Unauthorized entry into one’s computer or network is stopped by the use of some method that keeps the intruder from getting into the computer or network.  One of the devices or programs that guard entry to your computer or network is called a firewall.  Remember that the Internet provides a ready avenue for intruders to attempt a break-in or hack attacks on your system.  With my own IP address, I need to be sure that unauthorized intruders are kept out of my SOHO network.

As I noted in my September 2000 column on Computers and Security, communications efficiency provided by the combination of the Internet and broadband connections, has made all computer users vulnerable to attacks by unauthorized intruders.  The power of today’s home or small office computer, coupled with broadband direct outside connections to the Internet, make all of us targets for unauthorized use of our systems.  An unprotected modern computer on a direct connection is the perfect hit for someone’s use as a source of a denial of use attack, as that computer could be used to continually send mass E-mails to some ISP or Web site.  Unless we were really aware of the intrusion, we would never know that our computer was being used for that purpose.

My February and March 2001 columns covered additional descriptions of firewalls.  Firewalls act as border guards for the computer or network by denying unauthorized access through the network OS (Operating System) and networking protocols.  The networking protocol, TCP/IP (Transmission Control Protocol/Internet Protocol), used by the Internet and nearly all private networks, is open to all who may scan data flow at nearly any point between senders and receivers.  This networking protocol stack is open to everyone who may use it.  My SOHO network is set up to use TCP/IP.  At the minimum, border security in the computer or network requires that packet filtering, NAT (Network Address Translation), and high-level service proxy be instituted in the system.  Some of these utilities can be turned on in one’s broadband service router.  The firewall acts as a bottleneck, causing all network or Internet traffic to flow through one funnel.  This process allows the firewall to sort out the unauthorized traffic.  Firewalls must also act on the TCP/IP protocol ports that are open for data transmission to ensure that unauthorized entry is not completed.  There are approximately 67,000 plus ports available in the current TCP/IP protocol stack.  Ports are used for sending e-mail, Web services, FTP services, and other functions.  Ports must be available for the communicating computers to understand one another.

Software firewalls such as BlackICE Agent, McAfee Internet Guard, Norton Internet Security and Zone Alarm are examples of software firewalls that provide various levels of security in these areas.  Hardware firewalls such as the Watchguard Firebox, Sonicwall SOHO, and Symantec Firewall/VPN Appliance series handle business network security.  Each has the ability to channel all incoming traffic for review and monitoring purposes.

Understanding Firewall Policy
Firewalls are just part of an overall security policy that each home user or network administrator should develop.  You need to know what you want to protect and how you are going to do that protection.  It is a good practice to develop a security policy even if you are a home or small business user.  The policy should contain statements of how you expect to use the computer or network, what is allowed, what is not allowed, a description of the kinds of devices to be connected to the computer or network, how these devices are to be configured, OS security limitations, how the OS is installed, virus protection with updates, user rights, resource protections in the OS, procedures for adding and removing user accounts, installation of new software and hardware, and how you want the data to be handled.

An acceptable usage policy is a good thing to have as well.  Computers are probably the most abused devices in use today, in private and business applications.  They, for example, are used for games and other programs, in addition to the word processing, spreadsheets, and database functions that were intended for business use.  This AUP (Acceptable Usage Policy) might even be good for the home users as well laying out the intended uses for the family.  Other AUP functions might exclude applications not approved by and supplied by the owner or company; no applications can be copied for use elsewhere; licenses should be kept up to date; workstations or family computers should not be left logged on to user accounts when unattended; screen saver utilities should have password protection turned on; suspicious activity should be reported; the computer and its applications should not be used to harm others; E-mail policy and accessing data not relevant to the user’s tasks are not permitted.

A firewall policy that ties the security policy down is necessary to complete this task.  Decisions on what services and protocols are to be passed through the firewall must be made so that the firewall can be set up properly.  A firewall uses rules to decide which packets or services are allowed or denied.  There are two directions that the policy can follow:

• Permit any access unless it has specifically been denied by the rules.
• Deny any access unless it has specifically been allowed by the rules.

