How to install and configure a basic firewall
The firewall is the software or hardware system which is used to divide one network or computer from another one. Most of the common types of firewall help to protect an entire network or a computer from the unauthorized access from an internet. The firewalls also used to control the data flow from and to multiple networks in the same organizations. This firewall can also be programmed to filter the data packet based on any information which is contained in a packet. Listed below are some of the types of firewalls on the configuration and network.
It is necessary to know that not all the firewalls are same. These firewalls have changed a lot over the past 12 years as new technology has evolved. The firewalls will first filter only packets with their addresses and protocols will filter now by the data it has. As the technologies used to determine packets and also make filtering decisions increases, the sophistication of a firewall and its ability to offer granular decision making will improve. There are 2 broad types of firewalls such as hardware and software firewalls are discussed below.
Software and hardware firewalls
The software firewall, either are part of the operating system or the 3rd party application which installs on the operating and also can configure instead of an operating system firewall. This is configurable for the single host as well as flexible for the configuration for the particular host alone. In general, a firewall is the device that has more than one network interface. It also manages the flow of the network traffic in between those interfaces. In terms, what it does with types of traffic and how it manges the flows depends on its configurations. In the real world implementation, the firewall is likely to provide other functionalities such as proxy server services and NAT- network address translation.
The hardware firewall is the specialized appliances which are built to filter the packets between the networks. Most of the common type of hardware firewalls is used to prevent an entire network or a computer from an unauthorized access from an internet. The firewall can be used to control the data flow in the same organizations. This firewall can also be programmed to filter the data packet based on information which contained in a packet. The examples of the 3rd party hardware firewalls such as Bluecoat and Barracuda.
The firewall can also employ a different method to ensures the security, the modern firewall application can perform a wide range of other functions, through the addition of the add on modules such as signature identification, content filtering, network address translation, bandwidth management, URL filtering, network address translation and virus scanning services. These functions are not strictly follows firewall activities. Although the flexibility provided by the firewall coupled with its placement at an edge of the network, makes the firewall as an ideal base for controlling access to the external resources.
Most of the firewall can be configured to offer some level of the content filtering also. It can be done for both outbound and inbound content. For instance a firewall can also be configured to monitor the inbound content, restricting particular websites or certain locations. The firewall can limit the outbound traffic by prohibiting the access to a particular website by maintaining the list of IP addresses or URL. It is often done when an organization like to control employee access to an internet site.
The best method to keep the port secure is to keep it disabled when it is not in use. The ports are contained address extensions within the packet which indicates the purpose of the packet and allows the computer to perform many different things over the wire. To use the application which requires the specific port, and then a port has to open to use the application. Some of the ports will definitely disable or close if not planning using the application associated with them. To check the own system for vulnerabilities to the port security, then use the free program known as superscan to check which port is open and causes the vulnerability to attack,but it is not used by the applications. Once the vulnerabilities are determined, then adjust the individual setting of the host operating system, however, it is easier to configure the firewall and protects most of the hosts at once.
The IP/TCP suite uses the port numbers to determine which service a particular packet is intended for. By configuring the firewalls to allow some types of traffic, will control the flow. For example: an open port 8o on a firewall to permit hypertext transfer protocol request from the user on an internet to reach corporate web servers. Based on the application, open the HTTP secure port, the port 443, to permit access to the secure web server applications.
Stateful inspection vs. packet filtering
The main features which differentiates stateful firewall and the packet filtering firewall is one of intelligence which the firewalls examine the packet. The packet filtering firewalls are configured to recognize static attribute in every packet such as the destination IP address, protocol and the source IP address. It never takes into account the stream of data which would be normal for the protocol and what packet will get next in a normal flow for that particular protocol.
On the other hand, the stateful firewall was able to hold memory in the most significant attribute of every connection. These attributes are known as a connection state, and it includes the IP address, ports such as sequence numbers and the connection which are being used for a connection. Most of the CPU times are spent at the connection beginning, because the stateful firewall will identify the packet, which are simply part of an established and also prescreened session. It makes the filtering more accurate and more efficient for most of the communication session. The stateful firewall was the 1st step in a technical evolution towards IPS and IDS.
