Date: 16/03/2012 Module Tutor: Bo Li Module code: CC3021N

LONDON METROPOLITAN UNIVERSITY

Principles of Network Security: CW Firewall

Comparison of different types of firewall | Abdul Mannan 06037871

Abdul Mannan

Student ID 06037871

Contents
Contents..............................................................................................2 1 Introduction ......................................................................................3 2 Literature review ..............................................................................4 2.1 Firewall..........................................................................................................4 2.1.1 Hardware Firewall....................................................................................4 2.2 Purpose of Firewall........................................................................................7 2.3 How does it work...........................................................................................8 2.4 Types of firewall ...........................................................................................8 2.4.1 Packet Filtering.......................................................................................8 2.4.2 Circuit-Level Gateways..........................................................................10 2.4.3 Application Gateways............................................................................10 2.4.4 Stateful Multilayer Inspection................................................................12 3 Comparison .....................................................................................13 4 Conclusion ......................................................................................13 4.1 Recommendation .......................................................................................13

2| Page

Abdul Mannan

Student ID 06037871

Abstract
In this report my main aim is to assume that I am working as a consultant for a network security organisation and prepare a report comparing different type of firewalls available.by using the internet and other sources I will create a report that will give the strengths and weakness of each product, I will also state where this product would generally be used.

1 Introduction
The internet has millions of data available for free to users to consume and share it has evolved to such an extent we now play games, stream live TV, and even talk using the internet on the go most are completely free, for many of us it has become so essential that we cant get on with our normal lives but yet by connecting to the internet has become a risk our confidential data could be available to hackers or intruders if we dont have a firewall in place. Threat has moved slowly from being most dominant in lower layer of the network traffic to the application layer, this has reduced the effectiveness of firewall in stopping threats that is carried through the network communications but firewall is still needed to stop the threats that continue to work at the lower layer of network traffic .firewall is good at providing some protection at the application layer supplementing the capabilities of other network security technologies (CNG) Firewall is the most basic form of protection users can have for their network and there are many types of firewall to choose from depending on the network. Firewall watches the traffic and examines suspicious activity and used for two main reason To keep people (intruders, hackers) out To keep people (students, lecturers) in (VSC)

3| Page

Abdul Mannan

Student ID 06037871

2 Literature review
2.1 Firewall
Firewall can be hardware or software program that prevents unauthorised access to or from a network and it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. Firewall also control the flow of network traffic between network and hosts that employs differing security postures at one time most firewall was deployed at the network perimeters.(VSC) This provided some form of protection for internal host but did not recognise all forms of attacks, and attacks sent from one internal host to another do no pass through the network firewall because of this reason network designers now include firewall functionality at other places other than the network perimeter to provide additional layer of security and also to protect mobile devices that are place onto external networks.(CNG) Firewall is used to safeguard the data within the network all data entering or leaving the network will have to pass through a security check (firewall) which will examine each packet that do no not meet the specified security criteria and then will be rejected and denied access. The firewall is part of an overall security policy that creates a perimeter defence designed to protect the information resources of the network. (LSC) The firewall will sit at the junction point or gateway between the two networks, normally a private network and a public network such as the Internet. The earliest firewalls were just routers. The term firewall comes from the fact that by segmenting a network into different physical sub networks, they will limit the damage caused that could of spread from one subnet to another just like fire doors or firewalls. Below I have included diagrams showing the connection taking place. (VSC)

2.1.1 Hardware Firewall

The hardware firewall will be often called a network firewall because its an external box sitting between the internet and the computer for home network they are normally integrated in the routers itself. This will allow you to connect on the public network (internet) and even share the connection with other computers. (CSR) 2.1.1.1 Advantages Hardware firewall can protect an entire network compared to software firewall which is thumbs up for big companies that would like minimize their spending because firewall dont run on the computer it doesnt slow it down, hardware firewall work more efficiently for businesses that use high speed connection such as DSL or cable modem and also hardware firewall is harder to reach and also difficult for malicious software to turn it off.

