Firewalls Network Security Analysis - Essay Example

Question: Firewalls provide complete security from hacking. Discuss this in terms of privacy and information access. Computers are commanding tools that facilitate store and carry out tasks on large amounts of data rapidly. Most individuals and organizations make use of computers to manage bookkeeping, track inventory, and store documents. Moreover, they often need several people to enter and process data at the same time so they can share information networks, which are a collection of computers linked by cable or other media. However, there are different hackers associated to these network structures such as personal information thief, business information hacking and virus attacks are the contemporary problems in the network communication and data transfer areas (Frederick, 2002). Nevertheless, some experts believe that firewalls are an effective solution to deal with these issues. This essay will discuss the implementation of the firewall technology for the enhanced security of any business or personal network. Also, it will outline and analyze firewalls security matters, effectiveness, and methodologies in addition to implemented in individual and organizations. The terms security and privacy are associated with data and information, which are important part for organizations as well as individuals. Security comprises the rules, actions, and technical measures used to stop illegal access or modification, theft, and physical damage to the database (Laudon & Laudon, 1999, p. 502). Privacy refers to right of individuals and organizations to disallow or confine the compilation and utilizations of information about them and most organizations carry out their business activities on the Internet, and at the present, securing information on the Internet has become a challenge for the organizations as well as individuals. In addition, the aim of information security is the safety of data from unexpected or worldwide threats to their reliability and utilization. Because the utilization of data and information has become out to be more open through the Internet, business intranets, and from mobile computing devices. Therefore, applying data security efficiently has become more complicated and time taking (Shulman, 2006), (Norton, 2001) and (Hoffer, Prescott, & McFadden, 2007, p. 499). The augmented utilization of the Internet and the World Wide Web places networks at even larger danger of unwanted threats. Various companies distribute or publish information on the Internet (using web sites), while remaining companies have workers who distribute information to the Internet from the organization network or download material from the Internet (Norton, 2001). When increasing numbers of organizations expose their personal networks to Internet traffic, firewalls turn out to be a basic requirement. Because a firewall stops illegal communication inside and outside of the network, facilitating the company to implement a security strategy on traffic running between its network and the Internet (Laudon & Laudon, 1999) and (Benzel, et al., 2007). In addition, firewall principally works by examining the query and information that travel between the private network and the Internet. If a query or information does not follow the firewalls security rules, it is blocked from moving any more. Actually, a firewall can divide a network into several domains. A general execution of the firewall has the Internet as an un-trusted domain; a semi trusted and a semi secure network, acknowledged as the demilitarized zone (DMZ), as an additional domain; and an organization’s computers as a third domain. Furthermore, links are permitted from Internet to the DMZ computers and from the organizations computers to the Internet; however, links are not permitted from the Internet or DMZ computers to organization’s computers. Alternatively, limited communications may be permitted between the DMZ and one or additional organization’s computers. For example, a web server on the DMZ may require querying a database server on the organization’s network. With the firewall, all the connections are controlled, and the DMZ systems that are divided into based on the protocols permitted through the firewall still are incapable to establish a link to the organization’s computers (Silberschatz, Galvin, & Gagne, 2004, p. 673). Network managers can utilize an assortment of techniques for building firewalls and usually utilize a mixture of different methods (Norton, 2001, pp. 368-370) and (Ftima, Karoui, & Ghzela, 2008). The first and the most common technique of firewall