ITIS 1210ITIS 1210Introduction to Web-Based Introduction to Web-Based

Information SystemsInformation Systems

Chapter 44Chapter 44 How Firewalls WorkHow Firewalls Work

IntroductionIntroduction

The Internet is a dangerous placeThe Internet is a dangerous place Hackers canHackers can

Damage your programs/dataDamage your programs/data StealSteal

Your identityYour identity Your credit informationYour credit information

Use your computer for other purposesUse your computer for other purposes Distributed attacks on other computersDistributed attacks on other computers SpamSpam Illegal activitiesIllegal activities

IntroductionIntroduction

Choices are toChoices are to Stay off the InternetStay off the Internet Protect yourselfProtect yourself

Firewalls are one kind of protectionFirewalls are one kind of protection Software/hardwareSoftware/hardware Monitors the computer-Internet interfaceMonitors the computer-Internet interface

How Corporate Firewalls WorkHow Corporate Firewalls Work

The firewall acts as a shieldThe firewall acts as a shield Separates the internal environment from the Separates the internal environment from the

Wild-Wild-WebWild-Wild-Web Inside, normal Internet technologies are Inside, normal Internet technologies are

availableavailable EmailEmail DatabasesDatabases SoftwareSoftware

How Corporate Firewalls WorkHow Corporate Firewalls Work

Access to the outside is controlled by a Access to the outside is controlled by a choke routerchoke router or a or a screening routerscreening router

Examines packets traveling in both Examines packets traveling in both directions and can learndirections and can learn Source & destinationSource & destination Protocols being usedProtocols being used Ports being accessedPorts being accessed

How Corporate Firewalls WorkHow Corporate Firewalls Work

Some packets permitted to continue, Some packets permitted to continue, others blockedothers blocked Some services such as logins might be Some services such as logins might be

blockedblocked Suspicious locations could be blockedSuspicious locations could be blocked System administrators set these rulesSystem administrators set these rules

How Corporate Firewalls WorkHow Corporate Firewalls Work

A bastion host is a heavily protected A bastion host is a heavily protected serverserver Lots of security built inLots of security built in Primary point of contact for connections Primary point of contact for connections

coming in from the Internetcoming in from the Internet Internal computers or hosts inside the firewall Internal computers or hosts inside the firewall

cannot be contacted directlycannot be contacted directly

Might also be a proxy serverMight also be a proxy server For WWW requests from inside the firewallFor WWW requests from inside the firewall

How Corporate Firewalls WorkHow Corporate Firewalls Work

Bastion host is part of a perimeter network Bastion host is part of a perimeter network in the firewallin the firewall Not on the corporate network itselfNot on the corporate network itself Adds another layer of securityAdds another layer of security One more element the bad guys have to One more element the bad guys have to

break down to get into the corporate networkbreak down to get into the corporate network

How Corporate Firewalls WorkHow Corporate Firewalls Work

An exterior An exterior screening routerscreening router or or access access routerrouter screens packets between the screens packets between the Internet and the perimeter networkInternet and the perimeter network

Again,Again, Adds another layer of protectionAdds another layer of protection Can implement the same rules as the choke Can implement the same rules as the choke

routerrouter If the choke router fails the screening router If the choke router fails the screening router

may still be able to block unauthorized accessmay still be able to block unauthorized access

How Personal Firewalls WorkHow Personal Firewalls Work

What personal resources are attractive to What personal resources are attractive to hackers?hackers? High-speed connectionsHigh-speed connections ““Always on” network connections like Always on” network connections like

RoadrunnerRoadrunner Poorly protected computers that are Poorly protected computers that are

vulnerable to exploitsvulnerable to exploits

How Personal Firewalls WorkHow Personal Firewalls Work

Remember ports?Remember ports? Virtual connections between your computer Virtual connections between your computer

and the Internetand the Internet Each port has a specific purposeEach port has a specific purpose

Personal firewalls work by examining Personal firewalls work by examining packets for information includingpackets for information including Source and destination IP addressSource and destination IP address Port numbersPort numbers