4| Page

Abdul Mannan 2.1.1.2 Disadvantages

Student ID 06037871

Hardware firewalls can be expensive at first and might be more difficult to configure and hardware firewalls treat outgoing traffic from the local network as safe, which can be a hazard if malware, such as a worm, penetrates your network and attempts to connect to the Internet (TIC)

(VSC)

Products for hardware firewalls UTM10EW-100EUS - Netgear NG Prosecure UTM10 Hardware Firewall inc 1YR Email, Web & Maintenance/Support Subscription

The ProSecure UTM series of all-in-one gateway security has a combination of security options to keep business safe and secure from the Web, email, and network threats. Malware hosted on Web pages, phishing attacks, spam, virus infected emails, hackers, and denial-of-service attacks, Because comprehensive network security requires a lot of processing power to examine the network in real time this all in one security solution is all a network needs.

5| Page

Abdul Mannan

Student ID 06037871

2.1.2 Software Firewall

Software firewall work in a similar manner as the hardware firewall by monitoring and blocking data that comes in to the computer via public networks but software firewalls need to be installed as a program in to the computer. (AWC) 2.1.2.1 Advantages Because software firewall runs on a computer it can get more information about the network traffic and the ports it is using and familiarise with application that are running so there are no errors based on this a software firewall can allow or block traffic overall software firewall is able to take and investigate further at the malicious traffic and have a report of it (SLB) 2.1.2.2 Disadvantages One of the main disadvantages of software firewall is that it only protects the machine that the software is installed on and for multiple implementations the software has to be configured individually that will take time and can get expensive. (SLB)

(VSC)

Products for software firewall: 6| Page

Abdul Mannan Zone alarm firewall

Student ID 06037871

Blocks hackers and prevents viruses & spyware from stealing your personal data and sending it out to the Internet zone alarm has 2-Way Firewall (Inbound & Outbound) Stops Internet attacks at the front door and even catches thieves on their way out. Our 2-way firewall proactively protects against inbound and outbound attacks while making you invisible to hackers. Inbound & Outbound - monitors and blocks threat traffic in or out. Full Stealth Mode - makes you invisible to hackers Kill Controls - instantly disable malicious programs. (ZAS)

2.2 Purpose of Firewall

The firewall will help prevent unauthorised guests from accessing the computer through public network and stealing important data and even infecting the computer with virus a hacker is able to access the computer through open ports that is connected to the internet, with a firewall these ports will be protected and monitored from any attacks Hackers or intruders can do massive damage such as they can plant viruses in the computer that will send confidential details to the hacker Many firewalls will block outbound traffic that will help prevent this from happening. The main purpose of a firewall is to separate a secure area from a less secure area and to control communications between the two. Firewalls can perform other functions, but is mainly responsible for controlling inbound and outbound communications. (WMI) Such as allowing or not allowing an application to send or receive data through a port. Firewall should be an essential part for any computer security approach. (AWC)

7| Page

Abdul Mannan

Student ID 06037871

2.3 How does it work

The firewall will allow or block traffic between devices based upon the rules that have been set by the firewall admin each rule defines a specific patter you would want the firewall to detect (VSC) There are many different methods firewall will use to filter out the information, these methods work at different layers of the network which will determine how specific the filtering option can be. (CDC) The data gets analyses by the firewall to check if the IP address that is coming from and the contents that its carrying, then it checks if the information is compliant with the rules that has been configured on the firewall and then action is taken if that rule detected is Brocken it also has the ability to analyse data at the application level. For example all application accessed over the internet use port depending on type of service performed and network traffic is identified by the port number. (AWC)

