firewall software

Computer Security

2004-08-16T20:22:00.000-07:00

The term computer security is used frequently, but the content of a computer is vulnerable to few risks unless the computer is connected to other computers on a network. As the use of computer networks, especially the Internet, has become pervasive, the concept of computer security has expanded to denote issues pertaining to the networked use of computers and their resources.
The major technical areas of computer security are usually represented by the initials CIA: confidentiality, integrity, and authentication or availability. Confidentiality means that information cannot be access by unauthorized parties. Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous. Integrity means that information is protected against unauthorized changes that are not detectable to authorized users; many incidents of hacking compromise the integrity of databases and other resources. Authentication means that users are who they claim to be. Availability means that resources are accessible by authorized parties; "denial of service" attacks, which are sometimes the topic of national news, are attacks against availability. Other important concerns of computer security professionals are access control and nonrepudiation. Maintaining access control means not only that users can access only those resources and services to which they are entitled, but also that they are not denied resources that they legitimately can expect to access. Nonrepudiation implies that a person who sends a message cannot deny that he sent it and, conversely, that a person who has received a message cannot deny that he received it. In addition to these technical aspects, the conceptual reach of computer security is broad and multifaceted. Computer security touches draws from disciplines as ethics and risk analysis, and is concerned with topics such as computer crime; the prevention, detection, and remediation of attacks; and identity and anonymity in cyberspace.
While confidentiality, integrity, and authenticity are the most important concerns of a computer security manager, privacy is perhaps the most important aspect of computer security for everyday Internet users. Although users may feel that they have nothing to hide when they are registering with an Internet site or service, privacy on the Internet is about protecting one's personal information, even if the information does not seem sensitive. Because of the ease with which information in electronic format can be shared among companies, and because small pieces of related information from different sources can be easily linked together to form a composite of, for example, a person's information seeking habits, it is now very important that individuals are able to maintain control over what information is collected about them, how it is used, who may use it, and what purpose it is used for.

Personal firewalls: Don't run your PC without one

2004-08-16T20:17:00.000-07:00

Who needs a personal firewall and why?
Firewalls aren't just for big companies anymore. Nowadays, they make sense for almost everyone.
Some time ago, firewalls became an indispensable tool to protect critical information on computer systems. That's because firewall technology has been perfected over the years due to overwhelming demand by corporate information technology (IT) staffs, which save companies millions of dollars every year by preventing corporate crime.
A firewall acts like a protective gateway that shields a private computer user or network of users from external threats, such as hackers and viruses.
More recently, "personal firewalls" have been made to suit individual PC users too. That means families, small office/home office (SOHO) users, road warriors, telecommuters and students have an easy way to prevent personal identity and data theft and ensure peace of mind.
In its 2003 "Predictions for Security and Privacy" report, the research firm Aberdeen Group estimates that the number of reported security-related incidents will escalate dramatically to more than 200,000 by the end of 2003. Even more disturbing is the number of unreported security incidents, which will climb from an estimated 4.1 million in 2001 to 15.9 million in 2003, according to the report.
Numbers like these show the need for vigilance in protecting our vital information and data assets. Advances in technology that allow for 24-hour Internet connections and innovative computer equipment also open up these systems to more pervasive intrusions. Individuals use the Internet to work, research, play and communicate, without realizing that their personal information is easily accessible to anyone with the right equipment. Many attacks happen without the victim's knowledge.
Personal computer hardware and software is often a notable investment. Yet the sensitive data stored on our systems is exponentially more important and costly to replace. Think about what you store on your own computer — perhaps it is financial data, private communications, pictures, proprietary files, personal data or passwords. If you run a small business, it may include client lists, accounting information, proposals and contracts, and sales prospect lists.
The Federal Trade Commission estimates the cost to recover a stolen identity or stolen personal data at between $500 and $1,000. However, personal liability and damaged relations with clients and others affected by a theft can quickly multiply your costs. Personal firewalls, which are affordable and easy to use, prevent these scenarios, and protect your credibility and finances.
On an unsecured computer, risk is not diminished if you are only online briefly or are careful not to submit personal information to unknown sites. The chance of having your computer scanned and accessed is substantial, due to the high number of free port scanners available today. Hackers use these scanners to sweep the Internet. The scanners look for computers with open ports that they can connect back to the hacker's local drive, allowing the intruder total access to your computer's files.
New threats arise from computer vulnerabilities each day. Personal firewalls, unlike corporate firewalls, offer a way to protect your personal PC or traveling laptop/notebook, no matter where you are or how you connect to the Internet. You're secure if you take your laptop on the road, dial in from a hotel or airport, use your laptop at school, or work at a local Internet café, regardless of the ISP. Firewalls also protect against some Trojan horses by blocking an outgoing connection attempt when necessary.

