Hardware firewalls. Hardware firewalls

With the rapid growth of the Internet, the problem of security for small networks and home users is no less pressing than, say, the security of networks of large companies. If your network or computer is part of a large corporate network, then most likely you no longer need a firewall, since a large network is usually protected. In the same case, when you do not know for sure whether there is an external firewall, or when you connect to the network through an ISP (Internet providers do not always have a firewall installed, since this degrades the gateway throughput), then it probably makes sense to take care of protecting your network or computer. By the way, you need to understand that by connecting to the Internet via a modem, you also become a full-fledged Internet node. A modem connection differs from a cable connection only in that in most cases it is not permanent. In this article I will try to briefly explain what a firewall is, how it works, why it needs to be installed, and describe the functions of some programs. We will mainly talk about Windows (95/98/NT/2000/…), since this is the most common operating system today. Programs running under UNIX (in particular Linux) will be briefly mentioned. In order to understand why a firewall is needed, it is necessary to answer the question: what do you need to protect yourself from when working on the network?

Security issues when connecting to the Internet

By connecting to the Internet, you are physically connected to more than 50 thousand unknown networks and all their users. While such a connection opens the way to many useful programs and provides enormous opportunities for sharing information, your network or personal computer also becomes available to Internet users. The main question: how accessible are the resources of your network and how accessible can they be (in what follows I will not separate a small network and a separate home computer, as long as this is not important)? Another question: how is your computer protected from intrusion? It is worth noting that those who call themselves hackers usually do not seek to obtain information - they are interested in the process of hacking the system itself. Sometimes this leads to damage to the information stored on your computer. Rarely, but sometimes it is the destruction of information that is the purpose of hacking a system. At the same time, unlike corporate networks, the methods and methods of penetrating a small network or home computer are more prosaic. Here are some of them.

• They send you seemingly harmless letters with an attachment, for example this:

pricelist.zip .exe Notice the .exe at the end of the line. In this case, all mail clients, upon receiving such a letter, will display only pricelist.zip, but when opening this file, instead of launching the archiver, they will execute it.

• You don't install free updates To Internet Explorer, although everyone has long known that in Windows itself and in IE, in particular, the main problem is system security.
• You are using untested programs, such as screen savers. They very often contain Trojan horses, that is, program code that secretly performs actions that are unnecessary to you and directed against you, for example, sending passwords over the network.
• Separately, we note that Windows, unlike UNIX, suffers from the fact that the device file system and system kernels allow you to create viruses. And both harmless and very destructive. These viruses can be in executable files, scripts, even in office documents. And the possibility of verification incoming letters and downloaded files for viruses is simply necessary.

Of course, in relation to a home computer, you can also use lower-level methods related to specific access to ports. This happens as follows. The attacker scans your computer for free and unprotected ports, that is, ports that do not respond when receiving packets. The first thing that can happen is an overflow of the network stack (the place where packets are temporarily stored) and, as a result, a malfunction of the machine (usually a freeze). This effect can be achieved by sending too many packets. In addition, such an empty port can be used to communicate with your computer. This means access to files, passwords, the ability to change files, for example, to put virus-infected programs on disk. A more complex mechanism is also possible: first the stack is overflowed, and then, when the work of network programs is already disrupted, an intrusion occurs through standard ports. Let us note right away that it is advisable to disable the ability to share files and printers on your home computer. To do this, you need to open the Control Panel in Windows, in the Network section, enter the File abd Print Sharing section and deselect the items:

• I want to be able to give others access to my files;
• I want to be able to allow others to print to my printer(s).

In general, it is advisable, if possible, to disable everything that could give rise to an intrusion or weaken the protection of the system itself. Of course, provided that you don't need this feature. The above is a description of such a function, which is not at all necessary in the case of one home computer, especially with a modem connection. You might ask: why hack your home computer? There are two main reasons, in my opinion. In the first place, as I already said, is interest in the hacking process itself. Another reason is that recently people often use an Internet connection to access and work with work information. Perhaps such information may be of interest. Either way, it is in your best interest to protect your home computer, even if there is no sensitive information on it. protection is necessary even more so if you actually use the Internet to access information on another computer. It is for this kind of protection that a firewall exists.

