Wednesday, 4 April 2018


A firewall is a structure intended to keep fire from spreading.Buildings have firewalls made of
brick wall completed dividing sections of the building.

In computer networking Internet firewalls are intended to keep the flames of internet hell out of your
private LAN.or to keep the member of your LAN pure and safe by denying them access the all the evil internet temptation.

The first computer Firewall was non-routing Unix host with connection to two diffrent networks.
One network card is connected to Internet and other to the private reach the internet
from private network.You had to logon to the firewall server.You then use the resources of the
system to access the internet.

This sort of dual homed system (system with two network connection) is great if you can TRUST
ALL of your users.You can simple setup  a Linux system and give an account on it to everyone
need to access the internet.with this setup the only computer on your private network that
knows anything about the outside world is Firewall.No one can download to their personal workstations.
They must first download a file to the firewall and then download the file from the firewall to
their workstations.

There are three basic types of firewall depending on,

* Whether the communication is being dine between a single node and the network,or between
    two or more networks.
* Whether the communication is intercepted at the network layer,or at the application layer.
* Whether the communication state is being tracked at the firewall or not.



A dedicated firewall acts as protective barrier to keep destructive forces away from your mission-critical data.
However, you establish and are the sole owner of the set of rules that defines unwanted traffic.Based on this set of rules.information that is sent to your server is inspected and filtered.


There are two types of Firewalls

1. Packet Filtering Firewall - that block selected network packets
2. Proxy servers - that make network connections for you.


Packet filtering is the type of firewall built into the Linux Kernel.A filtering firewall works at the network level. Data is only allowed to leave the system if the firewall rules allow it. As packets arrive they are filtered by their type,source address,destination address,and port information contained in each packet.Many network routers have the ability to perform some firewall services.Filtering firewalls can be thought of as a router.Because of this need a deep understanding of IP packet structure to work with one.

Because very little data is analyzed and logged,filtering firewalls take less CPU and create less latency in your network.Filtering firewall do not provide for password controls.User cannot identify themselves.The only identity the user has is the IP number assigned to their workstation.This can be problem if you are going to use DHCP(Dynamic IP assignment).This is because rules are based on IP numbers you will have to  adjust the rules as new IP number  are assigned.Filtering firewall are more transparent to the user.The user dose not have to setup rules in their applications to use the internet.
With most proxy servers this is not true.


* Allowed or block IP packet based on their IP header fields and TCP/UDP port numbers.Fields
   with static locations in most IP packet : Protocol (TCP/UDP/ICMP),source and destination IP          address,Source and destination port,TCP flags,ICMP type and code.

*  Packet filter is defined a rule table.
              *  Linear list of rules
              *  Each rule consist of conditions and action
              * For each packet,first matching rule is found
              * Two possible actions :allow (=accept,Permit,bypass) or block (=drop,deny,discard),
                  may be also allow and log or block and log.

     * Stateful filter : change filtering rules based on previously seen packets.
     * Outbound TCP or UDP packet creates pinhole for inbound packet of the same connection.

      * Unlike stateless packet filter,can support UDP connections
      * TCP pinhole closed with connection,UDP after ex.30 min
      * May also allow inbound ICMP messages that match Outbound traffic.
      * Support or special Protocols :
       * FTP : firewall may sniff PORT command in FTP to open port  for the inbound connections.
       * X windows.


1) One screening router can help protect an entire network: one of the key advantages of packet
     filtering is that a single strategically placed packet filtering router can help protect an entire
     network. If there is only one router that connects your site to the Internet,you gain tremendous
     leverage on network security,regardless of the size of your site,by doing packet filter on that

2) Packet filtering does not require user knowledge or cooperation : Packet filtering does not
    require any customer software or configuration of client machines,nor  does it require any
    special training or procedures for users.When packet filtering router desides to let  a packet
    through,the router is indistinguishable from a normal router.Ideally ,user won't realize it is
    there unless try to do something that is prohibited by the packet filtering  routers filtering policy.
   This transparency  means that packet filtering can be done without the cooperation ,and often
    without the knowledge of the users.The point is that you can do packet filtering without their
     having to learn anything new to make it work,and without your having to depend on them to
     do anything to make it work.