Data Processing Techniques Used in Intrusion Detection Systems

2004-08-16T20:15:00.000-07:00

Depending on the type of approach taken in intrusion detection, various processing mechanisms (techniques) are employed for data that is to reach an IDS. Below, several systems are described briefly:
Expert systems, these work on a previously defined set of rules describing an attack. All security related events incorporated in an audit trail are translated in terms of if-then-else rules.
Signature analysis Similarly to expert System approach, this method is based on the attack knowledge. They transform the semantic description of an attack into the appropriate audit trail format. Thus, attack signatures can be found in logs or input data streams in a straightforward way. An attack scenario can be described, for example, as a sequence of audit events that a given attack generates or patterns of searchable data that are captured in the audit trail. This method uses abstract equivalents of audit trail data. Detection is accomplished by using common text string matching mechanisms. Typically, it is a very powerful technique and as such very often employed in commercial systems
State-transition analysis Here, an attack is described with a set of goals and transitions that must be achieved by an intruder to compromise a system. Transitions are represented on state-transition diagrams.
Statistical analysis approach This is a frequently used method. The user or system behavior is measured by a number of variables over time. Examples of such variables are: user login, logout, number of files accessed in a period of time, usage of disk space, memory, CPU etc. The frequency of updating can vary from a few minutes to, for example, one month. The system stores mean values for each variable used for detecting exceeds that of a predefined threshold. Yet, this simple approach was unable to match a typical user behavior model. Approaches that relied on matching individual user profiles with aggregated group variables also failed to be efficient. Therefore, a more sophisticated model of user behavior has been developed using short- and long-term user profiles. These profiles are regularly updated to keep up with the changes in user behaviors. Statistical methods are often used in implementations of normal user behavior profile-based Intrusion Detection Systems.
Neural Networks Neural networks use their learning algorithms to learn about the relationship between input and output vectors and to generalize them to extract new input/output relationships. With the neural network approach to intrusion detection, the main purpose is to learn the behavior of actors in the system. It is known that statistical methods partially equate neural networks. The advantage of using neural networks over statistics resides in having a simple way to express nonlinear relationships between variables, and in learning about relationships automatically.
User intention identification This technique (that to our knowledge has only been used in the SECURENET project) models normal behavior of users by the set of high-level tasks they have to perform on the system. These tasks are taken as series of actions, which in turn are matched to the appropriate audit data. The analyzer keeps a set of tasks that are acceptable for each user. Whenever a mismatch is encountered, an alarm is produced.
Machine learning This is an artificial intelligence technique that stores the user-input stream of commands in a victories form and is used as a reference of normal user behavior profile. Profiles are then grouped in a library of user commands having certain common characteristics.
Data mining generally refers to a set of techniques that use the process of extracting previously unknown but potentially useful data from large stores of data. Data mining method excels at processing large system logs (audit data). However they are less useful for stream analysis of network traffic. One of the fundamental data mining techniques used in intrusion detection is associated with decision trees. Decision tree models allow one to detect anomalies in large databases. Another technique refers to segmentation, allowing extraction of patterns of unknown attacks. This is done by matching patterns extracted from a simple audit set with those referred to warehoused unknown attacks. A typical data mining technique is associated with finding association rules. It allows one to extract previously unknown knowledge on new attacks or built on normal behavior patterns. Anomaly detection often generates false alarms. With data mining it is easy to correlate data related to alarms with mined audit data, thereby considerably reducing the rate of false alarms.

Firewalls protect your system

2004-08-16T20:10:00.000-07:00

If you spend a lot of time on the internet and you are not behind a firewall, then you are living on borrowed time. Putting some protection between you and the internet is probably the third most important thing that you can do.
As you see, someone on the internet can attack the computer system easily as the DSL modem provides no protection (some DSL modems have built-in firewalls). An attacker can get through any type of modem - DSL, cable, 56K, 28.8 or whatever. If the device gets you on the internet, you are vulnerable.
For those with a DSL, cable modem or other "always-on" connection, you MUST get a firewall. This is critical, as your machine is always live and it most likely has a fixed IP address. This makes it easier for your system to be "found" and attacked.
What a personal firewall does is isolate your computer from the rest of the internet. It does this by inspecting each packet of data to determine if it should be allowed to get to (and in some cases from your machine.) The best protection completely hides your computer - this is called stealth mode.
You have the option of installing a software firewall or a hardware firewall.
Software Firewall - A software firewall runs on your computer system in the background. It intercepts each network request and determines if the request is valid or not. Software firewalls offer the following advantages:
They are generally very inexpensive
They are very easy to configure
They have the following disadvantages:
Since they run on your computer they require resources (CPU, memory and disk space) from your system.
They can introduce incompatibilities into your operating system.
You must install exactly the correct version for your operating system.
You must purchase one copy for each system on your home network.
Hardware Firewall - A hardware firewall is generally a small box which sits between your computer and your modem. In general, hardware firewalls have the following advantages:
They tend to provide more complete protection than software firewalls
A hardware firewall can protect more than one system at a time
They do not affect system performance since they do not run on your system.
They are independent of your operating system and applications.

