Security safeguards used in networking:
- Network security threats today are spread over the Internet. The most common include:
- Viruses, worms, and Trojan horses
- Spyware and adware
- Zero-day attacks, also called zero-hour attacks
- Hacker attacks
- Denial of service attacks
- Data interception and theft, Identity theft
- Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.
- A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.
- Network security components often include:
- Anti-virus and anti-spyware
- Firewall, to block unauthorized access to your network
- Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks.
- Virtual Private Networks (VPNs) concentrators and clients to provide secure remote access.
- TACACS+ and RADIUS servers
- One-time password (OTP) solutions
- Smart cards
- Biometric authentication devices
- Network Admission Control (NAC) systems
- Routers with ACLs
Firewalls:
- A firewall is a hardware or software system that prevents unauthorized access to or from a network. It can be implemented in both hardware and software, or a combination of both.
- Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.
- Firewalls are essential since they provide a single block point, where security and auditing can be imposed.
- Firewall can filter contents on the basis of Address, Protocols, Packet attributes, State, and it’s generally only Screen the Packet headers.
- The different types of Firewalls are Packet Filtering Firewalls, Circuit level gateways firewalls, Application level gateways firewalls and Stateful multilayer Inspection Firewall.
Packet Filtering Firewalls:
- Packet Filtering Firewalls are normally deployed on the routers which connect the internal network to internet.
- Packet Filtering Firewalls can only be implemented on the Network Layer of IOS Model.
- Packet Filtering Firewalls work on the basis of rules defines by Access Control Lists. They check all the packets and screen them against the rules defined by the Network Administrator as per the ACLs.
- If in case, any packet does not meet the criteria then that packet is dropped and Logs are updated about this information.
- Administrators can create their ACLs (Access Control Lists) on the basis address, protocols and packet attributes.
Advantage:
- The biggest advantage of Packet filtering firewalls is cost and lower resource usage and best suited for smaller networks.
- Packet-filtering firewalls provide a reasonable amount of protection for a network with
minimum complications. Packet-filtering rules can be extremely intuitive and thus easy to set up.
- Packet-filtering firewalls also tend to have the least negative effect on the throughput rate at the gateway compared with other types of firewalls.
- They also tend to be the most transparent to legitimate users. If the filtering rules are set up appropriately, users obtain their required access with little interference from the firewall.
Disadvantage:
- Packet filtering firewalls can work only on the Network Layer and these firewalls do not support complex rule based models.
- It is also vulnerable to spoofing in some cases.
- Firewalling schemes based on ports do not provide the precise control that many organizations require. Moreover, packet-filtering firewalls are often deficient in logging capabilities, particularly in providing logging that can be configured to an organization's needs (e.g., to capture only certain events in some cases and, in others, to capture all events).
- They may also lack remote administration facilities that can save considerable time and effort.
Circuit level gateways firewalls:
- Most circuit-gateway firewalls are implemented using SOCKS, a tool that includes a set of client libraries for proxy interfaces with clients. SOCKS receives an incoming
connection from clients, and if the connections are allowed, it provides the data necessary for each client to connect to the application.
- Each client then invokes a set of commands to the gateway. The circuit-gateway firewall imposes all predefined restrictions, such as the particular commands that can be executed, and establishes a connection to the destination on the client's behalf. To users, this process appears transparent.
- Circuit level gateways firewalls are deployed at the session layer of the OSI model and they monitor sessions like TCP three way handshake to see whether a requested connection is legitimate or not.
- Major screening happens before the connection is established. Information sent to a computer outside the network through a circuit level gateway appears to have originated from the gateway. This helps in creating a stealth cover for the private network from outsiders.
Advantages:
- Circuit level gateways are comparatively inexpensive and provide anonymity to the private network.
Disadvantages:
- The task of modifying all clients to make them aware of the proxy mechanism is potentially costly and time-consuming.
- In addition, SOCKS has several limitations. Most implementations of SOCKS
are deficient in their ability to log events.
- Furthermore, SOCKS neither supports strong access authentication methods nor provides an interface to authentication services that could provide this function.
- Circuit level gateways do not filter individual packets. After establishing a connection, an attacker may take advantage of this.
Application level gateways firewalls:
- Application level gateways firewalls work on the Application layer of the OSI model and provide protection for a specific Application Layer Protocols.
- Application Layer firewalls are hosts that run proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them.
- Since proxy applications are simply software running on the firewall, it is a good place to do logging and access control.
- Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other after having passed through an application that effectively masks the origin of the initiating connection.
- Application level gateway would work only for the protocols which are configured. For example, if we install a web proxy based Firewall than it will only allow HTTP protocol data.
- They are supposed to understand application specific commands such as HTTP:GET and HTTP:POST as they are deployed on the Application Layer, for a specific protocol.
- Application level firewalls can also be configured as caching servers which in turn increase the network performance and makes it easier to log traffic.
Advantages:
- Application inspection firewalls can prevent more kinds of attacks than stateful firewalls can.
- For example, application inspection firewalls can stop an attacker from trying to set up a virtual private network (VPN) tunnel triggered from inside the network through an application firewall by way of tunneled HTTP requests.
Disadvantages:
- For every TCP/IP client for which the firewall provides proxies, the client must be aware of the proxy that the firewall runs on its behalf. Therefore, each client must be modified accordingly.
- A second limitation is that, unless one uses a generic proxy mechanism, every application needs its own custom proxy.
- Finally, most application-gateway firewalls are not easy to initially configure and update correctly. To use an application-gateway firewall to its maximum advantage, network administrators should set up a new proxy for every new application accessible from outside a network.
Stateful multilayer Inspection Firewall:
- Stateful multilayer Inspection Firewall is a combination of all the firewalls.
- They can filter packets at Network layer using ACLs, check for legitimate sessions on the Session Layers and they also evaluate packets on the Application layer (ALG).
Advantages:
- Stateful Multilayer Inspection Firewall can work on a transparent mode allowing direct connections between the client and the server which was earlier not possible.
- It can also implement algorithms and complex security models which are protocol specific, making the connections and data transfer more secure.