Firewalls and proxy servers

avatar
Created by
Livi

Cards (10)

  • A firewall is a security feature that monitors both incoming and outgoing network traffic, preventing unauthorised access to your network.
  • A firewall sits between the two networks; a trusted network (such as your home network) and an untrusted network (such as the internet). The firewall will attempt to prevent malicious traffic entering the network. It can also be configured to prevent certain types of data from leaving the network. Sophisticated firewalls might also carry out more intelligent filtering called stateful inspection.
  • A firewall will check the headers of the packets arriving from the untrusted network against a set of rules or packet filters defined by the network administrator. This is called static filtering. These rules, sometimes called an access control list or ACL, prohibit traffic based on the packet header fields, which include source IP address, destination IP address, port number, and protocol.
  • For example, the protocol SSH is used to remotely manage computers, so firewalls often block this protocol, and its usual port number 22, if a request is sent from an untrusted network. This would stop anyone trying to use SSH to attack the network. If a request to use the SSH protocol or open port 22 is received by the firewall, it will drop the packet and the connection will fail. The firewall might also return a rejection notice to the sender.
  • Simple firewalls that use static filtering rules to check the packet headers to allow or reject packets through the firewall are sometimes called stateless, because they only inspect headers, and do not monitor the state of the connection once the packets are flowing.
  • A firewall that only checks the packet header is of limited use in preventing attacks. Hackers may establish a seemingly legitimate connection — possibly by phishing — and then exploit that connection for malicious purposes. For example, a hacker might connect properly via TCP, and then plant malware or steal data. Static filtering won't prevent this, as it will see all the traffic as legitimate. To protect against this type of attack, the firewall needs to perform stateful inspection.
  • Stateful inspection (also sometimes called dynamic filtering) means continuously monitoring incoming and outgoing traffic after a connection is established, analysing packet types, looking inside the payload of the packet rather than just the header, and checking for suspicious activity. For example, if a connection starts carrying lots of data outbound from the trusted network over a TCP connection to a web browser, then it could mean that data is being stolen. The firewall could then intervene to drop the connection and thwart the attack.
  • Stateful inspection requires the firewall to maintain a connection table (or state table), which keeps track of all of the conversations going on between the trusted and untrusted networks. This ensures that all inbound and outbound packets are expected, because they match a record in the connection table for the relevant protocol, port, and pair of IP addresses.
  • proxy server sits between the client devices and the firewall. It provides anonymity to the clients, keeping their true IP addresses hidden. It can also keep a cache of websites, serving them from its cache wherever possible, which speeds up user access and reduces network traffic. In addition, the proxy server may log all user activities, such as recording a list of the websites that the user has attempted to visit.
  • As a proxy server provides anonymity to the client, this property is sometimes taken advantage of by people who wish to hide their IP address. Sometimes people will use a proxy server to hide the geographical location of their IP address; for example, accessing a video streaming website via a proxy server might allow the user to access videos that are not permitted in the user's country but are permitted in the country where the proxy server is geographically based. The morality (and sometimes the legality) of using a proxy server in this way is often questionable.