Firewall Characteristics and limitations

FIREWALL CHARACTERISTICS

[BELL94b] lists the following design goals for a firewall:

1.                                       All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. Various configurations are possible, as explained later in this chapter.

2.                                       Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implement various types of secu- rity policies, as explained later in this chapter.

3.                                       The firewall itself is immune to penetration. This implies the use of a hardened system with a secured operating system. Trusted computer systems are suitable for hosting a firewall and often required in government applications.

[SMIT97] lists four general techniques that firewalls use to control access and enforce the site’s security policy. Originally, firewalls focused primarily on service control, but they have since evolved to provide all four:

•                           Service control: Determines the types of Internet services that can be accessed, inbound or outbound. The firewall may filter traffic on the basis of IP address, protocol, or port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as a Web or mail service.

•                           Direction control: Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.

•                           User control: Controls access to a service according to which user is attempt- ing to access it. This feature is typically applied to users inside the firewall perimeter (local users). It may also be applied to incoming traffic from exter- nal users; the latter requires some form of secure authentication technology, such as is provided in IPsec (Chapter 19).

•                           Behavior control: Controls how particular services are used. For example, the firewall may filter e-mail to eliminate spam, or it may enable external access to only a portion of the information on a local Web server.

Before proceeding to the details of firewall types and configurations, it is best to summarize what one can expect from a firewall. The following capabilities are within the scope of a firewall:

1.                                       A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks. The use of a single choke point simplifies security management because security capabilities are consolidated on a single system or set of systems.

2.                                       A firewall provides a location for monitoring security-related events. Audits and alarms can be implemented on the firewall system.

3.                                       A firewall is a convenient platform for several Internet functions that are not security related. These include a network address translator, which maps local addresses to Internet addresses, and a network management function that audits or logs Internet usage.

4.                                       A firewall can serve as the platform for IPsec. Using the tunnel mode capabil- ity described in Chapter 19, the firewall can be used to implement virtual private networks.

Firewalls have their limitations, including the following:

1.                                       The firewall cannot protect against attacks that bypass the firewall. Internal systems may have dial-out capability to connect to an ISP. An internal LAN may support a modem pool that provides dial-in capability for traveling employees and telecommuters.

2.                                       The firewall may not protect fully against internal threats, such as a disgruntled employee or an employee who unwittingly cooperates with an external attacker.

3.                                       An improperly secured wireless LAN may be accessed from outside the organi- zation. An internal firewall that separates portions of an enterprise network cannot guard against wireless communications between local systems on differ- ent sides of the internal firewall.

4.                                       A laptop, PDA, or portable storage device may be used and infected outside the corporate network, and then attached and used internally.