StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Benefits and Limitations of Firewalls and DMZ - Assignment Example

Cite this document
Summary
The author of the present paper "Benefits and Limitations of Firewalls and DMZ" argues in a well-organized manner that when increasing numbers of organizations expose their personal networks to Internet traffic, firewalls turn out to be a basic requirement. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.1% of users find it useful
Benefits and Limitations of Firewalls and DMZ
Read Text Preview

Extract of sample "Benefits and Limitations of Firewalls and DMZ"

?FIREWALLS AND DMZ Firewalls and DMZ Affiliation Overview of Firewalls The augmented utilization of the Internet and the World Wide Web places networks at even larger danger of unwanted threats. Various companies distribute or publish information on the Internet (using web sites), while the remaining companies have workers who distribute information on the Internet from the organization's network or download material from the Internet (Norton, 2001). When increasing numbers of organizations expose their personal networks to Internet traffic, firewalls turn out to be a basic requirement. Because a firewall stops illegal communication inside and outside of the network, facilitating the company to implement a security strategy on traffic running between its network and the Internet (Laudon & Laudon, 1999; Benzel, et al., 2007). Benefits and Limitations of Firewalls There are several advantages of implementing firewalls at the personal level. A firewall based personal security system comprises hardware and/or software that stop an illegal attempts to use data, information, and storage media on a network (Shelly, Cashman, & Vermaat, 2005, p. 574). In addition, a personal firewall is a utility program that perceives and secures a personal computer and its information from illegal access. Personal firewalls continuously check all the inside and outside communications to the computer and notify of any effort of illegal access. Also, Microsoft's operating systems, for instance, Windows XP, incorporate a personal firewall (Shelly, Cashman, Vermaat, Cashman, & Vermaat, 2004, p. 574). Obviously, a firewall itself must be protected and attack proof, if not its capacity to protect links can be diminished. The implementation of firewalls provides several advantages to the organizations. In an organization, a firewall is a computer or router that is located between the trusted and un-trusted computers (Silberschatz, Galvin, & Gagne, 2004, p. 692). It confines the network use between the two security domains, and checks and logs all links. Also, it can confine links based on starting place and target location, source or targeted port, or way of the link. For example, web servers utilize ‘http’ to carry out communication with web browsers. A firewall as a result may permit only http get ahead of, from all hosts external to the firewall simply to the web server inside the firewall (Silberschatz, Gagne, & Galvin, 2004, p. 672). Although, the use of firewalls provides help against security threats, but it is not helpful in all the situations. For instance, a firewall is not useful for the threats that are channeling based or go inside protocols or links that the firewall permits (Ioannidis, Keromytis, Bellovin, & Smith, 2000). Additionally, in case of the firewall installation on a personal computer the speed of processing goes really down that makes the overall processing more problematic and performance slows down because the content of the data and information traffic is checked and confirmed by the firewall. Also, the longer response time in case of web based working and data retrieval. Sometime firewalls are not able to protect computer from internal sabotage inside a network or from permitting other users to right of entry to your PC. Moreover ,Firewalls sometimes present weak protection against viruses' consequently, antiviral software as well as an intrusion detection system or IDS that defends beside port scans and Trojans should as well complement our firewall in the layering protection (Wack, Cutler, & Pole, 2002; Thames, Abler, & Keeling, 2008). The utilization of firewalls in the organizations is not useful in all the situations. For instance, in an organization's business data buffer-overflow threat or attack to a web server cannot be dealt by the firewall for the reason that the http link is permitted; it is basically the contents of the http link that address the attack (Silberschatz, Galvin, & Gagne, 2004, p. 673). Also, denial of service attacks in an organizational structure are dangerous for firewalls to the extent that any other machines. An additional weakness of firewalls is spoofing, in which an unauthorized host becomes an authorized host by gathering various permission criterion. For instance, if a firewall permits a link from a host and recognizes that host by its IP address, then one more host could distribute the packet by means of that similar address and be permitted by the firewall (Silberschatz, Gagne, & Galvin, 2004, p. 673). Explanation of DMZ As indicated by the figire1, in the scenario of a computer network, a DMZ (demilitarized zone) is used as a small network or computer host that is established as a "neutral zone" in the middle of an organization’s internal network and the outside public network such as the Internet. The basic purpose of implementing this small network is to stop outside users