qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbn

Firewall Configuration

Project By: Nutan Kumar Panda

ATL Bhubaneswar

1

Introduction

Our project “Study Different Firewalls” is related to study the functioning of different firewalls available to us and find out each others pros and cons. We have selected few firewalls like Windows Firewall, Zone Alarm Firewall, Comodo Firewall etc for our project. In our project we are concerned only about the software firewalls.

Objective

Microsoft Windows provides a variety of methods by which security software can perform network traffic filtering and other security-related tasks. However, these same capabilities can be used by malicious software, also known as malware, to tap into the operating system’s network architecture in order to circumvent security software, open backdoors, and steal information. A number of articles have been published that discuss and compare the features of different software firewalls, but there are few resources that explore the filtering techniques that these firewalls use. Understanding these filtering techniques is not only useful for choosing a softwarefirewall and troubleshooting problems with it, but it also helps to understand, detect, and prevent the malware threats that exploit inherent weaknesses in them.

2

Scope

The Internet, like any other society, is plagued with the kind of jerks who enjoy the electronic equivalent of writing on other people's walls with spray-paint, tearing their mailboxes off, or just sitting in the street blowing their car horns. Some people try to get real work done over the Internet, and others have sensitive or proprietary data they must protect. Usually, a firewall's purpose is to keep the jerks out of your network while still letting you get your job done.

Many traditional-style corporations and data centers have computing security policies and practices that must be followed. In a case where a company's policies dictate how data must be protected, a firewall is very important, since it is the embodiment of the corporate policy. Frequently, the hardest part of hooking to the Internet, if you're a large company, is not justifying the expense or effort, but convincing management that it's safe to do so. A firewall provides not only real security--it often plays an important role as a security blanket for management.

Some firewalls permit only email traffic through them, thereby protecting the network against any attacks other than attacks against the email service. Other firewalls provide less strict protections, and block services that are known to be problems.

Generally, firewalls are configured to protect against unauthenticated interactive logins from the ``outside'' world. This, more than anything, helps prevent vandals from logging into machines on your network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne attack if you unplug it.

3

What is a Firewall?

The Internet is a network of computer networks. It has evolved from the interconnection of networks around the globe. Interconnection is a good thing; it allows the free exchange of information via the Web, e-mail and file transfer. But it also carries a price, namely the risk that your Internet connection may be used by “hackers” (or as some would rather call them “crackers”) to gain unauthorized access to your local network. Availability of computing facilities can also be targeted by Denial of Service (DoS) attacks.

A firewall is a system that implements and enforces an access control (or security) policy between two networks; it usually guards an internal private network from an external public one, isolating an intranet from the Internet. Essentially a firewall connects two or more networks but only allows specified forms of traffic to flow between them. The firewall is a means by which a security policy can be enforced.

4

Types of Firewall

There have historically been two main types of firewall; application layer and network layer:

1. Application layer firewalls implement a proxy server for each service required. A proxy is a server that enables connections between a client and server, such that the client talks to the proxy, and the proxy to the server on behalf of the client. They prevent traffic from passing directly between networks, and as the proxies are often implemented for a specific protocol they are able to perform sophisticated logging and auditing of the data passing through them.

A disadvantage of application layer firewalls is that a proxy must exist for each protocol that you wish to pass through the firewall; if one does not exist then that protocol cannot be used.Some protocols, such as SMTP for e-mail, are natural proxies. Others, such as FTP for file transfer, are not.

5

2. Network layer firewalls make decisions on whether to allow or disallow individual Internet Protocol (IP) packets to pass between the networks. IP is the protocol by which almost all data is routed around the Internet. IP connections rely on a unique source and destination IP address for the communicating hosts. TCP layer port numbers (the “application layerendpoints”) are also readily available to a network layer firewall.

For example, port 25 is the agreed port number for SMTP e-mail transfer. The firewall can make filtering decisions based on the IP and port number values. This type of firewall can be very flexible. However the added complexity increases the risk of security holes through misconfiguration.

In Figure , a network layer firewall called a ``screened host firewall'' is represented. In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly-defended and secured strong-point that can resist attack.

6

Modes of operation There are two very distinct and different modes for network firewalls to operate in.

