How to Implement Antivirus Filtering - Case Study Example

? Computer Sciences In APA Format The invention of the internet has made life unimaginably easier, one can shop online, transfer money online, book movie tickets online, book airline tickets online and in addition to this complete a host of other important tasks with just a few clicks. Websites like Amazon and Ebay have taken online selling to the next level. When there are so many pros, one ought to fine cons too. There have been several instances of hacking in the past; recently the American intelligence website was hacked, credit card numbers are stolen on a regular basis. Considering all these cons, one must ensure that a good firewall is in place to keep the hackers at an arm’s length, keeping them at bay is an arduous task. This paper will shed light upon internet firewall security and how a good firewall can protect a person from malware, Trojan horses and other undesirable viruses. Firewall Basics: “The term "fire wall" originally meant, and still means, a fireproof wall intended to prevent the spread of fire from one room or area of a building to another. The Internet is a volatile and unsafe environment when viewed from a computer-security perspective, therefore "firewall" is an excellent metaphor for network security.” (What is a firewall?) Firewall is not something general, it means several specific things and it is supposed to do several important things to ensure that a user is safeguarded against attacks. Packet filtering is perhaps the most important job of a regular firewall. All the internet activities like downloads, chats and so on are done in packets, and these packets contain information. Firewall must ensure that these packets are either allowed or disallowed based on the source of the internet protocol address known as the IP address. The destination port of these packets is also very important, the firewall is supposed to allow or disallow these packets purely on the basis of their destination port. Firewall must follow a protocol and allow or disallow packets or information based on the set protocol. This method of packet filtering is highly effective against malware and other dangerous attacks but this is not a foolproof plan. All traffic can be blocked by a firewall which does not make much sense; it should allow certain packets which are safe for the user to receive. It has its weaknesses like it becomes very difficult for a basic firewall to detect spoofing which means the information contained in the packets is falsified. Allowed packets may contain a bug which can retrieve a password and cause unwanted actions, a basic firewall is vulnerable to these dangers. Circuit relay is another type of firewall which provides enhanced security, application level gateway is perhaps the most advanced of all and provides even better security. Static Packet Filtering: “Static packet filtering is a firewall and routing capability that provides network packet filtering based only on packet information in the current packet and administrator rules.” (Statistic Packet Filtering) Static packet filtering is based on the following important things: The administrator defines rules. The allowed ports and IP addresses are set by the administrator and only the allowed ports are allowed to send and receive packets. The transport layer contents, the network and the packet contents are all determined by the administrator. Better level of security is provided by the dynamic packet filtering. Static packet filtering does not look at the contents closely, on the contrary dynamic packet filtering screens contents very closely, previous connection states are also considered by dynamic packet filtering which static packet filtering fails to do. The packet headers are very important under static packet filtering, the information stored in the headers determines whether packets should be allowed or dropped. These headers are compared against the control policy which is set by the administrator. Below is an illustration which presents the same concept very comprehensively. (Static Packet Filtering, 2011) SPI for Main Border Firewalls: SPI stands for Stateful Packet Inspection. The SPI is the most dominating technique when it comes to main border firewalls. Its flexibility is one of its biggest pros; it is capable of handling almost anything like ICMP flow, UDP and TCP. If only one FW is used then this is the best choice, no other thing can ever come close to it when only one FW is used. Some SPI are more than capable of doing application-level filtering. It is very simple and very reasonably priced; it is least expensive when it comes to security and safety measures. It has a few cons too; the user may find that the ACL rules may be too complex. The ongoing connections are filtered easily and quickly, this is another of its pros. It could take a lot of time if the connection table has grown large. It is arguably the most cost effective. A standard operating system is good enough to ensure its smooth functioning. Network Address Translation (NAT): An entire group of computers can be represented by a single IP address thanks to NAT; NAT allows a single device to act as an agent between a local network and the internet. It is ideal to use NAT these days because there is a severe shortage of IP addresses. This is not the only reason to use NAT; there are a host of other reasons also to use NAT. NAT can be understood with the help of an opportune example, a receptionist is the one who is responsible for forwarding calls or dropping them, you can request the receptionist and tell her to forward a specific call if you are expecting it, the receptionist checks the call and confirms the extension when an important client calls and the receptionist knows that this is an important call and it should be forwarded. NAT does exactly the same; it can allow or disallow several packets depending on the set of rules laid out. Static NAT, Dynamic NAT, Overloading and Overlapping are some of the types of NAT. These work in different ways and perform a plethora of operations. NAT can also be used as a firewall; it can easily keep external connections to the network at bay. Port number translation is also carried out by NAT. 65k connections can use a single IP address. Below is an illustration which will shed more light upon how NAT works. (NAT, 2011) Application Proxy Firewalls: “A proxy or proxy server is a technique that acts as an intermediary between a Web client and a Web server. A proxy firewall acts as a gateway for requests arriving from clients. When client requests are received at the firewall, the final server destination address is determined by the proxy software. The application proxy translates the