Securing Your Network

Your network is actually the most important asset that you have, especially that if your work is depending totally on network and internet as for example e-commerce field.

Within this topic, we will talk about the techniques, ways, and solutions that can help us protect our network and minimize the risk of losing our business and get a bad impact.

So if you are ready, let's start ====>>>>>>

Firewalls

It is consists of a windowless, fireproof wall built to prevent the fire from spreading beyond one section of the building. By extension, the computing world uses the term firewall for a price of hardware or software which functions in a networked environment to prevent some communications forbidden by the network policy. It has the basic task of preventing intrusion from connected network devices into another networked device.

Ths firewall is the platform/system which denies any specific data or information from being transferred between an outside world which is known as "Network with NO Trust" and the inside world as the "trusted network"

It is worth to say that the most fundamental components of a firewall exist neither in software nor hardware, BUT inside the mind of the person constructing it.

So the Firewall may be:

• Separate computer system
• Service running on an existing router or server
• A dedicated network platform including a number of supporting devices

Now let us dive deeper into the Firewalls and understand the main functions achieved. So the most essential firewall functions include:

IP address conservation and traffic forwarding

It is a common to have the firewall functionality embedded within a router device allowing the network elements to interconnect with each other. Many network administrators use this function to help create additional subnets and controlling the access policy between the two networks. You should understand, however that firewall does not necessarily have to provide Network Address Translation (NAT), although still many firewalls allow you to use this feature.

Network differentiation

One of the main features of the Firewall is that it is building edge between the network you own and any other network. On the other hand, Firewalls allow us to control the traffic as it is deployed on the boundaries of the network. In addition of the main position of the firewall between public and private networks, many times, a firewall is deployed within a company network to further differentiate certain company divisions  ( such as research and development or marketing) from the rest of the network.

Protection against DDoS, scanning, and sniffing attacks

The firewall commonly detects and scans the traffic traversing through it in the inbound and outbound direction. With this function, the firewall can block or shape aby type of traffic.

IP and Port Filtering

It is the ability to allow to reject a connection based on IP address and port, which is the most understood function of the Firewall. Generally, this type of filtering is accomplished using packet filters ( as ipchain and iptables in Linux). Packet filters can be quite complex because you must always consider that traffic can be filtered according to the source of the packet, as well as the packet's destination.

Content Filtering

It is the type of firewalls that can control traffic by inspecting the URL and page content, then map them to a list of URL categories, based on the policy in place then the firewall can block unwanted content.

Packet Redirection

There are some cases that we need to modify some applications working on a specific host to use different common ports other than the default. As an example if you deployed a proxy with squid SW on a dedicated server, then you want to let the firewall redirect all traffic on ports 80 and 443 to the proxy server, then you actually enabled the redirection feature. 

Enhanced authentication and Encryption

The Firewall has the ability to authenticate users and encrypt transmission between itself and the firewall of another network.

Supplemented Logging

Actually, this is one of the most significant feature and benefits available in the firewall, that is providing all details about the traffic passing through the network within the firewall and providing a logging reports about network behavior. You can learn for example about port scans and various connections to your systems.

Going deeper in Firewalls will lead us to talk about the types of firewalls and what are the major features and specifications of each type.

     1.Packet Filtering Firewall

It is also called First Generation Firewalls, as they are simple networking devices that filter packets based on their headers as they travel to and from the organization. Usually is a router retrofitted with extra software for packet filtering.

Below some points summarizing the features/limitations of this type of firewall

• Check the Address, packet type, or port of every header of the traffic passing through it, and apply the action based on the policy
• Works on the Network/Transport Layer of the OSI Model
• It normally leaves site/assets open to untrusted vulnerabilities
• The restrictions most commonly implemented and based on

1. IP source and destination address
2. Direction (inbound or outbound)
3. TCP or UDP source and destination port-requests

      2. Second Generation Firewall

It is also Called Application Firewalls. It is frequently a separate system from the filtering router and quite commonly used in conjunction with a filtering router.

The application firewall is also known as a proxy server since it runs a special software designed to serve as a proxy for a service request, with this the proxy server is exposed to outside rather than the Web server in the DMZ

DMZ is a Demilitarized Zone which is defined as an intermediate area between a trusted network and an untrusted network.

      3. Stateful Firewall

This is called also the Third generation Firewall, which keeps track of each network connection established between internal and external systems using state tables. these state tables track the state and context of each packet in the conversation by recoding which station sent what packet and when

Below some points summarize the features and disadvantages of this type of firewalls

• It is improving the level of security and the ability to filter packets
• It keeps the information about each connection established.
• The packet processing is faster as the firewall already has information about the related packets within the state table.
• it has the ability to timeout the sessions which do not have traffic for a certain period
• The primary disadvantage is that it requires additional processing requirements for managing and verifying the packest against the state table.

In coming articles we will explore more about the Firewalls and how to chose the best firewall suites your needs, and the critiria considered in placing the firewall within the network.

 Virtual Private Network (VPN)

This is a network offering the capability of interconnecting private network resources, such as workstations, or servers - for example, Bank- over public networks such as the internet. It also encrypts the data from one end, transmits the encrypted data across the public network, and decrypt it as the other end.

So as we know now what the VPN is, let us know more about its advantages:

• VPN lower the communication costs for the enterprise while allowing for secure communication of its remote users and offices.
• Extend firewall technology to provide secure remote access to the corporate network.
• VPNs are the flip side of firewalls. Firewalls keep unauthorized users off the corporate network while VPNs provide authorized remote users with secure access to the corporate network.

But is there a type for the VPNs, Answer is Yes, and they are listed below:

1. Client VPN: which is client software runs on the client PC and establishes a connection to a VPN concentrator in the corporate office.
2. Site-to-Site VPN: which is VPN tunnel established between two VPN devices, one in each office

Intrusion Detection System (IDS)

The IDS is defined as a system that is capable to detect, recognize and log any unwanted or untrusted network actions. It is actually a simple sniffer with some intelligence built into it. So it did not actually detect intrusions - it detects activity in traffic that may or may not be an intrusion.

It monitors network resources to detect intrusions and attacks that were not stopped by preventative techniques (firewall, packet-filtering routers, proxy servers) and expands available options to manage risk from threats and vulnerabilities.

Intrusion Prevention System (IPS)

It is actually blocking attacks rather than simply monitoring for them with intrusion detection systems is slowly gaining ground inside corporations and government agencies, despite worries about disrupting legitimate traffic.

But many organizations often do not use the full blocking capabilities of these products, whether installing them in a firewall-based internet zone or deep inside a corporate LAN. In order to make sure that IPS will not make false positive by blocking legitimate traffic, it is common that the corporates deploy the IPS in mixed mode. 

So the IPS is, in reality, a combination of the IDS with application-level awareness and a Firewall with network-level awareness.
It seems that as time goes on firewalls, IDS and IPS take one more attribute from each other and blur the line even more.

Honeypots

This is a false system that attracts intruders and gathers information on methods and techniques they use to penetrate networks, by purposely becoming victims of their attacks, so that to simulate unsecured network services.

Unlike firewalls, IDS or IPS, Honeypots do not solve a specific problem. These are actually networks/systems with many features tools with different forms and sizing. They are capable to do any type of attack detection or sniffing the sensitive information. It is the flexibility that gives Honypots their true power. It is also the flexibility that can make them challenging to define and understand.

How Does it Fit All together

Actually, in order to make your network secure and stay in the safe side, all the above solutions/techniques must be in place, so that each solution (and others) has its own functions and benefits, and all are building what is called in the security world Defense In-Depth Scenario.