3) Packet filtering is widely available in many routers : packet filtering capabilities are available
    in many hardware and software routing products,both commercial and freely available over
    the Internet.Most sites already have packet filtering capabilities available in the routers they


1) Current filtering tools are not perfect : Despite the widespread availability of packet filtering
     in various hardware and software packages, packet filtering still not a perfect tool.packet
     filtering capabilities of many of these products share to a greater or lesser degree,comman
     limitations, packet filtering rules tend  to be hard to configure.Although there is a range of
    difficulty it  mostly runs from slightly mind-twisting to brain numbering impossible.once
     configured , packet filtering rules tend to be hard to test.

    packet filtering capabilities of many of the product are incomplete,making implementations of
   certain type of highly desirable filter difficult or impossible.Like anything else.packet filtering
    packages may have bugs in them, these bugs are more likely than proxying  bugs to result in
     security problems, Usually the proxy that fails simply stop passing data while a failed packet
     filtering implementations may allow packet it should have denied.

2)   Some protocols are not well suited for packet filtering.: Even with perfect packet
      filtering implementations,you will  find that some protocols just are not well suited to security
      via packet filtering.

3) Some policies are not really be enforced by normal packet filtering router: The information
    that packet  filtering router has  available to it doesn't allow you to specify some rule you
    might like to have for example, packets  say  what host they come from, but generally not
    what user.Therefore,you can't enforce restrictions on particular users.similarly ,packet say
    what  port they  are going to, but  not what  application ,when you enforce restrictions on
     higher level protocol you do it by port number,hoping that nothing else is running on the port
     assigned to that  protocol.Malicious insider can easily  subvert this kind of control.


Proxying provides Internet access to single host.or very small number of hosts,while appearing to provide access to all of your host .
The host that have access acts as proxies for the machines that don't ,doing what these machines want do.

A Proxy server for particular protocol or set of protocols runs on dual homed host or bastion host.some host that user can talk to,which can ,in turn to the out side world.the users client program talk to this proxy server instead of directly talking to the Real server out on the Internet.The proxy server evaluates request from the client and decides which to pass on and which to disregard.If request is approved. proxy server talk to the real server on behalf of the client and proceeds to relay requests from the client to the real server.and to relay to the real server's answer back to the client.

As far as the user is concerned talking to the proxy server is just like talking directly  to the real server, As far as the real server is concerned ,it's talking to user on a host that is running the proxy server. It does not know that user is really somewhere else.proxying does not require any special hardware,although it does not require special software for most services.


There is no point in connecting to Internet if your user can't access it.On the other hand there is no safety in connecting to the Internet if there's a free access between it and every host at your site.Some compromise has to be applied.The most obvious compromise is provide single host with Internet access for all your users.How ever this is not satisfactory solution because these hosts are not transparent to the users.Users who want to access network services cannot do so directly.They have to logon to dual homed host do all their work from there and then somehow transfer the result of their work back to their own workstation.At best these multiple-step process users by forcing them to do multiple transfer and work without the customization they are .


The details of how proxying works differ from service to service. some services provide proxying easily or automatically; for those services you set up proxying by making configuration changes to normal servers.For most services however proxying requires appropriate proxy server software on the server side, on the client side it needs one of the following.

1) custom client software.
2)custom user procedures.


There are number of advantages to using proxy services

1)  Proxy services allow users to access Internet services directly.
2)  Proxy services are good at logging.


There are also some disadvantages to using proxy services

1)  Proxy services lag behind non proxies services
2)  Proxy services may requirediffrent servers for each service
3)  Proxy services usually require modification to clients,procedures,or both
4)  Proxy services are not workable for some services
5)  Proxy services don't protect you from all protocol weaknesses.


There are three application of firewall.

1) NAT (Network Address Transalation)
    There are many ways to implement a firewall,but most popular  for both hardware and software
     routers is. Network Address Translation or NAT. Most inexpensive routers use NAT as the
     means to share one IP address among many computers.NAT also provides natural firewall
    that will protect the computers behind it  from access by unauthorized users.
    NAT automatically provides firewall -style protection without any special setup.That is because
    it only allow connections that are originated on inside network.This means that internal client
    can connect to an outside FTP server,but an outside client will not able to connect to an
    internal FTP server because it would have to originate the connection ,and NAT will not allow
    that.while looking at sharing product information you might come across the
    term "Stateful inspection"
       The "stateful inspection is good thing  and is what prevents unrequested data from coming
        into your LAN from the Internet.
        NAT's basically capabilities actually provides a good amount of protection.All properly
       configured NAT based routers protect
       against the following type of attacks.
       * Ports Scan
       * WinNuke ( and other port 139 based attacks)
       *Smurf (Protection against LAN client being used a part of "Amplifier network")
       * Connection or service request that didnot originate from LAN side of firewall.


