📄 firewalls_torn.html
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Firewalls torn Apart By Ankit Fadia ankit</title>
</head>
<body>
<p><font face="Verdana">Firewalls torn Apart By Ankit Fadia ankit@bol.net.in</font><font face="Verdana" size="2"><br>
_____________________________________________________________________________ <br>
<br>
A firewall is basically something that protects the network from the Internet. <br>
It is derived from the concept of <br>
firewalls used in vehicles which is a barrier made of fire resistant material <br>
protecting the vehicle in case of <br>
fire. Anyway a firewall is best described as a software or hardware or both <br>
Hardware and Software packet <br>
filter that allows only selected packets to pass through from the Internet to <br>
your private internal network. <br>
A firewall is a system or a group of systems which guard a trusted network( The <br>
Internal Private Network <br>
from the untrusted network (the Internet.) To understand how a firewall works, <br>
firstly we need to understand <br>
how exactly data is transferred on the Internet. <br>
<br>
NOTE: The following is a very weird, short and incomplete description of the <br>
TCP\IP protocol, I have just <br>
given a general idea of the whole data transmission process so that everyone can <br>
understand firewalls. <br>
<br>
The TCP\IP suite is responsible for successful transfer of data across a network <br>
both the Internet and the <br>
Intranet. The TCP\IP suite is a collection of protocols which are inter-related <br>
and interdependent and act as a <br>
set of rules according to which data is transferred across the network. A protocol <br>
can be defined as a language <br>
or a standard which is followed while transfer of data takes place. Lets go <br>
through a brief explanation of how <br>
data is transferred across a network following the various components of the <br>
TCP\IP suite. <br>
The whole process of data transmission begins when a user starts up an Internet <br>
application like the email <br>
client or a FTP client. The user types an email in his client and in this way <br>
provides data to be <br>
transferred. The email client is said to be a part of the application layer of <br>
the TCP\IP stack. Now this <br>
application layer (email client) provides data (the email itself) which has to be <br>
transferred to the Transmission <br>
control protocol or TCP which constitutes the Transfer Layer of TCP\IP. TCP breaks <br>
down the data i.e. the <br>
email into smaller chunks called packets and hands over the responsibility to the <br>
Internet Protocol or IP <br>
which forms the invisible network layer. This Internet Protocol adds some various <br>
info to each packet to <br>
ensure that the packet knows for which computer it is meant for and which port <br>
or application it is going to <br>
meet and from where it has come. An IP datagram contains: <br>
<br>
1. A header which contains the Source and Destination IP, Time to live info and <br>
also the protocol <br>
used. There is also a header checksum present. <br>
2. Remaining part contains the data to be transferred. <br>
<br>
You do not need to understand all this in detail but just remember that TCP <br>
breaks data into smaller packets <br>
and IP adds the source and destination IP's to the packets. When the data reaches <br>
the other server IP hands <br>
the packets to TCP again which re assembles the packets. Port numbers are also <br>
used to ensure that the <br>
packets know to which application it need to go to. So, basically we can conclude <br>
that a successful <br>
transmission of data across a network relies on the source and destination IP <br>
and also the ports. <br>
<br>
A firewall too relies on the source and destination IP and also the ports to <br>
control the packet transfer between <br>
the untrusted network and the trusted network. Firewalls can be classified into 3 <br>
types: <br>
<br>
1. Packet Filter Firewalls <br>
2. Application proxy Firewalls <br>
3. Packet Inspection Firewalls <br>
<br>
Packet Filter Firewalls <br>
<br>
They are the earliest and the most criticized firewalls, which nowadays are not <br>
easily found. They are usually <br>
Hardware based i.e. Router Based (a router is a piece of device which connects two <br>
networks together.) <br>
Whenever a Packet Filter Firewall receives a packet for permission to pass <br>
through, it compares the header <br>
information i.e. the source and destination IP address, and port number with a <br>
table of predefined access <br>
control rules If the header information matches, then the packet is allowed to <br>
pass else the packet is <br>
dropped or terminated. They are not popular due to the fact that they allow <br>
direct contact between the <br>
untrusted system and the trusted private system. <br>
To understand such firewalls lets take the example of the secretary that sits in <br>
your office. This kind of <br>
secretary allows only those people who have an appointment to pass but if you <br>
convince her that her boss <br>
wants to meet her then she would allow you to pass. <br>
Such Firewalls can be fooled by using techniques like IP Spoofing in which we <br>
can change the source <br>
IP such that the firewall thinks that the packet has come from a trusted system <br>
which is among the list of <br>
systems which have access through the firewall. <br>
<br>
Application proxy Firewalls <br>
<br>
The shortcomings of the packet filter firewalls are addressed by the new type of <br>
firewalls developed by <br>
the DARPA. It was widely believed that the earlier type of firewalls were not <br>
secure enough as they allowed <br>
the untrusted systems to have a direct connection with the trusted systems. This <br>
problem was solved with <br>
the use of Proxy servers as firewalls. A proxy server which is used as a <br>
firewall are called application proxy <br>
servers. <br>
This kind of a proxy firewall examines what application or service (running on <br>