What is Firewall

I will not go into technical details related to the network stack, filtering methods and similar subtleties. Moreover, the article “Network protection and firewall” was previously published, where the firewall was described in some detail. Briefly, Firewall can be defined as the point of separation between your network or computer and the Internet. This point can be a computer running a software firewall or a hardware firewall. If you have one computer, then the firewall is just a program running on it. What's the idea? Let us remind you how data is transferred to the Internet. All data is transmitted using the IP protocol. The transfer occurs in portions - packets. Each packet has a header containing the sender's address, the recipient's address, the network port number, a link to the previous packet, control information necessary for the safety of the data, and the data itself. The first three points (addresses and port) are necessary for the packet to arrive at all. The port number is associated with a specific program. Thus, telnet works with port 22, the http protocol works with port 80. There are 65,535 ports in total. A link to the previous package is necessary for the correct gluing of pieces of information into files, and control information is needed to verify the correctness of the transfer. The idea of ​​a firewall is that a program is launched that is the first, before all servers and clients, to receive all packets arriving at your computer. Thus, this program is the first to access the package information. Schematically, the work of a firewall can be represented as follows. Packets are checked in different ways, depending on the level of the firewall. There are five firewall levels:

• The first level checks the addresses written in the packet and the port number. In this case, naturally, it becomes possible to prohibit the reception of packets from certain addresses or to certain ports. This level provides minimal protection, since the package is not yet a file or a program, but simply a piece of information. But nevertheless, it may be useful, for example, to prohibit the passage of packets on certain ports.
• The second level, in addition to what happens in the first level, uses references to previous packages. With the help of such links, a complete chain of information is formed, for example an entire file. This firewall checks the integrity of file transfers and allows you to immediately cut off suspicious files.
• The third level is a software level firewall. In addition to packet filtering and information integrity checking, the ability to check the contents of files has been added. That is, for example, executable files are checked for viruses, the contents of archives are checked, attached files in letters are tested, and so on.
• The fourth and fifth levels differ from the third only in the technical implementation of the main functions of the firewall at the software level.

When choosing a specific firewall implementation, it is important to pay attention to the following important points. First of all, setting up ports and network addresses requires an accurate understanding, in other words, this is not always possible to do regular user. Coarser settings require the program to do some things automatically. The important trade-off here is between the simplicity of the program and the efficiency of its use. The second is the power of the program. If you just have a home computer and you only browse web pages on the Internet, then perhaps you just need an anti-virus program that scans online downloaded files. It's another matter if you have a small network and want to control the transfer of files to neighboring machines or the sharing of printers. Third is the price. There are free programs, there are powerful and expensive ones. It is important to understand that free does not mean bad. Now let's move on to the description of specific programs. I’ll say right away that the order in which the programs appear is not related to price, popularity, or complexity. Moreover, it is difficult to compare the popularity of programs, since they are designed for different computers, different in size networks. Below is the best, in my opinion, example of organizing the protection of your network. The two programs described below complement each other, thereby ensuring the required level of security. Naturally, our choice is not a panacea. The only thing that can be said is that all the programs described below occupy leading places in ratings published on the Internet. In addition, on our CD-ROM you will find an overview of some of the most popular programs that implement firewall functions.

firewall implementations

Norton Internet Security 2000 (NIS)

NIS combines several different programs. The protection system is inherited from the AtGuard program and is formed in the form of a set of rules for monitoring ports and addresses. Also included is a cookie blocking system, filtering for ActiveX, Java, scripts and tracking while browsing the Internet. Anti-virus scanning is also built-in. The Accounts system allows you to have multiple sets of settings for different users. Since the subject of this article is protection, I’ll tell you about this in a little more detail. I would like to note right away that the system of rules is very flexible, but at the same time it is hardly suitable for the average user. If you have already decided to create a system of rules, then it is advisable to disable the “Automatic Firewall Rule Creation” option. Below is a possible version of the rules system. It involves connecting one computer to the provider. It is important to note that this is a possible set of rules. You need to test each rule on your computer to check its effectiveness. To set rules, you need to enter the Security and Custom settings section. A special feature of NIS that not all programs provide is that you can specify which programs can use which ports. In some cases this is very convenient. For example, block the browser from using all ports except 80 (http) or 443 (https). But let's continue about the rules. The following set is possible.

