I)Firewall
Firewall deny or allow specific network traffic, organizations deploy firewall to protect network and also to deny or allow specific network traffic inside and outside the network. Below given typical network design for a site which uses network firewall.
In most basic form of firewall IP packets are filtered, headers of IP packets like source IP, destination IP, source port and destination port is filtered. Also identify applications by their static well known TCP and UDP ports. Match the URI in HTTP request and decide whether to allow or deny download of web page identified by that URI.
Firewall are of two types:-
- Hardware firewall: A hardware firewall is a physical device which has WAN port, ports for DMZ and Ethernet port to connect to switch or router.
2 ) Software firewall: It is an application or a Bare metal firewall means it is Operating System by which a computer boots and we get graphic user interface to configure firewall.
Hardware firewall or software firewall both are again of two types-
- State full 2) State less.
- State full:- Records the state of information based on earlier packets, including number of TCP connection from client IP address to each server address. Means maintains data of historical state information which it compares when it suspect that abnormal traffic is coming to server.
- Stateless:- Stateless firewall does not maintain any records of the state of information of earlier packets it just deny or permit the traffic based on inbound and outbound rules.
Demilitarized Zone (DMZ):
Organizations have their Web server, Email server, File Transfer Protocol (FTP) servers which customer use must make accessible from the internet. Doing so is putting entire internal network of organization at risk. So these public servers are maintained in isolated network so that users from internet can access these servers and internal network also get protected. This isolated network is called as Demilitarized Zone (DMZ).
DMZ is between private network and public network.
The DMZ is isolated by security gateway, such as Firewall. It is ideally located between two firewalls. First firewall is between external network and DMZ which filters traffic from external network and second firewall is between internal network of organization and DMZ which has more harden rules configured. The main purpose of DMZ is to make public servers accessible from internet and at the same time secure internal network of organization from unauthorized access.
If highly skilled hacker breaches first firewall still that hacker has to breach second firewall to access internal network. It is recommended to use proxy server in DMZ which centralized the internal traffic flow and also monitor and record traffic for further analysis.
There are some desktop level firewalls which are inbuilt in operating system. Windows Operating System has inbuilt firewall. Also Antivirus software also have inbuilt desktop firewall.
Windows firewall is an IP packet filtering firewall, in which we can create Inbound and Outbound rules to restrict traffic for specific service, single IP address or network or subnet.
Giving below generic idea about how to create rule in windows firewall.
1)Right click on the icon of monitor at right hand side of task bar select nework and internet setting.
Select ethernet and left hand side pen and then select windows firewall from right hand side pane.Select advance settings from middle pane.
For creating a new rule :-
Select the type of rule like rule for specific programe connection, rule for specific port, rule for specific windows experience or custome rule.
2)Suppose you have selected in first step rule for ‘Programe’then in second step select the specific programe by giving the path of programe or if you want that rule should be applicable for all programes then select ‘All programes’.
3) In third step select the action, select the option ‘Allow connection’ if you want to set that all connections with IPSEC and connection without IPSEC are allowed. Select second option ‘Allow the connection if it is secure’ when you want to allow connection with IPSEC protection only. Select the third option ‘Block connection’ when you want to Block connection.
4)Select the when should rule apply, select ‘Domain’ profile when you connected to corporate domain, select ‘Private’ profile when you connected to private network such as workplace or select ‘Public’ profile when computer is in Public network.
5)Give the name of rule and finish the wizard.
6)See the rule in the list of inbound rules when it got created.
7) After creating rule right click on that and select tab ‘Scope’-
Select option ‘Any IP address’ in local address and in remote address select option ‘Any IP address’ or ‘These IP addresses’ if you want to allow or deny specific IP address or range of IP addresses or predefined set of computers like default gateway, DNS, DHCP, WINS servers.
8) Select the tab Protocols and Ports .Select Protocol type ‘TCP’, select local port ‘All ports’ and in remote port number select the port which you want allow or block.
Name of some firewall manufacturing companies:-
1) Cisco Adaptive Security Appliance (ASA)
2) Fortinet
3) Sophos
4) FortiGate
5) Checkpoint
6) Palo Alto networks
7) Mcafee Firewall
8) Cisco PIX
9) Juniper SSG
10) Juniper SRX
11) SonicWall
12) WatchGaurd
- II) Intrusion Prevention System (IPS)
IPS monitors activities of system and network for malicious activities which uses exploits for knows vulnerabilities. IPS monitors malicious activity, identify and maintain records, either drop packet or send to other application for further investigation.
Some names of IPS manufacturing companies.
- i) Cisco
- ii) Trend Micro
iii) Mcafee
- iv) Alert logic
v)Hillstone
vi)Idelise
vii)HBC
III) Proxy servers:-
Proxy servers works in between internet and users. Proxy servers works as a gateway. When user access internet and access web sites then on internet request goes with source IP address of user computer. So on internet, hackers may try to track user activity on internet try to make profile of user and target for attack.
Proxy server has its own IP address, name proxy is given because it forwards request to internet by using its own IP on behalf of user so that identity of user should not be revealed on internet and so securing private network.
Proxy server is beneficial because it givens improved security, control access of web site by user, balance network traffic and maintain cash memory for faster access.
Some names of Proxy server:-
i)Cisco
ii)Baracuda
iii)Mcafee
iv)F5 networks
v)Checkpoint
Author:
Sameer ManekarCall the Trainer and Book your free demo Class now!!!