Many people use protocols like http/ftp to transfer the data, but sans of proper knowledge. How does it work? Whether it is safely reaching the desired destination, or it is being public, or someone illegally accessing it with out your consent.



FireWall security

Application Gateways

Application gateways are the first firewalls, sometimes they are also called as proxy gateways. These are run by special software to act as a proxy server made up of bastion hosts. These are named like these as this software runs at the Application Layer of our old friend the ISO/OSI Reference Model. Clients behind the firewall must be proxitized (that is, must know how to use the proxy, and be configured to do so) in order to use Internet services. Because, as they don't allow anything to pass by default these have been the most secure traditionally.

Packet Filtering

Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so without any sort of restrictions. Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa.

There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer (typically, the transport or session layer). Due to the lower overhead and the fact that packet filtering is done with routers, which are specialized computers optimized for tasks related to networking, a packet filtering gateway is often much faster than its application layer cousins. Figure 6 shows a packet filtering gateway.

Because we're working at a lower level, supporting new applications either comes automatically, or is a simple matter of allowing a specific packet type to pass through the gateway. (Not that the possibility of something automatically makes it a good idea; opening things up this way might very well compromise your level of security below what your policy allows.)

There are problems with this method, though. Remember, TCP/IP has absolutely no means of guaranteeing that the source address is really what it claims to be. As a result, we have to use layers of packet filters in order to localize the traffic. We can't get all the way down to the actual host, but with two layers of packet filters, we can differentiate between a packet that came from the Internet and one that came from our internal network. We can identify which network the packet came from with certainty, but we can't get more specific than that.

Hybrid Systems

In an effort to merge the security of the application layer gateways with the flexibility and speed of packet filtering, a new system has been created with the principle of both. In some of these systems, new connections must be authenticated and approved at the application layer. Once this has been done, the remainder of the connection is passed down to the session layer, where packet filters watch the connection to ensure that only packets that are part of an ongoing (already authenticated and approved) conversation are being passed.

Other possibilities include using both packet filtering and application layer proxies. The benefits here include providing a measure of protection against your machines that provide services to the Internet (such as a public web server), as well as provide the security of an application layer gateway to the internal network. Additionally, using this method, an attacker, in order to get to services on the internal network, will have to break through the access router, the bastion host, and the choke router.

Security Tips
Firewall
Role of IP
Hacker
Technologies
VPN
FireWall security
Network security

Ever since man has learnt to interconnect his private network with other network, his second thought is how exchange only authorized data. Unknowingly many data gets allowed to be exchanged- sometimes intentionally data is assessed by others from one's private network. This is the called hacking. As the technology of exchanging data between personal networks increases the technology of unauthorized data assessing develops, man then thinks of a technology to prevent the unauthorized data accessing. This technology then took the shape of software- it is christened as firewall now.

Market Place
Home| About Us| Network security| Contacts| Site Map

  © 2005 www.secure-network.info, All rights reserved.