2.4 Types of firewall

There are many types of firewall each with various capabilities to analyse network traffic to allow or block traffic under set conditions by monitoring traffic characteristics by understanding the capabilities of each type of firewall network engineer can better understand which to implement and also critical to achieving the protection of the network and its security needs To compare the capabilities of different types of firewall is to look at the transmission control protocol/internet protocol (TCP/IP) layers that is able to examine TCP/IP communication are made of four layers that works together to transfer data between hosts. When a user wants to transfer the data across network the data is passed from the highest layer through intermediate layer to the lowest layer with each layer adding more data. The lowest layer will then send the accumulated data through the physical network. With the data then passed upwards through the layer to its destination (CNG) I have documented below most types of firewall and it advantages and disadvantages and discussing their security capabilities to

2.4.1 Packet Filtering

Packet filtering firewall examines the information that is contained in the header of a packet that is trying to pass; it will examine the source address and its destination it works on the network level of the open system interconnection (KLT) Packet filtering is mostly used as a first line of defence against attacks from outside the network because most routers have built in packet filtering capabilities it has become common. (SPS)

8| Page

Abdul Mannan

Student ID 06037871

Below is a product that can be used for small or medium sized business this product has the functionality of a router, packet filtering firewall, VPN gateway, and modem pool in one cost effective solution

The Epipe 2000 Shared Internet access for your entire office Packet filtering firewall, robust security features Secure Remote Access for mobile clients (PPTP server) Site to Site VPN using IPsec and E2B (MLIP bonding technology) or IPsec and IKE Direct dial access for remote workers, and Site to Site direct dial connections

(MLI) Advantages Uses very little CPU resources Rules are set by the administrator Very cheap

Disadvantages Visible to hackers No password Lack identification options No user authentication

9| Page

Abdul Mannan

Student ID 06037871

2.4.2 Circuit-Level Gateways

Circuit gateway firewalls is transparent and works on the transport level of the protocol stack they are very fast (KLT)

Product Description: Juniper Networks Secure Services Gateway 5 with ISDN backup, S/T Interface, 128 MB Memory The Juniper Networks SSG5 it is built for small sized offices protected from outside network by making it invisible as everything coming from within the firewall appears to have originated from the firewall itself. (VSJ) Advantages Data hidden No need to filter each packets Fast Simple

Disadvantages No protection from attacks (CRN) Boot time

2.4.3 Application Gateways

The Application Level Gateway works as a proxy for applications all data is exchanged with the remote system it has the option of controlling the traffic according to specific rules even limiting access to certain file or accounts carrying 10 | P a g e

Abdul Mannan

Student ID 06037871

rules according to authentication and privilege and can monitor events on the host system and capabilities of sounding alarm or notification if rules are disobeyed An application gateway is normally implemented on a separate computer on the network whose primary function is to provide proxy service.(PHO)

Description Blocking of harmful information on the web / Time Control of Internet access Multi-Connection - By Using only one ADSL or Cable line, up to 253 PCs can be connected to the Internet NAT-based IP sharing - Multiple PC's in LAN can access Internet simultaneously on a single IP account NAT-based firewall - Provides an effective firewall HUB - Enables multiple PC's to communicate data in LAN Port mapping - Provides application gateway function like Web server, FTP server, etc.(TKP)

Advantages Examines packets at the application level High security features such as denial of service attacks Reject packets

11 | P a g e

Abdul Mannan No direct connection

Student ID 06037871

Disadvantages CPU requirements is high Slow Complicated to set up

2.4.4 Stateful Multilayer Inspection

Stateful multilayer inspection firewall has the facility of three types of firewall combined they filter packets at the network layer and evaluate packets at the application layer they also allow direct connection between the client and host. (CSU) ZyXEL ZyWALL USG50 Internet Security Firewall with Dual-WAN, 4 Gigabit LAN / DMZ Ports, 5 IPsec VPN, SSL VPN, and 3G WAN Support

