What Makes a Network Vulnerable?

Anonymity.-: An attacker can mount an attack from thousands of miles away and never
come into direct contact with the system, its administrators, or users. The potential
attacker is thus safe behind an electronic shield.
Many points of attackboth targets and origins-:A simple computing system is a self-
contained unit. Access controls on one machine preserve the confidentiality of data on
that processor. However, when a file is stored in a network host remote from the user, the
data or the file itself may pass through many hosts to get to the user. One host's
administrator may enforce rigorous security policies, but that administrator has no control
over other hosts in the network. Thus, the user must depend on the access control
mechanisms in each of these systems. An attack can come from any host to any host, so
that a large network offers many points of vulnerability.
Sharing-:Because networks enable resource and workload sharing, more users have the
potential to access networked systems than on single computers.
Complexity of system.-: A network combines two or more possibly dissimilar operating
systems. Therefore, a network operating/control system is likely to be more complex than
an operating system for a single computing system. the ordinary desktop computer today
has greater computing power than did many office computers in the last two decades. The
attacker can use this power to advantage by causing the victim's computer to perform part
of the attack's computation. And because an average computer is so powerful, most users
do not know what their computers are really doing at any moment: What processes are
active in the background while you are playing Invaders from Mars? This complexity
diminishes confidence in the network's security.
Unknown perimeter-:A network's expandability also implies uncertainty about the
network boundary. One host may be a node on two different networks, so resources on
one network are accessible to the users of the other network as well. Although wide
accessibility is an advantage, this unknown or uncontrolled group of possibly malicious
users is a security disadvantage.
Unknown path-:illustrates that there may be many paths from one host to another.
Suppose that a user on host A1 wants to send a message to a user on host B3. That
message might be routed through hosts C or D before arriving at host B3. Host C may
provide acceptable security, but not D. Network users seldom have control over the
routing of their messages

Who Attacks Networks?

Focusing on motive may give us some idea of who might attack a networked host or user.
Four important motives are challenge or power, fame, money, and ideology.
Challenge-:is the intellectual challenge. He or she is intrigued with knowing the answers
to Can I defeat this network? What would happen if I tried this approach or that
technique.
Fame-:Some attackers seek recognition for their activities or taking credit for it. In many
cases, we do not know who the attackers really are, but they leave behind a "calling card"
with a recognizable name
Money and Espionage-:financial reward motivates attackers, Some attackers perform
industrial spying seeking information on a company's products, clients, or long-range
plans. We can understand the benefits out of it.
Ideology -:in which attacks are perpetrated to advance ideological ends. For example,
many security analysts believe that the Code Red worm of 2001 was launched by a group
motivated by the tension in U.S.China relations. This may be used to brainwash an
attacker.

What are the possible way of attack?.

A clever attacker investigates and plans before acting. Just as you might invest time in
learning about a jewelry store before entering to steal from it, a network attacker learns a
lot about a potential target before beginning the attack. we may be able to block the attack
before it is launched by knowing the possible way of attack.
Port Scan-:An easy way to gather network information is to use a port scan, a program
that, for a particular IP address, reports which ports respond to messages and which of
several known vulnerabilities seem to be present.
A port scan is much like a routine physical examination from a doctor, particularly the
initial questions used to determine a medical history. The questions and answers by
themselves may not seem significant, but they point to areas that suggest further
investigation.
aPort scanning tells an attacker three things: which standard ports or services are running
and responding on the target system, what operating system is installed on the target
system, and what applications and versions of applications are present. This information
is readily available for the asking from a networked system; it can be obtained quietly,
anonymously, without identification or authentication, drawing little or no attention to the
scan.
Social Engineering-:The port scan gives an external picture of a networkwhere are the
doors and windows, of what are they constructed, to what kinds of rooms do they open?
The attacker also wants to know what is inside the building. What better way to find out
than to ask,
Social engineering involves using social skills and personal interaction to get someone to
reveal security-relevant information and perhaps even to do something that permits an
attack. The point of social engineering is to persuade the victim to be helpful. An attacker
has little to lose in trying a social engineering attack

Reconnaissance-:One commonly used reconnaissance technique is called "dumpster

diving." It involves looking through items that have been discarded in rubbish
bins or recycling boxes. It is amazing what we throw away without thinking
about it. Mixed with the remains from lunch might be network diagrams,
printouts of security device configurations, system designs and source code,
telephone and employee lists, and more. Even outdated printouts may be
useful. Seldom will the configuration of a security device change completely.
More often only one rule is added or deleted or modified, so an attacker has a
high probability of a successful attack based on the old information.

Most reconnaissance techniques require little training and minimal investment of time. If
an attacker has targeted a particular organization, spending a little time to
collect background information yields a big payoff.
Operating System and Application Fingerprinting-:The port scan supplies the attacker
with very specific information. For instance, an attacker can use one to find out
that port 80 is open and supports HTTP, the protocol for transmitting web
pages. But the attacker is likely to have many related questions, such as which
commercial server application is running, what version, and what the
underlying operating system and version are. Once armed with this additional
information, the attacker can consult a list of specific software's known
vulnerabilities to determine which particular weaknesses to try to exploit.

Bulletin Boards and Chats-:The Internet is probably the greatest tool for sharing
knowledge. probably also the most dangerous tool for sharing knowledge.

Numerous underground bulletin boards and chat rooms support exchange of information.
Attackers can post their latest exploits and techniques, read what others have
done, and search for additional information on systems, applications, or sites.
Remember that, as with everything on the Internet, anyone can post anything,
so there is no guarantee that the information is reliable or accurate. And you
never know who is reading from the Internet.

Availability of Documentation-:The vendors themselves sometimes distribute

information that is useful to an attacker. For example, Microsoft produces a
resource kit by which application vendors can investigate a Microsoft product
in order to develop compatible, complementary applications. This toolkit also
gives attackers tools to use in investigating a product that can subsequently be
the target of an attack.

Read more about physical medium security flaws..

Summary of Network Vulnerabilities

A network has many different vulnerabilities, but all derive from an underlying model of
computer, communications, and information systems security. Threats are raised against
the key aspects of security: confidentiality, integrity, and availability, as shown in Table

Table ---- Network Vulnerabilities.

Target Vulnerability

Precursors to attack Port scan

Table ---- Network Vulnerabilities.

Target Vulnerability
Social engineering

Reconnaissance

OS and application fingerprinting

Authentication Impersonation
failures
Guessing

Eavesdropping

Spoofing

Session hijacking

Man-in-the-middle attack

Programming flaws Buffer overflow

Addressing errors

Parameter modification, time-of-check to time-of-use errors

Server-side include

Cookie

Malicious active code: JavaScript, ActiveX

Malicious code: virus, worm, Trojan horse

Malicious typed code

Confidentiality Protocol flaw

Eavesdropping
Table ---- Network Vulnerabilities.

Target Vulnerability
Passive wiretap

Misdelivery

Exposure within the network

Traffic flow analysis

Cookie

Integrity Protocol flaw

Active wiretap

Impersonation

Falsification of message

Noise

Web site defacement

DNS attack

Availability Protocol flaw

Transmission or component failure

Connection flooding, e.g., echo-chargen, ping of death,

smurf, syn flood

DNS attack

Traffic redirection

Distributed denial of service

Network Security Controls

Some of the network threats are listed below.:

intercepting data in traffic

accessing programs or data at remote hosts

modifying programs or data at remote hosts

modifying data in transit

inserting communications

impersonating a user

inserting a repeat of a previous communication

blocking selected traffic

blocking all traffic

running a program at a remote host

Listing few controls that can be applied to network security threats.

Architecture-: planning can be the strongest control . In particular, when we build or

modify computer-based systems, we can give some thought to their overall
architecture and plan to "build in" security as one of the key constructs.
Similarly, the architecture or design of a network can have a significant effect on
its security.

Segmentation-:like operating system the Segmentation reduces the number of threats,

and it limits the amount of damage a single vulnerability .

Listing the following activities which can be segmented to avoid damage ,corruption .

a web server, to handle users' HTTP sessions

application code, to present your goods and services for purchase

a database of goods, and perhaps an accompanying inventory to the count of stock

on hand and being requested from suppliers

a database of orders taken

A more secure design uses multiple segments.

