Computer and Hardware Resources
English  English   French  French   German German Portuguese Portuguese   Spanish Spanish   Russian Russian
Internet Firewall Security

Home > Security > Internet Firewall

 

Internet Firewall

The mechanism provides an internet access only to the legal member of it. It helps preventing the outsiders from obtaining information. Changing information or disrupting communication in an organization’s internal internet. Unlike the authentication and privacy mechanisms which can be added to application programs internet access control usually requires changes to basic components of the internet infrastructure.

The mechanisms places a block known as Internet Firewall at the entrance to the part of the internet to be protected For eg. An organization can place a firewall at its connection to the global internet to protect it from unwanted access. A firewall divides an internet to two regions i.e, Inside & outsiders as shown below.

If an organization has multiple external Connections, then it must form a security perimeter by installing a firewall at each external connection. The organization must co-ordinate all firewall to use exactly the same access restrictions to achieve the best access control.

To prevent unwanted access, the firewall of an organization must be secured. However the user on the inside need a safe mechanism that provides access to services outside, the safe access to outside services can be provided by an organization by using a secure computer. Which is associated with a firewall. Such a secure computer is called a bastion host (bastion means an object used for strengthening). The structure of firewall with bastion host is as shown below.

The firewall provides safe access through two barriers. The outer barrier blocks all in coming traffic except the datagram destined for services on the bastion host. The inner barrier block in coming traffic except datagrams that originate on the bastion host. Most firewall also include a manual bypass that enables managers to pass some or all traffic between a host inside the organization and outside.

Firewall Implementation

A firewall theoretically blocks all unauthorized communication between computers inside and outside the organization. In practice the blocking details depend on the networking technology, traffic, speed etc. therefore a difficult arises in the construction of a firewall is the processing power required. A firewall requires sufficient computational power to examine the connections, speeds etc. Because some networks may have low speed connections while some other operate at higher speeds. Thus to operate at network speeds firewall must have hardware and software designed to handle the task. Therefore firewall are implemented with filter mechanism. A manager can therefore configure the filter in a router and request the router to block specified datagrams. The most commonly used filter is packet filter which increases the normal routing and permits the packet processing.

Packet filter considers each datagram separately when a datagram arrives, the router passes the datagram through its packet filter before any operation. If the filter rejects the datagram, on capability and the interface of router. He configures the filter with the information containing source & destination IP address, Protocol. Protocol port numbers of source and destination to block the packets either incoming or outgoing.

Example: A filter configured with the following information blocks the packets either arriving at interface 2 or going out of interface 1.

Since the list shown in is very small, the firewall satisfactorily works. In reality, the number of wall known ports is large, the services like remote procedures call (RPC) assign ports dynamically techniques like tunneling may be used. In such case the firewall may not be work errectively.

The firewall to be efficient must use packet filter effectively. This can be done by reversing the above process. I.e, firewall should be configured to block all datagram except those destined for specific networks, hosts and protocol ports for which the external communication has been approved.

Monitoring Firewall

Monitoring is one of the important aspects of firewall design. It helps the network manager to keep records of incidents taking place. Monitoring can be active or passive.

In active monitoring the firewall informs the manager whenever an incident occurs. The advantages of this type operates is very fast. The disadvantages is, it produces lot of information that a manager is unable to see all details. In passive monitoring a fire wall logs a records of each incident in on a disk. A manager can access the log & get the information whenever needed. The advantage is it gives a sequence of records for the incidents occurring.

More Information
Computer tutorials
Hacking
Internet Security
Public Key Encryption
Programming Components
Software Development
Trans Impairment
Error Correction Methods
Radio Wave Propagation Types
Programming
Conjestion Management
Pulse Code
Windows Protocol
Assembler
Framework .NET
Delphi
JAVA
PASCAL Language
Offshore Software
Computer Rentals

Related Information
Mutual Funds
Image Management
Related: Public Key Encryption | Hacking
Copyright © 2005 LigatureSoft. All Rights Reserved.