Firewalls: Great Network Security Devices - Research Paper Example

FIREWALLS: GREAT NETWORK SECURITY DEVICES, BUT NOT A "SILVER BULLET" SOLUTION Firewalls: Great Network Security Devices, but Not a "Silver Bullet" Solution Author Author’s Affiliation Date Table of Contents Need for Firewalls 3 Network Security Management through Firewall 6 Firewalls Security Services 7 Packet Filters 8 Proxy Servers 8 Stateful Packet Filters 9 Security Firewalls: Issues and Challenges 10 Conclusion 11 References 12 Introduction A network firewall is used to secure a computer system or a server from illegal access. Additionally, network firewalls can be based on software applications, hardware devices or a combination of these two systems. Network firewalls protect an institution’s or organization’s computer network (like school, home, business intranet) beside some malicious access from the outside. However, the network security firewalls can as well be configured to bound network or system access to the external from internal clients. In fact, firewalls are considered as a fundamental part of maintaining a secure networked system in a secure and protected way. In addition, all the computers connected to a network justify the potential of a firewall, whether it is a desktop system or thousands of servers that create the network of a corporation, a traveling salesperson’s laptop connected to the wireless communication network, or someone’s new PC with a dial up link to the web (Mitchell, 2012; Shelly, Cashman, & Vermaat, 2005; Northrup, 2012). This paper presents an overview of the firewall security systems. The research outlines the applications and advantages of firewalls. This research also shows that firewalls are not the ultimate solution to ensure security. Need for Firewalls When communication systems and computer networks are connected jointly a different level of trust frequently exists on various sides of the connection. In this scenario, the word “Trust” outlines that a business considers that equally the software and the clients on its computers are not malicious. Hence, network firewalls ensure and implement trust boundaries, which are established for a variety of reasons. Some of the fundamental reasons are outlined below (Ingham & Forrest, 2005; Rhodes-Ousley, Bragg, & Strassberg, 2003; Turban, Leidner, McLean, & Wetherbe, 2005): Security Issues in Operating Systems (OSs) Operating systems keep huge records of less protected configuration of system working and operations. For instance, Windows 98 and Windows 95 were extensively distributed with windows file sharing approach incorporated by default. On the other hand, in such configuration and system setting there are numerous viruses exploited this system setting with severe vulnerability. In addition, some other instances of such OS security issues are the Red-Hat Linux editions 7 and 6.2. These operating systems were extensively weak to deal with 3 remote system exploitation attacks when the operating system was installed using by default OS security setting (Ingham & Forrest, 2005; Rhodes-Ousley, Bragg, & Strassberg, 2003). Stopping Access to Data There is another important reason of using a firewall and that is to stop people from accessing some secret or official data. In this scenario, there are instances of firewall systems like national firewalls, which try to stop or limit people and their activities on the web, for instance China has established such firewalls for putting limitations of access of the type of people to some information and areas. A similar idea in the United States is the CHIPA (Children’s Internet Protection Act) that authorizes that some specific information needs to be tracked and filtered for better public interest. In addition, this law necessitates that libraries and schools that receive federal financial support stop specific categories of web content, and without a doubt firewall is an excellent choice to do so (Ingham & Forrest, 2005; Rhodes-Ousley, Bragg, & Strassberg, 2003). Stopping Information Leaks In view of the fact that in a computer network all the data traffic leaving a network has to go through the firewall arrangement, thus it is utilized to lessen data and information leaks. In fact, the use of firewall to stop information leaks is the fundamental reason for the implementation of the digital business gateways that stops an illegal or overlooked leak of information to the external network (Ingham & Forrest, 2005; Rhodes-Ousley, Bragg, & Strassberg, 2003). Establishing Security Policy The network firewalls are one of the most important components of a standard network management and security strategy. They put into effect the policy about which communication network data and information traffic is permitted to leave or enter into a network. In addition, these strategies limit the usage of specific systems and applications; those limit remote system from contacting or allow them to work on some limited bandwidth (Ingham & Forrest, 2005; Rhodes-Ousley, Bragg, & Strassberg, 2003). Network Resource Auditing Firewalls are also implemented for providing a considerable support for network auditing and protection. In this scenario, if a network security breach (that does not comprise the firewall based security) happens. In such situation network security and privacy audit trails through the network firewall can be utilized to decide what happened. In addition, such kind of the network firewall based audit trails have as well been utilized to keep an eye on employees, for example for making use of the network working resources for non work functions and tasks (Ingham & Forrest, 2005; Rhodes-Ousley, Bragg, & Strassberg, 2003). Network