Safe surfing

Network security is an integral part of any well-designed computer system
Question:
Can our enterprise network be safely connected to the Internet? Are there security issues that require consideration?
Answer:
We have all heard about the so-called dangers of connecting an organization to the Internet. There are frequent stories in the press of hackers gaining unauthorized access to Web sites and to sensitive enterprise computing and knowledge assets. What the stories often do not tell is that relatively safe connectivity to the Internet is possible. The concept is similar to any business venture, that is, managing risks in order to capture the advantages of Internet access.
First let’s define some terms. The internal or private network is referred to as the “trusted” network. The rest of the world or the Internet is the “untrusted” network. Those concepts hold whenever two networks owned by separate organizations are to be connected. Unsecured connectivity between them is risky business. Network security is an integral part of any well-designed computing system.
Securing the trusted network requires the establishment of a security perimeter that separates the trusted network from the untrusted network. The security perimeter is designed to provide a controlled single point of access to the trusted network. The requirements of the security perimeter are established by an enterprise security policy and security policy enforcement mechanisms and methods. There are many complex issues to be addressed before an effective security system can be designed and implemented. The starting point is the development of an enterprise network security policy. The security policy prescribes security mechanisms and methods to be implemented to form the security perimeter.
Question:
What is a firewall?
Answer:
A firewall is essentially a security enforcement point that separates a trusted network from an untrusted one. A firewall’s basic function is to separate networks and enforce the security policy with a set of rules. It screens all connections between two networks, determining which traffic should be allowed and which should not. A firewall may be one of the mechanisms and part of the implementation of perimeter security.
Question:
Are there differences
in the various products
marketed as firewalls?
Answer:
Yes, and the differences are considerable. Incorporating the wrong firewall into the security perimeter can have serious implications for the security of the organization’s computing and knowledge assets. Because each organization’s security requirements are unique there is no one correct answer to which is the best firewall. In firewalls, as in the rest of computing, the old adage of one-size fits all does not apply. There are some general guidelines on the level of security provided by the various types of firewalls. Those guidelines follow:
Packet filters: Packet filters are the most basic type of firewall. Packet filters are fast because they operate at the network level. They function by examining the header of the IP packet, source, and destination IP addresses. Packet filters examine the header of each packet as it enters the firewall and compares the address and port against a rule set. If the port and address are permitted, the packet is passed on directly to its destination. If a packet fails this test it is dropped at the firewall.
Packet filtering firewalls have been criticized by many security experts because they allow a direct connection between endpoints through the firewall. They are considered the least secure type of firewall because the direct connection can easily be exploited to gain access to the network.
Application proxy firewalls: All incoming packets are examined at the application layer of the protocol stack. Because it has visibility at the application layer, it can easily see the details of each attempted connection, and implement security at a more granular level.
It also has a built in application proxy function. It provides this functionality by terminating the connection from an untrusted host at the firewall and initiating a new connection to the internal protected network. For example, if a user on the trusted network wishes to download a file from a Web host, he enters the URL in his browser and the browser connects to the application proxy firewall. The proxy then forwards the request to the Web host, which downloads the file to the application proxy, which in turn terminates the connection to the Web host. The application proxy initiates a connection with the trusted users browser and downloads the file. Because there is no direct connection between the trusted and untrusted networks, security is enhanced greatly. Most security experts consider application proxies to be the most secure type of firewall.
Not all products marketed as firewalls live up to the name. They have to be designed and configured into the security system to provide optimal levels of security and cost/benefit performance. There are many complex issues to be addressed in securing the organizations’ data and knowledge assets from unwanted intruders. When implementing a firewall it is best to consult someone with expertise in this area that can help you understand the issues and design the proper system to meet your requirements.
Tech Q&A is provided by EntrÃ&Copy; of Brookfield. Small Business Times Readers with questions can contract EntrÃ&Copy; at 414-938-2139 x3022, or via e-mail at dschm@pcsentre.com.