Internet Security Solutions

2004-08-16T20:09:00.000-07:00

Getting discouraged about connecting to the Internet or doing any real work on it? Don't be. There are ways to protect your system against the threats we've described. There isn't a magic Internet security bullet. The best security solution isn't a simple solution, but a collection of strategies and techniques. Your own site's security philosophy, the characteristics of your users, the type of data you're protecting, and your budget all help determine the right approach for you. Here are some suggestions.
Enforce Good Host Security With host security, you enforce the security of every machine at your site separately, and you make every effort to learn about, and plug, any security holes that your particular operating system presents. Although host security isn't a complete solution to Internet risks--there are simply too many machines, vendors, and operating systems to be sure that you've successfully been able to secure them all--you need to make sure that every system on your local network is as secure as you can make it. Systems exposed directly to Internet traffic need especially strong host security. Encryption of Files and Email If you use good encryption, then even if an intruder gets access to your files and messages, he won't be able to make sense of them. There are many types of encryption programs. Make sure to use one that uses a strong cryptographic algorithm. Although it's been around a long time, the Data Encryption Standard (DES) is still a pretty sound private key encryption algorithm, particularly if you use a variant. The RSA algorithm is the premier public key algorithm. PGP is a program that implements the RSA algorithm and is freely available on the Net (for noncommercial use within the United States). In PGP: Pretty Good Privacy, Simson Garfinkel describes how to use PGP to encrypt files and email and how to "sign" your email with an unforgettable digital signature, proving to recipients that your messages were sent by you and weren't modified during transmission. The book also contains a fascinating, behind-the-scenes look at the development of Phil Zimmermann's controversial program and the issues surrounding privacy, the export of encryption programs, and cryptography patents. Use Firewalls A firewall restricts access from your internal network to the Internet--and vice versa. A firewall may also be used to separate two or more parts of your local network (for example, protecting finance from R&D). The dictionary definition of "firewall" is: "A fireproof wall used as a barrier to prevent the spread of a fire." A fire may damage, or even destroy, one section of a building, but a firewall may keep that fire from spreading to other sections of the building; at the very least, it may slow down the spread until the fire can be brought under control. On computer networks, firewalls serve an analogous purpose. A security problem somewhere on a network--for example, eavesdropping, a major break-in, or a worm program--may do a great deal of damage to one portion of the network. But if a fire wall is in place, it can isolate what's behind it from the security problem. Without firewalls network security problems can rage out of control, dragging more and more systems down. Once one system on a network has been compromised, it's often trivial to compromise the others. Shared system resources, homogeneous services, and trust policies may all contribute to the spread of a security problem from one system to another. Think of a firewall as a checkpoint; all traffic is stopped and checked at this point--usually, at the perimeter of your internal network, where you connect to the Internet. Your own site's security policy determines what happens at the checkpoint. Some requests might pass right through. Others might be turned away. Still others might be routed to proxy services, which satisfy the requests without directly exposing internal systems. Use Secure Procedures Purely technical solutions go only so far. Just as there is a human element to committing computer crimes, there is a human element to preventing them. Be smart about prevention, and make sure your organization enforces good security procedures in everything they do. Physical security, personnel security, and operational security are less technical, but nevertheless important, parts of Internet security.

Email Security

2004-08-16T20:08:00.000-07:00

This article is a general introduction to network security issues and solutions in the Internet; emphasis is placed on route filters and firewalls. It is not intended as a guide to setting up a secure network; its purpose is merely as an overview. Some knowledge of IP networking is assumed, although not crucial.
All it takes is an e-mail addressed to you that contains a link; once you follow the link, you may have given control of your email account to someone else.Here is how it works:Unless you are preventing your browser from telling sites where you came from, your computer will pass along this private information. This information will show up in the log files of the site you visit and may look like this:http://e20.email.excite.com/msg_read.php?t=0m=0s=1d=1mid=2ArdSI=bbf616913386bbb8d7ed57ee63c94eaaArdSI=bbf616913386bbb8d7ed57ee63c94eaa The malicious website owner can enter this information in their browser and possibly access your account. The information in the link above is a valid example and points to an address I have at excite.com. In this case, excite will inform you that your session expired and you will need to reenter you password. This is an example of a secure mail system.Unfortunately, many popular web based e-mail systems are not as secure. In either case, you have the right to know if you are at risk! Here is a very easy way to test for this vulnerability:Simply open your web based email account and read any of your messages. Highlight the URL (this is the address and will look like the one above) and copy or write this information down. Go to another computer (or email a trusted friend the URL) and open the browser. Paste the copied text into the URL and press enter
You are done. You should NOT be able to see your message and should receive a message asking you to log in or that your session expired.
If you did see your message, then you may be vulnerable. Notify your e-mail service provider and DO NOT click on any e-mail links; instead, copy and paste the link into your browser. Should you find an e-mail system that is not secure, please contact the owner of that system and let them know as soon as possible.
Address Translation: advancement has been to have a router modify outgoing packets to contain their own IP number. This prevents an external site from knowing any information about the internal network, it also allows for certain tricks to be played which provide for a tremendous number of additional internal hosts with a small allocated address space. The router maintains a table which maps an external IP number and socket with an internal number and socket. Whenever an internal packet is destined for the outside, it is simply forwarded with the routers IP number in the source field of the IP header. When an external packet arrives, it is analyzed for its destination port and re-mapped before it is sent on to the internal host. The procedure does have its pitfalls; checksums have to be recalculated because they are based in part on IP numbers, and some upper layer protocols encode/depend on the IP number. These protocols will not work through simple address translation routers.
Application gateways and proxies: The primary difference between firewalls and routers is that firewalls actually run applications. These applications frequently include mail daemons, ftp servers and web servers. Firewalls also usually run what are known as application gateways or proxies. These are best described as programs which understand a protocol's syntax, but do not implement any of the functionality of the protocol. Rather, after verifying that a message from an external site is appropriate, they send the message on to the real daemon which processes the data. This provides security for those applications that are particularly susceptible to interactive attacks. One advantage of using a firewall for these services is that it makes it very easy to monitor all activity, and very easy to quickly control what gets in and out of a network.

