server. Proxy provides another host to the attack so that it will concentrate on something that does not actually exist. The use of proxy also uses IP as its identification tool instead of a name so that it will never be identified and ultimately attacked.

Packet Filtering – This security measure is very ideal when the network wants to protect itself from DoS type of attacks. Packet filtering also identifies the sources of the application and creates the necessary blocks before it could be admitted to the system. Packet filtering also helps network administrators control the incoming flow of information from the outside. DoS (Denial of Service) comes from the fact that hackers concentrate service request that looks legitimate but in the end, its main goal is to cripple the server to a halt. With a firewall, network administrators could control how much information is being requested at the same time and if possible, queue the request of information.

Selecting the Right Firewall

There are hundreds and thousands of firewalls in the market today. However, determining them is very easy. It all comes down to the network activity of the users. If users are restricted from internet access, simple firewalls could be implemented. It is even possible for some network developers to build firewalls without any extra cost. However in larger business setting, no cost is too small as network attacks could mean a crippling halt for the company if there are no firewalls installed as a precautionary protocol. 

Firewall and Architecture

In an age where more and more people are using the Internet for business and entertainment, it has become more important than ever before to use firewalls to block others from accessing your system. Without a good firewall, your computer is fair game to hackers.

However, not all firewalls are created equal, and before you go out and purchase one, it is important to learn about them. Firewalls can be broken down into two categories, and this is hardware firewalls and software firewalls. One myth that you may have heard people say is that "hardware firewalls are a lot more powerful than software firewalls."

The truth of the matter is that hardware firewalls are not necessarily more powerful than software firewalls. Some hardware firewalls do not have the necessary security patches, and the reason for this is because the process of re-imaging ASIC chips (which contain the OS for the firewall), is far too challenging for many network administrators. At the same time, some administrators add security patches to multi-use operating systems and the firewall software. A firewall which is well designed, like ISA 2004 for example, will prevent network traffic which is disallowed prior to the OS processing it.

This means that it will basically get rid of the OS as an attack vector. One thing that I should also note is that as technology continues to advance, the line which exists between the hardware and software firewalls has become more blurred. The reason for this is because many companies are now selling firewalls which use elements of both physical firewalls and their software counterparts. The distinction basically continues to become much less clear. When you’re looking to purchase a firewall, one thing that you should always consider is the protection of Layer 7.

The Protection of Layer 7

The standard firewalls which function at the Layers 3 and 4 within the OSI(Open System Interconnect) model are not capable of protecting your system against the latest attacks, and the reason for this is because they will not inspect the traffic that is present in the application Layer, also known as Layer 7. Many firewall companies have addressed this problem by making use of application layer filtering. When this inspection is made, the firewall will take one packet, or it may also structure multiple packets which comprise application traffic, and will make certain decisions based on this traffic.

The application layer firewall can also be responsible for the security of traffic which uses FTP. FTP will utilize a specific connection among the client and server, and it can negotiate an additional connection for the actual transfer of data. The application support will allow the firewall to analyze these control connections, and it will also allow the additional connection to utilize the port that both the client and server agreement on. In the past, most firewalls used Layers 3 or 4, but they are not very efficient against the newest attacks.

Hackers eventually figured out that many of the rules which comprise these older firewalls will allow them to transmit traffic to an internal network, so long as their tools made use of port 80 as the primary source port. Due to these weaknesses, any good firewall today will not be totally dependent on packet filtering. An inspection of the circuit level was made to find ways to bypassing the weaknesses that are prevalent in firewalls that make use of Layers 3 or 4. The stateful firewalls will be responsible for analyzing all the connections that are made between systems, rather than one IP packet.

Shopping for a Firewall

When you go shopping for a firewall, you may notice that many vendors use marketing terms such as "Layer 7 filtering" on their products. They may also use the term "Application Intelligence." Despite the ways in which this term is used, the application layer filtering plays an important role in contemporary firewalls, and you will not want to be without it. In fact, the application layer abilities of a firewall should play an important role in your decision to buy it. Purchasing a firewall can be challenging since different vendors will have different views on what they consider to be application layer filtering.

« « Preventing Network Intrusion
How to Effectively Protect Your System » »

Author Description

Chandra Vennapoosa

Chandra Vennapoosa, B.S Arch Graduate, Managing Director - Exforsys Inc, Founder of exforsys.com and geekinterview.com. Chandra's mission is "to provide quality career coaching and interview advice for aspiring candidates". She is an avid writer and is also very passionate to help others become professional freelancers. In addition to several online trainings, she has authored the popular book "How to Become a Successful Freelancer"

Free Training

RSSSubscribe 392 Followers
  • Popular
  • Recent
  • Home Networking

    February 25, 2008 - 0 Comment
  • Switched Multi Megabit Data Service (SMDS)

    March 13, 2008 - 0 Comment
  • Creating and Developing Security Policies

    November 23, 2011 - 0 Comment
  • Web Server

    February 26, 2008 - 0 Comment
  • Subnetting

    March 17, 2008 - 0 Comment
  • Preventing Network Intrusion

    November 24, 2011 - 0 Comment
  • Print Servers

    February 26, 2008 - 0 Comment
  • Frame Relay

    March 17, 2008 - 0 Comment
  • How to Effectively Protect Your System

    November 28, 2011 - 0 Comment
  • Virtual Private Network (VPN)

    February 28, 2008 - 0 Comment
  • How to use Hashes to Ensure Integrity

    November 30, 2011 - 0 Comment
  • Data Protection Protocols

    November 30, 2011 - 0 Comment
  • How to Effectively Protect Your System

    November 28, 2011 - 0 Comment
  • Preventing Network Intrusion

    November 24, 2011 - 0 Comment
  • Creating and Developing Security Policies

    November 23, 2011 - 0 Comment
  • Linux Thin Client Networks Design and Deployment

    October 2, 2009 - 0 Comment
  • High Level Data Link Control (HDLC)

    March 29, 2008 - 0 Comment
  • IPv6

    March 20, 2008 - 0 Comment
  • High-Speed Serial Interface (HSSI)

    March 20, 2008 - 0 Comment
  • Frame Relay

    March 17, 2008 - 0 Comment

Exforsys e-Newsletter

ebook
 

Related Articles

  • How to use Hashes to Ensure Integrity
  • Data Protection Protocols
  • How to Effectively Protect Your System
  • Preventing Network Intrusion
  • Creating and Developing Security Policies

Latest Articles

  • Project Management Techniques
  • Product Development Best Practices
  • Importance of Quality Data Management
  • How to Maximize Quality Assurance
  • Utilizing Effective Quality Assurance Strategies
  • Sitemap
  • Privacy Policy
  • DMCA
  • Trademark Information
  • Contact Us
© 2023. All Rights Reserved.IT Training and Consulting
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.AcceptReject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT