Saturday, December 13, 2008

Internet Confidentiality & Privacy

The Internet provides little assurance of privacy or confidentiality. The use of firewalls, anonymizers, and encryption can help mitigate the risks. Major considerations to keep in mind are discussed below.

Silent communications. There are thousands of rogue actors and infected computers probing machines across the Internet at any given second. These bad apples are almost certainly trying to get control of your machine through any security fault or unpatched module they can find. Fortunately, their communications are fairly straightforward to trap, since by definition they are unsolicited -- it is easy to tell the difference between a packet from a web site you just accessed from a probe from some site you never heard of before. The technological solution to this threat is called a "firewall", a program that monitors all communications and traps all illicit packets. Most operating systems now come with a firewall preinstalled. However, some, such as the Windows firewall, only block suspect incoming communications, leaving completely open access to the Internet from your machine. This is a barn-door sized hole that is eagerly used by almost every program you have on your computer to contact the home company for all sorts of reasons ranging from automatic checking for updates to transmission of usage metric data for their own proprietary purposes. The solution to this is a third party firewall protects both incoming and outgoing communications. The free version of ZoneAlarm is widely used.

Surfing leaves tracks. There is little privacy or confidentiality on the Internet. Web sites can your surfing on their site by IP address track and related system information, including system names and Internet network addresses that often uniquely identify your computer. Search engines generally record your queries together with your computer identification, building up a profile of your interests over time. To minimize these threats, you can turn your default browser settings to exclude cookies, since they can be used to build up detailed profiles of your surfing patterns over time (advertising sites with presence on many sites can even use cookies to track your surfing patterns across different sites). You can also use networked or single-pont anonymizers to obscure all your computer's local identifying information and obtain the maximum available Internet privacy.

http://www.computerservicescanada.ca/images/image008.jpg

Posting is public. When you post anything to a public Internet newsgroup, mailing list, or chat room, you generally give up the rights to the content and any expectation of privacy or confidentiality. In most countries, anything you post to a public space can be saved, archived, duplicated, distributed, and published, even years later, by anyone in the same way as a photograph taken in a public space like a city park. If you have ever posted anything to the newsgroups, you might find it interesting to search them now for the email address you used at the time, which is one reason you should disguise youe email address when posting to the Usenet.

Personal data is cross-referenced. If you give a site personal data like an email address, home address, phone number, birth date, or credit card number, be aware that the information can be easily cross referenced by a range of large service companies to assemble a detailed database of your buying habits, surfing patterns, and interests. And it usually is. If you do give a site personal information, it is a good idea to first read their Internet privacy policy to see how confidential they promise to keep it.

Tap, tap. Without speculating on who or why, Internet communications interception is technically easy to do at any of the perhaps five and twenty-five routers through which your packets are switched on the way to their destination. Software taps are easy to add. Direct physical interception through tapping into copper network cable near a house or in a switching station is straightforward with inexpensive equipment, and enables an eavesdropper to copy all of the traffic that passes over the line. Radio frequency interception of the traffic on copper lines is possible. Tapping into fiber optic line is more difficult, usually requiring a high angle bend to get a bit of light leakage, but is also technically possible.Encryption is the only sure solution.

Governments can do anything. Many national governments are large enough with enough resources that they can and do intercept Internet communications. However, because of the volume of information if for no other reason, you can be reasonably assured that no-one is taking the time to look at your specific Internet packets unless you are connected to an investigation.

The bottom line is that you have little privacy or confidentiality on the Internet, and unless your communications are encrypted and/or anonymized, you should assume they can be read by others. At the same time you need to make a realistic threat assessment depending on what you are doing -- how much do you (or others) really care?


Tuesday, December 2, 2008

About Firewalls

Introduction to Internet Firewalls

Firewalls are an excellent tool for securing a network. A firewall is system designed to prevent unauthorized access to or from a private network and basically limits access to a network from another network. Firewall that can be implemented in hardware or software, or a combination of both either denies or allows outgoing traffic known as egress filtering or incoming traffic known as ingress filtering.

In an organizational setup, firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. A firewall should be the first line of defense in protecting the availability, integrity, and confidentiality of data in the computing environment. While a company may use packet-filtering routers for perimeter defense and host-based firewalls as an additional line of defense, in the home environment, the personal firewall plays a key role by defending the network and individual host perimeters.