Redundancy-:Another key architectural control is redundancy: allowing a function to be

performed on more than one node, to avoid "putting all the eggs in one
basket.A better design would have two servers, using what is called failover
mode. In failover mode the servers communicate with each other periodically,
each determining if the other is still active. If one fails, the other takes over
processing for both of them. Although performance is cut approximately in
half when a failure occurs, at least some processing is being done.

Single Points of Failure-:The architecture should at least make sure that the system
tolerates failure in an acceptable way (such as slowing down but not stopping
processing, or recovering and restarting incomplete transactions).

single points of failure that is we should ask if there is a single point in the network
that, if it were to fail, could deny access to all or a significant part of the
network. Good network design eliminates single points of failure. Distributing
the databaseplacing copies of it on different network segments, perhaps even
in different physical locationscan reduce the risk of serious harm from a
failure at any one point.

Encryption-:Encryption is powerful for providing privacy, authenticity, integrity, and

limited access to data. Because networks often involve even greater risks, it is
better to secure data with encryption, perhaps in combination with other
controls.
In network applications, encryption can be applied either between two hosts (called link
encryption) or between two applications (called end-to-end encryption).
Link Encryption-:In link encryption, data are encrypted just before the system places
them on the physical communications link. In this case, encryption occurs at layer 1 or 2
in the OSI model. (A similar situation occurs with TCP/IP protocols.) Similarly,
decryption occurs just as the communication arrives at and enters the receiving computer

Link encryption is invisible to the user. The encryption becomes a transmission service
performed by a low-level network protocol layer, just like message routing or
transmission error detection.

End-to-End Encryption-:As its name implies, end-to-end encryption provides security

from one end of a transmission to the other. The encryption can be applied by a
hardware device between the user and the host. Alternatively, the encryption
can be done by software running on the host computer. In either case, the
encryption is performed at the highest levels (layer 7, application, or perhaps at
layer 6, presentation) of the OSI model. A model of end-to-end encryption is
shown in figure.
Since the encryption precedes all the routing and transmission processing of the layer, the
message is transmitted in encrypted form throughout the network. The encryption
addresses potential flaws in lower layers in the transfer model. If a lower layer should fail
to preserve security and reveal data it has received, the data's confidentiality is not
endangered. Figure shows a typical message with end-to-end encryption, again with the
encrypted field shaded.

Virtual Private Networks-:Link encryption can be used to give a network's users the
sense that they are on a private network, even when it is part of a public network.

Typically, physical security and administrative security are strong enough to protect
transmission inside the perimeter of a network. Thus, the greatest exposure for a user is
between the user's workstation or client and the perimeter of the host network or server

The solution is firewall

A firewall is an access control device that sits between two networks or two network
segments. It filters all traffic between the protected or "inside" network and a less
trustworthy or "outside" network or segment.

Many firewalls can be used to implement a VPN. When a user first establishes a
communication with the firewall, the user can request a VPN session with the firewall.
The user's client and the firewall negotiate a session encryption key, and the firewall and
the client subsequently use that key to encrypt all traffic between the two. In this way, the
larger network is restricted only to those given special access by the VPN. In other words,
it feels to the user that the network is private, even though it is not. With the VPN, we say
that the communication passes through an encrypted tunnel or tunnel.

Virtual private networks are created when the firewall interacts with an authentication
service inside the perimeter. The firewall may pass user authentication data to the
authentication server and, upon confirmation of the authenticated identity, the firewall
provides the user with appropriate security privileges. As shown in the following fig
PKI and Certificates-:public key infrastructure, or PKI, is a process created to enable
users to implement public key cryptography, usually in a large (and frequently,
distributed) setting. PKI offers each user a set of services, related to identification and
access control the following list is provided.

create certificates associating a user's identity with a (public) cryptographic key

give out certificates from its database

sign certificates, adding its credibility to the authenticity of the certificate

confirm (or deny) that a certificate is valid

invalidate certificates for users who no longer are allowed access or whose private
key has been exposed

PKI is often considered to be a standard, but in fact it is a set of policies, products, and
procedures that leave some room for interpretation. The policies define the rules under
which the cryptographic systems should operate.

PKI sets up entities, called certificate authorities, that implement the PKI policy on
certificates.