is a proxy server. A proxy server is similar to a "second server" and conceals the actual network server from the Internet. The proxy server inspects every packet that comes inside and goes outside the network by means of the Internet, preventing any information that does not follow security rules or measures. For instance, an administrator can develop a proxy server to stop user access to specific types of Web sites (Norton, 2001). Second technique for firewall implementation is known as a packet filter. Packet filter checks (or filters) each packet of data that comes inside or goes outside the network by means of a router. In addition, the filter utilizes a collection of security measures offered by the company’s network administrator. If any packet does not follow the security rules and measures, it is not permitted to carry on (Norton, 2001). Third, most common technique of firewall implementation is an application gateway. An application gateway inflicts unusual security limitations on definite Internet services, for instance, e-mail and FTP. Also, an application gateway is a useful technique for stopping threats to private networks (Norton, 2001). Fourth technique for firewall implementation is known as a circuit gateway. A circuit gateway inflicts security rules or limitations on definite connections, for instance, a TCP/IP connection between a remote computer and network server (Norton, 2001). There are several advantages of implementing firewalls at the personal level. A firewall based personal security system comprises hardware and/or software that stop an illegal attempts to use data, information, and storage media on a network (Shelly, Cashman, & Vermaat, 2005, p. 574). In addition, a personal firewall is a utility program that perceives and secures a personal computer and its information from illegal access. Personal firewalls continuously check all the inside and outside communications to the computer and notify of any effort of illegal access. Also, Microsofts operating systems, for instance, Windows XP, incorporate personal firewall (Shelly, Cashman, & Vermaat, 2005, p. 574). Obviously, a firewall itself must be protected and attack proof, if not its capacity to protect links can be diminished. Although, the use of firewalls provides help against security threats, but it is not helpful in all the situations. For instance, a firewall is not useful for the threats that are channeling based or go inside protocols or links that the firewall permits (Ioannidis, Keromytis, Bellovin, & Smith, 2000). Additionally, in case of the firewall installation on a personal computer the speed of processing goes really down that makes the overall processing more problematic and performance slows down because content of the data and information traffic is checked and confirmed by the firewall. Also, the longer response time in case of web based working and data retrieval. Sometime firewalls are not able to protect computer from internal sabotage inside a network or as of permitting other users to right of entry to your PC. Moreover ,Firewalls sometimes present weak protection against viruses consequently, antiviral software as well as an intrusion detection system or IDS that defends beside port scans and Trojans should as well complement our firewall in the layering protection (Wack, Cutler, & Pole, 2002) and (Thames, Abler, & Keeling, 2008). The implementation of firewalls provides several advantages to the organizations. In an organization, a firewall is a computer or router that is located between the trusted and un-trusted computers (Silberschatz, Galvin, & Gagne, 2004, p. 692). It confines the network use between the two security domains, and checks and logs all links. Also, it can confine links based on starting place and target location, source or targeted port, or way of the link. For example, web servers utilize ‘http’ to carry out communication with web browsers. A firewall as a result may permit only http get ahead of, from all hosts external to the firewall simply to the web server inside the firewall (Silberschatz, Galvin, & Gagne, 2004, p. 672). The utilization of firewalls in the organizations is not useful in all the situations. For instance, in an organization business data buffer-overflow threat or attack to a web server cannot be dealt by the firewall for the reason that the http link is permitted; it is basically the contents of the http link that address the attack (Silberschatz, Galvin, & Gagne, 2004, p. 673). Also, denial of service attacks in an organizational structure are dangerous for firewalls to the extent that any other machines. An