Firewall software monitors your computer for suspicious activity while you are online.� Inbound intruders are stopped before they can get in, sensitive information and Trojan Horses are stopped before they can get out.� Furthermore, a record of the attack is created, including the IP address where the attack came from.� This can help the IP provider figure out where the attack is coming from so they can track down the hackers. Overall, it is important to be smart about hackers, realizing that you are vulnerable to their attacks is an important first step.� Somebody who really wants into your computer may still find a way to do it, but the point here is to make it as difficult as possible for him or her, and to send those who are just looking for the opportunity on to an easier target.

Firewall is defined as a system designed to prevent unauthorized access to or from a private network. Firewalls can be integrated in both hardware and software. All messages communicating with the intranet pass through the firewall. The firewall inspects and blocks all messages that do not meet the security stipulations.

The fundamental principle is to give the administrator a single point where the preferred policies can be enforced. This single point of control allows the administrator to conceal characteristics of a private network and protect it.

Uses of Firewall

  • Protect the system from the hackers from logging into machines on network.

  • Provide a single access point from where security and audit can be imposed.

  • Act as an effective phone tap and tracing tool.

  • Provide an important logging and auditing function

  • Provide information about the nature of traffic and the number of attempts made to break into it.

Firewall Loopholes

Firewalls cannot protect from attacks that do not go through the firewall. The prerequisite for a firewall to work is it must be a part of a consistent overall organizational security architecture.

A firewall can't protect the network against a traitor in the network environment. Although an industrial spy might export information through your firewall, the traitor just as likely to export it through a telephone, FAX machine, or floppy disk. Firewalls also cannot protect against social engineering.

Lastly, firewalls cannot protect against tunneling over most application protocols to trojaned or poorly written clients. Tunneling bad things over HTTP, SMTP, and other protocols is widely used.

Functionality of Firewalls

1. Packet Filtering: For each packet received, the packet filters gives permit/denial decision. The filtering rules are based on the packet header information. This information consists of the IP source address, the IP destination address, the encapsulated protocol, the TCP/UDP source port, the TCP/UDP destination port, and the ICMP message type.

2. Application level gateway: Application level gateway is a proxy that is installed on the gateway for each desired application. It does not allow direct exchange of packets. If a particular application does not have a proxy on the gateway, the service is not forwarded across the firewall.

3. Circuit level gateway: Circuit level gateway is a specific function that can be performed by an application level gateway. It does not perform any additional packet processing or filtering. It copies bytes back and forth between the inside and connection. It is often used for outgoing connections.

Basic Types of Firewalls

There are two types of firewalls:

  • Network layer

  • Application layer

Network layer firewalls

These firewalls use the source, destination addresses and ports in individual IP packets in making their decisions. A simple router is not able to make decisions about nature and destination of a packet. The distinguishing characteristic about network layer firewalls is they route traffic directly though them. They are very fast and tend to be very transparent to users.

Application layer firewalls

They are hosts running proxy servers. They permit no traffic directly between networks, and perform intricate logging and auditing of traffic passing through them. Modern application layer firewalls are completely transparent.

The network layer firewalls are becoming increasingly conscious of the information going through them. At the same time, application layer firewalls are becoming increasingly transparent. The end result is going to be a fast packet-screening system that logs and audits information as it passes through.


Personal Firewalls

Personal firewalls are meant for providing protection to desktop PCs and small networks connected to the Internet. A personal firewall is a software program used to guard and protect a computer or a network while they are connected to the Internet. Generally, home and small networks use personal firewalls because they are relatively inexpensive and are usually easy to install. A personal firewall enforces the security policies of a computer or a network by intercepting and examining the data transportation (data packets) over the network. Security mechanism of a personal firewall works in two ways. Either it allows all the data packets to enter the network except those meeting a specified criteria (restricted ones) or it deny all the data packets from entering except those that are allowed. However, it is recommended by experts that denying all data packets except the allowed ones is better for the security of a network.

While simple personal firewall solutions are administered by users themselves, in a small network they are administered by a central security management system to implement a network wide security policy. The primary aim of a personal firewall is to close any loopholes that remain in a network and in known virus scanners so as to provide full protection to the computers in the network. When a data packet moves out of the network, it carries along with it the IP address of the system/network. Personal firewalls, with the help of NAT (network address translation), substitutes a fake IP address inside the outgoing Internet data packets so that the original IP address can't be traced.


Features and Benefits

In recent years, broadband and other faster Internet connections have become widely available which has lead to the need for software firewalls that could be implemented and maintained by average users. Currently, there are many software vendors competing for the home and small networks market and are trying to package as many features as possible into their products. Below is the list and explanation of some of the main features that personal firewall vendors offer.