The specific actions of a certificate authority include the following:

managing public key certificates for their whole life cycle

issuing certificates by binding a user's or system's identity to a public key with a
digital signature

scheduling expiration dates for certificates

ensuring that certificates are revoked when necessary by publishing certificate

revocation lists

The functions of a certificate authority can be done in-house or by a commercial service

or a trusted third party.

SSH Encryption-:SSH (secure shell) is a pair of protocols (versions 1 and 2), originally
defined for Unix but also available under Windows 2000, that provides an authenticated
and encrypted path to the shell or operating system command interpreter. Both SSH
versions replace Unix utilities such as Telnet, rlogin, and rsh for remote access. SSH
protects against spoofing attacks and modification of data in communication.

The SSH protocol involves negotiation between local and remote sites for encryption
algorithm (for example, DES, IDEA, AES) and authentication (including public key and
Kerberos).
SSL Encryption-:The SSL (Secure Sockets Layer) protocol was originally designed by
Netscape to protect communication between a web browser and server. It is also known
now as TLS, for transport layer security. SSL interfaces between applications (such as
browsers) and the TCP/IP protocols to provide server authentication, optional client
authentication, and an encrypted communications channel between client and server.
Client and server negotiate a mutually supported suite of encryption for session
encryption and hashing. To use SSL, the client requests an SSL session. The server
responds with its public key certificate so that the client can determine the authenticity of
the server. The client returns part of a symmetric session key encrypted under the server's
public key. Both the server and client compute the session key, and then they switch to
encrypted communication, using the shared session key.

IPSec-:IPSec is somewhat similar to SSL, in that it supports authentication and

confidentiality in a way that does not necessitate significant change either
above it (in applications) or below it (in the TCP protocols). Like SSL, it was
designed to be independent of specific cryptographic protocols and to allow the
two communicating parties to agree on a mutually supported set of protocols.

The basis of IPSec is what is called a security association, which is essentially the set of
security parameters for a secured communication channel. It is roughly comparable to an
SSL session. A security association includes

encryption algorithm and mode (for example, DES in block chaining mode)
encryption key

encryption parameters, such as the initialization vector

authentication protocol and key

lifespan of the association, to permit long-running sessions to select a new

cryptographic key as often as needed

address of the opposite end of association

sensitivity level of protected data (usable for classified data)

Signed Code-:As we have seen, someone can place malicious active code on a web site
to be downloaded by unsuspecting users. Running with the privilege of
whoever downloads it, such active code can do serious damage, from deleting
files to sending e-mail messages to fetching Trojan horses to performing subtle
and hard-to-detect mischief. Today's trend is to allow applications and updates
to be downloaded from central sites, so the risk of downloading something
malicious is growing.

A partialnot completeapproach to reducing this risk is to use signed code. A

trustworthy third party appends a digital signature to a piece of code,
 supposedly connoting more trustworthy code. A signature structure in a PKI
helps to validate the signature.

Encrypted E-Mail-:No one can change encrypted data in a meaningful way without
breaking the encryption. An electronic mail message is much like the back of a
post card. The mail carrier (and everyone in the postal system through whose
hands the card passes) can read not just the address but also everything in the
message field. To protect the privacy of the message and routing information,
we can use encryption to protect the confidentiality of the message and perhaps
its integrity.

Error Correcting Codes-:We can use error detection and error correction codes to
guard against modification in a transmission. The codes work as their names
imply: Error detection codes detect when an error has occurred, and error
correction codes can actually correct errors without requiring retransmission of
the original message. The error code is transmitted along with the original data,
so the recipient can recompute the error code and check whether the received
result matches the expected value.

A cryptographic checksum (sometimes called a message digest) is a cryptographic

function that produces a checksum. The cryptography prevents the attacker
from changing the data block (the plaintext) and also changing the checksum
value (the ciphertext) to match.

