Monday, 22 October 2012

FOR WHICH FIREWALLS CAN’T PROVIDE SECURITY


 In addition, Firewalls can’t  provide security for the following.
1 .A firewall can’t protect against attacks that don’t go through the firewall. Many corporations that connect to Internet are very concerned about confidentially date leaking out of company through route. However, a magnetic tape can just export data.
2. Many organizations that are terrified of Internet connections have no coherent policy about how dial-in access via modems should be protected. There are many organizations out there buying expensive firewalls and neglecting the numerous other back doors into their network.
3. Another thing a firewall can’t really protect you against is traitors or idiots inside the network. An industrial spy might leak information or export it through a telephone, FAX or floppy disk. Firewalls can’t protect you against this stupidity.
4. Firewalls can't protect very well against things like viruses. There are too many ways of encoding binary files for transfer over networks, and too many different architectures and viruses to try to search for them all. In other words, a firewall cannot replace security-consciousness on the part of your users. In general, a firewall cannot protect against a data-driven attack--attacks in which something is mailed or copied to an internal host where it is then executed.
Organizations that are deeply concerned about viruses should implement organization-wide virus control measures. Rather than trying to screen viruses out at the firewall, make sure that every vulnerable desktop has virus-scanning software that is run when the machine is rebooted. Blanketing your network with virus scanning software will protect against viruses that come in via floppy disks, modems, and Internet. Trying to block viruses at the firewall will only protect against viruses from the Internet--and the vast majority of viruses are caught via floppy disks.


Drawbacks of stateful multilayer inspection Firewall


1.stateful inspection  functionality currently requires the purchase of additional hardware and/or                      software  and is not typically "bundled" with another existing network device.

Advantages of stateful multilayer inspection firewall


1. These will typically offer much higher performance than proxies.
2. These ensure that all packets must be a port of an authorized communication session. Therefore, a higher level of  protection is provided to users communicating with systems external to the trusted network.
3. Stateful Inspection provides a greater level of security control by enforcing security policies at the "application socket" or port layer as well as the protocol and address level.

4.Stateful Multilayer Inspection Firewall

They combine the aspects of other three types of firewalls. This firewall keeps track of all packets associated with a specific communication session. A typical communication session between two computers will consists a several thousand packets, each of which is identified by a unique source and destination address and a sequence number that allows all of the packets to be reassembled into the correct data file at destination computer. Each packet of data is checked to ensure that it belongs to proper session. Any packets that are not part of an existing session are rejected. In addition to checking and validating the communication session ensuring that all packets belong to the proper session, these are further screens the packets at the application layer also. Filtering at the s/w application port level provides an additional layer of control for the network administrator to ensure that only authorized transactions are allowed through the firewall. These firewalls close off ports until connection to the specified port is requested.

Drawbacks of Application gateways


1. Proxies require large amount of computing resources in the host system, which can load to performance bottle necks or slow downs the network.
2. Proxies must be written for specific application programs and not all applications have proxies available.

Advantages of Application gateways


1. Since application proxies examine packets at the application program level, a very fine level  of security and access control may be achieved.
 2. These reject all inbound packets contain common EXE and COM files.          
 3. The greatest advantage is that no direct connections are allowed through the firewall under any circumstances.
 4. Proxies provide a high level of protection against denial of service attacks.

3. Application gateways Firewall


 These are the software firewalls. These are often used by companies specifically to monitor and log employee activity and by private citizens to protect a home computer from hackers, spy ware to set parental controls for children.
Application gateways also called proxies are similar to circuit level gateways expect that they are application specific. They can filter packets at the application layer of OSI or TCP/IP model. Incoming or outgoing packets can’t access services for which there is no proxy. In plain terms, an application level gateway is configured to be a web proxy will not allow all ftp, gopher, telnet or other traffic through. Because they examine packets at the application layer, they can filter application specific commands such as http: post, get etc;
It works like a proxy. A proxy is a process that sits between a client and a server. For a client proxy looks like a server and for a server, the proxy looks like a client.Example Application layer firewall: In an application layer firewall called a ``dual homed gateway'' is represented. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it.