1. Block all incoming and outgoing ICMP packets. It may be true that your ISP requires ICMP.
2. Block input on ports 135 to 139 (TCP and UDP).
3. Block input on ports 67 to 69 (TCP and UDP).
4. Block input and output on port 113. This may lead to a delay in sending letters, but they will nevertheless be sent unless the use of this port is specifically agreed upon by the provider.
5. Block "NetBIOS" UDP input.
6. Block "finger" TCP input.
7. Block "socks" TCP/UDP input (port 1080).
8. Block "Bootpc" UDP input. This does not need to be done if you are using Dynamic IP.
9. Block "Bootp" UDP output. This does not need to be done if you are using Dynamic IP.
10. Block TCP input 27374 ports.
11. Block UDP input "snmp". ports 161 and 162.
12. Block UDP input "ndmp". Ports from 10,096 to 10,945.
13. Block TCP input "netstat".
14. Block TCP input "systat".
15. Block TCP and UDP input "nfs".
16. Block TCP input "wins". Port 1512.
17. Block TCP and UDP input "remote-winsock".
18. Block UDP input and output "Windows Key Access". The port is necessary for games.
19. Microsoft at www.zone.com.
20. Block TCP and UDP input of "lotusnotes".
21. Block TCP input "IBM Data Exchange". Port 10044.
22. Block TCP and UDP input and output of port 4000 (may be called "icq").

Let us remind you once again that each specific case may have its own rules or modifications of the presented rules. Once the rules are installed, NIS will begin to work according to them. An example of the message screen is shown below. All events related to the operation of the program itself and to the processing of events related to established rules are recorded. In conclusion, we note that NIS costs approximately $60. At the same time, you get the opportunity to update the program via the Internet using the LiveUpdate function.

BlackICE Defender (BID)

BID is an intrusion detector program for your system. Its main purpose is to monitor all data transfers over the network. Unlike NIS, there is no antivirus program or instructing individual programs to access ports. However, the system for regulating and controlling access to network ports and the ability to specify trusted and untrusted addresses are considered more reliable based on testing results. Plus, there is the ability to control access to files. The BID configuration screen looks like this. The Protection block is shown here. In principle, specifying one of the security levels already specifies a set of rules according to which the BID operates. The degree of protection decreases from top to bottom. It should be borne in mind that detection, regardless of the level, always occurs on all ports. Level means the level of protection, that is, performing any actions in relation to packets: reflection, verification, etc. The Paranoid level is often unnecessary, since it checks all ports, which can greatly slow down the network. All events are recorded in a log file and can be viewed later. An important feature is that it is not necessary to block addresses. It is possible to dynamically block addresses if they attempt to log into the system with an incorrect password. This method is needed, for example, when you want to access your files from another computer whose number is unknown in advance (for example, from some Internet cafe while traveling). In the Intruders block of the monitored events window, the address from which the login attempt was made and the port are recorded: It is important that when an attempt is made to penetrate the system via a non-standard port or log in with an incorrect password or user name, the BID does not simply block the packet or not allow entry into the system, but executes Back-trace procedures. This is a set of tools with which the BID tries to collect as much information as possible about the attacker. This information is then written to a file and displayed in the history block. A disadvantage, perhaps, can be considered the lack of the ability to create rules for individual programs. A combination of BID and NIS is recommended. This allows you to use BID to control the network flow of information and NIS to separate access rights between programs and antivirus scan files. The BID costs less than the NIS, costing approximately $40, and the license is valid for only one year.

