How to setup Firewall

Posted: June 12, 2012 in Security
Introduction

You have no doubt at some time heard the word firewall or firewall. Perhaps especially at work where the IT manager talks about his firewall on a regular basis. But firewalls are now something that is highly relevant also for the home user to install and configure, with more and more of us get high-speed connections.

With broadband solutions, we have changed our internet habits for longer connection times and thus increased vulnerability. An increasing number of reports also suggest that even modem users are at high risk of being involved in such intrusions. Five minutes of connection may be the one needed by your computer becomes a zombie in a botnet *.

* A network of infected computers controlled by one person (the pastor) or compatible, for example to perform DoS attacks against specific servers.

What is a firewall?

If you have a good strategy for how to protect your computer or your network, a firewall is the first element of this perimeter. The main task of afirewall is to prevent unwanted visitors from getting into your IT environment. As we have mentioned earlier, a firewall may be the model of hard or soft. A software application (eg ZoneAlarm) installed as a program (software) on your computer and a hardware model (eg NetScreen and SonicWall) configured as a separate physical unit.

firewall’s task is to act as a security guard placed at the front of the stage in a perimeter security. The guardian should decide whether the package as “tap” on the door to the corporate network or the computer in the home must be passed or not. But conversely, a firewall can also determine if the traffic coming from your local computer to be placed or not.

For the firewall to be able to do this you need to talk about how to act when the various packets requesting to pass. You do this by creating rules for different scenarios in your environment. For example if you want to setup an FTP server behind your firewall, open port 21 for incoming traffic so that you can connect to the ftp server. To publish a Web page on one of your computers, you must allow incoming traffic on port 80 so you can access your Web server. Should you set up a VPN solution, there are different rules for how this will work and so on.

A good rule of thumb is to use hard-set rules that position, that is open only ports that are directly necessary to open.

Examples

If we look business related, we can play with the idea that we have an organization with 200 employees. With so many employees, there is usually a corporate network where the network cards in each computer is the connecting link.

The company has at least one connection to the public network (Internet). If there would be a firewall between your computers and the Internet, each computer on your network, accessible by anyone without any major problems.

As an example, we could now make a connection using Telnet or via FTP to one or more of the computers on the network.

But if your company has a firewall installed, the situation is different, we connect the firewall between the network and the Internet, and once the security situation is vastly improved. With a good firewall, we can now set up rules for how traffic between the network and the Internet should be controlled.

We can set up a rule that limits how many computers on the network that can receive public FTP traffic. Maybe it’s just a computer to be able to do this, then we release through traffic to the computer but denies traffic to the other computers by using the rules in the firewall.

These rules may be useful for example, FTP servers, Telnetservrar and Web servers.

Considerations

The above example was very elementary and simple terms, but with a goodfirewall, you can control traffic in and out of your network is almost unlimited. However, we would like to add that a firewall in itself does not give a hundred percent protection. Whether for home or business, the protection of the IT environment occur in several shell where the firewall is one of the shells.

Some tips for firewall implementation (a few simple steps on the way)

Do a needs analysis

Decide what type of firewall you should invest in and whether you should make the implementation yourself or let a specialist do the work for you.The choice of the firewall should be made in relation to your IT environment (ie what should be protected), the skills you have available and what financial resources you have.

If the environment you should protect is not too complex with special requirements for equipment and users, you can indeed achieve a good protection of the basic NAT routers (Network Address Translation) which can be purchased at most supermarkets. These usually start with prices from a few hundred dollars.

However, if you have a complex environment where you may offer services to other users on the Internet or you may be assisting other employees with remote access then you have an image that demands greater demands on your firewall.

Determine how the basic rule for passing and stopped traffic should look like

We recommend you start with a hard basic rule at once. A good firewall is configured from the start not to pass any traffic. You can imagine a brick wall with no gaps. It is we who must decide where the holes then be “bored” and this must be done strategically so that our brick wall will not collapse together.

Determine the policy for the inbound traffic

For example, a NAT router to block all incoming traffic unless traffic is a response to a request that can be traced to a service on the local network.The IP addresses assigned to such servers or computers behind the firewall is never revealed to the world on the other side (the public side), this makes the intrusion generally more difficult to perform.

IP addresses to local hosts are generally not publicly traded in this kind of configurations, making it almost impossible to map the traffic to those from the Internet.

The packet of data coming from the Internet with requests to pass through the firewall is released only if there is a response to requests that were originally on the local side of the firewall.

These packets are addressed to dynamically assigned port numbers on the public side of the NAT router. These port numbers are constantly changing making it difficult if not impossible for a potential intruder to guess which port number used.

If your policy must include secure access to the local area network (can be a file server or other resource) from the Internet, you should decide the rules for this. So you need to tell the firewall when it will be let through traffic and when not to do it. The harder the rules you set, the better protected are your local network (LAN).

