In this unit we will
use material from the following texts
& Lies: Digital Security in a Networked World by Bruce Schneier.
Schneier is the "real thing" - a genuine computer security expert and heads
up a company called Counterpane
Security: Weak Links, Best Defenses by Dr. Anup Ghosh of Reliable Software
Commerce: Security, Risk Management and Control 2nd Edition
by Greenstein and Vasarhelyi.
2nd Edition, Chpt 11
Electronic Commerce: Security,
Risk Management and Control by Greenstein and Feinman
see details at witiger.com/ecommerce/ecommercetextssecurity.htm
this unit students will be able to:
- What do firewalls do?
"... a firewall is usually a combination of packet filtering routers and
a computer that executes a set of proxies. Proxies are simple programs
that store and forward network requests based on an evaluation of a set
of rules. The rules define which connections are allowed and which are
not. One of the important functions that a firewall serves is to restrict
the number of network services that are available to outside connections"
|Student Alice C. in BCS 555 in November 2004 found this really great security site that has many good topics, including an explanation of firewalls reproduced in the table below.||This table with
the 12 concepts explaining a firewall, comes originally from
we have reproduced it here so as to save them bandwidth from too many people viewing the table
wilders.org is a site out of Utrecht in the Netherlands
|concept 1:||applications and services|
|concept 3:||without a firewall|
|concept 4:||role of a firewall|
|concept 6:||this firewall is a "packet filter"|
|concept 7:||TCP/IP compared to UDP/IP|
|concept 8:||blocking UDP/IP data|
|concept 9:||how ports are used|
|firewall: a range of (local) ports is available for applications that communicate with services on other systems. Typically, services are available on ports 1 to 1023. Ports for temporary use range from 1024to 5000. This way, applications/services don't tie up a port assigned to your systems services (file shares, identification etc.).|
|concept 10:||how ports are used (2)|
|a convention in the hotel business is that the lounge is at ext. 80, the concierge is at ext. 53, a bellman is at ext. 23 etc. This way, guests know how to reach staff in other hotels. Guests are kindly requested not to use the staff's extensions for personal calls.||firewall: a convention in the TCP/IP and UDP/IP protocols in that particular services are available at particular ports, e.g. web servers are at port 80, DNS at 53, telnet at 23, etc. This way, your applications know how to reach services on other systems. Applications should not use these extensions inappropriately.|
|concept 11:||rule usage|
|this hotel has an operator that can be instructed to allow certain calls through under certain circumstances, such as 1) only when a certain guest is in the hotel 2) when cell phones are in use 3) when a call is going through the hotel's secure phone lines etc.||firewall: with a firewall you can make a rule that allows certain communications only under certain circumstances, such as 1) when a certain application is running 2) when dail-up connection is alive.|
|concept 12:||priority of rules|
|some instructions for the operator are more important than others. By assigning a priority to each one, one controls the order in which the operator reads and applies instructions.||firewall: some rules take precendence over others. By setting the priority you can control the order in which rules are used and applied.|
the digital world, a firewall is a machine that protects a company's internal
network from the malicious hackers, ravenous criminals, and desultory evildoers
who lurk throughout the Internet. It keeps intruders out"
"firewall has changed meaning since it was first used in computer networks. The original networks were buggy and would inveterately crash. Firewalls were installed to prevent bad networking software in one part of the network from taking the rest of the network down with it... Today's firewalls act as boundaries between private networks and the vast public network".
Schneier's chapter goes further to describe the different types of firewalls
Chpt 12 Network Defenses
|ICSA as quoted
by Greenstein and Feinman (page 268 text)
ICSA defines a firewall as
must pass through it
"Firewalls [and any other technical and software devices] should be used as a component of enterprise security, not as the only solution. While firewalls provide a robust set of controls, they are not foolproof, and an organization that relies solely on firewalls for network security is turning a blind eye to many exposures that firewalls do not address."
a firewall ... is essential to preventing security break-ins..."
Firewall Insecurity, page 210
"Firewalls are the first line of defense against malicious users, placed between the computer network to be protected and the network that is considered to be a security threat"
? - What are firewalls used for exactly?
A - "Though firewalls are typically used to isolate a company's local area networks (LANS) from the Internet, firewalls are also used to
E-Commerce Security: Weak
Links, Best Defenses
|Partitioning and Isolating
users access to the entire network is critical in medium and large sized
corporations since it serves several purposes.
of a firewall page 270 [1st ed.] Greenstein and Feinman text
also some information from Prof. Dr. Horn GmbH www.ibh.de/netglossary/net_16.htm
(found by student Jenny Ng, MRK 410, March 2004)
Firewalls can be placed into two categories
from Prof. Dr. Horn GmbH www.ibh.de/netglossary/net_16.htm
|The difference between default
permit and default deny might be as follows.
The castle guard lets everybody across the drawbridge that has the password - and people that don't have the password cannot come in
The castle guard lets nobody across the drawbridge, unless they are certain kinds of people, and they also have to have a password
from Prof. Dr. Horn GmbH www.ibh.de/netglossary/net_16.htm
This article is about how some security people are installing firewalls on all desktops and laptop computers, both inside and outside the corporate LAN
"...firewall products are still evolving, and IT managers face a multitude of features in personal firewall software programs and hardware devices. For example, some new products allow for centralized monitoring and policy enforcement for remote desktop firewalls, while others may be less sophisticated but easier to use. Still others offer different configuration options depending on an employee’s role or whether the remote computer is being used for personal or business use."
|questions about "What Form
Will Firewalls Take?"
