Understanding Firewalls - BZU PAGES: Find Presentations, Reports, Student's Assignments and Daily Discussion; Bahauddin Zakariya University Multan

**Waqas Ahmed** · #1 23-09-2008, 05:16 AM

Understanding Firewalls
A firewall is a structure intended to keep a fire from spreading. Building have firewalls made of brick walls
completely dividing sections of the building. In a car a firewall is the metal wall separating the engine and
passenger compartments.
Internet firewalls are intended to keep the flames of Internet hell out of your private LAN. Or, to keep the
members of your LAN pure and chaste by denying them access the all the evil Internet temptations. ;−)
The first computer firewall was a non−routing Unix host with connections to two different networks. One
network card connected to the Internet and the other to the private LAN. To reach the Internet from the
private network, you had to logon to the firewall (Unix) server. You then used the resources of the system to
access the Internet. For example, you could use X−windows to run Netscape's browser on the firewall system
and have the display on your work station. With the browser running on the firewall it has access to both
networks.
This sort of dual homed system (a system with two network connections) is great if you can TRUST ALL of
your users. You can simple setup a Linux system and give an account accounts on it to everyone needing
Internet access. With this setup, the only computer on your private network that knows anything about the
outside world is the firewall. No one can download to their personal workstations. They must first download
a file to the firewall and then download the file from the firewall to their workstation.

BIG NOTE: 99% of all break-ins start with gaining account level access on the system being attacked.
Because of this I don't recommend this type of firewall. It is also very limiting.
2.1 Firewall Politics
You shouldn't believe a firewall machine is all you need. Set policies first.
Firewalls are used for two purposes.
to keep people (worms / crackers) out. 1.
to keep people (employees / children) in. 2.
When I started working on firewalls I was surprised to learn the company I worked for were more interested
in "spying" on their employees then keeping crackers out of their networks.
At least in my state (Oklahoma) employers have the right to monitor phone calls and Internet activity as long
as they inform the employees they are doing it.
Big Brother is not government. Big Brother = Big Business.
Don't get me wrong. People should work, not play at work. And I feel the work ethic has been eroding.
However, I have also observed that management types are the biggest abusers of the rules they set. I have
seen hourly workers reprimanded for using the Internet to looking for bus routesto get to work while the same
manager used hours of work time looking for fine restaurants and nightclubs to take prospective customers.
My fix for this type of abuse is to publish the firewall logs on a Web page for everyone to see.
The security business can be scary. If you are the firewall manager, watch your back.
How it create a security policy
I have seen some realy high folutin documentation on how to create a security policy. After many years of
experence I know now say, don't believe a word of them. Create a security policy is simple.
describe what you need to service 1.
describe the group of people you need to service 2.
describe which service each group needs access to 3.
for each service group describe how the service should be keep secure 4.
write a statment making all other forms of access a vialation 5.
Your policy will become more complicated with time but don't try to cover to much ground now. Make it
simple and clear.