  Security management plays an important role in today's management tasks.Defensive information operation   and intrusion detection system are primarily designed to protect the availability,Confidentiality and integrity   of  critical network information system.These operation   protect the computer networks against Denial-of-   service attacks,Unauthorized disclosure of information and the modification or destruction of data.The automated detection and immediate reporting of these events are required in order to provide timely   response to attacks

  The two main classes of intrusion detection systems (IDS) are those that analyze network traffic and those analyze operating system audit trails
  In all of these approaches however the amount of audit data is extensive,thus incurring the large processing overheads.A balance there fore exist between the use of resources the accuracy and timelines of intrusion detection information.Detecting and blocking attacks are not within the responsibilities of a firewall.basically firewalls are used to block certain types of traffic to improve security.
  There fore more dynamic defence syetems like intrusion detection systems should be deployed to detect attacks,which firewall can't see or detect,
  some reasons using firewall with intrusion detection systems are,
      * IDS double checks mis configured firewalls
      * IDS catches the attacks,which firewall allow to pass through.
      * IDS catches the insider attacks which firewall never see.

IDS is traditionaly deployed to monitor traffic in vital segments in the networks, generating alerts when an intrusion is detected.The importance of
IDS is grown significantly  as the industry recognize that  90 percent attacks in recent years have exploited application Vulnerabilities.The
traditional stateful inspection firewall,based largly on matching packet header information against Acces control lists (ACLs).is ineffective to find out
such attacks.


 Significant event on firewalls fall into three broad categories: critical system issues ( hardware
 failure and the like), significant authorized administrative events (rule set changes,administrator
 account changes) and the network connection logs.In particular,we are interested in capturing
  the following, events

    *  Host Operating system log messages :- for the purpose of this document we will capture
        this data at minimum severity required to record system reboots
        which will record other time critical OS issue,too
    *  Changes to network interfaces :- need to test weather or not the default OS logging
         captures this information, or the firewall software records it somewhere
    *  Changes to firewall policy
    *  adds/delets/changes of administrative accounts
    *  System compromises.
    *  Network connection logs,which includes drop and rejected connections.time/protocol.IP                             address/Username for allowed connections, may amount of data transferred.

The observant  firewall administrative will notice that this list contain more than just network connections information. most firewall logging tools focus on network connection record because protecting network connection is most obvious task performed by the firewall.

Saturday, 9 September 2017

Computer Networking

Networking Basics

Networking is the practice of linking multiple computing devices together in order to share resources. These resources can be printers, CDs, files, or even electronic communications such as e-mails and instant messages. These networks can be created using several different methods, such as cables, telephone lines, satellites, radio waves, and infrared beams.Without the ability to network, businesses, government agencies, and schools would be unable to operate as efficiently as they do today. The ability for an office or school to connect dozens of computers to a single printer is a seemingly simple, yet extremely useful capability. Perhaps even more valuable is the ability to access the same data files from various computers throughout a building. This is incredibly useful for companies that may have files that require access by multiple employees daily.
By utilizing networking, those same files could be made available to several employees on separate computers simultaneously, improving efficiency.

When it comes to networking, there are two essential pieces of equipment that enable numerous devices to be connected: routers and switches


Switches are used to connect multiple devices on the same network within a building or campus. For example, a switch can connect your computers, printers, and servers, creating a network of shared resources.
The switch, one aspect of your networking basics, would serve as a controller, allowing the various devices to share information and talk to each other.
Through information sharing and resource allocation, switches save you money and increase productivity.
An unmanaged switch works out of the box and does not allow you to make changes. Home networking equipment typically includes unmanaged switches.
A managed switch can be accessed and programmed. This capability provides greater network flexibility because the switch can be monitored and adjusted locally or remotely.
 With a managed switch, you have control over network traffic and network access.
There are two basic types of switches to choose from as part of your networking basics: managed and unmanaged.


Routers, the second valuable component of your networking basics, are used to connect multiple networks together.
For example, you would use a router to connect your networked computers to the Internet and thereby share an Internet connection among many users.
The router will act as a dispatcher, choosing the best route for your information to travel so that you receive it quickly.
Routers analyze the data being sent over a network, change how it is packaged, and send it to another network or to a different type of network.
They connect your business to the outside world, protect your information from security threats, and can even decide which computers get priority over others.

Depending on your business and your networking plans, you can choose from routers that include different capabilities. These can include networking basics such as:

Firewall: Specialized software that examines incoming data and protects your business network against attacks.
Virtual private network (VPN): A way to allow remote employees to safely access your network.
IP phone network: Combines your company's computer and telephone network, using voice and conferencing technology, to simplify and unify your communications.