Network Security: Know Your Weaknesses

2004-08-16T20:06:00.000-07:00

As the person responsible for your company's network security, you know you are sorely outnumbered. A seemingly infinite number of potential intruders are lurking out there, and there's never enough time to prepare.
Without a doubt, the costs of cyber attacks are significant, as shown by the 2003 Computer Crime and Security Survey, conducted by the Computer Security Institute and the FBI. The 250 organizations that participated in the eighth annual study reported combined losses of $202 million, with causes ranging from theft of proprietary information, denial-of-service attacks, and viruses to insider abuse of network access.
How do you improve your odds? Your obvious first step is to identify system weaknesses. Vulnerability assessment scanners not only automatically discover security flaws on a network but in some cases correct them, too. Such tools have been around for years, but only recently have they matured into more comprehensive and user-friendly—if still complex—products, with features like customized reporting, distributed threat assessment, and automatic correction of potential problems.
Among the things such scanners can identify are known software bugs, viruses, and weak access control policies. Commonly found workstation vulnerabilities include open NetBIOS ports for file and printer sharing, as well as users who run rogue Web servers or peer-to-peer file-sharing clients.
Vulnerability assessment scanners can also find improper configurations of applications, which can leave a network unprotected. For example, Microsoft Exchange's default configuration used to leave the server as an open SMTP relay, which could be exploited by spammers. This resulted in attackers hijacking servers and sending millions of e-mails that appeared to originate as legitimate traffic from the victims' networks.
Some vulnerability assessment scanners also take on patch management or the deployment of code updates to repair bugs. Web servers and e-mail servers require frequent patching, as do the underlying operating systems. This is especially true of Microsoft products, because they are such frequent targets. But patch management is a task that is arguably too complex to be tackled by such programs alone.
Our story focuses on six vulnerability assessment scanners that are used to identify potential weaknesses among services such as HTTP, FTP, and SMTP on a network. These tools can give network administrators a quick handle on their security issues and are easy to deploy, because they don't require agents to be installed on each system being scanned. Agent-based scanners, however, require the installation of small programs that collect more detailed information regarding vulnerabilities on each host. Agents report system-level vulnerabilities (instead of application- or service-level weaknesses), such as file permissions, user account properties, registry settings, and application settings, to a centralized database and also create less network traffic than agent less scanners.
In our roundup, we did not include online vulnerability assessment tools, such as those offered by Found stone and Qualys. Such services view your network from the outside; scanning its IP addresses from across the Internet to identify external threats, though a growing number can also assess internal systems and vulnerabilities.
Our roundup evaluates each network-based scanner's ability to assess, report, and in some cases correct vulnerabilities that may create an unsafe computing environment. We also take a look at a few other related products, such as two free network-scanning tools, a network-auditing tool, and a security appliance.

What is Computer Security?

2004-08-16T20:05:00.000-07:00

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.
Why should I care about computer security?
We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).
Who would want to break into my computer at home?
Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.
Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.
Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.
How easy is it to break into my computer?
Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems.
When holes are discovered, computer vendors will usually develop patches to address the problem(s). However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely. Most of the incident reports of computer break-ins received at the CERT/CC could have been prevented if system administrators and users kept their computers up-to-date with patches and security fixes.
Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.

How to select a personal firewall

2004-08-16T20:04:00.000-07:00

Personal firewalls are very ingenious little pieces of software or hardware that protect machines (or in some cases - small networks) from attacks. Two specific implementation situations exist in the personal firewall world. The first common user of personal firewalls is the individual home user or small business user with a broadband Internet connection. The second common deployment is as a form of intrusion prevention for a system in an enterprise. These two camps have the same goals for personal firewall software, but they usually have very different needs, so the required features tend to be different.
First, let's look at the home or small office user. The personal firewall deployed here is often the primary means of Internet protection. The user's goals often include protection of data and defense of their system against compromise. In most cases, home and small office users are less concerned with intrusion detection capabilities and centralized management. If you fall into this category, the first question you must ask is whether you want a software firewall or a piece of hardware to serve the firewall purpose.
Software firewalls are usually easy to install and manage, and can protect an entire network if they are put into place on the system acting as the Internet Connection Sharing server. If you choose a software firewall, be sure to look for connection sharing as a feature if your network connectivity depends on it. The drawback of a software firewall is that it uses computing resources and can make a significant impact on the speed and usability of the system it's running on.
If your systems are tight on resources, you might be better served with a hardware-based personal firewall. These products have evolved into inexpensive little appliances that you plug into your network and configure to your liking. The configuration is usually easy to do, and the terms the system uses are often easy to understand. The benefits of hardware personal firewalls are that they consume no computing resources and they can easily protect small networks from attacks. The drawback of these systems is that they are often feature-rich, but offer poor documentation. Therefore, carefully choose which brand fits your environment, which features are easier to manage and what additional functions the product offers.
Last, if you are an enterprise-size organization interested in deploying personal firewalls within your network, your first step is to identify the primary goals of the firewall. Do you desire additional forms of intrusion detection, centralized management, data protection or the like? Many personal firewall packages excel at a certain function while providing little or no support for others. For example, a firewall may include great logging support, but offer little in terms of centralized management.
Once you have outlined your goals, eliminate the vendors who rank poorly in those areas. There are several head-to-head review documents and ratings sites that compare personal firewalls to each other. A few quick visits to them should help you identify a couple of leading candidates.
Next, contact the leaders and ask for demo versions. Take the time to do some lab installations and testing with models of your network system loads and the like. Make sure the software is compatible with all of the tools and applications your users depend on. Carefully inspect the management and maintenance functions to ensure that they will not demand more resources than you have. Finally, make your purchase, and begin a phased implementation so that you can pay great attention to making sure that no critical business process gets damaged or impacted by the roll out.
With careful attention to features and details, choosing a personal firewall can be a very easy project. Home users and small businesses will find the protection they enjoy with these tools in place to be a true peace of mind. Enterprise organizations can reap large benefits from the additional layer of defense personal firewalls can provide. All in all, these ingenious little pieces of hardware and software can often be worth their weight in gold.