Inbound and Outbound Packet Filtering: Filtering the incoming data packets according to the security policies (created by the users or administrator) is the main function of a firewall. Data packets can be filtered using any of their attributes such as protocol, source address and port number and destination address and port number. Filtering the outgoing packets is an equally important feature of personal firewalls.

Stealth Mode: Before attempting to penetrate a system protected by a personal firewall, an intruder usually tries to identify the target system and create a footprint of it. They may also scan it for open ports and information such as OS type and application versions. If an intruder is unable to find the system, then he would not be able to penetrate it. Stealth mode does not mean that the machine's IP address is invisible, but it makes the machine's most vulnerable entry points invisible to tools that intruders use to seek out targets. They essentially block any port that is not in use.

Support Custom Rules: This feature allows the user to customize the security policy other than the values that come with the personal firewall. A user can write a security policy to block data packets by IP address, port number, or protocol or can define custom ports and protocols to use applications such as video conferencing and Voice over IP.

Ad Blocking: This feature blocks unwanted advertisements from displaying in the users Web browser. There are several different types of ads used by Web sites. These include pop-up ads, animated ads, skyscraper ads, and banner ads. Some personal firewalls allow the user to change the filtering rules for the different type of ads.

Content filtering: Also referred to as "parental control", this feature gives the ability to block Web sites because of its content. Filtering can be based upon a database listing these sites, a user created list of sites, or a list of keywords found in web pages.

Cookie Control: A cookie is a small text file that a Web site places on a computer that can contain personal information such as name, address, phone number, password, etc. They can be last for the duration of the current Internet session or they can be persistent and reside on the computer indefinitely. There is also another type of cookie called a third-party cookie that can be placed on a computer to record information about the users Internet surfing habits. The cookie control feature allows the user to block these cookies from being placed on the computer. Some vendors allow the user to distinguish between the types of cookies being blocked.

Mobile Code Protection: Mobile code is active or executable code that is embedded in Web pages or HTML Email such as Java applets, ActiveX controls, and plug-ins. Mobile code can sometimes be malicious with the ability to copy files, steal passwords, copy files, and wipe out hard drives. This feature blocks the mobile code from executing and gives and alert asking the user if they want the code to execute.

Intrusion Detection: From the aspect of a home and small office user, intrusion detection is the process of monitoring the events occurring with in the computer system or network and analyzes them for signs of intrusion. If an intruder gets past the firewall, this feature give an alert to the user that something suspicious is going on.

Intruder Tracking: When an intrusion threat is detected, this feature identifies the source of the intrusion attempt. Some firewalls even display a map showing the approximate geographic location of the intruder.

Logging: This feature creates a log file that lists the data packet transmissions that were blocked by the firewall. Information in this log file includes whether the transmission was inbound or outbound, date and time that the block occurred, Source IP address and port number, destination IP address and port number, and transport protocol, such as TCP, UDP, ICMP, or IGMP.

Email Checking: Email attachments can contain attachments with viruses, worms, and other malicious code. Only certain types of attachments can contain malicious code. These attachments can be identified by their filename extensions. This feature checks incoming email for attachments with file extensions that could be malicious. An alert is usually given and the attachment is quarantined.

Application Authentication: A major threat to a computer system is a Trojan horse. It is easy to download malicious software without knowing it. Some Trojan horse applications can take on the same name, size, and directory structure as a program that is permitted to access the Internet. To combat this problem, a hashing algorithm is used to create a digital signature each time a program is executed and compares to the previously stored digital signature of that same program. If the digital signatures are not equal, then the user is alerted. Some firewall software even includes the components associated with a program's main executable file, such as DLL files, in the digital signature.


Internet Connection Sharing (ICS) Support:
Internet Connection Sharing software is used when multiple computers on home and small networks connect to the Internet through one computer called a gateway that is connected to the Internet. This feature allows the firewall software to work in conjunction with ICS software to filter data packets flowing through the gateway computer.

http://www.stillsolutions.com/uploads/images/firewall1-small.jpg

Choosing a Firewall for Home and Small Office

There are certain key criteria that should be considered when selecting personal software firewalls for home and small networks. The user should identify the criteria that are important to them and then find a personal firewall product that best meets the criteria. Some of the key criteria can be:

  • Effectiveness of security protection - Efficiency of the firewall products to protect against intrusion, Trojans, controlling outbound traffic, and denial of service.

  • Effectiveness of intrusion detection - How effectively the firewall software alerts when the system is being attacked?

  • Effectiveness of reaction - Does the software package have the ability of discovering the identity of the attacker and how well does it block attacks?

  • Cost - Price of the firewall and setting up costs could be an important criterion for small organizations.