1.Default allow firewalls allow all traffic in and out of a site. Some specified services may be blocked on the firewall, but all others can freely pass through.

2.Default deny firewalls block all traffic in or out of a site (though commonly they only block inbound, rather than outbound, traffic). Only named services are allowed to pass through the firewall.

All firewall systems which were tested were found to be

susceptible to packet spoofing which tricks the server into thinking packets

have come from a trusted host, or into using its intrusion-detection counter

measures to cut connectivity to legitimate sites.

Detection mainly via sending packets (requests) and collecting

responses from client machines about packets and thereby getting a detail

report about the port to which the packet was send across the Network. When

one machine sends its request, the request is encapsulated in an 'IP packet'.

The 'IP packet' consists of two parts, i.e. header and data part. The header

part consists of all information of data i.e. the 'Source IP Address' and

'Destination IP Addresses', the send time and checksums. This can be used

for analyzing data integrity.

The 'TCP-IP Protocol Suit' is responsible for converting low-level

Network Frames into Packets and Segments. TCP is an independent,

general-purpose protocol. Since TCP makes very few assumptions about the

underlying network, it is possible to use it over a single network like an

Ethernet as well as over a complex Internet, It is a communication protocol.

7

A connection consists of virtual circuit between two application programs.

TCP defines an end point to be a pair of integers (host, port).

It defines various protocols they are TCP,

UDP, ICMP, IGMP TCP

TCP is a connection oriented reliable protocol. For sniffing

purpose like sniffing the details of a packet based on 'TCP' protocol. It

would list out the following details of the packet.

Source IP, Destination IP, Source Port, Destination Port,

Sequence, Acknowledgement

UDP

For sniffing purpose like sniffing the details of a packet based

on 'UDP' protocol. UDP is a connectionless unreliable protocol. It would

list out the following details of the packet.

Source IP, Destination IP, Source Port, Destination Port, length

ICMP

For sniffing purpose like sniffing the details of a packet based on

'ICMP' protocol. It would list out the following details of the packet.

Source IP, Destination IP, Source Port, Destination Port IGMP

For sniffing purpose like sniffing the details of a packet based on

'ICMP' protocol. It would list out the following details of the packet.Source IP,

Destination IP, Source Port, Destination Port.

Firewall policies must be realistic and reflect the level of security in the entire

network .For a firewall to work, it must be a part of a consistent overall

8

organizational security architecture. A firewall cannot replace security-

consciousness on the part of your users.

Firewall is a software/hardware which functions in a networked

environment to prevent unauthorized access. Its goal is to provide controlled

connectivity between internet and internal network. This is acquired by enforcing a

security policy .A firewall is that it implements an access control policy .A firewall

is a system or group of systems that enforces an access control policy between two

or more networks .

For firewalls where the emphasis is on security instead of connectivity, you should consider blocking everything by default, and only specifically allowing what services you need on a case-by-case basis.

If you block everything, except a specific set of services, then you've already made your job much easier. Instead of having to worry about every security problem with everything product and service around, you only need to worry about every security problem with a specific set of services and products.

9

Popular hardware & software firewalls

Software Firewall Hardware Firewall

Windows Firewall Cisco PIX

ZoneAlarm Fortiguard

Comodo Firewall Cyberoam

Norton Internet Security Check Point

Outpost NetScreen

BlackICE NetD

Macfee Internet Security WatchGuard

Windows Firewall

10

Windows Firewall is a software component of Microsoft Windows that provides firewalling and packet filtering functions. It was first included in Windows XP and Windows Server 2003. Windows Firewall, previously known as Internet Connection Firewall or ICF, is a protective boundary that monitors and restricts information that travels between your computer and a network or the Internet. This provides a line of defense against someone who might try to access your computer from outside the Windows Firewall without your permission.

Windows Firewall was first introduced as part of Windows XP Service Pack 2. Every type of network connection, whether it is wired, wireless, VPN, or even FireWire, has the firewall enabled by default, with some built-in exceptions to allow connections from machines on the local network. It also fixed a problem whereby the firewall policies would not be enabled on a network connection until several seconds after the connection itself was created, thereby creating a window of vulnerability. XP's Windows Firewall cannot block outbound connections; it is only capable of blocking inbound ones.