Security Management through Firewall In the real world, the majority of companies depend on various layers and levels of network security. First of all, they depend on their national administration and military forces to maintain order. Unluckily the condition of communication networks nowadays lacks numerous levels of safety and defense. Without a doubt, local and federal governments do what they are able to perform in an attempt to reduce network security related issues and crimes; however they are not so much more effective. Additionally, further than safety, law enforcement normally just reacts to most of the serious communication and collaboration network based intrusions. The standard Internet based business or home is assaulted dozens of times for every day, and no law enforcement force is prepared to manage that volume of protests. In view of the fact that this kind of digital and computer crimes are difficult to manage and hard to enumerate, and as a result the majority of companies insurance policies do very small to recompense for such kind of losses that result from a successful network attack and breaches (Northrup, 2012; Rhodes-Ousley, Bragg, & Strassberg, 2003; Vicomsoft Ltd., 2012). Moreover, network firewall is the ultimate solution up till now to deal with this kind of security issues and attacks. While talking about firewall working and structure, there are 2 access denial strategies utilized by every firewall. Additionally, a firewall can pass all the network data and information traffic unless it complies with some specific measures, or it can reject all the network data traffic unless it convinces some specific network communication standards. In addition, the kind of policy and criteria employed to decide whether network communication and collaboration traffic should be permitted with different from one kind of firewall to another. Also, the network firewalls can be concerned with the kind of network data and information traffic, or with the destination or source addresses and ports. Furthermore, they can also make use of the complex rule bases that analyze the system operational information to decide if the network traffic should be permissible to further (Vicomsoft Ltd., 2012; Northrup, 2012). Figure 1 Firewall Operation, Image Source: http://www.vicomsoft.com/learning-center/firewalls/#9 Firewalls Security Services Firewalls offer a wide variety of security services. In this scenario, firewalls can be categorized into a number of categories for offering different services. Firewalls can be used as proxy servers (these comprise system gateways and circuit level gateways), packet filters and stateful packet filter firewall structures. There is one more category of firewall this is based on a hybrid of the above mentioned major classes. For instance, a firewall can be a blend of the packet filter and application gateway, or a set of services on the proxy server and a stateful packet filter approach. Given below is some explanation of such categories of firewall services and approaches for the network security management (Wiley, 2009; Rhodes-Ousley, Bragg, & Strassberg, 2003): Packet Filters This category of network firewalls offers a wide variety of packet filtering services which are based on inspection of every network data packet for user-defined filtering policy to decide whether to block or pass data or information packet. For instance, the filtering strategy might necessitate all the Telnet requirements to be dropped. Hence, by using this data and information, the network firewall will block all the data packets that pass through the network port no. 23 (that is the default communication port for Telnet communication) in their header. In addition, filtering policies are based on destination IP address, source IP address, Layer four destination ports and Layer four (which is UDP or TCP) source network communication port. Consequently, a data packet filter is responsible for making decisions based on the network layer and the transport layer of network structure (Wiley, 2009; Rhodes-Ousley, Bragg, & Strassberg, 2003). Proxy Servers This is also one of the major categories of the network firewall structure that encompasses a proxy service (it is an application that forwards users’ requirements to the real services based on a corporation’s security policy). Additionally, the entire communication between a user and the actual server happens in the course of the proxy server. Therefore, a proxy server performs like a communications broker among users and the real network communication application servers. In view of the fact that it performs as a checkpoint where network communication requests are authenticated beside specific applications, thus a proxy server typically deals with exhaustive load and is able to turn into a bottleneck under extensive network communication traffic load conditions (Wiley, 2009; Rhodes-Ousley, Bragg, & Strassberg, 2003). Stateful Packet Filters Firewalls also perform as stateful packet filtering arrangement. Though the application gateway offers the most excellent safety among the previous firewalls based arrangements, its exhaustive processing needs sluggish down network working and overall performance. The arrangement of stateful packet filtering gateway tries to offer very powerful safety and security without reducing down the network communication performance. Different from application gateway, it verifies the information that passes through at the network layer communication however does not process it. The firewall structure upholds network state information for every communication session, where communication session positions comprise a set of