address, performs additional access control checking and logging as necessary, and connects to the server on behalf of the client.” (Application Proxy Firewalls) Application proxy firewalls are mainly used to enhance the security of a system. These are very complex when it comes to implementing them, arguably the most complex of all the firewalls when it comes to implementing. The filtering decisions are made on actual application data under application proxy firewalls. There are several limitations of application proxy firewalls; proxies are incapable of handling large number of requests. Proxies can only handle a handful of requests, this is the biggest limitation. Packet-filtering firewalls perform much better and faster than application proxy firewalls. Application proxy firewalls need more time to complete a request when compared to packet-filtering firewalls, they tend to be slow and very frustrating. Cost wise also application proxy firewalls are least popular when compared to packet-filtering firewalls, application proxy firewalls are quite expensive, on the contrary packet-filtering firewalls are very reasonably priced. These were some of the biggest cons of application proxy firewalls when juxtaposed with packet-filtering firewalls. IDS and IPS: IPS stands for intrusion prevention system and IDS stands for intrusion detection and prevention system. The internet is full of malicious activities and these two are mainly responsible for monitoring and preventing any malicious activities. IPS aims at detecting, blocking and reporting anything malicious in nature. IDS and IPS have some differences, both prevent malicious attacks from occurring but IPSs are placed in-line which is not the case with IDS and IPS actively prevents malicious attacks from taking place. CRC errors are also corrected by IPS, it can also reset the connection upon detecting something malicious, and it can also send an alarm to prevent malicious attacks. Unwanted transport can also be cleaned up by IPS. Antivirus Filtering and Firewalls: Sending and receiving e-mails is very popular, malware and viruses can also spread through e-mails. The files are very often disguised by the sender, it may appear to be a JPEG file but when it clicked it becomes an .exe file which runs on the system and corrupts it. Such disguise can be detected by antivirus filtering and firewalls. Many viruses spread through e-mails and it can easily be prevented by setting up antivirus filtering and firewalls so that the system remains free of malicious attacks. “Also consider that virus-scanning email adds more load on the server. This is because the antivirus filter must extract and test every attachment that goes through the server. It is advisable to adjust the MTA maximum transfer threads under the MTA properties to ensure that the number of concurrent instances of virus scan agents is appropriately configured. Consider that each transfer thread could potentially mean a different concurrent instance of the agent’s command line scanner.” (Antivirus Filtering) Firewall Architecture and Firewall Management: Building firewall architecture is a very daunting job; it is a backs to the wall job because it can have serious ramifications on the security of the user. Firewall management involves reading logs which contain information about rule activities, how the traffic flows, whether any rules have been violated or not and whether there are any denied probes and if there are why they have been denied. There are different architectures like the dual home host architecture, the screened host architecture and the screened subnet architecture. Defining policies is perhaps the most important step when it comes to managing a firewall, it must be very clear which packets to allow and which ones to deny, implementing these policies is the next step to ensure nothing malicious is allowed to enter into the system. Log files present a lot of information and are crucial when it comes to managing firewalls, a lot of important trends can be learned by an in-depth reading of the log files. Lastly, there are a lot of problems that firewalls usually face, the desirable services are often blocked by firewalls. For instance, EA Sports FIFA game may be blocked by a firewall from launching, this can be very hard to detect and the user may think that he has graphic card problems or his Direct X files are outdated. It can cause a lot of chaos and discomfort. Firewalls offer a huge potential for backdoors, this has been exploited to the very maximum by several hackers. Insider attacks can be very difficult to prevent and firewalls have done very little to prevent insider attacks. Newer clients have not been designed to work particularly well with firewalls; this can result in a serious and a very damaging attack on a system which may not be detected by a firewall. Firewalls many a time forward multiple IP transmissions without even checking them properly; these transmissions can easily contain malicious data which might easily harm a user. Bottleneck is another problem, all the data must pass through a firewall and this causes a bottleneck. “A firewall system concentrates security in one spot as opposed to distributing it among systems. A compromise of the firewall could be disastrous to other less-protected systems on the subnet. This weakness can be countered; however, with the argument that lapses and weaknesses in security are more likely to be found as the number of systems in a subnet increase, thereby multiplying the ways in which subnets can be exploited.” (Other Issues) In spite of these limitations and disadvantages it is recommended to use a firewall to block any packets which may contain malicious data. References Antivirus Filtering (2011). How to Implement Antivirus Filtering. Retrieved from http://www.mailenable.com/Help/Files/antivirusfiltering.htm Application Proxy Firewalls (2011). Universal Database. Retrieved from http://publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp?topic=/com.ibm.db2.udb.doc/admin/c0007400.htm NAT (2011). Firewalls. Retrieved from http://www.cse.chalmers.se/edu/year/2010/course/EDA491/slides/8.%20Firewalls.pdf Other Issues (2011). Little Protection From. Retrieved from http://www.vtcif.telstra.com.au/pub/docs/security/800-10/node43.html#SECTION00534000000000000000 Statistic Packet Filtering (2011). Comtech Doc. Retrieved from http://www.comptechdoc.org/independent/security/terms/static-packet-filtering.html Static Packet Filtering (2011). Client Server. Retrieved from http://jaipals.com/wp-content/uploads/2011/05/Static-Packet-Filtering.png What is a firewall? (2011). PC Help. Retrieved from http://www.pc-help.org/www.nwinternet.com/pchelp/security/firewalls.htm Read More