Firewalls
What is a firewall?
a firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy. A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an Internal Zone (a zone with high trust). The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle. It requires considerable understanding of network protocols and of computer security.
Networking: The Basics
A “connection” between two machines contains three important pieces of information: a source address, a destination address, and a destination port. There is actually a lot more information in a packet, but these are the three important parts in regards to a firewall.
for eg: ip address is 192.168.100.200. You want to visit a website at www.something.com, which resolves to 10.24.100.20. The webserver for www.something.com is listening on port 80/tcp. To connect to the website you must first establish what is known as the three way handshake. The first packet you send is the SYN request. This is the first part of the three-way handshake. The packet you send contains three important pieces of information:
The source address: 192.168.100.200 (your ip address).
The destination address: 10.24.100.20 (the ip address for www.something.com).
The destination port: 80/tcp (the port the webserver is listening on).
The packet then gets routed to 10.24.100.20 (www.something.com). 10.24.100.20 receives the packet, sees that 192.168.100.200 is attempting to connect to the webserver, and decides that the connection attempt is “valid” since it has a service waiting for connections on port 80/tcp. To acknowledge that 10.24.100.20 received and accepted the connection, it sends a SYN/ACK back to 192.168.100.200. This is the second part of the three-way handshake.
192.168.100.200 then receives the SYN/ACK from 10.24.100.20. In response to the SYN/ACK, 192.168.100.200 sends a single ACK packet back to 10.24.100.20 to finalize the connection. This is the third part of the three-way handshake. After the connection is finalized, the hosts can began transmitting data back and forth.
To summarize, the connection goes like this. The “server” is 10.24.100.20 and the “client” is 192.168.100.200. The client is always the host that initiates the connection by sending the SYN request.
Client sends a SYN to the server.
Server receives the SYN and sends a SYN/ACK back to the client.
Client receives the SYN/ACK and sends an ACK back to the server.
The connection is established.
So how does a firewall work?
A firewall works by watching the SYN requests and determining if the connection is allowed. If www.something.com was running a firewall, the connection process would look like this instead:
Client sends a SYN to the server.
Server receives the SYN. The server’s firewall checks the packet against its policies.
If the firewall accepts the packet:
The server sends a SYN/ACK back to the client.
The client receives the SYN/ACK and sends an ACK back to the server.
The connection is established
If the firewall rejects the packet:
The server does not send the SYN/ACK back to the client.
The client never receives a SYN/ACK, so the connection is not established.
Who Needs A Personal Firewall?
If you use your computer for the following activities, you may want to install a personal firewall:
• Storing sensitive company files
• Personal finances or financial information
• Stock trading or internet banking
• Accessing a corporate VPN
• Making purchases online
• Online Chat
Why Linux Firewall?
Linux is one of the most widely used operating system or software that any one can use, modify and redistribute without any restriction. Linux firewall are software based on Linux operating system use to secure the network. It is very easy and secure enough to use on the internet and needs no external firewall. if you connect to the internet by using a cable modem or DSL line then firewall becomes relevant as you are going to use the same IP address for a long period of time. Linux firewall is the best option as the help of Linux firewall system both act as a web or e-mail server. Again you can control or determine the level of use of Internet. Linux firewall also provides web interface to control security on Linux server or even can block an IP or network completely. In this way the strong security system of Linux firewall is more effective and flexible than other expensive firewall routers.
DIFFERENT BRANDS OF FIREWALL
Firesarter is a free firewall tool for Linux machines. Whether you simply want to protect your personal workstation or you have a network of computers to secure, Firestarter is here to make your life easier. While a firewall can not guarantee security, it is the first line of defense against network based attacks. Firestarter is an Open Source visual firewall program.
* Open Source software, available free of charge
* User friendly, easy to use, graphical interface
* A wizard walks you through setting up your firewall on your first time
* Suitable for use on desktops, servers and gateways
Zorp GPL
Zorp is a new generation proxy firewall suite and as such its core architecture is built around today’s security demands: it uses application level proxies, it is modular and component based, it uses a script language to describe policy decisions, it makes it possible to monitor encrypted traffic, it let’s you override client actions, it let’s you protect your servers with its built in IDS capabilities…the list is endless. It gives you all the power you need to implement your local security policy.
* Using script language as configuration and decision language(Python)
* Supported protocols:
o HTTP/1.1
o FTP
o SSL
o finger
Turtle Firewall is a software which allows you to realize a Linux firewall in a simply and fast way. It’s based on Kernel 2.4.x and Iptables. Its way of working is easy to understand: you can define the different firewall elements (zones, hosts, networks) and then set the services you want to enable among the different elements or groups of elements.
* ZONES, NETWORKS, HOSTS and GROUPS definitions.
* Filter rules definitions based on services.
* NAT (Network Address Translation)
* Masquerading
LutelWall is high-level Linux firewall configuration tool. It uses human-readable and easy to understand configuration to set up Netfilter in the most secure way.It can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone system. Configuration method of this firewall is designed to be as simple as possible without loosing Netfilter flexibility and its security features.it is a Linux IPtables shell script written in bash for use as a stateful firewall and NAT/masquerade router for single or multiple subnets networks.It makes use of the netfilter code in the 2.4 Linux kernel and is more robust and configurable than an equivalent IPchains script
floppyfw is a router with the advanced firewall-capabilities in Linux that fits on one single floppy disk.
* Access lists, IP-masquerading (Network Address Translation), connection tracked packet filtering and (quite) advanced routing. Package for traffic shaping is also available.
Guarddog is a firewall configuration utility for Linux systems. Guarddog is aimed at two groups of users. Novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don’t want the hassle of dealing with cryptic shell scripts and ipchains/iptables parameters.
IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. The IPCop interface is very user-friendly and task-based.It offers the critical functionality of an expensive network appliance using stock, or even obsolete, hardware and OpenSource Software. OLD PC + IPCOP = Secure Internet Appliance.It works with most home networks and small office networks, dial up modems, cable modems, ADSL, Leased lines and ISDN. It also lets several PCs share connections to the internet. If you have an always on connection to can even use IPCop to protect your web and email servers.
Endian is a “turn-key” Linux security distribution that turns every system into a full featured security appliance. Endian has been designed with usability in mind and is very easy to install, use and manage, without losing its flexibility. Its features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a “hassle free” VPN solution.
Article Authored by Rony
Author, Rony, is a Systems Engineer with SupportPRO. Rony specializes in Cpanel and Linux servers. SupportPRO offers 24X7 technical support services to Web hosting companies and service providers.
