Getting The Maximum Out Of Firewalls

Resource Center:

Linux

Home/Home Office

Convergence

Enterprise

E-Biz

Help

• For the most updated version of this V&D100 survey data, go to voicendata.com • Learn about the upcoming CyberMedia events

Home > Channel Tech


	Brocade partners IBM to expand IP networking footprints in India
	HP launches 'Touchsmart' printers
	AMD appoints Nicholas Donofrio
	SITA to conduct three-day expo
	iBall introduces Li'l Book
	Indian CIOs more progressive compared to global counterparts: IBM
	Greenlight Technologies partners with Logica
	Unlimited access with Aten digital KVM extension solution

Insight Enablers

• Tyresoles increases productivity by 15%

• Creating Enterprise Services Architeture Road Map

• Visible benefits with ERP

• In Trading improves business productivity by 40%

• Godrej Case Study

Getting The Maximum Out Of Firewalls

Ashok Dongre

Monday, January 30, 2006

It's a good sign that people everywhere are getting aware about the importance of information security. This is also a good time for security solutions providers to get more business from old and new clients. However, customer education is the key to success if you want to get and keep clients for life.

Firewalls have a very important place in the security system of an enterprise wide IT infrastructure. The firewall is designed as a gateway to allow or deny access to network resources on a computer network.

Unfortunately, it is not a thinking animal like humans and it makes its decisions to 'allow or deny' based on what the users want to connect to, not what their intention is. Hackers being thinking animals, can have a different intention than what they make it appear to be. A firewall wouldn't know that.

Therefore, when a hacker requests to connect to any resource on your network, the firewall will work according to the access rules that the administrator has set while configuring the firewall, without knowing if the request is from a hacker or a legitimate user.

An open port
When a firewall is installed, the administrator must give it a list of the resources to allow access to, and a list of resources to which access should be denied. Each resource available on a network is assigned a 'port' number, the number that corresponds to the type of resource. The hackers will always try to find an open port leading into your PC, or trick your system into opening one.

Firewalls have a way to divide your network between a private and a public zone. The Web Server and Mail Server are connected to the public zone called DMZ or the Demilitarized Zone!

Users connecting to this zone are not able to see the remaining part of your network, which is the private zone, where your database, file and application servers and the workstations will be placed. The success of your security strategy will thus depend also on how you protect your network from hackers trying to attack through this route.

A hardware-based firewall is usually integrated into router and gateway products and sits between your network and a cable or DSL modem. It incorporates a Network Address Translation (NAT) server that hides your networked computers' existence (IP addresses) from anyone outside the private zone of your network.

Setting the right policies
A critical part of firewall installation is the policies to allow internal users to access external resources like the Internet and to allow access to internal resources from outside. This can become a major cause of firewalls failing to offer the expected level of protection if not taken seriously.

It can get complicated when you look at the client's organizational structure, habits, the understanding of security issues and influence that the powerful users have on policy decisions. The solutions provider and the network administrator can become ineffective and helpless unless they take upon themselves to educate the management extensively on security
issues.

It is quite likely that the 'deny access' list can get shorter and shorter over the time due to complaints and pressures from various users! On the other hand, too many rules to check the incoming and outgoing network traffic can get the firewall overloaded. In such a case, it may start dropping packets even from the legitimate traffic.

Protection from untargeted attacks
Though targeted attacks take place against networks like Pentagon, NASA, banking and finance MNCs and the like, untargeted attacks have become so common that everyone needs to protect their networks. Customer education must become a focus area for the solutions providers, to achieve success.

Equally important is the training of technical personnel who actually go to a client's premises to install a firewall. This is found lacking in many cases. An untrained engineer with a superficial knowledge of firewall installation will always play safe at the cost of effectiveness of the firewall.

Setting up various IP addresses improperly can get the network into a mess if not planned properly. A hardware firewall comes with an initial setting of IP address and Subnet Mask and care needs to be taken to avoid IP address clashes on the network.

The Web-based Management Interface also comes with a default username and password that should be changed after the initial login. People have been known to leave default usernames and passwords unchanged for years. It's a very risky idea!

Maintaining log files
Once the firewall is in place and set up properly, the task doesn't end there. It is really the beginning of the process ahead. Unless you study the logs generated by the firewall and interpret them to understand the network activity, you will not be able to take corrective action.

You will be under the impression that everything is under control till the network gets attacked and firewall compromised. If you read the log files every day, you'll know what connections are typical and what connections are to be suspected for malicious activity.

All inbound connections should be logged as a general principle. You should know who is trying to connect to your internal systems. This is the first step in auditing your firewall rules to verify that you have correctly configured that part of your firewall.

As for outbound connections, you should identify probable targets for attacks and systems that should not originate outbound connections from inside your network, and log all of their traffic. Alerts and notifications can be configured in many ways for different types of events. Deciding how to be notified and what should trigger an alert should be covered by the security policy.

Like a big lock on the door can be a deterrent to a thief with meager resources, a firewall is not a deterrent to the hackers. They don't know you and they don't bother about how costly and impressive your firewall is � as long as they can get in to your network! You can get the maximum out of a firewall and protect your network only by installing and setting up the firewall properly, being alert to all suspicious activity and making the firewall a part of a bigger security strategy.

Ashok Dongre is an independent consultant and can be reached at dongre@usa.net

Page(s) 1

Related CIOL links		External links

Read Previous Channel Tech...

ZTE:Leading CDMA Technology

Extraordinary Networks:Freedom of Choice

Previous Stories

Getting The Maximum: Out Of Firewalls

Let's Be More Professional!

Wi-Fi Solutions: Hot Or Cold?

Message boards

Discuss this and many other IT topics at the
CIOL message board

Other CyberMedia web sites

[ Dataquest ] [ Voice&Data ] [ PCQuest ] [ Living Digital ] [ CIOL ] [ BioSpectrum ]

[ The DQweek ] [ CyberMedia India ] [ Cyber Astro ] [ IDC India ]

[ CyberMedia Events ] [ Cybermedia Digital ] [ Global Services ] [ BioSpectrum Asia ]

Copyright � CyberMedia All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.
Broken links? Problems with site? Send email to webmasterciol@cybermedia.co.in