Hardware Firewall

Now a little about hardware firewalls. Even in the case of home networks, and especially for a small company, this is not a useless thing. The fact is that this is a computer specially adapted to perform firewall functions. Often, the same efficiency can be achieved only by installing a powerful program on a separate powerful computer, and this can be significantly more expensive. Moreover, a hardware firewall is almost always system independent and can communicate with almost any operating system. There are also advantages: you place the computer in a protected area, there is no operating system, which complicates hacking. I’ll give short description several inexpensive hardware firewalls. Linksys EtherFast Cable/DSL Router supports NAT, Firewall, DHCP access control, and is also a 10/100 4-port switch hub. Price - $170 SonicWALL SOHO from SonicWALL, Inc. and WebRamp 700s from Ramp Networks, Inc. more functional than the previous one, have upgrade capabilities, support Firewall, NAT, DHCP, contextual packet management. The price is approximately $400 and $350, respectively. In conclusion, it should be noted that now a firewall is probably as necessary as the Internet itself. Of course, you should always choose the firewall that is most suitable for your tasks and network sizes. The variety of programs that implement firewall functions is so great that it is hardly possible to recommend anything specific. Any solution has its pros and cons. The most detailed information about firewall programs, documentation and support is available on the website http://www.firewall.com/, where I recommend taking a look if the problem of choosing a firewall is relevant to you.

ComputerPress 10"2000

Creating a secure system is a complex task. One of the security measures is the use of firewalls (also known as firewalls and firewalls). As we all know, firewalls come in software and hardware. The possibilities of both the first and second are not limitless. In this article, we will try to figure out what both types of firewalls can and cannot do.

Software and hardware firewalls

The first step is to talk about what is a software solution and what is a hardware solution. We are all accustomed to the fact that if you buy some kind of hardware, then this solution is called hardware, and if it is a box with software, then this is a sign of a software solution. In our opinion, the difference between a hardware and software solution is quite arbitrary. What is an iron box? Essentially, this is the same computer, albeit with a different architecture, albeit with slightly limited capabilities (you cannot connect a keyboard and monitor to it, it is “tailored” to perform one function), on which the software is installed. The software is some version of a UNIX system with a “web face”. The functions of a hardware firewall depend on the packet filter used (again, this is software) and the “web face” itself. All hardware firewalls can be “reflashed”, that is, in essence, simply replaced with software. And with real firmware (which in the good old days was done using a programmer), the process of updating the “firmware” on modern devices has little in common. New software is simply written to a flash drive inside the hardware. A software firewall is software that is installed on an existing ordinary computer, but in the case of a hardware firewall, you can’t do it without software, and in the case of a software firewall, you can’t do it without hardware. That is why the line between these types of firewalls is very arbitrary.
The biggest difference between a software and hardware firewall isn't even functionality. Nobody bothers you to choose a hardware firewall with the necessary functions. The difference is in the method of use. As a rule, a software firewall is installed on every PC in the network (on every server and on every workstation), and a hardware firewall provides protection not for an individual PC, but for the entire network at once. Of course, no one will stop you from installing a hardware firewall for each PC, but it all comes down to money. Considering the cost of hardware, it is unlikely that you will want to protect every PC hardware with a firewall.

Benefits of Hardware Firewalls

Hardware firewalls have the following advantages:

• Relative ease of deployment and use. I connected it, turned it on, set the parameters via the web interface and forgot about its existence. However, modern software firewalls support deployment via ActiveDirectory, which also does not take much time. But, firstly, not all firewalls support ActiveDirectory, and secondly, enterprises do not always use Windows.
• Dimensions and power consumption. Typically, hardware firewalls are smaller in size and require less power. However, energy consumption does not always play a role, but dimensions are important. A small compact box is one thing, a huge “system unit” is another.
• Performance. Typically, the performance of a hardware solution is higher. If only because the hardware firewall is engaged only in its immediate function - packet filtering. It does not run any third-party processes or services, as is often the case with software firewalls. Just imagine that you have organized a software gateway (with firewall and NAT functions) based on a server with Windows Server. It is unlikely that you will dedicate an entire server just for a firewall and NAT. This is irrational. Most likely, other services will be running on it - the same AD, DNS, etc. I’m already silent about the DBMS and postal services.
• Reliability. It is believed that hardware solutions are more reliable (precisely because they rarely run third-party services). But no one is stopping you from selecting a separate system unit (even if not the most modern one), installing the same FreeBSD (one of the most reliable operating systems in the world) on it and setting up firewall rules. I think the reliability of such a solution will be no lower than in the case of a hardware firewall. But such a task requires advanced administrator qualifications, which is why it was previously noted that hardware solutions are easier to use.