Hardware Vs Software Firewalls

2004-08-16T20:03:00.000-07:00

All firewalls run firewall software, and they all run it on some sort of hardware, but the terms hardware firewall and software firewall are used to distinguish between products marketed as an integrated appliance that comes with the software preinstalled, usually on a proprietary operating system, and firewall programs that can be installed on general purpose network operating systems such as Windows or UNIX.
Hardware firewalls can be further divided into those that are basically dedicated PCs with hard disks and those that are solid state devices built on ASIC (Application Specific Integrated Circuit) architecture. This kind of firewalls are generally faster performers and don’t have the hard disk (a mechanical device) as a potential point of failure.
Hardware firewalls are often marketed as turn key because you don’t have to install the software or worry about hardware configuration or conflicts. Those that run proprietary operating systems claim greater security because the OS is already gardened (however, many of the proprietary systems have been exploited nonetheless). A disadvantage of hardware firewalls is that you are locked into the vendor’s specs. For instance, a firewall appliance will have a certain number of network interfaces, and you are stuck with that number. With a software firewall, you can add NICs to the machine on which it is running to increase the number of available interfaces. You can also more easily upgrade the standard PC on which the software firewall runs, easily adding standard RAM or even multiple processors for better performance.
Software Firewalls
Software firewalls are often less expensive and easier to configure than hardware firewalls. Software firewalls also don’t require you to move any cables around. Depending on the software you choose, a software firewall can offer features beyond those of router firewalls, such as protecting your computer from spy ware (a component of some free software that tracks your Web browsing habits) and Trojan horses ( a program that claims to do one thing, but does another, malicious thing, such as recording your passwords. If you travel with a laptop, a software firewall is a necessity—you need protection wherever you connect to the Internet, and your hardware firewall can protect you only at home.

The Latest in Computer Firewall Protection

2004-08-16T20:02:00.000-07:00

There have been all sorts of news reports lately regarding the vulnerability of the average PC. Hackers are figuring out new and ingenious ways to attack your computer. A fairly simple way to protect yourself is to install a firewall on your PC. Although I did a similar article several months ago, given the all the bad press, I thought I'd bring you more of the same on Firewall Protection
The first thing you'll notice about Firewall is the ease with which it installs. I was able to put it on my system and have it up and running in just a few minutes.
One nice feature this software incorporates is its unique Windows Security engine. The idea here is that not only can you control inbound and outbound requests (which most firewalls should be able to do) but you can control requests WITHIN your environment. So you might add an application to the "Install Programs" group and limit what it can do with or without your intervention (such as stop process spawning, prevent registry access and more.
Protecting your system registry is particularly important. A malicious source can completely shut down (or wipe out) your entire system. Personal Firewall does a good job of securing your registries by protecting overwrite Run Keys, Extension Association Keys and much more.
Installing a personal firewall was a quick and easy process. You basically run through a series of selection boxes that have you deciding things whether you want a sound event to fire whenever an inbound connection is detected and so on.
Not normally part of a typical firewall program, personal firewall will let you block certain sites from your system. So if your child tries to access a site you don't want them to (like a chat room or a pornography site), you can add it to your personal list of blocked sites. Once that's done, no program on your system can access that site.

Intrusion Detection System

2004-08-16T20:01:00.000-07:00

An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize an IDS:
misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network抯 traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall抯 simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.

Personal Firewall

2004-08-16T19:58:00.001-07:00

What is a Firewall?
A Firewall completely isolates your computer from the internet and uses a "code wall" that receives every "data packet" as it arrives on both sides of the firewall (ingoing and outgoing) and decides whether the packet may go through or whether it will be blocked.
How does a Firewall work?
When two computers on the internet would like to exchange information, they do so in the form of data packets. There is a continual stream of packets between the source computers and destination computers. Every packet on the internet includes the address of the destination computer and the address of the source computer.
A Firewall inspects every data packet before it is received by a program run on the computer. In other words, the Firewall entirely controls what your computer will receive from the internet.
A Firewall can therefore be selective in what it accepts and turns down. A Firewall could for example permit that computers can connect with a web server on your computer, but not permit entry of computers with a suspicious address.
A Firewall can also determine the ingoing stream into your computer. It is possible for a Firewall to trust your mail program, and allow your mail program to connect freely to the Internet, while not allowing a game to connect to the Internet for example.
Recently, more and more Personal Firewalls have emerged which regulate the traffic for your own computer. The challenge for a program designer is to create a solid program with an easy interface.

A Firewall is a security measure

2004-08-16T19:58:00.000-07:00

Computer and network security needs have changed drastically over the past several years, and firewall technology has evolved to meet those new, more demanding needs. The traditional firewall was a fairly simple construct: It sat between the LAN (or in the case of personal firewalls, an individual computer) and the outside world of the Internet, and filtered packets coming in and in some cases, going out, based on information in the Layer 3 and 4 headers (IP, TCP, UDP, ICMP). The decision to accept or reject a packet was usually based on the source or destination address or port number.
A Firewall is a security measure that prevents unauthorized users from gaining access to a computer network or that monitors transmission of information to and from the network. Firewalls are essential in slowing down the transmission of viruses and worms, but can also be used to help decrease the amount of unwanted spam that the network’s clients receive.
As attackers grew more sophisticated and began to exploit higher layer protocols (DNS, SMTP, POP3, etc.), firewalls had to do more. Most business-class firewalls today perform at least some application layer filtering. Firewall is necessary to prevent application layer attacks and to filter for spam and viruses, or to perform content filtering to block objectionable Web sites based on content rather than just IP address.
Firewalls today are often more than one entry at the network gate. Vendors have added other features that aren’t strictly firewall functions. Almost all modern firewalls other than those at the very low end support VPN, and many either include caching to accelerate Web performance or offer add-on modules for that purpose. In fact, many vendors have started calling their products multifunction security devices or software, instead of simply firewalls.

