Computer Networking and Management

By M J I - Maldives

Task 1

a) In context of firewalls, explain the operation of a packet filtering router and an application gateway (sometimes referred as an application proxy)

What does firewall means? As far as my knowledge goes, firewall is some kind of system or group of systems which enables to control access and sets privileges between two networks. The most common boundary in firewall is between a trusted and an un-trusted network. A perfect and secure firewall would not interfere with users’ activities or any transfers between authorized networks. Network firewalls mainly operate in different layers of the OSI model. The lowest layer in which the firewall operates is in the network layer. In this layer the internet protocol for TCP/IP will determine if the packet is from a trusted source. Special privileges cannot be assigned to grant access or deny in this layer. Firewall which works at the highest layer of OSI layer is on Application layer, where granting access is more easy because at application layer a large collection of information including the source and packet contents will be known. The network would be more secure if packets are intersected and analyzed at lowest levels of OSI model. It is mere impossible to gain access for an intruder pass the third layer of OSI model.

A great feature of router is that it has the ability to block the flow of broadcasts between network segments. Routers also have the ability to filter out certain traffic. That is when two networks are connected there are certain data the destination network should be able to access from the main network. To grant this, IP filtering is configured in to the routers so this would enable encryption and security and will prevent unauthorized access.

Cisco routers provide a couple of methods for filtering traffic. The simplest is Standard Access List, which enables to filter from a certain subnet range to a specific IP address. Extended Access Lists are used for advance IP filtering. This allows filtering source address, destination address and services. Also there is an option to select static packet filtering or dynamic packet filtering. Cisco Access Lists perform static packet filtering by default and dynamic packet filtering is an option.

Static packet filtering offers very simple protection against attacks; they could be said as non-intelligent devices. Minimum amount of information is monitored to determine the security levels in a static packet filter. The reason is static packet filtering can be used to implement security when the risk is minimal. Dynamic packet filtering is very advanced and intelligent method. It makes the traffic control decisions based on the packet attributes and state table.

Depending on the kernel, applications can be used to configure a Linux system to act as a router. This means that the packets are sent from one network to another. At these levels Linux routers do not examine or filter any traffic. It simply ensures that all traffic addressed to a remote network gets sent to it.

The main four main types of firewall techniques are packet filtering firewalls, circuit level gateways, application gateways and proxy server. In this paper packet filtering firewalls and proxy server firewall techniques are only highlighted. In �Packet filtering’, where the core is on a multi-homed machine, which decides to forward or block a packet. This is based on a set of rules. The second type is �proxy server’ that relies on a program to provide authentication and forwards packets on a multi-homed machine. (Gary & Alex, 2007)

A Packet filter works at the network layer of the OSI model. The practice of examining and blocking traffic is called packet filtering. Daemons such as Squid also allow you to examine and block traffic. However Squid is not a packet filter, it is a proxy server that is designed to operate at the application layer of the OSI model.

A packet filtering router has an addition included that of the router. IT checks each packet and compares it with the set of rules set to it, and decides to forward or block it. Every packet goes through these set of rules and if the match is found, action is obeyed. Actions include dropping packet or informing sender with packet status. The packets are checked in packet orders and on first match first serve basis. The packet order depends on the source IP address of the packets, destination IP address, the destination port numbers or even packet types. Some examples of packet types are UDP, TCP, ICMP...etc.

An application gateway is an application program which is programmed on a firewall that runs between networks. Then one system (the client) sends message to other (destination computer), the packet is first connected to a proxy. Then the client program agrees with the proxy server in order to communicate with the destination computer. Then behind the firewall, the proxy server establishes a trust connection between client and destination computer. (Webopedia n.d.)

The primary difference between a packet filtering router and a proxy server is that a packet filtering router does not check network packets as intensely as a proxy server does. And packet filtering firewalls are generally faster than other technologies, because they perform fewer evaluations and can be easily implemented as hardware solutions. And packet filters don’t need a server or client computer specifically configured, it does all the work. (Evolution of the firewall industry, 2002)

But packet filters do not understand application layer protocols and they don’t keep any log of the sessions. Packet filters have very limited capabilities to do anything to a packet.

Proxy server requires more system resources in order to process network packets. Proxy server can sometimes be slow when taking in requests, especially if the machine is not powerful enough. This is a why packet filters and proxy servers are both necessary in a network. The packet filter blocks plus filters majority of traffic and proxy server inspects only certain types of traffic types.

A proxy server can do logging which is associated with gateway server that is separated from the outside network and firewall. Proxy servers can help cache frequently visited sites by users. And proxy servers are more secure than normal servers.

b)

Early 2000, a network was in placed at PEM Maldives Private Company (in The Maldives) with five computers. Later that year the network was upgraded and held 12 computer systems. Computers are connected to a main 24 port switch to with 1MB internet connection

...