The ZyWALL is very powerful solutions for small business has the capabilities to perform deep packet inspection and also It embodies a Stateful Packet Inspection (SPI) firewall, Anti-Virus, Intrusion Detection and Prevention (IDP), Content Filtering, Anti-Spam, and VPN (IPsec/SSL) all in one box. This multi-layered security safeguards your organization's customer and company records, intellectual property, and critical resources from external and internal threats. (NCP) Advantages More performance then proxies Very high security feature such as enforcing security policies at the application

12 | P a g e

Abdul Mannan

Student ID 06037871

Transparency to the end user

Disadvantages Expensive Complex

3 Comparison
Above I have compared most firewall type and come to a conclusion that the best firewall is not a product itself but the feature and option it provides for the home or a business.in most cases there is no universal firewall that best suites the security need for all.

4 Conclusion
Serious evaluation should be taken when choosing a firewall solution for a network. Firstly before any firewall is implemented at home user need to note down any task they would be performing with the computers to best match what firewall device they need for the home but I think software firewall should do the job, but in a corporate firewall it needs to be evaluated for any security issues and how important the data is and from that they will create a firewall security policy and then implemented after successful evaluation.

4.1 Recommendation
Network architecture and threat analysis should be performed before any security implementation. Firewall policies should be based on strict rule set. Policies handling all incoming and outgoing traffic

13 | P a g e

Abdul Mannan

Student ID 06037871

References
(CNG) http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf (VSC) http://www.vicomsoft.com/learning-center/firewalls/ (LSC) www.linuxsecurity.com/resource_files/firewalls/nsc/500619.html (CSR) http://www.computer-security-review.org/faqs/firewalls/are-there-differenttypes-of-firewalls.html (SLB) http://www.smallbusinesscomputing.com/webmaster/article.php/3103431/FirewallDebate-Hardware-vs-Software.htm (AWC) http://www.antivirusware.com/articles/what-is-firewall.htm (ZAS) http://www.zonealarm.com/security/en-us/zonealarm-pc-security-freefirewall.htm (TIC) http://technology.inc.com/2006/11/01/choosing-a-firewall-hardware-vsoftware/ (WMI) www.whatismyipaddress.com/firewall (CDC) http://www.comodo.com/resources/home/how-firewalls-work.php (KLT) http://kimberleytaylor.com/articles/firewalls_type.htm (SPS) http://www.support.psi.com/support/common/routers/files/Filter-Desc.html (MLI) http://www.ml-ip.com/html/documentation/vpn-ug-intro-hw.html (VSJ) http://www.vology.com/shop/juniper-ssg-5-sb-bt-5358 (CRN) http://www.careerride.com/nw-circuit-level-gateway.aspx (PHO) http://www.pc-help.org/www.nwinternet.com/pchelp/security/firewalls.htm (TKP) http://www.tradekorea.com/product-detail/P00006352/RG_1000.html# (CSU) http://www.c-sharpcorner.com/uploadfile/pmalik/what-is-a-firewall/ (NCP) http://www.newegg.ca/Product/Product.aspx?Item=N82E16833181137

14 | P a g e

Abdul Mannan

Student ID 06037871

Bibliography
http://www.vicomsoft.com/learning-center/firewalls/

http://www.buzzle.com/articles/what-is-the-purpose-of-a-firewall.html
http://www.pc-help.org/www.nwinternet.com/pchelp/security/firewalls.htm http://whatismyipaddress.com/firewall http://www.networkworld.com/subnets/cisco/060109-ch1-cisco-securefirewalls.html?page=1 http://acw1-nt.wikidot.com/what-is-a-firewall http://www.comtest.com/tutorials/firewalls.html http://searchnetworking.techtarget.com/tutorial/Introduction-to-firewalls-Types-offirewalls http://www.computer-security-review.org/faqs/firewalls/are-there-different-typesof-firewalls.html http://www.aboutonlinetips.com/what-is-a-computer-firewall/ http://en.wikipedia.org/wiki/Internet_security#Types_of_firewalls http://www.techrepublic.com/forum/questions/101-314601/stateful-firewalls http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf

15 | P a g e