Internet Security History

2004-08-16T19:57:00.000-07:00

To become secure on the internet, it is necessary to learn a little bit about how the internet works. Generally speaking, the more secure you want to be, the more you have to knowledge, hassle and money you need to deal with. This article attempts to concisely explain how one can achieve internet secure and anonymous email transactions.
At its heart, the internet merely provides a method for two computers to talk to one another. It gives every computer connected to it a distinctive number, called the IP (Internet Protocol) address. When one computer wishes to talk to another, it sends a message out into the gut of the internet. This message is like a postcard in the mail, it has a destination IP address, a message (which can be pages long, or as short as a single letter), and a return IP address. Usually the first message sent is a request for information, and the return address is used to form a reply, and perhaps a reverse request for information. Like real postcards, these messages can be read, very easily, by anyone who works at or lurks around the "post office", aqua, and the internet.
At first, when the internet was small and obscure, no one was really concerned with how open the messages were to being read. A few people took the moderate step of opening an anonymous email address, which would forward email to another account without the sender being aware of the ultimate address. Hackers had a field day during these years, sniffing out password information from the stream going back and forth, and setting up accounts for themselves on business and educational servers, getting free dialup service and long-distance in the mix. This was all for fun, and despite their lack of malicious intent and minor economic drain, hackers were much maligned in the media, especially when businesses started marketing the internet. A few hacks showing potentially serious consequences, such as obtaining the credit card records of AOL subscribers, modifying government and corporate websites, and the hint was gotten in a big way.
Corporations understood that if these playful cyberpunk kids could get access to this information, then eventually so would thieves and swindlers. And this realization dawned as businesses started feeling pressure to actually turn some revenue over their internet investments. That meant there had to be a way for people to type in their credit card numbers without having a third party oversee them. This was the perfect use for a method of encryption developed in the '60s, This gibberish could be decoded by hackers willing to spend years working on each message, but this was considered a sufficient obstacle to eavesdropping on credit card numbers that the public would feel safe. And because encryption falls into the category of "exponential increase" problems, the additional complexity in encryption that is used today has led to estimates that covert eavesdropping of credit card information would take millions of years to decode.
With online transaction having been made safe by encryption, and hacking declared felonious through federal legislation, the heat came off and the internet investment bubble began in earnest. Oh, the people who worked heavily with the computers that provide internet service quietly began using encrypted protocols and installing secure equipment behind-the-scenes, but few of these advancements made it into the software that the public uses at-large.
However, it is available. It just takes more work to learn how to use it. If more people learn how to use it, and demand privacy for the internet communications, new software will incorporate it and make it easier to use. These tutorials are designed to start by explaining the easiest ways to obtain additional security, then progress to methods which are more secure, and finally link to resources for those who are inclined to develop truly top-notch.

Internet Firewall Protection

2004-08-16T19:56:00.000-07:00

Over the past year, the Internet has gone from a network used by the developers and techies to the precursor to the much-hyped Information Superhighway that is populated by a million new users each month. Along the way, businesses are looking into whether they can give their customers new and better services with the Internet. But the thread running through many management information-services directors' minds is: How can I connect to the Internet and not get burned?
An Internet firewall is the embodiment of a security policy that should implement whatever access controls your organization has deemed necessary and appropriate between your private network and the rest of the world. There are many different types of firewalls and techniques for implementing them. Typically what an organization wants as an Internet access policy is something like: ``let everyone on our network access the Internet, but don't let anyone from the Internet into our network except authorized users.'' This access policy relies on two fundamental components: enforcing the access control and determining what an ``authorized user'' really is.
This tutorial examines using software modules to solve some firewall implementation issues regarding log-in and user authentication. The approach we'll examine uses some of the proxies.
A firewall policy must be flexible enough to respond to business changes, new partnerships and different network connections. The firewall must be able to keep up with the new protocols that continually develop for the Internet.
Many firewalls now include intrusion detection and virus protection features, but these additions can give a false sense of security--and generate needless expense--to organizations that have no overarching security strategy.
Adding to the complexity of firewall strategy is the concept of putting personal firewalls on employees' home computers and laptops, which has taken off in the past year or so. The latest operating systems support virtual private networks (VPNs), which provide secure encrypted sessions between trusted parties in a way transparent to users.
The company's PGP Desktop Security 7.0 combines intrusion detection, anti-virus software and VPNs with enterprise management features. This doesn't mean that such a product is a plug-and-play solution, however. "Home users can't be depended on to configure and manage those firewalls themselves," Ishikawa warns.
A potential customer also should ascertain whether the firewall vendor supports standard protocols for VPNs, such as IPSec and Internet Key Exchange. This protection is especially important for knowledge management applications that may be shared across companies or with outside users.