 Access Points

An access point allows wireless devices to connect to the network. Having a wireless network makes it easy to bring new devices online and provides flexible support to mobile workers.
Think of what an access point does for your network as being similar to what an amplifier does for your home stereo. An access point takes the bandwidth coming from a router and stretches it so that many devices can go on the network from farther distances away.
But an access point does more than simply extend Wi-Fi. It can also give useful data about the devices on the network, provide proactive security, and serve many other practical purposes.
Access points support different IEEE standards. Each standard is an amendment that was ratified over time, and the standards operate on varying frequencies, deliver different bandwidth, and support different numbers of channels.

There are four different types of deployments that an organization can choose from to create a wireless network. Each deployment has its own attributes that will work better for different solutions. They are:

Cisco Mobility Express: A simple, high-performance wireless solution for small or medium-sized organizations. Mobility Express has the full complement of advanced Cisco features. These features are preconfigured with Cisco best practices.
The defaults allow for a quick and effortless deployment that can be operational in minutes.
Centralized deployment: The most common type of wireless network, traditionally deployed in campuses where buildings and networks are in close proximity. This deployment consolidates the wireless network, allowing for easier upgrades and enabling advanced wireless functionality.
Controllers are based on-premises and are installed in a centralized location.
Converged deployment: A solution tailored for small campuses or branch offices. It allows customers consistency in their wireless and wired connections.
This deployment converges wired and wireless on one network device—an access switch—and performs the dual role of both switch and wireless controller.
Cloud-based deployment: A system that uses the cloud to manage network devices deployed on-premises at different locations. The solution requires Cisco Meraki cloud-managed devices, which have full visibility of the network through their dashboards.

Network Types

There are countless types of networks available, especially as networking technologies continue to advance. Two of the most commonly employed networks are LAN and WAN.

Local Area Network (LAN): These networks are used to connect devices over relatively short distances, such as within a building, school, or home. LANs generally employ Ethernet cables as a means of connecting the various gadgets within the network.

Wide Area Network (WAN): These networks are used to connect devices over much larger distances than LANs. A WAN is established by using routers to connect various LANs and are generally not owned by a single person or organization. The internet is one massive WAN that spans the entire planet.

Other Network Types: Various other types of networks exist, including wireless local area networks (WLANs) that are LANs based on wireless network technology and metropolitan area networks (MANs) that cover larger areas than LANs but smaller areas than WANs.
  These MANs generally span a city and are owned and operated by a government or corporation.

Network Topology

Not to be confused with network type, network topology refers to the virtual layout of the devices within a network and can refer to five distinct categories:

Bus: This topology utilizes a common backbone, generally a single cable, to connect all the devices on a network.

Ring: Found in some offices and schools, ring topologies give each device two neighbors for communication purposes. All data travels in a ring, and a failure of that ring can bring down the whole network.
Star: Found in many homes, a central connection known as a “hub” is connected to all the objects on the network. This hub could be a router or a switch.
Tree: A hybrid bus/star network, several star hubs are connected to the core cable of a bus in order to vastly increase the number of computers able to connect to the network.
Mesh: The mesh topology employs the concept of routing, in which each piece of data sent on the network has multiple paths it can take instead of one fixed route. The internet is a perfect example of this topology.

OSI Model

To address the problem of networks increasing in size and in number, the International Organization for Standardization (ISO) researched many network schemes and recognized that there was a need to create a network model that would help network builders implement networks that could communicate and work together and therefore, released the OSI reference model in 1984.

7) Application :- This layer deal with networking applications,Examples:Email,Web browsers ,PDU - User Data

6) Presentation :- This layer is responsible for presenting the data in the required format which may include:Encryption ,Compression ,PDU - Formatted Data

5) Session :- This layer establishes, manages, and terminates sessions between two communicating hosts.Example:Client Software( Used for logging in),PDU - Formatted Data

4) Transport :- This layer breaks up the data from the sending host and then reassembles it in the receiver.It also is used to insure reliable data transport across the network.PDU - Segments

3) Network :- Sometimes referred to as the “Cisco Layer”.Makes “Best Path Determination” decisions based on logical addresses (usually IP addresses).PDU - Packets

2) Data link :- This layer provides reliable transit of data across a physical link.Makes decisions based on physical addresses (usually MAC addresses).PDU - Frames

1) Physical :- This is the physical media through which the data, represented as electronic signals, is sent  from the source host to the destination host.Examples:CAT5 (what we have)Coaxial (like cable TV)Fiber optic ,PDU - Bits