|
|
Issue
39 - March 2004
|
Firewall
in Place to Protect Our Network
By
S. K. Tsui
|
|
|
Everyday,
when you are working with your PC in your office drawing up
important documents, and utilizing resources offered by the
campus network, have you ever wondered if your data is 100%
safe or whether there is protection of any sort to prevent
intrusion from outsiders? In order to untangle some of your
concerns, the following article will give you some ideas on
what has been done to protect our campus network and what
you can do to enhance the security of your own PC.
Perimeter Firewall
As long
as your PC stays connected on the Internet, you are never
completely secure. A perimeter firewall, which is a security
system installed behind the Internet gateway, is therefore
necessary to protect our internal network from external threats
such as unauthorized access to our network, to enforce the
data flow between the campus and the Internet conforming to
our security policy.
Currently,
the mission of the firewall is to protect our network from:
-
Denial
of service attacks
Denial
of service attacks attempt to make servers or network devices
unavailable to users by consuming most of their processing
time by flooding them with thousands of requests or sending
misbehaved packets to try and make them crash. The firewall
protects our network by limiting the number of such requests
allowed to get through from the Internet and discard those
misbehaved packets from entering our network.
- Unauthorized
access to certain hosts and unregistered services
According
to individuals' requirements, one's computer may be configured
to provide various network services, such as Microsoft file
sharing, FTP and SMTP services, for personal or internal use.
Unfortunately, some of these services may have been misconfigured
or not well protected which made these systems easy targets
for the hackers. For example:
-
FTP (File Transfer Protocol) and NetBIOS over TCP/IP
(Microsoft file and print sharing)
FTP server and Microsoft File Sharing service provide
convenient ways to upload and download files over the
Internet. Unfortunately, if the FTP or the Microsoft
file service is misconfigured, such as allowing anonymous
logins or open accounts, hackers could easily hack into
the server, download valuable data, create back doors
and even gain control to the server. If the server allows
file uploads, hackers could upload viruses, share pirated
files and programs through the server.
- SMTP
(Simple Mail Transport Protocol)
Depending on the version of the SMTP server being used, hackers
can utilize the buffer overrun vulnerability to execute malicious
code in order to crash or gain access to the server. Moreover,
if a SMTP server has the relay feature turned on, the attackers
may utilize this feature to launch a SPAM attack on other
SMTP servers.
Fortunately,
our firewall can prohibit these hacking activities by blocking unauthorized
access to these unregistered services from the Internet.
-
The most common types of network probe are ping sweep and
port scans. Intruder sends a set of ICMP ECHO packets to
a range of IP addresses and collects the response. Once
live hosts are identified, the intruder will then perform
port scanning looking for services running on these hosts
and then issues attacks on any vulnerable ones found. In
this respect, the firewall can protect our hosts by identifying
these intruders and denying their traffics from entering
our network.
Personal
Firewall
The perimeter
firewall mentioned above aims to protect our entire network
from attacks coming from the Internet, but it cannot prohibit
attacks from the internal network. Furthermore, the policies
set in the perimeter firewall may not be able to provide sufficient
protection to a particular host with special requirements.
If you need additional protection on a particular host, you
may consider installing personal firewall.
A personal firewall is normally a software loaded with the
operating system to protect a single computer. You can define
more tightened security policies yourself to govern all the
data entering and leaving your computer.
Anti-virus
Program
Most firewalls
can do little to protect your PC against computer viruses.
More than 95% of computer viruses are spread through opening
e-mail attachments, downloading software, visiting malicious
URLs, and exploiting security holes in the operating system.
To prevent
your computer from being infected by computer viruses, you
must install an anti-virus program, and be sure to keep your
anti-virus software up-to-date. Also, the latest security
patches and updates of your operating system should be applied
frequently so that security holes can be eliminated.
Finally,
even though you have firewall, anti-virus program to safeguard
your computer, you still need to backup your data periodically
to prevent data loss due to unpredictable events such as hardware
failure and human mistakes.
|
|
|
|
|
|
|