If you intend to install a firewall with the ability for computers on the public network to access resources on the local network (may be employees who sit at home office or travel a lot), you should invest in a firewall that supports VPN traffic. VPN technology (Virtual Private Network) provides excellent protection when creating encrypted tunnels that allows traffic between the trusted call pairs and the local network secure.

However, a client software installed and configured on the computer from the public side want to access resources on the local side (LAN). The firewall must be configured with a VPN policy to requests from the calling computer can be towed through properly.

If we look further on firewall configuration, you should restrict incoming traffic to specific protocols such as ftp and http (port 21 and port 80).

Determine the policy for the outgoing traffic

Filtering outbound protocols can be implemented with packet filtering, where we maintain security in a good way. For example if you use a NAT router with no mapping of the incoming traffic originated from the Internet, you can allow users on the LAN to connect to services on the Internet.

Determine policy for dial-up access

If you use dial-up access should be done on a secure server, PPP (Point-to-Point Protocol) which is outside the local network and therefore outside the firewall.

Hardening from behind environmental

It is fairly easy to protect an IT environment where no services are public (with public services, we mean such as Web servers or FTP servers). It should be done in all respects is a check of the services in the local environment (eg a company file server) that are active in vain.

The operating system used on such a server provides to its original position (after installation), some services that could be closed down or made more restrictive in order not to endanger the safety unnecessarily. The security put to the test when a behind are service trying to call a public host, where it reveals that it is active, which can lead to unnecessary attention drawn to the system.

Different firewalls

We present here three models of firewalls, we do not do this in some form of advertising. Secure IT.se has no contracts with any suppliers, but we will only do this to show the difference between different firewalls.

What makes them different?
What distinguishes the different firewalls from each other is the built-in features, support assistance and the administrative functions and more. This is not only the three firewalls we show an example below, but in general.

Good
Simply we can say that a good firewall protects your computer or your network from the most elementary threats from the Internet.

Better
The category better firewalls offer Base Cover available in the category of good firewalls but here you will find better support and better conditions and more frequent updates. You can usually also find virus and spyware protection in this category. Re-reporting also tends to be sharper and the administrative functions better and more proportioned.

Best
In the category of best producers have been arrested for everything that is in the form of protection for your IT environment. You will find support for remote access (VPN), antivirus protection, spyware protection, affordable support contracts, frequent updates to the firewall and the other built-in shell protectors, good feedback on the activities that occur on your network, good administrative functions that support remote administration and more.

But, we repeat, what should you protect, what is the budget is and what is the internal competence out. The most expensive is not always the best and shoots you far above the target it’s just unnecessary money at no extra security.

D-Link DI-524
A firewall for your home or your small office. The offering includes the possibility of configuring a wireless network.

Designed for home or small business network IP filtering
Supports configuration of WLAN URL filtering
Web-based administrative interface Domain blocking
Supports VPN traffic (manufacturer) NAT (Network Address Translation)
Price: about 600 SEK

SonicWALL TZ 170

A firewall for small up to medium-sized company. Capabilities include the possibility of VPN configuration and virus protection.

Designed for smaller networks (1) years of security updates
Supports up to 25 users (1) year virus protection
ViewPoint Reporting Software (1) year spyware protection
(10) site-to-site VPN tunnels (1) year content filtering
(1) VPN client license (1) years of intrusion
(1) year 8-5 Support
Price: From 5000 SEK depending on lic.typ

 

SonicWall Pro 2040
A firewall for the midsize to large company, including the possibility of VPN configuration, virus protection.

Designed for medium sized networks Object-driven management
Supports unlimited number of users RBL spam filtering
(50) site-to-site VPN tunnels (1) year anti-virus protection
(10) VPN client licenses (1) year spyware protection
Built DMZ port (1) years of intrusion
(1) year 8-5 Support (1) year content filtering
WAN / ISP failover ViewPoint Reporting Software
Price: From about 17000 SEK depending on lic.typ

Formable

Firewalls are malleable, this means you can add or delete filtering rules depending on the circumstances of your network.

Example:

IP address – Each computer on the Internet is assigned a unique IP address, IP addresses are 32-bit number. An IP address may look like 192.168.1.10. For example, one through the firewall to block an IP address outside the firewall who read too many files from a server inside the firewall.

Domain names – Because it is difficult to keep track of all IP addresses, and because IP addresses sometimes need to change, all servers on the Internet domain name. These domain names are common names that we can easily read. It may for example be COMPANY-AB.SE. It is also easier to keep track of NOW-AB.SE than one IP address.

A company or a private person in the firewall to block or allow access to different domain names.

Protocol – A protocol is a predefined way, such a program can use to talk about for a service that it wishes to use that particular service. Another example of how protocols are used is when two routers must exchange information with each other. Examples of protocols are SMTP, which is used to send text information, we list some common protocols that you can put rules in your firewall.