Windows Firewall is turned on by default. However, some computer manufacturers and network administrators might turn it off. To open Windows Firewall

1. Click Start and then click Control Panel.2. In the control panel, click Windows Security Center.3. Click Windows Firewall.

11

Windows Firewall should be always turned on.

12

How Windows Firewall Works

When someone on the Internet or on a network tries to connect to your computer, we call that attempt an "unsolicited request." When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you run a program such as an instant messaging program or a multiplayer network game that needs to receive information from the Internet or a network, the firewall asks if you want to block or unblock (allow) the connection. You should see a window like the one below.

If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.

The Exceptions tab includes a list of programs and services that you can select or deselect to allow or remove access to the network. You can also add or delete ports (both TCP and UDP).

When adding programs or ports, you also have the following options to limit the scope of access: Any Computer (Including Those On The Internet), My Network (Subnet) Only, or Custom List, which allows you to choose a mix of IP addresses and subnets.

On the Advanced tab, you can choose which connections the firewall will apply to, and you can specify logging features. You can also control, with some granularity, how the firewall handles Internet Control Message Protocol (ICMP) packets.

13

Finally, if you get completely lost and make changes that prevent the computer from connecting to the Internet, you can click the Restore Defaults button. This removes all of your changes, returning Windows Firewall to the Microsoft default state.

14

What Windows Firewall Does and Does Not Do

It does It does not

Help block computer viruses and worms from reaching your computer.

Detect or disable computer viruses and worms if they are already on your computer. For that reason, you should also install antivirus software and keep it updated to help prevent viruses, worms, and other security threats from damaging your computer or using your computer to spread viruses to others.

Ask for your permission to block or unblock certain connection requests.

Stop you from opening e-mail with dangerous attachments. Don't open e-mail attachments from senders that you don't know. Even if you know and trust the source of the e-mail you should still be cautious. If someone you know sends you an e-mail attachment, look at the subject line carefully before opening it. If the subject line is gibberish or does not make any sense to you, check with the sender before opening it.

Create a record (a security log), if you want one, that records successful and unsuccessful attempts to connect to your computer. This can be useful as a troubleshooting tool.

Block spam or unsolicited e-mail from appearing in your inbox. However, some e-mail programs can help you do this.

15

Configuring Windows Firewall Settings

16

Pros and Cons of Windows Firewall

The Windows Firewall does a good job of proxying inbound responses to outbound connection requests, and it does a good job of blocking inbound connection requests for TCP or UDP conversations that you haven't initiated. It will block any connection attempts that you haven't specifically allowed in the settings. However, that's only half of what a firewall needs to do.

A firewall should also monitor, inspect, and proxy outbound communication—and this is where Windows Firewall fails. Any program on your computer can initiate any type of connection to any IP address on the Internet, and the Windows Firewall will sit by passively and let it happen!

Don't let any prompts fool you: Even though it tells you a program has initiated a connection to the Internet and asks if you want to allow this connection, the connection has already occurred. What it’s really asking is whether you want to allow the Internet to connect to this program.

17

ZoneAlarm Firewall

ZoneAlarm is a personal firewall software application originally developed by Zone Labs, which was acquired by Check Point. It includes an inbound intrusion detection system, as well as the ability to control which programs can create outbound connections.

In ZoneAlarm, program access is controlled by way of "zones", into which all network connections are divided. The "trusted zone" generally includes the user's local area network and can share resources such as files and printers, while the "Internet zone" includes everything not in the trusted zone. The user can specify which "permissions" (trusted zone client, trusted zone server, Internet zone client, Internet zone server) to give to a program before it attempts to access the Internet (e.g. before running it for the first time) or, alternatively, ZoneAlarm will ask the user to give the program permission on its first access attempt.

18

Features

Designed to be used in conjunction with an antivirus program, the strongest tool in ZoneAlarm's belt is the outbound firewall. Though Windows does offer some outbound protection, it's not activated by default. Most users tend to leave it off because they either don't know about it, or when they do turn it on it regularly interrupts their workflow with pop-up security warnings. Older versions of ZoneAlarm used to be noisy with pop-ups as well, but the new version has been set to be quieter without changing the level of protection. If you prefer, this can be changed in the program settings.