from getting direct access to a server on which organizational data and information are stored. Moreover, it is believed that a DMZ is a non-compulsory however more secure mechanism used in a firewall as well as efficiently works as a proxy server (Rouse, 2007). DMZ Diagram Figure 1DMZ Diagram, Image Source: http://i.stack.imgur.com/aFNLH.jpg What other security devices would you suggest when using a DMZ? I would suggest using a dual firewall that makes use of two firewalls in order to ensure the privacy and security of data. I would also suggest the use of a Honeynet, a network that is based on one or more honeypot computers. The basic purpose of this network is to trap illegitimate users either so they can be tracked or caught, or to distract them from the network's actual resources (Shinder, 2005). Implementation of Policies for Firewalls A firewall principally works by examining the query and information that travel between the private network and the Internet. If a query or information does not follow the firewall's security rules, it is blocked from moving any more. Actually, a firewall can divide a network into several domains. A general execution of the firewall has the Internet as a un-trusted domain; a semi trusted and a semi secure network, acknowledged as the demilitarized zone (DMZ), as an additional domain; and an organization’s computer as a third domain. Furthermore, links are permitted from the Internet to the DMZ computers and from the organization's computers to the Internet; however, links are not permitted from the Internet or DMZ computers to organization’s computers. Alternatively, limited communications may be permitted between the DMZ and one or additional organization’s computers. For example, a web server on the DMZ may require querying a database server on the organization’s network. With the firewall, all the connections are controlled, and the DMZ systems that are divided into based on the protocols permitted through the firewall still are incapable to establish a link to the organization’s computers (Silberschatz, Gagne, & Galvin, 2004, p. 673). Provide examples of things that you would allow into your DMZ but not your internal network and why? As we have discussed above, a DMZ is established between trusted (internal) network and an open (internet) network with the purpose of increasing the security and privacy of organizational data and other resources. For instance, any communication or data transfer can be possible between DMZ hosts and outside hosts but only on condition if they are identified. However, the internal network will not be allowed to communicate directly with outside sources. The reason is that DMZ is implemented to secure the internal network. If an external network wants to connect to the internal network then it must come through DMZ once it is authenticated, it can be connected to the internal network (stack exchange INC, 2013). References Benzel, T., Braden, R., Kim, D., Neuman, C., Joseph, A., Sklower, K., . . . Schwab, S. (2007). Design Deployment and use of the DETER testbed. In Proceedings of the DETER Community Workshop on Cyber-Security and Test. Boston. Ioannidis, S., Keromytis, A. D., Bellovin, S. M., & Smith, J. M. (2000). Implementing a Distributed Firewall. Conference on Computer and Communications Security Proceedings of the 7th ACM conference on Computer and communications security (pp. 190-199). Athens, Greece: ACM. Laudon, K. C., & Laudon, J. (1999). Management Information Systems: Organisation and Technology in the Networked Enterprise, 6th Edition. New York: Pearson. Rouse, M. (2007). DMZ (demilitarized zone). Retrieved from TechTarget.com: http://searchsecurity.techtarget.com/definition/DMZ Shelly, G. B., Cashman, T. J., Vermaat, M., Cashman, T. J., & Vermaat, M. E. (2004). Discovering Computers 2005: A Gateway to Information. Gage Learning. Shinder, D. (2005, June 29). SolutionBase: Strengthen network defenses by using a DMZ. Retrieved from http://www.techrepublic.com/article/solutionbase-strengthen-network-defenses-by-using-a-dmz/ Silberschatz, A., Gagne, G., & Galvin, P. B. (2004). Operating System Concepts, 7th Edition. New York: John Wiley & Sons, Inc. stack exchange inc. (2013). Accessing data in internal production databases from a web server in DMZ. Retrieved from http://stackoverflow.com/questions/4138167/accessing-data-in-internal-production-databases-from-a-web-server-in-dmz Thames, J. L., Abler, R., & Keeling, D. (2008). A distributed firewall and active response architecture providing preemptive protection. ACM-SE 46 Proceedings of the 46th Annual Southeast Regional Conference on XX (pp. 220-225). New York: ACM. Wack, J., Cutler, K., & Pole, J. (2002). Guidelines on Firewalls and Firewall Policy. Gaithersburg, MD: National Institute of Standards and Technology. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Firewalls and DMZ Assignment Example | Topics and Well Written Essays - 1000 words”, n.d.)
Firewalls and DMZ Assignment Example | Topics and Well Written Essays - 1000 words. Retrieved from https://studentshare.org/information-technology/1487630-firewalls-and-dmz
(Firewalls and DMZ Assignment Example | Topics and Well Written Essays - 1000 Words)
Firewalls and DMZ Assignment Example | Topics and Well Written Essays - 1000 Words. https://studentshare.org/information-technology/1487630-firewalls-and-dmz.
“Firewalls and DMZ Assignment Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1487630-firewalls-and-dmz.
  • Cited: 0 times