Strong Authentication-: The authentication methods appropriate for use in networks

are,
One-Time Password-:A one-time password can guard against wiretapping and spoofing
of a remote host. As the name implies, a one-time password is good for one use only. The
user would enter the first password for the first login, the next one for the next login, and
so forth. As long as the password lists remained secret and as long as no one could guess
one password from another, a password obtained through wiretapping would be useless.
However, as with the one-time cryptographic pads, humans have trouble maintaining
these password lists. To address this problem, we can use a password token, a device that
generates a password that is unpredictable but that can be validated on the receiving end.
ChallengeResponse Systems-:A more sophisticated one-time password scheme uses
challenge and response, . A challenge and response device looks like a simple pocket
calculator. The user first authenticates to the device, usually by means of a PIN. The
remote system sends a random number, called the "challenge," which the user enters into
the device. The device responds to that number with another number, which the user then
transmits to the system. The system prompts the user with a new challenge for each use.
Thus, this device eliminates the small window of vulnerability in which a user could
reuse a time-sensitive authenticator. A generator that falls into the wrong hands is useless
without the PIN. However, the user must always have the response generator to log in,
and a broken device denies service to the user.
Digital Distributed Authentication-:The architecture assumes that each server has its
own private key and that the corresponding public key is available to or held by every
other process that might need to establish an authenticated channel. To begin an
authenticated communication between server A and server B, A sends a request to B,
encrypted under B's public key. B decrypts the request and replies with a message
encrypted under A's public key. To avoid replay, A and B can append a random number to
the message to be encrypted.

A and B can establish a private channel by one of them choosing an encryption key (for a
secret key algorithm) and sending it to the other in the authenticating message. Once the
authentication is complete, all communication under that secret key can be assumed to be
as secure as was the original dual public key exchange. To protect the privacy of the
channel

Kerberos-:Kerberos is a system that supports authentication in distributed systems.

Originally designed to work with secret key encryption, Kerberos, in its latest
version, uses public key technology to support key exchange. The Kerberos
system was designed at Massachusetts Institute of Technology.

Kerberos is used for authentication between intelligent processes, such as client-to-server

tasks, or a user's workstation to other hosts. Kerberos is based on the idea that a central
server provides authenticated tokens, called tickets, to requesting applications. A ticket is
an unforgeable, nonreplayable, authenticated object. That is, it is an encrypted data
structure naming a user and a service that user is allowed to obtain. It also contains a time
value and some control information.

The first step in using Kerberos is to establish a session with the Kerberos server, as
shown in Figure . A user's workstation sends the user's identity to the Kerberos server
when a user logs in. The Kerberos server verifies that the user is authorized. The
Kerberos server sends two messages:

To the user's workstation and To the ticket-granting server

If the workstation can decrypt using private key , the password typed by the user, then
the user has succeeded in an authentication with the workstation.

Kerberos was carefully designed to withstand attacks in distributed environments

No passwords communicated on the network. As already described, a user's

password is stored only at the Kerberos server. The user's password is not sent
from the user's workstation when the user initiates a session. (Obviously, a user's
initial password must be sent outside the network, such as in a letter.)
Cryptographic protection against spoofing. Each access request is mediated by the
ticket-granting server, which knows the identity of the requester, based on the
authentication performed initially by the Kerberos server and on the fact that the
user was able to present a request encrypted under a key that had been encrypted
under the user's password.

Limited period of validity. Each ticket is issued for a limited time period; the
ticket contains a timestamp with which a receiving server will determine the
ticket's validity. In this way, certain long-term attacks, such as brute force
cryptanalysis, will usually be neutralized because the attacker will not have time
to complete the attack.

Timestamps to prevent replay attacks. Kerberos requires reliable access to a

universal clock. Each user's request to a server is stamped with the time of the
request. A server receiving a request will compare this time to the current time
and fulfill the request only if the time is reasonably close to the current time. This
time-checking prevents most replay attacks, since the attacker's presentation of
the ticket will be delayed too long.

Mutual authentication. The user of a service can be assured of any server's

authenticity by requesting an authenticating response from the server. The user
sends a ticket to a server and then sends the server a request encrypted under the
session key for that server's service; the ticket and the session key were provided
by the ticket-granting server. The server can decrypt the ticket only if it has the
unique key it shares with the ticket-granting server. Inside the ticket is the session
key, which is the only means the server has of decrypting the user's request. If the
server can return to the user a message encrypted under this same session key but
containing 1 + the user's timestamp, the server must be authentic. Because of this
mutual authentication, a server can provide a unique channel to a user and the
user may not need to encrypt communications on that channel to ensure
continuous authenticity. Avoiding encryption saves time in the communication.
Access Controls
Authentication deals with the who of security policy enforcement; access controls
enforce the what and how

ACLs on Routers-:Routers perform the major task of directing network traffic either to
subnetworks they control or to other routers for subsequent delivery to other
subnetworks. Routers convert external IP addresses into internal MAC addresses of hosts
on a local subnetwork.