The firewall rule allows to determine which types of packet will be allowed over the firewall. This packet can be determined by the protocol, MAC address, even the data or IP address that they comprise. Once the packet is identified, it will subjected to the rule which are configured for the firewalls. Listed below are the options to use the rules of firewalls.
Most of the cases, a decision made by a rule is the simple one, do I block the passage or do I allow the packets to traverse the firewalls? When most of the people think of the firewall, they are mostly thinking to keep thing out, but can use firewalls rule to keep things in the network. On the other words, depends on the IP address source, protocol, MAC address, Content of the message and IP source destination, it is possible to configure the rule not to permit the traffic out of the network. It can be specifically useful to keep the user from sending the sensitive data out of the company walls.
It is probably one of the best type among the firewall settings which will block all the traffic unless the traffic is especially allowed, it is referred as an implicit deny. If the user misses something, then the users never get into the services that it needs, it is the reason behind for considering this implicit deny as best. The most secure kind of the configuration is the one which will never allow the attacker or user access to the resources unless the user specifically configure it. Then the trade off is the one that it requires more work to configure the whole options for a user in the short-term, but an implicit deny can be more secure in the long run.
The decision that the firewalls must take whether to allow the packets through or not. The firewall rules more often comprise access control lists. It will be used to analyze the fate of the packet depends on its protocol, MAC address, destination or/and source IP address or a combination of above thing. The ACL is used to identify the traffic and the rule is used to control a traffic.
The NAT is the service which translates 1 set of the IP addresses to the other set of the IP addresses. This NAT is the service in a right hand, but it is more like the weapon, it goes to the wrong hand. If the attacks can corrupt the NAT tables and so change the real addresses to an attacker proposed address, it can sometimes disrupt the networks. Secure the NAT appliances and routers with the help of required strong passwords for the remote and local access and also controlling who receives those passwords.
While 2 or more computers within inside the single network, which shares one particular address as represented outside of a network, the recommendable only way to keep the network communication channel separate as well as organized by the port designation on every packet. The PAT changes a source address of the packet when it passes over the router or any other device with the help of PAT, appending it with the specific port number. Like that, an attack on the device with the help of PAT can disrupt the network flow by confusing addressing scheme and causing a network to fail. Protect the PAT devices with the help of strong password for the local access and specifically for remote access.
Generally, there are 3 zones are always associated with the firewalls such as demilitarized (DMZ), external and internal. An internal zone is a zone inside of the whole firewalls and it was considered as the protected area whereby most of the critical servers such as sensitive location and domain controllers are located. Then an external zone is the outside area of the firewall which represents a network against that are protecting you. It is a general condition, but not always, an internet. Then DMZ will come into play when has more than 1 firewall. It is the zone which is in between 2 firewalls. It is created with the help of the device which has minimum 3 network connections, and sometimes it is referred as the three pronged firewalls.
Place the servers which are used by the hosts on both the external network and internal networks in a DMZ. The server can be placed in a DMZ such as FTP and VPN servers. The higher security server, such as DHCP servers and domain controllers have to be placed behind the firewalls in an internal zone. The DNS server, which connects to an internet may be placed in an external zone. Keeping the proper resource, in the suitable zone is necessary to the security of the networks.
The DMZ is the part of the network where can place the servers= that must accessible by sources both inside and outside of the network. The military term DMZ is used because it explains an area which has no or little enforcement or policing. Using this DMZ provides the firewall configuration an extraordinary level of protection, complexity and flexibility.
It is essential to learn the difference between packet filtering vs stateful inspection. The main difference between them is an intelligence in which the firewall checks the packets.it makes filtering more accurate and more efficient. Additionally, understand the firewall rules and determine which packet is allowed through the firewall. In that an implicit deny settings is considered as the best type among other types. Likewise ACL helps to identify the traffic. Gain knowledge on the Pat and NAT in relation to the security. Protect the PAT and NAT devices with the help of strong password for the local access and remote access. Finally DMZ is the zone in between 2 firewalls and it might include FTP, web and VPN servers. Place the servers which are used by the hosts on both of the external network and the internal network in the DMZ.