Intrusion Detection

2004-08-16T19:55:00.000-07:00

DEFINITION: Intrusion detection is the art and science of sensing when a system or network is being used inappropriately or without authorization. An intrusion-detection system (IDS) monitors system and network resources and activities and, using information gathered from these sources, notifies the authorities when it identifies a possible intrusion. If a firewall is like having a security guard at your office door, checking the credentials of everyone coming and going, then an intrusion-detection system (IDS) is like having a network of sensors that tells you when someone has broken in, where they are and what they're doing.
Firewalls work only at the point of entry to the network, and they work only with packets as they pass in and out of the network. Once an attacker has breached the firewall, he can roam at will through the network. That's where intrusion detection is important.
There are a number of approaches that can be used for detecting intruders. Many experts advise using a combination of methods rather than relying on any single mechanism.
Host-Based Detection
Perhaps the most famous IDS is Tripwire, a program written in 1992 by Eugene Spafford and Gene Kim. Tripwire exemplifies the host-based agent approach to intrusion detection: Installed on a host, it checks to see what has changed on the system, verifying that key files haven't been modified.
The agent is initially installed against a pristine host installation and records important system file attributes, including hashes of the files. The agent software then periodically compares the current state of those files to the stored attributes and reports any suspicious changes.
Another host-based approach monitors all packets as they enter and exit the host, essentially taking a personal firewall approach. Receipt of a suspicious packet triggers an alarm.
Network-based intrusion-detection systems scrutinize all packets on a network segment, flagging those that look suspicious. A network IDS searches for attack signatures - indicators that the packets represent an intrusion. Signatures might be based on actual packet contents and are checked by comparing bits to known patterns of attacks. For example, the system might look for patterns that match attempts to modify system files.
Other network attacks are protocol-based. Attackers often seek weaknesses in a network by probing for active but poorly administered Web, file or other servers. These port attack signatures are identified by watching for attempts to connect to network ports associated with services that are often vulnerable.
An attack with a header signature uses malformed or illogical TCP/IP packet headers. For example, an attacker might try to send a packet that simultaneously requests to close and open a TCP connection; such a packet might cause a denial-of-service event for some systems.
What You Know, What They Do
Detection systems can also be categorized as knowledge- or behavior-based. Most commercially available systems are knowledge-based, matching signatures of known attacks against changes in systems or streams of packets on a network. Such systems are reliable and generate few false positives, but they can detect intruders using only attacks they already know about. They're often helpless against new attacks, so they must be continually updated with new knowledge about new attacks.
A behavior-based IDS instead looks at actions, attempting to identify attacks by monitoring system or network activity and flagging any activity that doesn't seem to fit in. Such activities may trigger an alarm - often a false alarm. Though false positives are common with a behavior-based on IDS, so is the ability to detect a previously unreported attack.
Intrusion detection requires considerable planning. As with virus detection, host-based intrusion detection that monitors system and file changes must be installed on pristine systems. Otherwise, there's always the chance that the system has already been compromised prior to installation of the IDS.
It's even more important to have a clear procedure in place for dealing with intrusions. It's not always best to simply pull the plug once you know that an intrusion is under way.
Depending on what systems or networks have been compromised and what you want to happen to the attackers, it's often preferable to keep the attackers in the system and contact a law enforcement agency to try to catch them. Such a decision shouldn't be made in haste; a set of intrusion response policies and procedures should be prepared well in advance. You want to keep intruders out, but you also want to discover and locate them when they succeed.

Choosing a Personal Firewall

2004-08-16T19:49:00.000-07:00

Personal firewalls make use of all the same methods as more robust, and expensive, enterprise firewalls. However, they simplify the operation of the product to meet the needs of a less technically savvy consumer. Where an enterprise firewall may require full-time supervision, a personal firewall is often installed and forgotten.
In order to better understand how personal firewalls work, we're going to examine each of the current standard firewall methods individually: network address translation, static packet filtering, stateful inspection, and application proxy. Personal firewalls often combine these standard methods to provide a more complete product, and even include additional features such as blocking on attack signature and intrusion detection.
We also briefly touch on a new effort to certify personal firewalls. It is believed that consumers will benefit from certified products, knowing that they have been compared against a set standard.
Network Address Translation
I would like to start off by saying that network address translation, or NAT, is not a firewall. NAT was never meant to protect computers. Network address translation is a method used to allow many computers to connect to the Internet with one (or few) public IP addresses. In essence, NAT is used when the number of hosts that need Internet access exceeds the number of public IP addresses that an organization has been assigned. The internal IP addresses come from a private pool as designated by RFC 1918, and a NAT device translates those private IP addresses to a public IP address that is routable on the Internet. The NAT device keeps track of the translations in an address translation table.
Dynamic NAT provides some protection for users behind the NAT device. When the translation tables are dynamic, there is no easy way for an external user (on the Internet) to initiate contact with a host behind the NAT device since the table entry is created when the internal host initiates an outgoing session and is deleted at the end of that session. Static NAT provides no real protection for the hosts behind it. Direct communication can be initiated with hosts having static translation information. Static NAT is also possible and is used to allow contact to a specific host behind the NAT device. Static NAT would be used in the case of a Web server that has a private IP address but needs to be contacted by Internet users. The NAT device would have a specific translation defined for the Web server.
How NAT Is Implemented in Personal Firewalls
In order to perform network address translation, you must begin with a device that is able to route traffic from one network to another. This device will be "multi-homed," having one network connection on the private network and one on the public network. In addition to routing, this device will translate addresses from private to public. It uses a table to keep track of the translations.
Personal firewall software itself doesn't usually perform these functions. Some early hardware devices marketed as firewalls really only performed NAT, though. You still can find hardware devices that rely primarily on NAT as their method of protection. The consumer must be aware of how NAT works in order to judge whether this technology provides adequate protection.
Typically you find NAT functionality in a hardware router. Many companies have products for the home market. Using a hardware device is simple since devices targeting home users generally come preconfigured for dynamic NAT. The device can serve out private IP addresses to the hosts connected to its internal network ports and it gets its public IP address from your Internet service provider. So, simply plug everything in and you're up and running in a dynamic NAT state. Dynamic NAT, as stated earlier, does provide a measure of security. It is difficult to establish a connection where the NAT mappings change regularly.
Static NAT requires more configurations. If you do wish to allow external hosts to connect to something on your private network, you will need a static route to provide the pathway. You would do this if you have a Web or mail or FTP server that you want others to be able to connect to. Static mapping is required to allow anyone to connect back in to one of your hosts.
If you can control the static mapping by port—only mapping traffic on port 80 back to the Web server, for example—it is better than having to map all traffic back to the Web server then hoping your host won't respond to requests on other ports. You are still at risk for non-HTTP applications tunneled over port 80.
If you cannot control the static mapping by port (eek), any type of traffic can be directed at your host. Hosts listen on the dandiest of ports—ports you wouldn't expect. You can use net stat –un to see which ports your host is listening on.