Benefits of software firewalls

To the benefits software solutions relate:

• Price. The price of a software firewall is usually lower than hardware. For the price of an average hardware solution, you can protect your entire network with a software firewall.
• Ability to protect your network from the inside. Threats do not always come from outside. There are many threats within a local network. Attacks can come from internal computers. Any LAN user, for example, dissatisfied with the company, can initiate an attack. As already noted, you can, of course, use a separate hardware router to protect each individual node, but in practice we have not come across such solutions. They are too irrational.
• Possibility of delimiting local network segments without allocating subnets. In most cases, computers from different departments are connected to the local network, for example, accounting, financial department, IT department, etc. These computers do not always need to communicate with each other. How to differentiate ISPDn? The first solution is to create several subnets (for example, 192.168.1.0, 192.168.2.0, etc.) and configure routing between these subnets appropriately. This is not to say that the solution is very complicated, but it is still more complicated than using a software firewall. And it is not always possible to distinguish subnets for one reason or another. The second solution is to use a firewall designed specifically to protect ISPD (not all software firewalls make it easy to distinguish between ISPD). In this case, even in the largest network, you will perform ISPD differentiation in a matter of minutes, and you will not have to bother with routing settings.
• Possibility of deployment on existing servers. There is no point in buying another piece of hardware if there is a sufficient computer park. It is enough to deploy a firewall on one of the servers and configure NAT and routing. Typically both of these operations are performed using GUI firewall and are implemented with a few mouse clicks in the right places.
• Advanced functionality. As a rule, the functionality of software firewalls is wider than that of their hardware counterparts. So, some firewalls provide load balancing functions, IDS/IPS and similar useful things that can improve the overall security of the data processing system. Yes, not all software firewalls have these features, but there is nothing stopping you from choosing the firewall that suits your needs. Of course, some hardware systems also have such functions. For example, StoneGate IPS provides the functionality of an intrusion prevention system, but the cost of such solutions will not always please enterprise management. There are also hardware load balancers, but they are even more expensive than hardware IPS.

We won’t write about the disadvantages - they follow from the advantages. The advantages of one type of firewall are usually the disadvantages of another type. For example, the disadvantages of hardware solutions include the cost and impossibility of protecting the local network from the inside, and the disadvantages of software solutions include the complexity of deployment and use (although, as noted, everything is relative).
However, there is one disadvantage of hardware firewalls that is worth mentioning. As a rule, all hardware firewalls have a reset button, pressing which you can return the default settings. You do not need any special qualifications to press this button. But to change the settings of a software firewall, you need, at a minimum, to obtain administrator rights. With the click of a single button, a disgruntled employee can compromise the security of an entire enterprise (or leave the enterprise without access to the Internet, which is even better). Therefore, when using hardware solutions, you need to take a more responsible approach to the physical security of the devices themselves.

Battle of the Firewalls

Next, we will try to understand which firewall provides better protection: software or hardware. The hardware will be the firewall built into the router from TP-Link. As a software - Cybersafe Firewall.
To test firewalls, we will use utilities from the site www.testmypcsecurity.com, namely Jumper, DNStester and CPIL Suite (developed by Comodo). A word of warning: unlike certified tools like XSpider, these utilities use the same techniques as the malware they simulate. That is why during testing (if you want to repeat the results) all anti-virus protection tools must be deactivated.
One could, of course, consider XSpider, but this test would be too boring and uninteresting for the end reader. And who can imagine an attacker using a certified scanner?
Briefly about the utilities:

• Jumper - allows you to bypass the firewall using the “DLL injection” and “thread injection” methods.
• DNS Tester - Uses a recursive DNS query to bypass the firewall.
• CPIL Suite - a set of tests (3 tests) from Comodo.

All these utilities will be launched from within, that is, directly from the computers being tested. But outside we will scan with the good old nmap.
So we have two computers. Both are connected to the Internet. One is connected through a hardware firewall (powered by a TP-Link router) and does not have a software firewall or antivirus installed. The second computer is connected to the Internet directly and is protected by the CyberSafe software firewall. The first computer has Windows 7 installed, the second has Windows Server 2008 R2.

Test 1: Jumper

Jumper, launched with administrator rights (to be honest, many users work with such rights), successfully completed its task in Windows 7 (Fig. 1). Nothing could stop him - after all, not a single security tool was installed on our system, no antivirus, no firewall, no IDS/IPS, and the hardware firewall doesn’t care what happens on client computers. He cannot influence what is happening in any way.

