Benefits and Limitations of Firewalls and DMZ - Assignment Example

?FIREWALLS AND DMZ Firewalls and DMZ Affiliation Overview of Firewalls The augmented utilization of the Internet and the World Wide Web places networks at even larger danger of unwanted threats. Various companies distribute or publish information on the Internet (using web sites), while the remaining companies have workers who distribute information on the Internet from the organization's network or download material from the Internet (Norton, 2001). When increasing numbers of organizations expose their personal networks to Internet traffic, firewalls turn out to be a basic requirement. Because a firewall stops illegal communication inside and outside of the network, facilitating the company to implement a security strategy on traffic running between its network and the Internet (Laudon & Laudon, 1999; Benzel, et al., 2007). Benefits and Limitations of Firewalls There are several advantages of implementing firewalls at the personal level. A firewall based personal security system comprises hardware and/or software that stop an illegal attempts to use data, information, and storage media on a network (Shelly, Cashman, & Vermaat, 2005, p. 574). In addition, a personal firewall is a utility program that perceives and secures a personal computer and its information from illegal access. Personal firewalls continuously check all the inside and outside communications to the computer and notify of any effort of illegal access. Also, Microsoft's operating systems, for instance, Windows XP, incorporate a personal firewall (Shelly, Cashman, Vermaat, Cashman, & Vermaat, 2004, p. 574). Obviously, a firewall itself must be protected and attack proof, if not its capacity to protect links can be diminished. The implementation of firewalls provides several advantages to the organizations. In an organization, a firewall is a computer or router that is located between the trusted and un-trusted computers (Silberschatz, Galvin, & Gagne, 2004, p. 692). It confines the network use between the two security domains, and checks and logs all links. Also, it can confine links based on starting place and target location, source or targeted port, or way of the link. For example, web servers utilize ‘http’ to carry out communication with web browsers. A firewall as a result may permit only http get ahead of, from all hosts external to the firewall simply to the web server inside the firewall (Silberschatz, Gagne, & Galvin, 2004, p. 672). Although, the use of firewalls provides help against security threats, but it is not helpful in all the situations. For instance, a firewall is not useful for the threats that are channeling based or go inside protocols or links that the firewall permits (Ioannidis, Keromytis, Bellovin, & Smith, 2000). Additionally, in case of the firewall installation on a personal computer the speed of processing goes really down that makes the overall processing more problematic and performance slows down because the content of the data and information traffic is checked and confirmed by the firewall. Also, the longer response time in case of web based working and data retrieval. Sometime firewalls are not able to protect computer from internal sabotage inside a network or from permitting other users to right of entry to your PC. Moreover ,Firewalls sometimes present weak protection against viruses' consequently, antiviral software as well as an intrusion detection system or IDS that defends beside port scans and Trojans should as well complement our firewall in the layering protection (Wack, Cutler, & Pole, 2002; Thames, Abler, & Keeling, 2008). The utilization of firewalls in the organizations is not useful in all the situations. For instance, in an organization's business data buffer-overflow threat or attack to a web server cannot be dealt by the firewall for the reason that the http link is permitted; it is basically the contents of the http link that address the attack (Silberschatz, Galvin, & Gagne, 2004, p. 673). Also, denial of service attacks in an organizational structure are dangerous for firewalls to the extent that any other machines. An additional weakness of firewalls is spoofing, in which an unauthorized host becomes an authorized host by gathering various permission criterion. For instance, if a firewall permits a link from a host and recognizes that host by its IP address, then one more host could distribute the packet by means of that similar address and be permitted by the firewall (Silberschatz, Gagne, & Galvin, 2004, p. 673). Explanation of DMZ As indicated by the figire1, in the scenario of a computer network, a DMZ (demilitarized zone) is used as a small network or computer host that is established as a "neutral zone" in the middle of an organization’s internal network and the outside public network such as the Internet. The basic