During the testing of the default ZoneAlarm Firewall settings, the only pop-ups encountered were those blocking new software installations. The pop-ups for the three programs tested went away and allowed the installation to proceed with one click. More than just a low rate of interference, only encountering pop-ups for program installations is precisely the kind of warning that keeps you aware of what's occurring on your computer without distracting you simply for surfing the Web.

19

The benefits of an outbound firewall might not be readily apparent. An inbound firewall blocks threats coming in from the outside, but an outbound firewall does more than prevent your computer from spreading viruses and malware to others. If your computer has been compromised by a botnet, for example, outbound protection will stop it from sending your data back to its host servers. It can also stop program spoofing, which is when a malicious program pretends to be a good one, and IP spoofing, which is when harmful network transmissions dress up as safe ones.

20

The ZoneAlarm toolbar has also been given more than a simple spit-shine. We can opt out of installing it when you run the main installer, and install it later if you wish, but ZoneAlarm was quick to point out that it without it key security features are not activated. Hiding the toolbar after it's been installed won't disable its protections, which include the aforementioned signature and heuristic-based anti phishing protections.

21

It also adds a site check option that can be used to reveal the date founded and physical location of the site and has customizable safe site buttons for launching regularly visited sites such as Facebook or your banking site. The e-mail checker built into the toolbar is compatible with Hotmail, Gmail, Yahoo, RR, Univision, and POP3 accounts.

22

Performance

ZoneAlarm's performance was notable simply for how unnoticeable it was. Shutdown time did not appear to be affected at all, and neither did starting up cold nor rebooting. Changing the antivirus program that it was partnered with didn't affect the firewall's behavior, either.

Pros and Cons of ZoneAlarm

Pros: Free for non commercial use, frequently updated, protects incoming and outgoing connections without additional configuration

Cons: Did not automatically configure as many applications.

23

Outpost Firewall

Outpost Firewall Pro is a software-based personal firewall package developed by the Russian firm Agnitum. Outpost Firewall 2009 Free now includes full Windows Vista (32 and 64bit) support and a completely revamped user interface.

Outpost Firewall Pro (personal firewall) is designed to monitor incoming and outgoing network traffic on Windows machines. Like most advanced PC firewalls (ZoneAlarm, Comodo, etc.), Outpost goes beyond monitoring internet traffic and also monitors application behavior in an attempt to stop malicious software covertly infecting Windows systems. Agnitum calls this technology "Component Control" and "Anti-Leak Control" (included into HIPS-based "Host Protection" module). The product also includes a spyware scanner and monitor, together with pop-up blocker/spyware filter for Internet Explorer and Mozilla Firefox (Outpost's web surfing security tools include black-lists for IPs and URLs, unwanted web page element filters and ad-blocking. The technology altogether is known as "Web control").

24

Outpost Firewall Pro allows the user to specifically define how a PC application connects to the Internet. This is known as the "Rules Wizard" mode, or policy, and is the default behavior for the program. When in this mode, Outpost Firewall Pro displays a prompt each time a new process attempts network access or when a process requests a connection that is not covered by its pre-validated rules. The idea being that this then lets the user decide whether an application should be allowed a network connection to a specific address, port or protocol.

In practice, prompting users can make the product seem over complicated to less experienced users. Agnitum engineers includes pre-set rules for many popular applications. Users can optionally submit rules they have created through the Agnitum ImproveNet system for validation and sharing new rules by Agnitum engineers via product updates.

Outpost is a very powerful and feature rich firewall. Many users will barely scratch the surface of what can be done with the configuration manager.

We're happy to report that the instant nagging prompts pushing users to upgrade to the paid version, which plagued the previous version of Outpost Firewall are gone. Gone too are the concerns about lack of support for the software. Agnitum seem fully committed to supporting this new free firewall and we had no concerns about the

25

software being out of date this time. Configuring and working with Outpost may initially seem a bit daunting, although with the new interface it is much easier.

Pros and Cons of ZoneAlarm

Pros: Very powerful firewall, extensive configuration options, protects incoming and outgoing connections without additional configuration, automatic configuration for lots of popular software, full 64 bit operating system support.

Cons: Some users find ZoneAlarm easier to use, although thanks to the revamped interface Outpost Firewall is no longer as daunting to beginners.

