Chapter 2-3-2 Internet Firewalls
E. Eugene Schultz
INTRODUCTION
To say that the Internet is one of the most amazing technical achievements of the information revolution era is a gross understatement. This massive network infrastructure is changing the way the world approaches education, business, and even leisure activity. At the same time, however, the Internet has presented a new, complex set of challenges that not even the most sophisticated technical experts have so far been able to adequately solve, yet that urgently need solutions. Achieving adequate security is one of the foremost of these challenges. This chapter describes major security threats facing the Internet community; explains how one of the potentially most effective solutions for Internet security, firewalls, can address these threats, the types of firewalls that are available, and the advantages and disadvantages of each; and finally presents some practical advice for obtaining the maximum advantages of using firewalls.
Internet Security Threats
The vastness and openness that characterizes the Internet presents an extremely challenging problem security. Although many claims about the number and cost of Internet-related intrusions1 are available, until scientific research in this area is conducted we will not have valid, credible statistics about the magnitude of this problem. Exacerbating this dilemma is the fact that most corporations that experience intrusions from the Internet and other sources do not want to make these incidents public for fear of public relations damage; worse yet, many organizations fail to detect most intrusions in the first place. Sources such as Carnegie Mellon Universitys CERT (Computer Emergency Response Team), however, suggest that the number of Internet-related intrusions each year is very high, and that the number of intrusions reported to CERT (which is only one of virtually dozens of incident response teams) is only the tip of the iceberg. Again, no credible statistics concerning the total amount of financial loss resulting from security-related intrusions are available, but judging by the amount of money corporations and government agencies are spending to implement Internet and other security controls, the cost must indeed be extremely high.
1In the most literal sense, an intrusion is unauthorized use of an account on a system for which authentication mechanisms (e.g., entering a log-in ID and password) are required for access.
Many different types of Internet security threats exist. One of the most serious is IP spoofing (Thomsen, 1995). In this type of attack a perpetrator fabricates packets that bear the source address of a trusted client host and sends these packets to the clients server. If the attacker can guess certain TCP/IP attributes, then the server can be tricked into setting up a connection with this bogus client. The intruder can subsequently use attack methods such as use of trusted host relationships to intrude into the server machine.
A similar threat is DNS2 spoofing. In this type of attack an intruder subverts the DNS systems by injecting bogus information. By breaking into a DNS name server, the intruder can provide bogus data to DNS queries. This may enable the intruder to break into other hosts within the network.
2DNS is the domain name service which is used to furnish information about the identity of hosts within a network.
Session hijacking is still another Internet security threat (Thomsen, 1995). The major tasks for the attacker who wants to hijack an ongoing session between remote hosts are to locate an existing connection between two hosts, then fabricate packets that bear the address of these hosts. Now by sending these packets to the other host and sending packets to the spoofed host to instruct it to terminate the session, the attacker can pick up the connection.
|