Suppose a host is being spammed (flooded) with packets from a malicious rogue host.
Routers can be configured with access control lists to deny access to particular hosts from
particular hosts. So, a router could delete all packets with a source address of the rogue
host and a destination address of the target host

Read the problem of routers.

Firewalls-:firewall is designed to do the screening that is less appropriate for a router to

do. A router's primary function is addressing, whereas a firewall's primary function is
filtering. Firewalls can also do auditing. Even more important, firewalls can examine an
entire packet's contents, including the data portion, whereas a router is concerned only
with source and destination MAC and IP addresses.

Alarms and Alerts-:The logical view of network protection looks like Figure , in which
both a router and a firewall provide layers of protection for the internal network as shown
in figure.
An intrusion detection system is a device that is placed inside a protected network to
monitor what occurs within the network. If an attacker is able to pass through the router
and pass through the firewall, an intrusion detection system offers the opportunity to
detect the attack at the beginning, in progress, or after it has occurred. Intrusion detection
systems activate an alarm, which can take defensive action

Honeypots-:How do you catch a mouse? You set a trap with bait (food the mouse finds
attractive) and catch the mouse after it is lured into the trap. You can catch a computer
attacker the same way. attracting and monitoring the actions of an attacker

You put up a honeypot for several reasons:

to watch what attackers do, in order to learn about new attacks (so that you can
strengthen your defenses against these new attacks)
to lure an attacker to a place in which you may be able to learn enough to identify
and stop the attacker

to provide an attractive but diversionary playground, hoping that the attacker will
leave your real system alone

Traffic Flow Security-:A more sophisticated approach to traffic flow security is called
onion routing . Consider a message that is covered in multiple layers, like the layers of an
onion. A wants to send a message to B but doesn't want anyone in or intercepting traffic
on the network to know A is communicating with B. So A takes the message to B, wraps
it in a package for D to send to B. Then, A wraps that package in another package for C to
send to D. Finally, A sends this package to C. This process is shown in Figure . The
internal wrappings are all encrypted under a key appropriate for the intermediate recipient
Receiving the package, C knows it came from A, although C does not know if A is the
originator or an intermediate point. C then unwraps the outer layer and sees it should be
sent to D. At this point, C cannot know if D is the final recipient or merely an
intermediary. C sends the message to D, who unwraps the next layer. D knows neither
where the package originally came from nor where its final destination is. D forwards the
package to B, its ultimate recipient. With this scheme, any intermediate recipientsthose
other than the original sender and ultimate receiverknow neither where the package
originated nor where it will end up. This scheme provides confidentiality of content,
source, destination, and routing

Firewalls

firewall is a device that filters all traffic between a protected or "inside" network and a
less trustworthy or "outside" network. Usually a firewall runs on a dedicated
device; because it is a single point through which traffic is channeled,
performance is important, which means nonfirewall functions should not be
done on the same machine. Because a firewall is executable code, the attacker
could compromise that code and execute from the firewall's device. Thus, the
fewer pieces of code on the device, the fewer tools the attacker would have by
compromising the firewall. Firewall code usually runs on a proprietary or
carefully minimized operating system. The purpose of a firewall is to keep
"bad" things outside a protected environment. To accomplish that, firewalls
implement a security policy that is specifically designed to address what bad
things might happen.

Types of Firewalls-: Firewalls have a wide range of capabilities. Types of firewalls

include
 packet filtering gateways or screening routers
stateful inspection firewalls

application proxies

guards

personal firewalls

Packet Filtering Gateway-:A packet filtering gateway or screening router is the

simplest, and in some situations, the most effective type of firewall. A packet filtering
gateway controls access to packets based on packet address (source or destination) or
specific transport protocol type (such as HTTP web traffic). Figure shows a packet
filter that blocks access from (or to) addresses in one network; the filter allows HTTP
traffic but blocks traffic using the Telnet protocol.

Stateful Inspection Firewall-:Filtering firewalls work on packets one at a time,

accepting or rejecting each packet and moving on to the next. They have no concept of
"state" or "context" from one packet to the next. A stateful inspection firewall maintains
state information from one packet to another in the input stream.