26

Comodo Firewall

Comodo Internet Security is currently ranked number 1 in Matousec's Proactive Security Challenge, and passing 100% of the 148 software firewall tests, and is the only firewall and host intrusion prevention system to consistently score number 1 or tie for number one (usually with Online Armor) in all independent tests.

Comodo Internet Security was designed around the concept of layered security, by integrating components designed to prevent intrusions upon a computer system (the Firewall, Defense+, and Memory Firewall), with components designed to resolve any intrusions which the other components miss.

This free software firewall, from a leading global security solutions provider and certification authority, use the patent pending "Clean PC Mode" to prohibit any applications from being installed on your computer unless it meets one of two criteria. Those criteria are a) the user gives permission for the installation and b) the application is on an extensive list of approved applications provided by Comodo. With this feature, you don't have to worry about unauthorized programs installing on your computer without your knowledge.

27

Configuration

Comodo Firewall Pro is a freeware software package for Windows that that controls the programs that can connect to the outside world and the types of connections that they can make. If Comodo Firewall isn't configured correctly, it can prevent Firefox from accessing the Internet, causing Firefox to give Server not found errors.

This describes how to configure Comodo Firewall Pro to give Firefox access to the Internet.

Open Comodo Firewall Pro - click the Windows Start button,

then click All Programs > Comodo > Firewall > COMODO Firewall Pro. In the Summary window, under the Security Monitoring heading, click the ApplicationMonitor.

28

In the list of Application Control Rules, locate any mentions of Firefox or firefox.exe. Click on each one, then click Remove. After removing each instance of Firefox in the Application Control Rules list,

click the Tasks button.

In the Tasks window, click the Define a new Trusted Application.

29

In the Trusted Application window, under the Specify Application heading, click Browse... Navigate to your Firefox program folder (usually C:\Program Files\Mozilla Firefox\ and choose firefox.exe. Click OK at the bottom of the Trusted Application Window.

30

Return to the Application Monitor by clicking its icon on the left side of the Window. You should see Firefox listed, this time with full access rights.

Unless you have a whole lot of stuff to setup or multiple users or you are on a network machine, we would suggest just install and enter the settings as the firewall detects new applications and activities.

In the message box that shows up 1.set the action to do (allow . block ...)2.set the type of app that it is (installer,.....)3.If you want to set this property for this app permanently check the the box (do this always)As you add more app to the do always list the frequency of the Message box will go down.

31

PROS of Comodo Firewall

1. Free means free! : Comodo firewall is a completely free software and they actually mean free. They don’t give any nag screens, no promotional offers, nothing. They are giving away the software at zero cost. They just require you to supply you with your email address, so that they can send you the registration key at no cost. They send registration keys to keep a track on how many people are using their software.

2. Great security : It delivers, what it is supposed to and thus qualifies itself as one of the better security softwares available on the Internet. In various tests, it has proved its worth and helped in identifying the unwanted elements. It blocks attacks from outside world and blocks malware-style leak tests. Let’s you take control of the softwares or programs which will access the Internet connection. Watch out bad guys, the firewall will not let you break into the computer so easily.

3. Simple Interface : The interface of the software is also simple. It is good enough for any user and most of the users will find ease in using and going through

32

the options it has to offer. However, still there is scope of improvement but I’m sure that most of the users will be fine with it.

4. Recognize know programs : One of the good thing about this software is that it lets you scan your computer first and then automatically puts the known programs in the safe list and doesn’t give alerts for those softwares.

CONS of Comodo Firewall :

1. Too many alerts : Somehow, it gave lots and lots of alerts and thus it can alarm any beginner in starting and can create problems in case a user clicks on the deny button of an important software. Although, alerts can be minimized by letting the program scan through the system for the known programs.

2. Starting problems in accessing the web based services : I did face some problems in accessing the web based services like GMail, Google Reader. However, once I restarted the computer, everything seemed normal. After, using it for few days, I started to face the problem in connecting to the Internet and gave me errors too. However, just a simple restart and everything used to get back to normal.

33

Bibliography

"Firewalls-A complete guide*"-J.L.Aadrew . S . Tanenbuamwww.google.com

Firewall and Internet Security - Cheswick, Bellovin, Rubin

The Best Damn Firewall Book Period -Cherie Amon