(Minutes are generally text-based).

IP – Internet Protocol. IP is the main way to deliver information on the Internet.

TCP – Transport Control Protocol. TCP is used to break down and build up the information it provides on the Internet.

HTTP – HyperText Transfer Protocol. HTTP is used for web pages.

FTP – file transfer protocol. FTP allows you to upload or download files, for example, a server. Often used in web page contexts.

UDP – User Datagram Protocol. UDP is used for information flow that does not require a response, such as audio and video.

ICMP – Internet Control Message Protocol. ICMP is a protocol that used by routers to talk to other routers.

SMTP – Simple Mail Transport Protocol. SMTP is a protocol used to send text-based information (e-mail).

SNMP – Simple Network Management Protocol. SNMP is a protocol used to collect system information from remote computers.

Telnet – Telnet is used to perform actions on a remote computer. This is also one of the hackers tools.

You can now use the firewall configure a computer on the network to treat a specific protocol but not the other computers.

Blocking specific ports – all computers connected to the Internet makes its services available through the ports. So there is a port for each available service. As we have mentioned earlier, a server computer work such as a Web server or an FTP server, Web server’s services, this would be available on port 80 and FTP server services to be available on port 21. So you can through the firewall to block port 21 on all computers except the ftp server.

Blocking specific words and phrases – You can be the firewall filters sniff right to exact words or phrases in one package. This way you can for example filter the word porn and the firewall will look for the specific word in each incoming packet. There must be an exact match, this means you may need to add horny, porn star, porrklubb and more. Just because you have filtered the word porn is not filtered all the words that have to do with porn.

Some examples of control
We present here some very simple rules that can be set up in a common NAT router (for example for home use). We have chosen to mask the name and other things that can be traced to the product. This is to Secure IT.se not recommend this router or believe that it is somehow better than other simple routers with built-in firewall function. But the operation is almost the same in the simpler models.

Number 1
Rule for SMTP, for various reasons can sometimes be forced to open to traffic at the ports included in our computers. In this case, we have opened port 2525 for SMTP (Simple Network Management Protocol). What we are talking about the firewall is that we want to port 2525 should be available around the clock and it’s protocol type TCP, we want to use.

Issue 2

In this case, we have an application which we want to be able to converse with a feature on the Internet. We talk about how this should be done by using this rule on port 5584, the Private IP, we point to the computer on the LAN where our application is installed. Protocol type is TCP, and in this case, we have chosen to limit the time interval from Monday 07:00 to 16:00 to Friday 07:00 to 16:00. Med andra ord kommer den lokala användaren åt tjänsten under dessa tider men inte däremellan.

For this application to function properly, we must also make a rule that supports the protocol UDP. The two rules are the same except that we invoke different protocols.

Issue 3
In this rule, we want to block a specific URL (Uniform Resource Locator) or web page address. We do this by enabling our rule and tell the firewall that is filtering / blocking the URL we want to use. We then add the desired address and activate the rule.

The result when a user on the local network (or a family member) are trying to visit the address we have added are the following: like this URL has been blocked

Number 4

In this rule we can tell the firewall that we want to prevent a computer on the LAN from accessing the Internet. We enable IP filtering and talks about the local IP address 192.xxx.x.xxx not be able to access any service that uses the TCP port range of 1-65535 (ie all available ports). This rule will be active from Monday 07:00 to 16:00 to Friday 07:00 to 16:00, between can be the computer that houses the current IP address to access Internet services.

Issue 5
In this rule, we want to stop all users on the local network or various family members from visiting other domains than http://www.secure-it.se. We do this by activating a rule where we add the secure-it.se as the only approved domain to visit. If we make an attempt to connect to another domain we are stopped by the firewall.

There were a few very simple rules that can be set up to control traffic passing the firewall. Some applications and services require ports to be opened to those in the first place to work, take into account how essential these services are for you. Our rule is that you should not open more ports than absolutely necessary.

In summary we can say that if you have a high speed connection to the Internet, you should install a firewall. What type of firewall you should choose depends on the circumstances of your IT environment looks like. A hardware firewall typically results in better and more opportunities to set up a good protection and looks at the low prices of routers with built-in firewall, so we believe that this is a good entry level model.

More expensive solutions generally give more functionality in the form of an opportunity to VPN deployment, virus protection, adwareskydd and even better support and more updates. It also tends to be better reporting on the events that occur.

A properly configured firewall can protect against such the following threats:

The first Remote Connections 
The second Intrusion 
The third DOS attacks 
The fourth Logic bombs 
The fifth Virus 
The sixth Spam 
The seventh It protects internal content on servers and PCs and more. 
Eighth It denies access to selected services and domains and more.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s