One classic approach used by attackers is breaking an attack into multiple packets by
forcing some packets to have very short lengths so that a firewall will not be able to
detect the signature of an attack split across two or more packets. (Remember that with
the TCP protocols, packets can arrive in any order, and the protocol suite is responsible
for reassembling the packet stream in proper order before passing it along to the
application.) A stateful inspection firewall would track the sequence of packets and
conditions from one packet to another to thwart such an attack.

Application Proxy-:An application proxy gateway, also called a bastion host, is a

firewall that simulates the (proper) effects of an application so that the application
will receive only requests to act properly. A proxy gateway is a two-headed device: It
 looks to the inside as if it is the outside (destination) connection, while to the outside
it responds just as the insider would.

An application proxy runs pseudoapplications. For instance, when electronic mail is

transferred to a location, a sending process at one site and a receiving process at the
destination communicate by a protocol that establishes the legitimacy of a mail
transfer and then actually transfers the mail message. The protocol between sender
and destination is carefully defined. A proxy gateway essentially intrudes in the
middle of this protocol exchange, seeming like a destination in communication with
the sender that is outside the firewall, and seeming like the sender in communication
with the real destination on the inside. The proxy in the middle has the opportunity to
screen the mail transfer, ensuring that only acceptable e-mail protocol commands are
sent to the destination.

Guard-:A guard is a sophisticated firewall. Like a proxy firewall, it receives protocol

data units, interprets them, and passes through the same or different protocol
data units that achieve either the same result or a modified result. The guard
decides what services to perform on the user's behalf in accordance with its
available knowledge, such as whatever it can reliably know of the (outside)
user's identity, previous interactions, and so forth.

Personal Firewalls-:A personal firewall is an application program that runs on a

workstation to block unwanted traffic, usually from the network. A personal
firewall can complement the work of a conventional firewall by screening the
kind of data a single host will accept, or it can compensate for the lack of a
regular firewall, as in a private DSL or cable modem connection. Just as a
network firewall screens incoming and outgoing traffic for that network, a
 personal firewall screens traffic on a single workstation. A workstation could
be vulnerable to malicious code or malicious active agents (ActiveX or Java
applets), leakage of personal data stored on the workstation, and vulnerability
scans to identify potential weaknesses. Commercial implementations of
personal firewalls include Norton Personal Firewall from Symantec, McAfee
Personal Firewall, and Zone Alarm from Zone Labs. The personal firewall is
configured to enforce some policy. For example, the user may decide that
certain sites, such as computers on the company network, are highly
trustworthy, but most other sites are not. The user defines a policy permitting
download of code, unrestricted data sharing, and management access from the
corporate segment, but not from other sites. Personal firewalls can also
generate logs of accesses, which can be useful to examine in case something
harmful does slip through the firewall. Combining a virus scanner with a
personal firewall is both effective and efficient.

Comparison of Firewall Types-:

Packet Stateful Application Guard Personal

Filtering Inspection Proxy Firewall

Simplest More complex Even more Most complex Similar to packet

complex filtering firewall

Sees only Can see either Sees full data Sees full text of Can see full data
addresses and addresses or data portion of communication portion of packet
service protocol packet
type

Auditing Auditing possible Can audit Can audit activity Canand

difficult activity usually does
audit activity

Screens based Screens based on Screens based Screens based on Typically,

on connection information on behavior of interpretation of screens based on
rules across packets proxies message content information in a
Packet Stateful Application Guard Personal
Filtering Inspection Proxy Firewall

in either header single packet,

or data field using header or
data

Complex Usually Simple proxies Complex guard Usually starts in

addressing rules preconfigured to can substitute functionality can "deny all
can make detect certain for complex limit assurance inbound" mode,
configuration attack signatures addressing to which user
tricky rules adds trusted
addresses as they
appear

Secure E-Mail

Sometimes we would like e-mail to be more secure, Threats to E-Mail are .

message interception (confidentiality)

message interception (blocked delivery)

message interception and subsequent replay

message content modification

message origin modification

message content forgery by outsider

message origin forgery by outsider

message content forgery by recipient

message origin forgery by recipient

denial of message transmission