purpose of implementing this small network is to stop outside users from getting direct access to a server on which organizational data and information are stored. Moreover, it is believed that a DMZ is a non-compulsory however more secure mechanism used in a firewall as well as efficiently works as a proxy server (Rouse, 2007). DMZ Diagram Figure 1DMZ Diagram, Image Source: http://i.stack.imgur.com/aFNLH.jpg What other security devices would you suggest when using a DMZ? I would suggest using a dual firewall that makes use of two firewalls in order to ensure the privacy and security of data. I would also suggest the use of a Honeynet, a network that is based on one or more honeypot computers. The basic purpose of this network is to trap illegitimate users either so they can be tracked or caught, or to distract them from the network's actual resources (Shinder, 2005). Implementation of Policies for Firewalls A firewall principally works by examining the query and information that travel between the private network and the Internet. If a query or information does not follow the firewall's security rules, it is blocked from moving any more. Actually, a firewall can divide a network into several domains. A general execution of the firewall has the Internet as a un-trusted domain; a semi trusted and a semi secure network, acknowledged as the demilitarized zone (DMZ), as an additional domain; and an organization’s computer as a third domain. Furthermore, links are permitted from the Internet to the DMZ computers and from the organization's computers to the Internet; however, links are not permitted from the Internet or DMZ computers to organization’s computers. Alternatively, limited communications may be permitted between the DMZ and one or additional organization’s computers. For example, a web server on the DMZ may require querying a database server on the organization’s network. With the firewall, all the connections are controlled, and the DMZ systems that are divided into based on the protocols permitted through the firewall still are incapable to establish a link to the organization’s computers (Silberschatz, Gagne, & Galvin, 2004, p. 673). Provide examples of things that you would allow into your DMZ but not your internal network and why? As we have discussed above, a DMZ is established between trusted (internal) network and an open (internet) network with the purpose of increasing the security and privacy of organizational data and other resources. For instance, any communication or data transfer can be possible between DMZ hosts and outside hosts but only on condition if they are identified. However, the internal network will not be allowed to communicate directly with outside sources. The reason is that DMZ is implemented to secure the internal network. If an external network wants to connect to the internal network then it must come through DMZ once it is authenticated, it can be connected to the internal network (stack exchange INC, 2013). References Benzel, T., Braden, R., Kim, D., Neuman, C., Joseph, A., Sklower, K., . . . Schwab, S. (2007). Design Deployment and use of the DETER testbed. In Proceedings of the DETER Community Workshop on Cyber-Security and Test. Boston. Ioannidis, S., Keromytis, A. D., Bellovin, S. M., & Smith, J. M. (2000). Implementing a Distributed Firewall. Conference on Computer and Communications Security Proceedings of the 7th ACM conference on Computer and communications security (pp. 190-199). Athens, Greece: ACM. Laudon, K. C., & Laudon, J. (1999). Management Information Systems: Organisation and Technology in the Networked Enterprise, 6th Edition. New York: Pearson. Rouse, M. (2007). DMZ (demilitarized zone). Retrieved from TechTarget.com: http://searchsecurity.techtarget.com/definition/DMZ Shelly, G. B., Cashman, T. J., Vermaat, M., Cashman, T. J., & Vermaat, M. E. (2004). Discovering Computers 2005: A Gateway to Information. Gage Learning. Shinder, D. (2005, June 29). SolutionBase: Strengthen network defenses by using a DMZ. Retrieved from http://www.techrepublic.com/article/solutionbase-strengthen-network-defenses-by-using-a-dmz/ Silberschatz, A., Gagne, G., & Galvin, P. B. (2004). Operating System Concepts, 7th Edition. New York: John Wiley & Sons, Inc. stack exchange inc. (2013). Accessing data in internal production databases from a web server in DMZ. Retrieved from http://stackoverflow.com/questions/4138167/accessing-data-in-internal-production-databases-from-a-web-server-in-dmz Thames, J. L., Abler, R., & Keeling, D. (2008). A distributed firewall and active response architecture providing preemptive protection. ACM-SE 46 Proceedings of the 46th Annual Southeast Regional Conference on XX (pp. 220-225). New York: ACM. Wack, J., Cutler, K., & Pole, J. (2002). Guidelines on Firewalls and Firewall Policy. Gaithersburg, MD: National Institute of Standards and Technology. Read More