additional weakness of firewalls is spoofing, in which an unauthorized host becomes an authorized host by gathering various permission criterion. For instance, if a firewall permits a link from a host and recognizes that host by its IP address, then one more host could distribute the packet by means of that similar address and be permitted by the firewall (Silberschatz, Galvin, & Gagne, 2004, p. 673). In conclusion, this essay has discussed that implementation of firewall at the personal and organizational level. This essay has shown that the implementation of firewalls at organizational as well as individual level has become necessary for security purposes. This technology offers a better and enhanced structure for the better security management and handling. However, firewalls are not the ultimate solution against security threats. Also, this essay has discussed the threats for which firewalls are not useful. Organizations and individuals should use firewalls with the combination of other effective techniques. Bibliography Benzel, T., Braden, R., Kim, D., Neuman, C., Joseph, A., Sklower, K., et al. 2007. Design Deployment and Use of the DETER Testbed In Proceedings of the DETER Community Workshop on Cyber-Security and Test. Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007 (pp. 1-1). Boston, MA: USENIX Association Berkeley, CA, USA . Firewall. (1994). Firewall Gateways. Available at: http://docs.google.com/gview?a=v&q=cache:MkSjCAroKoUJ:www.wilyhacker.com/1e/chap03.pdf+firewall+filetype:pdf&hl=en&gl=pk&pid=bl&srcid=ADGEEShxJRpcn0RuhFsx6ZGzFT-mVC5w-rxk68_feZQTu31hZIGNgcN40j8ondhVow4q43y_SOlfwsuhk2LKiaup-DlilDGHxwq9mYikg943EiU7xlTpwQ_gk[Accessed 20 November 2009]. Frederick, K. K. 2002. Evaluating Network Intrusion Detection Signatures, Part One. Available at: http://www.securityfocus.com/infocus/1623[Accessed 20 November 2009]. Ftima, F. B., Karoui, K., & Ghzela, H. B. 2008. A secure mobile agents approach for anomalies detection on firewalls . International Conference on Information Integration and web-based Applications and Services, Proceedings of the 10th International Conference on Information Integration and Web-based Applications & Services (pp. 689-693). Linz, Austria : ACM New York, NY, USA . Grennan, M. 2000. Firewall and Proxy Server HOWTO. Available at: http://docs.google.com/gview?a=v&q=cache:1P_kldYNK8MJ:www.ibiblio.org/pub/Linux/docs/howto/other-formats/pdf/Firewall-HOWTO.pdf+firewall+filetype:pdf&hl=en&gl=pk&pid=bl&srcid=ADGEESiCHENGGT_BcIl7PM0MGReqX9-uO5S7O8GlLuc442Xd_4SAjoTb-OIPmjvzHrH0Ej1H5nGKteDV[Accessed 20 November 2009]. Hoffer, J. A., Prescott, M. B., & McFadden, F. R. 2007. Modern Database Management, Eighth Edition. Pearson Education, Inc. Ioannidis, S., Keromytis, A. D., Bellovin, S. M., & Smith, J. M. 2000. Implementing a distributed firewall . Conference on Computer and Communications Security Proceedings of the 7th ACM conference on Computer and communications security (pp. 190 - 199 ). Athens, Greece : ACM New York, NY, USA . Laudon, K. C., & Laudon, J. P. 1999. Management Information Systems, Sixth Edition. New Jersey: Prentice Hall . Nash, J. (2000). Networking Essentials, MCSE Study Guide. California: IDG Books Worldwide, Inc. Neuman, C., Dayama, D., & Viswanathan, A. 2005. Emulating an Embedded Firewall. University of Southern California . Neumann, A. L. (2004). The Great Firewall. A CPJ Briefing , Available at: http://docs.google.com/gview?a=v&q=cache:grJmE6PhTQEJ:www.libertyparkusafd.org/lp/Hale/Special%2520Reports/Communist%2520China/The%2520Great%2520Firewall.pdf+firewall+filetype:pdf&hl=en&gl=pk&pid=bl&srcid=ADGEESiFykkg7qOtLSN5em2NgxyUlMCrTYSWaTHXB9YcjivEl5[Accessed 20 November 2009]. Norton, P. 2001. Introduction to Computers, Fourth Edition. Singapore: McGraw-Hill. Shelly, Cashman, & Vermaat. 2005. Discovering Computers 2005. Boston: Thomson Course Technology. Shulman, A. 2006. Top Ten Database Security Threats. Available at: http://www.schell.com/Top_Ten_Database_Threats.pdf [Accessed 20 November 2009]. Silberschatz, A., Galvin, P. B., & Gagne, G. 2004. Operating System Concepts (7th Edition). New York: Wiley. Thames, J. L., Abler, R., & Keeling, D. 2008. A distributed firewall and active response architecture providing preemptive protection . ACM Southeast Regional Conference, A distributed firewall and active response architecture providing preemptive protection (pp. 220-225 ). Auburn, Alabama: ACM New York, NY, USA. Wack, J., Cutler, K., & Pole, J. 2002. Guidelines on Firewalls andFirewall Policy. Recommendations of the National Instituteof Standards and Technology: NIST Special Publication 800-41 . Read More