Rice. 1. Jumper in Windows 7

To be fair, it should be noted that if the user had not worked as an administrator, then nothing would have worked for Jumper.
In Windows Server 2008, Jumper did not even start, but this is not the merit of the firewall, but of the operating system itself. Therefore, there is parity between firewalls, since protection against this vulnerability can be provided by the operating system itself.

Test 2. DNStester

The purpose of this test is to send a recursive DNS query. By default, starting with Windows 2000, Windows service DNS Client accepts and manages all DNS queries. This way, all DNS requests from all applications on the system will be sent to the DNS client (SVCHOST.EXE). The DNS request itself is made directly by the DNS client. DNStester uses a recursive DNS query to bypass the firewall, in other words, the service calls itself.

Rice. 2. Test failed

If the firewall settings are left at default, then neither the software nor the hardware firewall could cope with this test. It is clear that a hardware firewall does not care what happens on the workstation, so it cannot be expected to protect the system from this vulnerability. In any case, with the default settings (and they practically did not change).
But this does not mean that Cybersafe Firewall is a bad firewall. When the security level was increased to the third, the test was completely passed (see Fig. 3). The program reported an error in the DNS request. To make sure that this was not the fault of Windows Server 2008, the test was repeated on a machine with Windows 7.

Rice. 3. Test passed (DNStest)

To be fair, it should be noted that if an antivirus is installed on your computer, then most likely this application will be quarantined, but it will still have time to send one request (Fig. 4).

Rice. 4. Comodo Antivirus blocked an unwanted application

Test 3. Test suite from Comodo (CPIL)

So, the hardware firewall with default settings failed all three CPIL tests (if you click on Tell me more about Test, a window will appear explaining the principle of the test). But he failed them in some strange way. Passing the test involves the following sequence of actions:

1. You need to enter the transmitted data. We entered the values ​​1, 2, 3 for tests 1, 2 and 3, respectively.
2. Then press one of the test call buttons (Fig. 5)

Rice. 5.CPIL Test Suite

After this, the browser should open with the test results. In addition to the message that the test failed, the results page should have displayed the value we entered, which was passed to the script as a GET parameter (see Figure 6). It can be seen that the value (2 in the address bar) was passed, but the script did not display it. Comodo script bug? Of course, everyone makes mistakes, but our confidence in this test has diminished.

Rice. 6. Test result (hardware firewall)

But when using a software firewall, the CPIL tests did not even run. When pressing buttons 1 - 3 nothing happened (Fig. 7). Is it really the fault of Windows Server 2008 and not the firewall? We decided to check it out. Therefore, Cybersafe Firewall was installed on a Windows 7 computer protected by a hardware firewall. But in Windows 7, the utility managed to break through the firewall defenses. The first and third tests were passed, but when we pressed the Test 2 button we had to contemplate the window Chrome browser, similar to that shown in Fig. 6.

Rice. 7. When you click the button, nothing happens (you can see that the antivirus is disabled)

Rice. 8. Tests 1 and 3 passed

Test 4. Scanning from outside

Before this we tried to break through the firewall from the inside. Now let's try to scan systems protected by a firewall. We will scan nmap scanner. No one doubted the results of the hardware firewall - everything was closed and it was impossible to even determine the type of system being tested (Fig. 9 and 10). In all subsequent illustrations, IP addresses are hidden because they are permanent - so that no one would have the desire to repeat the test on our addresses.

Rice. 9. Scan your hardware firewall

Rice. 10. Hardware Firewall Scan (Host Details)

Now let's try to scan a system protected by a software firewall. It’s clear that by default the software firewall will allow anything and everything through (Fig. 11).

Rice. eleven. Open ports(software firewall, default settings)

Rice. 12. System type determined (software firewall, default settings)

When the rules are set up, everything falls into place (Fig. 13). As you can see, a software firewall ensures the security of the protected system no worse than its “hardware” counterpart.

Rice. 13. No open ports

Local network attacks

Why is it so important to provide protection within the local network? Many administrators mistakenly do not pay attention to protection from the inside, but in vain. After all, many attacks can be implemented within a local network. Let's look at some of them.