collaborative stages as well as the endpoint application state. In situation, when a stateful packet filtering gateway gets data packet, it confirms the packet besides the acknowledged state of the communication session. If the network data packet diverges from the predictable session state, the network communication gateway stops the rest of the communication session (Wiley, 2009; Rhodes-Ousley, Bragg, & Strassberg, 2003). Security Firewalls: Issues and Challenges It is clear from the above discussion that firewalls offer excellent network security services and devices; however it is still not a "Silver Bullet" Solution. Without a doubt, in the past few years, firewalls have turned out to be an essential part of any security plan; however it is not a security arrangement in and of itself. Basically, network security comprises a variety of aspects such as enhanced data integrity, protection service or application reliability, data privacy and verification. On the other hand, a firewall security solution simply tackles problems of data confidentiality, integrity and verification of data that is at the back of a firewall arrangement. In this scenario, some data that is transmitted outside the network security based firewall is subject to outline the control of the security based firewall. It is consequently essential for a business to have an effectively managed and strictly applied security agenda that comprises but is not limited to firewall installation (Casima, 2012; Bailey, 2012; Vicomsoft Ltd., 2012). Fundamentally, what a firewall based security arrangement does is to check and assess the entire network data and traffic going into our system and stops the entire the data that can damage our system or is illegal by placing on our system. However, there are numerous issues and problems with a firewall based solution, though, as it cannot assess the entire data going into our system properly and know whether we have our desired data, or it’s a virus or a file sent from an associate. There are many issues emerged due to network firewall application and speed issues are one of them. In fact, firewalls are placed to function at a certain pace, which is suitable to the network link. In this scenario, a firewall with a number of security checks can reduce the overall network communication speed and network working performance (Casima, 2012; Bailey, 2012; Vicomsoft Ltd., 2012). Moreover, the application firewall can also create some issues such as conflicts with FTP Programs. In this scenario, a network firewall is not able to maintain the data being distributed by FTP applications when there is chance of huge data arrival. As well because of the dual socket information movement in FTP applications, a network communication firewall can not recognize a number of data sets correctly. Application firewalls can also cause issues with disabling security policies. In addition, there are certain kinds of malware or fake firewalls that stop or change the security strategies of our systems network link, that then opens the network communication ports, permitting some type of data to pass through (Casima, 2012; Bailey, 2012; Vicomsoft Ltd., 2012). Conclusion This paper has presented an overview of the firewall security solution. A network firewall is used to secure a computer system or a server from illegal access. These firewalls can be applied on software applications, hardware devices or a combination of these two systems. In addition, they can be used to protect an institution’s or organization’s computer network (like school, home, and business intranet) beside some malicious access from the outside. This paper has discussed some of the types of a firewall, its working and operational structure. Without a doubt, the application of network firewall ensures enhanced security however there are also a number of issues that make firewall a complex security management arrangement. However, up till now firewall technology is the ultimate alternative for best network security management. We can potentially enhance such network security arrangement through the application of some layered network security management arrangement. References Bailey, B. (2012, April 04). Firewalls Not Preventing Data Breaches? Try a Dose of Least Privilege. Retrieved August 13, 2012, from BeyondTrust.com: http://blog.beyondtrust.com/bid/83758/Firewalls-Not-Preventing-Data-Breaches-Try-a-Dose-of-Least-Privilege Casima, R. (2012, April 16). Firewall Security Issues. Retrieved August 14, 2012, from eHow.com: http://www.ehow.com/list_7164443_firewall-security-issues.html Ingham, K., & Forrest, S. (2005). Network Firewalls. Retrieved August 14, 2012, from http://www.cs.unm.edu/~forrest/publications/firewalls-05.pdf Mitchell, B. (2012). firewall. Retrieved August 15, 2012, from About.com: http://compnetworking.about.com/od/firewalls/g/bldef_firewall.htm Northrup, T. (2012). Firewalls. Retrieved August 16, 2012, from Microsoft.com: http://technet.microsoft.com/en-us/library/cc700820.aspx Rhodes-Ousley, M., Bragg, R., & Strassberg, K. (2003). Network Security: The Complete Reference, 1st edition. New York: McGraw-Hill Osborne Media. Shelly, Cashman, & Vermaat. (2005). Discovering Computers 2005. Boston: Thomson Course Technology. Turban, E., Leidner, D., McLean, E., & Wetherbe, J. (2005). Information Technology for Management: Transforming Organizations in the Digital Economy . New York: Wiley. Vicomsoft Ltd. (2012). Firewalls. Retrieved August 13, 2012, from http://www.vicomsoft.com/learning-center/firewalls/#9 Wiley. (2009). Firewalls and Virtual Private Networks. Retrieved August 13, 2012, from http://www.wiley.com/legacy/compbooks/press/0471348201_09.pdf Read More