21-07-2011, 11:41 AM
SUBMITTED BY
NEELAM SURIN
[attachment=14681]
Internet Security and Firewall Design
INTRODUCTION
Security in an internet is difficult because security involves understanding when and how participating users, computers, services, and networks can trust one another as well as understanding the technical details of network hardware and protocols.
Perimeter Security
Perimeter security allows an organization to determine the services and networks it will make available to outsides and the extent to which outsiders can use resources.
Firewalls and Internet Access
Mechanisms that control internet access handle the problem of screening a particular network or an organization from unwanted communication.
Firewall Implementation
A firewall simply blocks all unauthorized communication between computers in the organization and computers outside the organization.
Security and packet Filter Specification :
Above mechanism does not work well for an effective firewall.There are three reasons:
The number of well-known ports is large and growing rapidly. Thus, listing each service requires a manager to update the list continually .
Much of the traffic on an internet does not travel to or from a well-known port.
Listing ports of well-known services leaves the firewall vulnerable to tunneling. Tunneling can circumvent security if a host or router on the inside agrees to accept encapsulated datagrams from an outsider, remove one layer of encapsulation, and forward the datagram on to the service that would otherwise be restricted by the firewall.
The Consequence of Restricted Access for Clients
It prevents an arbitrary computer inside the firewall from becoming a client that accesses a service outside the firewall
Proxy Access Through a Firewall
An organization can only provide safe access to outside services through a secure computer.
Instead of trying to make all computer systems in the organization secure, an organization usually associates one secure computer with each firewall, and install a set of application gateways on that computer. It is called a bastion host. Figure 2.2 illustrates the concept.
The Details of Firewall Architecture
Conceptually, each of the barriers shown in Figure 32.7 requires a router that has a packet filter. Networks interconnect the routers and bastion host.