ARP attack

Before connecting to the network, the computer sends an ARP request to find out if the computer's IP address is occupied. When there are several Windows machines on the local network with the same IP address, the user sees a window with a message stating that the IP address is busy (used by another computer). Windows knows that an IP address is busy via the ARP protocol.
An ARP attack involves an attacker flooding machines that are running under Windows control. Moreover, hundreds of requests will be sent to each computer, as a result the user will not be able to close the constantly pop-up windows and will be forced to at least restart the computer.
The situation is not very pleasant. But the presence of a firewall on a workstation will negate all the efforts of an attacker.

DoS attacks, including various flood attacks

DoS attacks (denial attacks) are possible not only on the Internet, but also in local networks. Only the methods of such attacks differ. The nature of DoS attacks can be anything, however, it is impossible to fight them without a firewall installed on every machine on the local network.
One type of DoS attack that can be successfully used on a local network is ICMP flood. Firewall CyberSafe Firewall contains dedicated tools to combat this type of attack (Fig. 14). It also contains server load balancing tools, which can also help combat DoS attacks.

Rice. 14. ICMP security (CyberSafe Firewall)

Changing the MAC address

On a local network, computers are identified not only by IP address, but also by MAC address. Some administrators allow access to certain resources by MAC address, since IP addresses are typically dynamic and issued by DHCP. This solution is not very justified, since the MAC address is very easy to change. Unfortunately, it is not always possible to protect against MAC address changes using a firewall. Not every firewall tracks MAC address changes, as they are typically tied to IP addresses. The most effective solution here is to use a switch, which allows you to bind the MAC address to a specific physical port of the switch. It is almost impossible to deceive such protection, but it also costs a lot. True, there are also software ways to combat MAC address changes, but they are less effective. If you are interested in a firewall that can recognize MAC address spoofing, then pay attention to Kaspersky Internet Security 8.0. True, the latter can only recognize the substitution of the MAC address of the gateway. But it fully recognizes the substitution of a computer’s IP address and IP flooding.

IP address spoofing

In networks where access to resources is limited by IP addresses, an attacker can change the IP address and gain access to the protected resource. When using the Cybersafe Firewall firewall, such a scenario is impossible, since there is no binding to IP addresses even for the firewall itself. Even if you change the computer’s IP address, it will still not be included in the ISDN that the attacker is trying to penetrate.

Routing attacks

This type of attack is based on sending “fake” ICMP packets to the victim. The essence of this attack is to spoof the gateway address - an ICMP packet is sent to the victim, informing him of a shorter route. But in fact, the packets will not pass through the new router, but through the attacker's computer. As noted earlier, Cybersafe Firewall provides ICMP security. Similarly, other firewalls can be used.

There are many other attacks on local networks - both sniffers and various attacks using DNS. Be that as it may, the use of software firewalls installed on each workstation can significantly improve security.

conclusions

Protection information system should be comprehensive - this includes software and hardware firewalls, antiviruses, and correct setting the system itself. As for our confrontation between software and hardware firewalls, the former are effectively used to protect each network node, and the latter are used to protect the entire network as a whole. A hardware firewall cannot provide protection for each individual workstation, is powerless against attacks within the network, and also cannot distinguish between ISDN, which must be done in the context of protecting personal data.

Tags: Add tags

In the section on the question What is a firewall, and where can it be located? given by the author Crooked the best answer is This is protection from any attempts to penetrate your computer and from any harmful programs. If it is standard Windows, then you can find it in the control panel (Firewall)

Answer from Suck[guru]
Restart your computer

Answer from Flush[guru]
readme read

Answer from Evil Hamster[guru]
The fire wall is translated. It is built into XP Service Pack 2. See Security Center.

Answer from Zaichena[master]
The firewall is fire on various devices. I think it’s in Victory Park, but I could be wrong.

Answer from *lix[expert]
Firewall or firewall (jarg: firewall or firewall from English firewall) - a complex of hardware and/or software, which controls and filters network packets passing through it at various levels of the OSI model in accordance with specified rules. The main task of a firewall is to protect computer networks or individual nodes from unauthorized access. Also, firewalls are often called filters, because their main task is not to allow (filter) packets that do not meet the criteria defined in the configuration.

