Overview

Introduction to firewalls

Why distributed firewalls??

The new system

Requirements and System Components

Implementation on BSD Linux

Advantages

Discussion

Firewalls!!

Unauthorized access control mechanism

Packet Filter

Application Gateway

Circuit-level Gateway

Proxy-Server

Drawbacks of the
conventional system[2]

Insiders of the netwo rk are trusted

Congestion Points

New protocols which are difficult to be
processed at firewalls

Application specific access controls

From
Firewalls
>>
Distributed Firewalls

Requirements Of The New Firewall

A security policy language(e.g. KeyNote)

An authentication mechanism (e.g.. IPsec.)

A repository to keep credentials.

System Components

A Central Management System

A Transmission System

Implementation of the policies at client side

Implementation of a
distributed firewall on BSD
Linux
Elements of the Implementation

A set of kernel extensions

A user level daemon process

A device driver

Advantages

Enhancement of Performance

Easier protocol filtering

Protection from insider attacks

Filtering can be done as per needs and
credentials

End-to-end encryption improves security
considerably

References
[1] Thames, J Lane., Randal, Abler., and Kneeling, David . A distributed
firewall and active response architecture providing preemptive
protection. A.C.M. March 2008.
[2] Ioannidis, Sotiris., Keromytis, Angelos D., Bellovin, Steve M., and
Smith, Jonathan. Implementing a Distributed Firewall . A.C.M 2000.
[3] Stepanek, Robert. Distributed Firewalls. Seminar on Network
Security: Telecommunication Software and Multimedia Laboratory.
Helsinki University of Technology. 2001.
[4] Wikipedia, the free online encyclopedia. http://en.wikipedia.org

[attachment=7710]

[attachment=7713]

Abstract
Firewalls are central elements of network security. Still, classical firewalls are
subjected to a number of limitations. This is chiefy attributed to the inability in
completely trusting the insiders of the network, topology restrictions and so on. Dis-
tributed firewalls, which are designed for alleviating these weaknesses, promise a new
stronger line of network defense. In distributed firewall system the security policies
are defined centrally but are implemented at the network endpoints like hosts, routers
etc.The implementation of this architecture is quite efficient and easy, espicially in
Linux based systems, providing better administration capabitlities.

Chapter 1
Introduction
Network Security is a topic that has gained significant attention in the present
scenario, where security attacks like intrusion, masquerading, hacking, denial of ser-
vice etc. are being a real threat to confidential affairs. A firewall is a method that
acts as a frontier to defend these attacks and unauthorized traffic. The traffic filtering
done by a firewall is based on a set of ordered filtering rules based on some predefined
security policy requirements. The topic introduces the new firewall technology that
promises a better protection than conventional firewalls − named the Distributed
Firewall system. They reside in induvidual hosts in a network, and protects the en-
terprise network’s servers as well as end user machines.


1.1 Organization Of the Report
1. Chapter 2 introduces what firewall applications are and what the different forms
of conventional firewalls are. The chapter also deals with the flaws of the con-
ventional systems and the need for migrating to distributed firewalls
2. Chapter 3 describes the architechture of the Distributed Firewall - What its
requirements are, its structure and components, and how it works.
3. Chapter 4 illustrates the implementation of a distributed firewall on BSD Linux
Operating System.
4. Chapter 5 points out the advantages of the new system over the existing system.


Chapter 2
Security at the network edge :
Firewalls
Most organisations today uses an internal network that interconnects their com-
puter systems and usually with an access to the internet. So its mandatory that there
must be a significant degree of trust between the hosts connected to a network as
well as some protection mechanisms to assure the confidentiality of the organisation.
But the internet is an inherently insecure network. Every network is susceptible to a
variety of attcks when it interfaces the internet. Some common attacks are:
• Sniffer programs : Sniffer programs moniter the internet traffic for sensitive data
like usernames and passwords, and makes them available to an attacker.
• Port Scanners : Port scanners send messages to some remote host and try to
see if any port is available and waiting to receive a call. Once a port has been
found to be open, an attacker can utilize it to get into the system.
• Dictionary Attacks: These programs run in background mode on a machine.
They encrypt a lot of words and compares each of them with some sensitive
information. They are found to be often successful in such attempts and provides
the attcker with alomost 1/3 rd of the sensitive information.
Firewalls are security applications that can be a part of the computer system
or a network. They are designed to block unauthorized access while permitting au-
thorized communications. They acts as a secure gateway for the whole network.
Conventional firewalls can be classified as[5] :

1. Packet Filters :
Packet filters deploy the basic firewall technique. It inspects every packet incom-
ing into the network and filters them based on a set of predefined rules. They
does not pay attention to whether a packet is a part of an existing stream of traf-
fic and make use of the charcteristics of a packet such as the packets souce and
destination address, its protocol, and for TCP/UDP packets, the port number.
They work on the first three layers of the OSI model.
2. Application Gateway :
Application Gateways apply filtering mechanisms to specific applications. It
allows customized filters to be plugged into the gateway to support address and
port translation for certain application layer control protocols such as FTP, Bit
Torrent, IM etc.
3. Circuit -Level Gateway :
Circuit Layer gatways works at the session layer of the OSI model and applies
specifies security rules when a connection(TCP/UDP) is established to check if
the requested session is legitimate. They allow uninterrupted packet transfer
once the connection has been established. These firewalls are relatively inex-
pensive to implement. But they do not filter induvidual packets
4. Proxy Server :
A proxy server acts as a mediator between clients seeking resources. It intercepts
all packets that enter and leave the network. They filter traffic based on an IP
address or a protocol. They effectively hides the true network addresses.
Conventional firewalls suffer from a number of issues when the degree of security
increases. These loopholes are espicially the points of interest for an attacker or an intruder. Some of the weaknesses found in traditional systems are as follows : -
1. Traditional firewalls assume that every insider in a network can be completely
trusted. As so, internal traffic which is not seen by the firewall cannot be
filtered, and hence naturally they can’t block attcks that originate from within
the organisation itself.
2. As the size of networks are getting larger, they tend to possess a large number
of entry points for performance, failover etc. As there is no system for a unified
and comprehensive management, there is a significant amount of difficulty in
admininstering these networks.
3. End-to-end encryption can prevent firewalls from recognising the contents of
packets. This is a threat to the security of the organisation. Considerable trust
is implied to the users when end-to-end encryption is permitted.