ports) a packet is meant for <br>
and if that particular service is available only then is the packet allowed to <br>
pass through and if the service is <br>
unavailable then the packet is discarded or dropped by the firewall. Once this <br>
is done, the firewall extracts <br>
the data and delivers it to the appropriate service. There is not direct <br>
connection between the untrusted <br>
systems with the trusted systems as the original data sent by the untrusted <br>
system is dropped by the firewall <br>
and it personally delivers the data. <br>
<br>
Let's again take the example of a secretary. Such a secretary would take a gift <br>
or something else for you <br>
only if you are available in the office and it would not allow the visitor to <br>
deliver the thing but would personally <br>
deliver it to you. Although they are somewhat slower, they are much more <br>
secure as they do not allow <br>
a direct contact between an untrusted network and a trusted network. <br>
<br>
Packet Inspection Firewalls <br>
<br>
It can be also known as an extension of the Packet Filter Firewall. It not only <br>
verifies the source and <br>
destination IP's and ports, it also takes into consideration or verifies that <br>
content of the data before passing it <br>
through. There are two ways in which this kind of a firewall verifies the data to <br>
be passed: <br>
State and Session. <br>
In case of state inspection, an incoming packet is allowed to pass through only <br>
if there is a matching <br>
outward bound request for this packet. This means that the incoming packet is <br>
allowed to pass through only <br>
if the trusted server had requested for it or had sent an invitation for it. <br>
In case of session filtering, the data of the incoming is not verified, but <br>
instead the network activity is traced <br>
and once a trusted system ends the session, no further packets from that system <br>
pertaining to that session <br>
are allowed to pass through. This protects against IP spoofing to a certain <br>
extend. <br>
Such firewalls can also be configured beforehand to act according to pre defined <br>
rules when it is attacked. It <br>
can also be configured to disconnect from the Internet in case of an attack. <br>
<br>
All along you will come across many Firewalls on various systems, basically a <br>
firewall can be established <br>
or setup in two ways: <br>
<br>
1. Dual-homed gateway <br>
2. Demilitarized zone (DMZ) <br>
<br>
In a dual homed gateway firewall, there is a single firewall with 2 connections, <br>
one for the trusted network <br>
and the other for the untrusted network. <br>
In the case of a Demilitarized Firewall or a DMZ there are two firewalls, each <br>
with two connections, but there <br>
is a slight difference in the case of a DMZ setup. <br>
In the case of a DMZ setup, there are two firewalls, the first having two <br>
connections, one leading to the <br>
untrusted network and the other leading to the host systems like the email <br>
server or the FTP server etc. <br>
These host systems can be accessed from the untrusted network. These host systems <br>
are connected with the <br>
internal private trusted systems through another firewall. Thus there is no <br>
direct contact between the <br>
untrusted network and the trusted internal network. The area or region between <br>
the two firewalls is termed as <br>
the demilitarized zone. <br>
In the case of a Dual Homed Gateway the untrusted network is connected to the <br>
host systems (email <br>
and FTP servers etc) through a firewall and these host systems are connected to <br>
the internal private <br>
network. There is no second firewall between the host systems and the internal <br>
private trusted network. <br>
The basic structure of the DMZ setup declares it to be a more secure system as <br>
even if an attacker gets <br>
through the first firewall, he just reaches the host systems, while the internal <br>
network is protected by another <br>
firewall. <br>
<br>
Do Firewalls provide enough Security for my Network? <br>
<br>
The answer is a simple no. There is no such thing that a firewall is enough to <br>
fulfill or satisfy all your <br>
security concerns. Yes it does protect the trusted systems from the untrusted <br>
ones, but they are definitely <br>
not enough for all your security needs. We need to protect our systems to secure <br>
the company data. The <br>
most common methods used to break into networks are brute force password <br>
cracking and social <br>
engineering. A firewall in no way can prevent such occurrences. <br>
<br>
There are other ways in which attackers can steal or destroy company data. Phone <br>
Tapping and the use of <br>
spy gadgets has become a common occurance.Although providing safety to the <br>
network to a large extend, a <br>
firewall is still not able to protect the company data from Viruses and Trojans, <br>
although some firewalls do <br>
provide for scanning everything being downloaded, the rate at which new HTML, <br>
Java and other viruses are <br>
propping up, it is becoming very difficult for firewalls to detect all <br>
viruses. Anyway firewalls provide no <br>
physical protection to the networks. It also provides no protection from fire, <br>
tornados etc.Yet another <br>
shortcoming is the fact that if the attacker is able to break into a trusted <br>
system which is provided access by <br>
the firewall, then he can easily gain access to the data at your network, as the <br>
firewall will think that he is <br>
actually the trusted party. <br>
<br>
Ankit Fadia <br>
ankit@bol.net.in <br>
<br>
http://www.crosswinds.net/~hackingtruths <br>
<br>
To receive more tutorials on Hacking, Cracking (Assembly), Perl, C++ and <br>
Viruses/Trojans and <br>
more join my mailing list: <br>
<br>
Send an email to programmingforhackers-subscribe@egroups.com to join it. </font><br>
<br>
Visit my Site to view all tutorials written by me at: <br>
http://www.crosswinds.net/~hackingtruths </p>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -