User talk:Vivek.ganapathi

--Vivek.ganapathi 07:15, 12 April 2006 (UTC)

Firewalls are a special way of security, offering a specific way to protect one's system and are not configured that easily, if they are "rule-based". Because a bad configured firewall would just create a false feeling of security, what follows is an explanation to what a firewall actually does, providing a simplified explanation about TCP/IP and Networking.

A firewall takes care of filtration from data, accepting or denying request to communicate with several applications and machines, keeping a log file and alarming if something in This traject seems to be wrong.

Here follows a simplified explanation of TCP/IP. It will help you to understand the following terms, and thus will help you to configure a rule-based firewall correctly.

Internet, Computer System, TCP/IP, ARP, Port, Connection, Firewall

These terms can be easily understood by analogy. If you are familiar with telephone Systems, think of the Internet as compared t the world-wide telephone network. Here are the analogies for the other terms:

computer system	a hotel with phones for staff and guests TCP/IP	a person-to-person call UDP	voice mail (leaving a message) Port	a telephone extension number Address	the telephone number of the hotel Connection	a telephone call Firewall	the hotel telephone operator ARP	finding a street address

The hotel telephone system is analogous because the pc plays host to the applications you run. Setting up a firewall will be like telling the hotel operator how s/he is allowed to let calls and messages get through. You, the computer user, are both "hotel manager" and "VIP Guest".

concept 1:	applications and services hotels have guests and hire staff that Serve guests. firewall: computers have applications (e.g.) email, web browsers) and use operating services (e.g. DNS, RIP, Identification) to support these applications. concept 2:	communication a person in the hotel wants to phone out. He is calling from a phone with an extension number to another person in a different hotel, also with a phone and extension number	firewall: an application or service in your pc wants to communicate with another Application or service on another system. With TCP/IP and UDP/IP, communication uses IP addresses of the computers and Port numbers. concept  3:	without a firewall without an operator, anyone may call in or Out. There may be nobody at that Extension. Alternately, the person may or May not answer their phone.	firewall: without a firewall, communications Are freely attempted, in or out. Not all ports Have services using them. Alternately, an application/service may or may not accept A connection attempt. concept  4:	role of a firewall when the operator is working s/he decides which extensions may make calls and which other hotel and extension they may Call. firewall: when the firewall is running, it decides what systems may communicate And what port numbers may be used. concept 5:	blocking incoming TCP/IP connections an operator can block an incoming telephone call to a person while allowing That person to make outgoing calls. firewall: a firewall can block incoming connection attempts on any particular TCP/IP ort while allowing the same port to be used for outgoing connections. concept 6:	this firewall is a "packet filter" the operator can block a call, but does not Censor what is said. A security chaperone Might help. firewall: a (packet filter) firewall can block communication but does not inspect the Contents of the data packets. Anti-virus Software might help. concept 7:	TCP/IP compared to UDP/IP some people always make "person-to- Person" calls and others leave a message. When you leave a message you are never Quite sure that the other person got it. firewall: applications either use TCP/IP to make a connection or they use UDP/IP to Send a single "datagram". With UDP/IP, you are never quite sure the other Application got it. concept 8:	blocking UDP/IP data if the operator is instructed to allow a guest to leave messages for another person in another hotel, then s/he will also allow that other person to leave a message for the Guest. firewall: if the firewall has a rule to allow applications/services to send UDP/IP to another system(s) on certain ports, that other system(s) may send to you using The same ports. The reason is that it's not clear when the system is replying to you And when it's taking the initiative. concept 9:	how ports are used the white courtesy phone in the lobby is available for all guests to make outgoing Calls. Typically, hotel staff can be reached At extensions 1 to 1023. Courtesy phones Have extensions 1024 to 5000. This way, guests don't tie up extensions assigned to Hotel services (room, service, and front desk). firewall: a range of (local) ports is available for applications that communicate with Services on other systems. Typically, Services are available on ports 1 to 1023. Ports for temporary use range from 1024 to 5000. This way, applications/services don't tie up a port assigned to your systems services (file shares, identification Etc.). concept 10:	how ports are used (2) a convention in the hotel business is that the lounge is at ext. 80, the concierge is at Ext. 53, a bellman is at ext. 23 etc. This Way, guests know how to reach staff in other hotels. Guests are kindly requested not to use the staff's extensions for personal calls. Firewall: a convention in the TCP/IP and UDP/IP protocols in that particular service are available at particular ports, e.g. web servers are at port 80, DNS at 53, telnet at 23, etc. This way, your applications know how to reach services on other systems. Applications should not use these extensions inappropriately. concept 11:	rule usage this hotel has an operator that can be instructed to allow certain calls through under certain circumstances, such as 1) only when a certain guest is in the hotel 2) when cell phones are in use 3) when a call is going through the hotel's secure phone lines etc.	Firewall: with a firewall you can make a rule that allows certain communications only under certain circumstances, such as 1) when a certain application is running 2) when dial-up connection is alive. concept 12:	priority of rules Some instructions for the operator are more important than others. By assigning a priority to each one, one controls the order in which the operator reads and applies instructions.	Firewall: some rules take precedence over others. By setting the priority you can control the order in which rules are used and applied.

IRC and chat nuking People who use chat groups (IRC, ICQ) tend to invite harassing interference from other malicious chatters. These lamer send "ICMP nukes" and other datagram’s to tell your system that it can no longer reach the chat server. A firewall can block this. eaves dropping Even though your system is communicating with another computer, it is traveling on a shared network so other computers can access the information that is send. authentication Computers can alter their IP addresses and pretend to be another trusted system and fool the firewall. It is up to applications to authenticate the remote system, use a secure connection. TCP connection hijacking It's possible for a hacker to intercept a TCP connection you have, tell the other system the connection is closed, then pretend to be them. Without a secure connection made through a firewall your system would never know. DNS spoofing If a hacker can interfere with DNS (Domain Name Service), they can supply you with an incorrect IP address and make your system talk to the wrong computers. altering of data If a hacker can intercept your communication, they can alter data. A secure connection provided by a firewall solves this problem.

So much for analogy. Note that a firewall isn't build for infection discovery and cleaning. If Your pc would be infected, a firewall won't clean it for you; it would only make access to The Trojan horse (server) etc. impossible. To prevent infections, follow the guidelines as Provided in security, and install the appropriate security software as described in other Pages from this website.

We recommend having a look at the - constantly updated - overview from the Top Ten Attacked Ports provided by the SANS Institute. Just click the "SANS" logo at the left bottom.

Attention: The Windows Operating System has been designed coming with a possibility to bypass pc firewalls. Although there has been no malware in the wild yet to make advantage of this, it should be regarded as a major possible security risk; putting a firewall completely out of business. For more info about this risk, double-click on the following link. Article by: Vivek Ganapathi