|
Background Demilitarized Zone (DMZ) Services Firewall/Gateway Internal Services Internal Clients Future Plans
|
|
Network and Computer Services: Firewall/Gateway
The firewall is the most crucial component of our network. It is our gateway to the Internet: All network traffic to and from
the rest of Internet must pass though this machine. While this may obviously slow Internet access from within the subnet slightly, it's security
advantage is invaluable as it impedes attacks toward our LAN from the outside.
The firewall consists of a separate, dedicated, and rack mounted computer in the same location as our main switches. For
obvious reasons, this particular room is kept secure; only authorized network administrators are allowed access. Our firewall machine is a Linux
box with two network cards and physically interrupts the connection between the rest of the university (connected to the first Ethernet card) and
the main BIC switch (connected to the second Ethernet card).
- 1. What does our firewall protect us from?
- 2. What can not our firewall protect us from?
- 3. How does our firewall do this?
1. What does our firewall protect us from? In order to better understand what our firewall protects us from we need to know some basic facts about how computers
communicate. Computers communicate by passing messages called packets. Each networked computer has a network
address, called an IP (Internet Protocol) address. Computers use this address to indicate which computer gets which packets as well
as from which computers the packets come.
The main protocols for packets were designed at a time when it was reasonable to assume there were no hostile or
dangerously dysfunctional parties on the network. Unfortunately, such is no longer the case. The main ways packets can be
used against us are:
Spoofing
Eavesdropping
Denial of Service (DOS)
Buffer overflows
Each of these techniques can be used in some manner to either destroy, corrupt, or replace our data.
2. What can not our firewall protect us from? A firewall is not the end all be all of security. For a properly operating and correctly configured firewall,
there are two main sources of security breaches:
Malicious insiders -- as you may suspect these are users who knowingly and willingly use their legitimate
access to perpetrate some unacceptable behavior.
Foolish or unlucky insiders -- these users, through their legitimate access, unkowingly or unintentionally
cause some unacceptable results.
For example, the user deletes or corrupts his own or another user's data. Alternatively, the user brings viruses in on disk or
download them from the Internet.
3. How does our firewall do this? First and foremost, our firewall provides a focus for security decisions. Second, our firewall enforces a security
policy through the following mechanisms:
IP filtering -- The main feature of a Linux firewall is a specially compiled kernel that provides IP
filtering capabilities. The process involved is explained in detail online at:
Firewall Howto
IP filtering involves ...
Proxy Server -- Squid
System Hardening -- Finally, a firewall should be a stripped down machine. For instance, there should
be no unnecessary users or groups (ftp, lpr, quest, etc ...), no unnecessary services (http, telnet, ftp, ...),
and the only significant upper level task running should be IP filtering. It should go without mention
that a firewall
machine should have an exceedingly long, obtuse, and unique root password. A useful hardening utility is
Bastille Linux.
Network Intrusion Detection Systems (NIDS) -- NIDS are programs which monitor access to the machine and
changes made to the files, in order to detect when intruders gain access to the machine or make changes to files.
Two useful NIDS programs are
Snort and
Prelude.
|