How Personal Firewalls WorkHow Personal Firewalls Work

Firewalls can be configured to block Firewalls can be configured to block packets address to specific portspackets address to specific ports Block port 21 and FTP can’t be used to attack Block port 21 and FTP can’t be used to attack

your PCyour PC Trojan horse software can permit a hacker Trojan horse software can permit a hacker

access to your PCaccess to your PC Firewalls can detect when software attempts Firewalls can detect when software attempts

to send packetsto send packets If you don’t approve, the packets are blockedIf you don’t approve, the packets are blocked

How Personal Firewalls WorkHow Personal Firewalls Work

Firewalls can block specific IP addresses Firewalls can block specific IP addresses as wellas well Your personal history might be a source of UP Your personal history might be a source of UP

addresses to be blockedaddresses to be blocked

NAT (Network Address Translation) is a NAT (Network Address Translation) is a technique whereby your true IP address is technique whereby your true IP address is shielded from the Internetshielded from the Internet It can’t be seen by anyone outside your home It can’t be seen by anyone outside your home

network so you become invisiblenetwork so you become invisible

How Personal Firewalls WorkHow Personal Firewalls Work

Firewalls can log probes or just plain trafficFirewalls can log probes or just plain traffic These logs can be examined for clues These logs can be examined for clues

about hacker’s effortsabout hacker’s efforts

How Proxy Servers WorkHow Proxy Servers Work

A A proxy serverproxy server is one that acts as an is one that acts as an intermediary between its clients and intermediary between its clients and external servicesexternal services

System administrators can establish many System administrators can establish many types of servicestypes of services They decide which will go through proxy They decide which will go through proxy

serversservers

Many types of proxy servers are availableMany types of proxy servers are available

How Proxy Servers WorkHow Proxy Servers Work

A Web proxy handles Web trafficA Web proxy handles Web traffic Commonly serves as a Web Commonly serves as a Web cachecache Could also provide content filtering by denying Could also provide content filtering by denying

access to specific URLsaccess to specific URLs Some reformat Web pages for a certain Some reformat Web pages for a certain

audience (e.g., for cell phones)audience (e.g., for cell phones) To the internal user the use of the proxy is To the internal user the use of the proxy is

transparenttransparent But it controls the interactionBut it controls the interaction

How Proxy Servers WorkHow Proxy Servers Work

A proxy server can be used to log Internet A proxy server can be used to log Internet traffic for analysis purposestraffic for analysis purposes Could record keystrokesCould record keystrokes Also how the external server reacted to those Also how the external server reacted to those

keystrokeskeystrokes Could logCould log

IP addressesIP addresses Date and time of accessDate and time of access URLSURLS Number of bytes downloadedNumber of bytes downloaded

How Proxy Servers WorkHow Proxy Servers Work

Could be used to implement security Could be used to implement security schemesschemes Permits files to be transferred internallyPermits files to be transferred internally But blocks access to external sitesBut blocks access to external sites

Common use is cachingCommon use is caching Speeds up performance by keeping copies of Speeds up performance by keeping copies of

frequently-requested Web pagesfrequently-requested Web pages Requests fulfilled by proxy eliminating need to Requests fulfilled by proxy eliminating need to

contact an external servercontact an external server

How Proxy Servers WorkHow Proxy Servers Work

Other types of proxy serversOther types of proxy servers An anonymizing proxy serverAn anonymizing proxy server

Protects your identity by making you seem Protects your identity by making you seem anonymous to serversanonymous to servers

Vulnerable to man-in-the-middle attackVulnerable to man-in-the-middle attack Since they can read and modify messagesSince they can read and modify messages Could intercept your credit card or logon Could intercept your credit card or logon

informationinformation

How Proxy Servers WorkHow Proxy Servers Work

Circumventor – Method of defeating Circumventor – Method of defeating blocking policies implemented using proxy blocking policies implemented using proxy serversservers Web-based page that allows access to Web-based page that allows access to

blocked sites by routing it through an blocked sites by routing it through an unblocked siteunblocked site

Famous example was elgooG, a mirror of Famous example was elgooG, a mirror of GoogleGoogle

Search engine that only recognized search Search engine that only recognized search terms entered backwardsterms entered backwards