Firewall

A firewall is a way / system / mechanism that applies both to hardware, software or system itself in order to protect, either by filtering, limiting, or even reject any or all relations / activities of a segment on a private network with external network that is not a space scope. These segments can be a workstation, servers, routers, or a local area network (LAN) of your.
Firewalls are generally designated to serve:


1. Machine / computer
Every individual who is directly connected to external network or the internet and want all contained on their computers protected.
2. Network
Computer network consisting of more than one computer and various types of network topology is used, whether owned by companies, organizations, etc..

CHARACTERISTICS firewall

1.Seluruh relations / events from the inside out, to pass through the firewall. This can be done by blocking / limiting physical access to all local network, except through the firewall. There are so many forms of network allows.
2.Hanya Activities listed / known that can pass / make a relationship, this can be done by setting the local security policy on the configuration. There are so many types of firewalls that can be selected as well as various types of policy being offered.
3.Firewall itself should be relatively immune or strong against attacks / weaknesses. this means the use and reliable system with a relatively secure operating system.

TECHNIQUES USED BY firewall

1.Service control (control of the service)
based on the types of services used on the Internet and may be accessed both into or out of the firewall. Usually the firewall will check the IP Address and also no port number is in use both on TCP and UDP, the software can even be equipped to a proxy that receives and translates every request for a service before mengijinkannya.Bahkan could be the software on the server itself, such as services for the web or to mail.
2.Direction Conrol (control of direction)
under the direction of the various requests (request) to service
would be recognized and allowed to pass through the firewall.
3.User control (control of the user)
based on user / user to be able to run a service, meaning that a user can and some can not run a service, it is in because the user is not allowed to pass through the firewall. Typically used to restrict users from the local network to access the exit, but it can also be applied to restrict the user from the outside.
4.Behavior Control (control over their treatment)
based on how many services have been used. For example, firewalls can filter out emails to address / prevent spam.

The TYPE of firewall

1.Packet Filtering Router
Packet filtering is applied with how to organize all of the IP packet toward the good, or will be addressed through the packet tersebut.pada this type will be regulated or whether the packet will be received and forwarded, or in this packet tolak.penyaringan configured to filter packets that will be transfer in both directions (either from or to the local network). Filtering rules based on IP header and transport header, which also includes the beginning address (IP) address and destination address (IP), transport protocol in
use (UDP, TCP), and the port number used.
The advantages of this type are easy to implement, transparent to the user, faster
The weakness is quite complicated to set its package to be filtered appropriately, and the weak in terms of authentication.
The attacks can happen on the firewall of this type are:
+ IP address spoofing: intruder (intruder) from the outside can do this
a way to include / use the ip address local network has yanbg
allowed to go through a firewall.
+ Source routing attacks: do not analyze this type of routing information
source IP, making it possible to bypass the firewall.
+ Tiny fragment attacks: intruder (intruder) into the IP divide the parts (fragments) which are smaller and forcing the division of information about the TCP header. This type of attack designed to fool the filtering rules that depend on information from the TCP header. Striker hoping only part (fragment) The first course will be in check and the rest will be able to pass freely. This can be in tanggulangi by refusing all packet with the TCP protocol and had Offset = 1 in the IP fragment (the IP)
2.Application-Level Gateway
Application-level Gateway is also commonly known as proxy servers that serve to reinforce / deliver the application flow. This type of relationship that will govern all use the application layer, whether it is FTP, HTTP, Gopher, etc..
How it works is if there are users who use an application such as FTP to access remotely, the gateway will prompt the user to enter the remote host address that will be in akses.Saat user sends a User ID and other information according to the gateway will make the relationship of the application located on the remote host, and distribute data between these two points. when the data is not appropriate then the firewall will not pass or reject the data. Furthermore, in this type of firewall can be configured to only support a few applications only and reject the other application to pass through firewalls.
The advantages is relatively safer than the type of packet filtering router is easier to check (audit) and records (logs) all incoming data streams at the application level.
The drawback is the excessive additional processing at every relationship. which would cause there are two of the connection between the user and gateway connections, where the gateway will examine and pass all the flow from two directions.
3.Circuit-level Gateway
This third type can be a stand-alone system, or can also be a special function which is formed from the type of application-level gateway.tipe does not allow TCP connections end to end (direct)

how it works: Gateway will arrange a second TCP connection, the one between himself and (i) with TCP on the local user (inner host) and another one between himself and (i) with TCP external users (outside the host). When two relations materialize, the gateway will deliver TCP segments from one relationship to another without examining its contents. Security function lies in the determination of which relationships are allowed.
Use of this type is usually driven by administrators believe with internal users (internal users).

Firewall configuration
1.Screened Host Firewall System (Single-homed bastion)
In this configuration, the firewall function will be performed by packet filtering routers and bastion hosts *. This router is configured such that for all data flows from the Internet, only the IP packet to the bastion host are allowed. While for the flow of data (traffic) from the internal network, only IP packets from the bastion host is allowed to exit.

This configuration supports fleksibilitasdalam Internet access directly, for example if there is a web server on the network can be configured so that web servers can be accessed directly from the Internet.
Bastion host performs authentication and functions as a proxy. This configuration gives a better security level than the packet-filtering routers, or application-level gateway independently.
2.Screened Host Firewall System (Dual-homed bastion)
In this configuration, there will be a physical fault / gaps in the network. The advantages is the existence of a separating the two lines physically it will further enhance security than the first configuration, as for for servers that require direct access (direct access) then can be put in place / segmenrt directly connected to the internet

This can be done by using two pieces NIC (network interface card) on the bastion host.
3.Screened subnet firewall
This is the highest configuration level of security. why? because in this configuration is in use two pieces of packet filtering router, first between the Internet and the bastion host, while a longer Bastian between host and local network configuration is to form an isolated subnet.
As for its advantages are:
+ There are three layers / levels of defense against the intruder / intruders.
+ Router beyond serving only the relationship between the Internet and the bastion host so that the local network becomes invisible (invisible)
+ Local network can not be mengkonstuksi direct routing to the internet, in other words, the Internet becomes Invinsible (not that can not make an internet connection).
BUILDING STEPS firewall
1. owned network form
Knowing the particular form of networks owned toplogy that is in use as well as network protocols, will facilitate the design of a firewall
2.Determine Policy or policies
Policy Determination or Policy is something that needs to be done, good or bad in the wake of a firewall that is determined by the policy / policies to be implemented. Among them:
1. Deciding what needs to serve. That is, what will be subject to policy or the policy that we will create
2. Determine the individuals or groups who will be subject to such policy or policies
3. Determining which services are needed by each individual or group using the network
4. Under each service that is in use by individuals or groups will be determined how best configuration that would make it more secure
5. Implementing any policy or that policy
3.Prepare the Software or hardware that will be used Whether it's the operating system that supports or supporting specialized software firewall such as ipchains, or iptables on Linux, etc.. And hardware configuration that will support the firewall.
4. Configuration test
Tests on the firewall that has been done in the wake must be done, especially to know the results we will get, how he can use the tool the usual tools such as nmap to audit.
* Bastion Host is a system / part are considered the strongest in the network security system by administrator.atau can be considered as blind as the most powerful leader in arrest for assault, thereby becoming the most important part in securing the network, usually a firewall component, or the outer portion of the public system. Bastion hosts generally will use the operating system that can handle all the needs (eg, Unix, Linux, NT).