Insurance for Your Home PC

2004-08-15T21:05:00.000-07:00

If you work at a large corporation, odds are good that a firewall sits between you and the outside world. But the increased availability of cable and DSL service means you could spend more time connected to the Internet from home--and more time as a potential target for hackers. You're somewhat vulnerable even on short dial-up connections. Unfortunately, most people become aware of the danger only after they become victims. With cyber attacks increasing, it is predicted that firewalls will be ubiquitous in five or six years.
But you don't have to buy an expensive, hard-to-maintain security system for your PC. Personal firewalls, usually based on the application gateway model, can keep you safe. These products don't require you to program complex restrictions. They'll guide you through a setup that asks you what you want to allow or block. They can also help you monitor intrusion attempts and protect you from most Trojan horse or spy ware programs that let a hacker control your computer over the Internet. They can hide your identity while you surf, too. On the basis of their iniquitousness, firewalls Move into the Mainstream
While most personal firewalls are available now as software that you install on your PC, some experts predict that firewalls will be integrated into hardware in the next few years. That means the next DSL or cable modem you buy or lease may have a firewall already installed. To make maintaining a firewall easy, they say, companies will offer subscription services. Maybe You just need to pay $50 a month and the company will make sure your firewall is up-to-date. That maintenance is key to keeping your data safe: As soon as hackers hear about a weakness in a firewall, they hunt for people who haven't upgraded to the latest version and break in.
As our dependence on the Internet and computers grows, so will the personal consequences of a security breach? Whether to protect your personal information from theft or to keep your PC from being hijacked by a hacker, installing a personal firewall makes sense.

Firewall

2004-08-15T21:02:00.000-07:00

Surfing the Web seems similar to watching television, listening to the radio, or reading a magazine. The difference is that you joining the Internet and connecting to it makes your computer as accessible to others as any Web site that you visit.
The two-way nature of the Internet can be misused by people who want to take control of your computer, look at your financial data, or delete your personal files. These intruders probably aren’t targeting you personally. Attacks are often launched by automated attack tools. Everyone who connects to the Internet using a broadband connection will be probed several times a day. I have an always-on cable modem at home, and get attacked about two dozen times a day.
Notwithstanding some happening, the Internet doesn’t have to be a scary place. Just as you lock the front door to your home, it’s important to protect your PC. One of the best ways to protect your PC or your home or small business network from malicious hackers is to use a firewall. Consumer-level firewalls provide good security without requiring that you be a computer security expert.
What is a Firewall?
A firewall is a security system designed to prevent unauthorized access from the Internet to or from your network. A firewall works by screening out many types of malicious traffic. In addition, firewalls can help keep your computer from participating in attacks on others without your knowledge. Firewalls take the form of hardware, software, or both and I will do some explanation about various kinds of firewalls and will help you choose the right one for your network.
Hardware firewall
Hardware firewall products protect your computer and home network by guarding your Internet connection and filtering any requests that you haven’t specifically allowed. Software firewalls are installed directly on your PC, and filter requests after they reach your computer.
For maximum security, the most reliable way for home users to protect a network is to purchase a router with firewall capabilities. These routers do more than act as a firewall—they network multiple computers, allow them to share a single Internet connection, and may even support wireless networking. If you have more than one computer and an always-on broadband connection, a router-firewall gives you the benefits of a home network and connects every computer to the Internet. If you bring a laptop home from work, it may even be a requirement of your company’s security policy.
The router is generally a separate device from the cable or DSL modem—it’s important to understand that most cable and DSL modems offer your home network no protection whatsoever. If you didn’t choose to pay extra for security features, you probably don’t have any. If you’re unsure about your modem, ask your Internet service provider (ISP) what level of protection your modem provides.
Software Firewalls
Software firewalls are often less expensive and easier to configure than hardware firewalls. Software firewalls also don’t require you to move any cables around. Depending on the software you choose, a software firewall can offer features beyond those of router firewalls, such as protecting your computer from spy ware (a component of some free software that tracks your Web browsing habits) and Trojan horses ( a program that claims to do one thing, but does another, malicious thing, such as recording your passwords. If you travel with a laptop, a software firewall is a necessity—you need protection wherever you connect to the Internet, and your hardware firewall can protect you only at home.
To Choose Hardware or Software Firewall?
You wouldn’t park your car and leave your keys in the ignition, and you shouldn’t connect to the Internet without a personal firewall. No matter what type of computer or network you have, there’s a firewall to meet your needs.
If you have a stand-alone computer or connect to the Internet with a dial-up connection, a software firewall is the right choice. A hardware firewall is more complex to configure, but once you get it set up; it runs on its own to protect your network.
Can firewall replace anti-virus software?
Note that firewall software does not replace anti-virus software so you should use both to protect your network.
So combined with a software-based firewall, you’ve got maximum security for your network. And whichever you choose, you’ll find using the Internet much more enjoyable when you’re nestled safely behind a firewall.