Previous | Table of Contents | Next |
To assess the risks of Internet connections, three questions should be considered:
The first question to ask when considering Internet connectivity is, if something happens to the network, will it put the organization out of business? Connecting to public networks greatly increases that chance of something happening, and that factor must be evaluated in designing an Internet connection. Regardless of whether a security problem could put an organization out of business, the kind of business damage that downtime or system clean-up might cost must be estimated.
Organizations with intellectual property or private data must also consider the potential for disclosure of trade secrets or the liability if a customers private information is divulged. If an organization, for example, handles patient records, customer financial or credit card information, personal data, customer home addresses and demographic information, corporate attorneys should be consulted for information about effective business practices in the industry, and the data should be protected accordingly.
One approach that is effective in determining what a firewall should do is the process of service-oriented requirements analysis. Rather than simply relying on technical details about what a firewall should provide, a list of the network services of which the organization wants to take advantage should be compiled. A typical set of Internet services can include:
Based on the list of services to be provided to an organizations users, any special requirements should be considered that may mandate additional security services. The organization should determine what kinds of audit trail or records (if any) are required that relate to transactions traveling through the network. An organizations requirements should be modeled on other real life services the organization uses, and the security policies should remain consistent. For example, if a security policy states that users cannot FTP data out, those users should not be able to send E-mail or mail floppy disks with data through the postal system. A consistent approach to security is key to a security program that works, or at least, does what the designers intended it to do.
Another important consideration when approaching security is the growth plan for the organizations network. For example, if a firewall or Internet connection is installed that provides a few services today, will that solution work three years from now? This does not mean that the same hardware will be in place, because the lifecycles of network equipment for Internet connections are fairly short. The basic architecture that is put in place is likely to be viable in the long term.
A firewall should be thought of as a gap between two networks, filled with something that lets only a few selected forms of traffic through. The designers of the firewall should be able to explain the mechanism that enforces the separation, as well as the mechanisms that carry data back and forth. Another important aspect of a firewall is how well it protects itself against attack. In other words, the firewall itself should not be easy to break into, because breaking into the firewall will give an attacker an entree into an organizations entire network.
The simplest and most popular form of firewall is router screening. Most commercial routers have some kind of capability built into them to restrict traffic between destinations, while permitting other traffic, for example. Screening routers operate only at the network level and make all their permit or deny decisions based on the contents of the TCP/IP packet header. They are very fast, very flexible, and inexpensive, but they lack the ability to provide detailed audit information about the traffic they transmit. Screening routers have often proved vulnerable to attack, because they also rely on software being correctly configured on the hosts behind them. Many experts, for this reason, prefer to avoid screening routers as a sole defense.
A second form of firewall is the dual-homed gateway, which is a system with two network interfaces that sits on both the protected network and on the public network. Because the gateway can communicate with both networks, it is an ideal place to install software for carrying data back and forth. Such software agents are called proxies and are usually customized for the service that they are intended to provide. For example, a dual-homed gateway that has a proxy for WWW traffic has some form of agent running on it that manages to make requests to the remote networks on behalf of the user.
Proxy firewalls (also known as application firewalls) are attractive to many sites, because the proxies are able to perform a detailed audit of the data passing through them. According to many experts, they are also more secure, because the software proxies can be customized to specifically deflect known attacks to which the host software behind the firewall might be vulnerable. The main disadvantage of proxy firewalls is that they are sometimes not completely transparent, and they do not support protocols for which a proxy has not been developed.
Recently, a number of firewalls based on dynamic packet filtering have appeared on the market. A dynamic packet filter firewall is a cross between a proxy firewall and a screening router. To the end user, it looks like it is operating only at the network level, but the firewall is examining the traffic as it passes by, just like a proxy firewalls proxy application does. When a user connects out through the firewall, it records that fact and allows data to come back in (i.e., through the firewall) to the user for the duration of that session. Dynamic packet screening firewalls are an attractive technology that is still evolving, but which shows promise for the future.
Previous | Table of Contents | Next |