CHECK THESE SAMPLES OF Benefits and Limitations of Firewalls and DMZ

Network and computer intrusion threats

This paper 'Network and computer intrusion threats' was developed to assist the researcher and his dissertation committee grasps the understanding and scope for the proposed study, which allowed the core functionality of the direction of the research.... ... ... ... This paper will focus on briefly describing the various concepts of the study in order to examine how they conclude and define the overall study objectives....
39 Pages (9750 words) Essay

Information Technology Security

Upon the client's end, access control benefits ought to be disavowed in an opportune way.... This paper ''Information Technology Security'' tells that Methodology for information ought to be controlled through a method that ensures the client access rights for Spiderweb which reflect characterized and employment prerequisites....
12 Pages (3000 words) Essay

IT Issues Analysis

In addition to that, firewalls on the computers should not block remote procedure call (RPC) needed by DFS and its root server (Microsoft, 2006).... he benefits that IPv6 offers surpass the limitations that IPv4 has.... Although DFS presents many advantages, it also has limitations such as running out of capacity, a restriction that does not arise from physical storage limitations.... Importance and benefits of IPV6 over IPV4 : a study....
2 Pages (500 words) Assignment

The Security of Networking

Information center operators, network administrators, and other information The article covers the basics of protected networking systems, including firewalls, network topology, and safety protocols.... The paper "The Security of Networking" states as the complexity of safety threats increases, so do the security mechanisms necessary to safeguard networks....
12 Pages (3000 words) Essay

Security Options

In the paper 'Security Options' the author analyzes the Computer Security concentration, which focuses on basic security matters that occur in the design, study, and execution of distributed systems.... This concentration offers in-detail coverage of the hypothesis and relevance of identity.... ... ...
8 Pages (2000 words) Assignment

Information Security Practice In The Company Activity

The World Wide Web has emerged as a significant tool for businesses in gaining a competitive advantage.... The paper "Information Security Practice In The Company Activity" discusses guarding electronic resources against the intrusion threats as an issue related to the business imperative.... ... ...
60 Pages (15000 words) Dissertation

Advanced Network Management and Design

This coursework "Advanced Network Management and Design" focuses on an IT service Upgrade Announcement that was made for making the Graystone Industries computer network resilient and compatible with current trends.... Several solutions to cater business needs are addressed.... .... ... ... The primary objectives of Upgrade Announcement are a) Improving IT services and increasing collaboration enterprise-wide (throughout the organization)....
9 Pages (2250 words) Coursework

XP Windows Operating Systems

The paper "XP Windows Operating Systems" discusses some of the security features that are customized in the Windows XP OS.... The success of the Windows XP operating system can be attributed to several factors including the security measures that have been put in place.... .... ... ... The home edition of Windows XP was almost the first OS to be enabled with personalized login ability....
18 Pages (4500 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us