"While analysts predict that the market will ultimately consolidate into a single desktop security product or suite that includes intrusion-detection tools, a firewall, a VPN and antivirus protection, there’s no consensus on just how this will be accomplished. Already, almost every personal firewall offers VPN capabilities. Vendors are merging and partnering to bundle mixed products into one integrated product. And some companies, like InfoExpress and Symantec, are taking the suite approach. But then there’s the debate over where these host-based firewalls will wind up — as hardware, software or something more like a network adapter, according to analysts. That’s why many IT managers say they’ll just wait a while before deploying host-based firewalls, in spite of the risks.
, a bank in Southern California received a call from an on-line customer
asking why one of the bank’s computers was trying to hack into his
system. It turned out that the machine doing the hacking belonged to the
bank’s president and had been remotely commandeered by an employee.
The president called Conqwest Inc., a Holliston, Mass.-based IT security
services firm, which is now rolling out firewall software across
the bank’s 125 internal desktop, laptop and remote computers.
Until recently, companies thought antivirus and virtual private network (VPN) technologies would keep remote worker connections safe. But as more workers have been accessing the Internet through broadband services such as cable modems, exposure to hacking attacks through those machines has increased. In October, for example, a hacker broke into a Microsoft Corp. employee’s home computer and exploited the VPN connection to penetrate the company’s internal network.
At the time of the Microsoft hack, only 15 per cent of 300 security professionals surveyed used any type of firewall to protect remote workers’ machines, even though 38 per cent of the reported attacks originated from those machines, according to a report released by Cupertino, Calif.-based security software vendor Symantec Corp. Some managers are tackling this threat by requiring firewalls on all desktops and laptop computers, both inside and outside the corporate LAN."
"There are three basic ways to defeat a firewall
1. go around it ... large network has lots of connections... companies often hook their networks to suppliers networks, maybe you can get in through an unsecured supplierSecrets & Lies: Digital Security in a Networked World by Bruce Schneier
Chpt 12 page 190-191
Unfortunately, not all students are familiar with the " No-IP" software. This software allows the owner of the computer to access his computer from any computer connected to the internet.
As we all know, the remote ip address changes all the time and it's hard to keep up with the current address to access the computer. Therefore, the No-IP allows you to create one domain name that the user can use it all the time. but to use the Remote Desktop Connection, the firewall has to be disabled which will allow everyone to access your pc! I asked a network specialist about it and he said that the safest way to prevent that is to have a complicated password on the User account and change it every two or three weeks."
I have come from Iran,
where the fundamental government controls the internet.
Unfortunately the number
of Internet users is increasing very fast and recently the government banned
high speed internet too.
But fortunately I have read amazing news today from Canadian researchers in University of Toronto. They have created great software which its name is “Psiphon”. The Psiphon allows internet users in countries with internet censorship to escape from governmental firewalls and filtering. I think, it is going to be a revolution against Chinese and American censor software producers.
I think this article related to our discussion in the class when you mentioned about “Firewalls” two weeks ago, I think there is a very important issue in e-business, because for example If I was in clothing business, and If I want to write some of those “META” codes for increasing my web site ranking, I do not have to write “Woman”, “Underwear”, “Girls” and etc in the “Meta” part because my web page will be filtering by those mess censorship computer programs. Thank you for your time
If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
free trial and demo versions
The following is a list of free trial and demo versions of the most popular firewall software that anyone can use to protect from unscrupulous people or those who abuse unprotected computers:
Personal Firewall v5.5
Personal Firewall v5.5.1298
Internet Security 2004
Personal Firewall v2.1
Personal Firewall Plus
Most materials from Howstuffworks
"One growing trend is that more employees are working remotely, rather than at corporate headquarters. Therefore, today's firewalls, though built to guard against remote access, must also be sophisticated enough to allow the right kinds of remote access, Yankee Group network security"
"When a firewall intercepts the individual packets that comprise a message sent over a network, it reassembles them to check for protocol validity. If that firewall includes a network security switch, it not only reassembles the packets, but also scans each message for viruses, providing a total intrusion detection package"
"Philip said NetScreen's offerings range from approximately $500 for a small office platform to more than $200,000 for the highest-end solution. In between are several price points. The NetScreen-204, a 400-meg firewall with four ports, starts about $10,000."
How do people hack in, and what would firewalls do?
A - "Successful attacks are made possible by bugs in the network services, errors in configuration, or the lack of access-control mechanisms. Firewalls combat these types of attacks by preventing connections to all services except those permitted by the firewall. What is less well understood is that many attacks are launched through the services that are permitted by the firewall."
"The firewall serves as a choke point between the Internet and internal machines...The firewall proxies can control access to both the Internet and to the internal network by evaluating a set of rules for each connection attempt to a network service. The rules specify which type of network traffic is permitted on either side of the firewall, where connections are allowed from, and to which machines connections are permitted."
||CONTACT I MAIN PAGE I NEWS GALLERY I E-BIZ SHORTCUTS I INT'L BIZ SHORTCUTS I MKTG&BUSINESS SHORTCUTS I TEACHING SCHEDULE|
|MISTAKES I TEXTS USED I IMAGES I RANK I DISCLAIMER I STUDENT CONTRIBUTORS I FORMER STUDENTS I|