The first policy case means that every single instance that a denial should be used needs a rule to program the firewall by.  This will result in a bunch of rules being designed, and it leaves the computer or network open to any new protocols or services that are not covered under the rules.

The second case policy is straightforward and secure.  All traffic is explicitly denied except those protocols and services that are explicitly opened by the rules.  By specifying services to be denied or allowed, you maintain direct control over them.  For example, FTP service may be denied except in special cases to keep unwanted downloads from taking place.  Other services that must be addressed may be e-mail clients through a secure SMTP server.  Proxy servers may be used for direct connection between the internal network and the outside.  Some services may be denied for some users and allowed for others.

Firewall Functions
A firewall is a device and/or software designed in such a manner that it becomes a barrier between the computer or network to keep unauthorized intruders from gaining access to the computer or network assets.  It restricts or blocks the data traffic flow that transits between the computer or network and the outside world.  It can be visualized as a system of components and/or software that controls access to and from your computer or network.

Through the use of functions that have been incorporated-- such as cashing, address translation, content restriction, address vectoring, packet filtering, and proxy address assignment-- firewall systems are able to maintain the confidentiality, integrity, and availability of your computer, network and data.

The two basic components of a firewall are a packet filter and an application proxy server.  Either one or both can be used to best provide the security for your computer or network.  The configuration of the firewall is the architecture of the firewall.  The first type of firewall in general use was a screening router that has become known as a packet filter.  Routers are networking devices that connect two or more networks together.  Routers function as gateways for computers, sending data to another address on the network or to another network by letting the router determine the best method for delivering the data to the destination.  The router maintains addresses for its internal network as well as to the next connection in another network and can send data as necessary.  A screening router has a set of rules that specify the kinds of packet data that is allowed.  In this case, the router first determines that it can deliver the packet.  It then consults its rules to see whether it should route the packet.  If the packet does not meet the rules, it is filtered out and not delivered.  The packet filter rules look only at the header data to determine whether to pass or reject the packet.

Application gateways or proxy servers are program utilities that run on the firewall to intercept traffic for a specific kind of application.  The proxy software intercepts user requests from the local network, and then makes a connection to the outside for the user.  The application proxy program acts as a middleman between the client and the server, relaying application data between them.  The advantage of the application proxy is that it can be programmed to allow or deny traffic based on data contained in the payload section of the packet as well as the header.  Application proxies are service specific in that a separate proxy application must be developed for each service to be regulated.  There are strengths and weaknesses to each. The architectures of most firewalls use combinations of these components to cover every possibility.

Four different architectures that might be considered are

1. a packet-filtering router or host computer
2. a dual-homed gateway
3. a screened host; and
4. a screened subnet. 

In combining packet filtering and proxy service, the result becomes closer to a system than a single component.

Symantec Firewall/VPN Appliance Series
The Symantec Firewall/VPN Appliance Model 100 is one of three models offered by Symantec for the home or small business broadband user.  It combines all of the requirements needed to establish a secure SOHO network.  It is designed to connect to DSL, T-1, cable, or ISDN connection.  It contains one WAN connection and has four switch ports for network connections.  It contains all the functions of a router.  This includes NAT and DHCP services.   It offers VPN (Virtual Private Network) capability.  The WAN can be set up as a dynamic or static address like most routers.  I have established my unit as the network router for my network, using the NAT and DHCP service for all of my computers.  It has everything necessary to implement a network.  I have coupled the Firewall Appliance with a switch and a router to cover all of my network requirements.

It provides both stateful inspection of packets to filter out unwanted data, and service controls to meet my security policy requirements.  This means that the firewall guards against unwanted packets from hackers as well as turns on or off each of the port services for any unwanted TCP/IP functions.  I currently have chosen to follow the ADeny any access unless specifically allowed by the rules and have set the Symantec Appliance accordingly.

The set up is accomplished from a browser using the device IP address.  Once the set up page is open to the Main Set up, three categories; General with six sub-pages; VPN with three sub-pages; and Advanced with twelve sub-pages are available for data entry to establish the device for your security policy.  All device ports are RJ45 for CAT 5 cable.  This unit’s big brother is installed at the Learning Center.