Answer from User deleted[newbie]
firewall: a) software - a program for protecting and monitoring the network activity of a computer, i.e. from attacks from the network and the like.
b) hardware - if I’m not mistaken, the same thing, it’s not a program but an external device, by the way, a useful thing :)
firewall seems to be the same thing

31Oct

What is a Firewall (Firewall)

Firewall or Firewall is a computer program whose purpose is to protect your computer from viruses and. The firewall is tracking network traffic, which enters the operating system and helps stop malware that tries to access the user's personal information. In addition, the terms Firewall and Firewall have another definition. These terms are commonly used to describe fire-resistant capital walls, which in theory should protect houses from fires in densely built areas.

What is a Firewall (Firewall) - in simple words.

In simple words, Firewall (Firewall) is special protective computer programs, which constantly scan data received and sent to the Internet. Figuratively speaking, these are virtual walls that protect the computer from the dangers of the Internet: viruses, rootkits, spyware, etc. Although it's worth noting that a firewall is not the only or most reliable source of protection for your computer. As a rule, to ensure the greatest security, a firewall (Firewall) always works in conjunction with antivirus and anti-spyware software.

In most cases, the firewall is installed directly on the work machine (PC), but sometimes, as in the cases of various offices where there are many computers, the firewall is installed as a physical device ( but more on that later). Operating room users Windows systems, there is no need to install a firewall yourself ( separately), since the OS initially has its own - Windows Firewall.

Firewall - how it works, in simple words.

Without going into complex technical details, the work of the Firewall can be described as follows. When a user launches an Internet-related program such as a browser or computer game, the computer connects to a remote website and sends information about the user's computer system. However, before data is sent or received, it passes through a firewall ( firewall), where depending on the parameters set, the data will be skipped or stopped.

Figuratively speaking, in the process of its work, the firewall acts as a kind of border guard or customs officer who monitors everything that is exported and imported onto the computer. In addition, his responsibilities include checking data packets for compliance with the required parameters. Thus, a firewall can help stop existing malware such as Trojan horses and other spyware from running. In simple words, the screen simply will not transmit the data collected by these programs to the Internet. But this, of course, is all in theory, since such malicious programs are constantly being improved and learn to deceive firewalls.

What is a Hardware Firewall and how to protect your network?

A hardware firewall is a physical device that connects a computer or network to the Internet using certain advanced techniques to protect against unauthorized access. Wired routers, broadband gateways and wireless routers include hardware firewalls that protect every computer on the network. Hardware firewalls use different types of security to protect the network: packet filtering, stateful packet inspection, network address translation, and application-level gateways.

Packet Filtering Firewall checks all data packets sent to and from the system. It forwards data based on a set of rules defined by the network administrator. This hardware firewall inspects the packet header and filters packets based on source address, destination address, and port. If a packet does not comply with the rules or meets the blocking criteria, it is not allowed to pass through the computer or network.

Dynamic packet filtering or stateful packet inspection, this is a more complex security method. This firewall monitors where the packet came from to figure out what to do with it. It checks whether the data was sent in response to a request for more information or whether it simply appeared on its own. Packets that do not match the specified connection state are rejected.

Another way to ensure security is a network address translation (NAT) router. It hides a computer or network of computers from the outside world, presenting one to the public for Internet access. The firewall IP address is the only valid address in this scenario, and it is the only IP address presented to all computers on the network. Each computer on the internal side of the network is assigned its own IP address, valid only within the network. This security option is very effective because it allows you to use only one public IP address to send and receive information packets. Which in turn significantly minimizes the possibility of introducing malware. This hardware firewall is usually implemented on a separate computer on the network, which has the sole function of running as a . It is quite complex and is considered one of the most secure types of hardware firewalls.

Basic problems with firewalls.

There are several common problems problems that may occur as a result of using a firewall. The most common problem is that in addition to malware, the firewall often blocks normal traffic that we need. Some websites may have limited access or not opening up because they were misdiagnosed. Quite often problems arise with network games, since the firewall often recognizes such traffic as malicious and blocks programs from running. Based on this, it should be noted that although a firewall is a very useful thing, it needs to be configured correctly so that it does not spoil life with its prohibitions.

Categories: , // from