Firewall is one of the great features that can be incorporated in your system for analyzing incoming and outgoing traffic. Based on this, they are capable to take an appropriate action. Also, they can perform several conditional evaluations.
These conditional evaluations are also referred to as 'rules'. When a firewall is constructed, it is set with rules that will be strictly followed by it. For example, if the company policy demands that only the sales department will have the access to the FTP site, the firewall can be set accordingly.
So, even if any other department wants to access the site, it will not be possible. In this aspect, Firewalls are to networks what privilege schemes are to operating systems. For example, Windows XP will allow you to specify which users can access a directory or a file. In a similar way, firewalls can provide you with access control to your web sites or network work stations.
Some other features included in firewall are as follows:
a) Virtual Private Networking:
They are also referred to as VPN's. VPN's are used to move the traffic securely from point A to point B over the internet. it creates a tunnel between the points separating the private traffic from the public. There are many players both commercial and open source in the open market offering these services. Many firewall dedicated products offer both LAN-to-LAN and VPN functionalities.
b) Load Balancing:
It's more of a generic term and it refers to the art of moving the traffic in a distributed way. To minimize link congestion this done by routing traffic through two different tunnels they maybe from different internet service providers. These days, some firewalls products also incorporate certain features like directing FTP traffic and web in a distributed manner.
c) Content filtering:
Companies may want to block their employees from viewing certain websites like: underground sites, pornography sites, and web based emails to either reduce on the running costs in terms of bandwidth, maintainous costs etc Content filtering features in a firewall allows you to do just that. It blocks all the sites other than the specified ones.
d) Network Address Translation:
Firewalls allow you to bind one ip to hundreds allowing the outside world on the web to see your network as one it protects your internal users and servers from the web minimizing the hacker’s risk they are often used to map illegal address blocks to valid ones. NAT's are security related, devices that make use of them in corporate world are firewall products.
e) Intrusion Detection:
They detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network In general, this term could mean anything. But in this context, some manufacturers are beginning to combine different types of products into their firewall offering. Even though this in itself doesn't create a problem, users have to be a bit weary of the work load that might be imposed on their firewal
f) Fault tolerance:
Few higher end firewall products developed by companies like Nokia/Checkpoint combination and Cisco PIX support certain kind of fail-over features.
Fault tolerance features of firewall products are also referred to as High-Availability functionality. Advanced versions of fault tolerance features allow the firewalls to run in pairs. In this scenario, while one device is functioning, the other will act as a stand by.
Entertaining the thoughts of managing all these features in one single product, can be a daunting task. Hence, one has to approach it with a kitchen sink mentality and with a fair amount of skepticism. Let us not forget that they have a played a pivotal role in various security models of different organizations as well.
A botnet is a network of zombie computers controlled by a single entity. The term is a blend of the phrase "Robot Network". Sometimes are known as a collection of software robots, or bots, that run autonomously and automatically.
Usually the zombies in use of a botnet are compromised computers running on the Microsoft operating system and sometimes Linux though it’s for it’s rare to get infected with some sort of malware.
These computers communicate with other botnet machines via the Internet. Most botnets are distributed-design systems, with the botnet operator giving instructions to only a small number of machines. These machines then propagate the instructions to other compromised machines, usually via IRC. The distributed design prevents the discovery of the controlling computers. The anonymity that a botnet affords often helps the user avoid detection and possible prosecution.
Botnets are effective in performing tasks that would be impossible given only a single computer, single IP address, or a single Internet connection.
Originally, botnets are used for performing distributed denial of service attacks. designed to interfere with access to a Web site or Internet service. A common method of attack involves flooding a target server with so many communications requests that legitimate traffic can not get through However, some modern web servers have developed strategies to combat DDoS attacks, making this use of a botnet abit ineffective.
Additionally, many counter-DDoS strategies blacklist the IP addresses of attacking computers, thus exposing the botnet's machines.
The first big DDoS attack, in February 2000 took down some of the Web's most popular sites for hours, including Yahoo, CNN, eBay, Amazon.com, Buy.com, and E-Trade. Currently facebook, twitter and Google are trying to fend off a DDos attack.
As the spam market has become profitable, and, botnets are found to be an effective resource for sending spam. At any onetime ten thousand infected pc can send a simple email Furthermore, many compromised computers contain address books of email addresses which can be incorporated into the list of addresses to send spam to. Zombies that are not actively sending spam at any point in time can be configured to scrape the web looking for new email addresses to spam, adding further value to the botnet.
A secondary objective of the botnet is to find and compromise additional computers. While this is not considered a primary objective in and of itself, the expansion of the botnet via assimilation of new computers helps it perform the primary objectives more efficiently. Thus, this secondary objective is often the bulk of a botnet's tasks. Many computer networks, especially those using Microsoft Windows computers running the default settings, inherently trust other computers on the same network. Thus, a single compromised machine on such a network constitutes an attack vector against other machines on the network. Other secondary botnet objectives include website advertisement clicking, web browser toolbar installations, keylogging, and social bookmarking poll manipulation.
There is no surefire way to prevent a DDoS attack. However, a company can reduce its risk by buying plenty of servers and bandwidth, and hosting content on backup servers. Companies can also limit the number of connections that the Web server allows at any one time and set the firewall to block certain types of data that are used in DDoS attacks, said intrusecurity Uganda' David. .
In addition, companies can ask the ISP to impose bandwidth limits or block the IP addresses serving up the attack. Some companies offer DoS detection software, and website developers can configure their Web server to monitor traffic patterns and automatically ban IP addresses that could be associated with an attack. Better yet once an attack has been launched, a company can try to redirect the attack traffic to a null IP address, or a block it. Now the question comes back to you "Is your pc part of the Botnet?"
I’ve met so many IT managers in my career some are friends and others are clients but one thing most of them share is taking security for the company IT facilities for granted. To them the term belongs to “big operations” like Telecoms and banks.
Most IT managers believe buying “state of the art” hardware is good enough….but wait a minute! these just represent computing power not configuration. Most of the settings are left default, leaving unwanted ports and services running that may lead to your systems being comprised.
The threat of hackers, malware and Trojans is for real and maybe from internal or external factors. I know of a few big IT firms that have been hacked because they lacked simple streamlined security policies. These are basically guidelines to what should be allowed and denied on the network. Information technology has become so imbedded in our lives that we practically live with it. Business can’t leave without it and it’s the bloodline of business these days.
A few months ago I had an experience with a friend; he is kind of a big man in a corporate IT firm here in town. I proposed a security audit on his network to be certain that it’s secure. Trust me he gave me a lecture of how he’s using “open source” software, a “state of art” Cisco pix firewall which made his network hack free.
He actually wanted to bet that if anyone ever breaks/hacks in his network, cover my weekend cost for a full month would be taken care of. Unfortunately I didn’t take the bet but I wish I had, because months down the road someone got into his web server. He actually thought I had done it.
The good thing he didn’t lose his job but I can’t be sure you won’t. When you run or setup a server let it be windows or Linux try to analyze the services and ports that are open. In my experience most of these are not really needed and are a security threat. Lastly try to sign onto one of those online mailing lists or forums or blog u can checkout security info. Visit www.securityfocus.com they really have some good topics.
When you look at the statistics, most of the computers that form the botnet belong to small enterprises and home users. We all need to carryout an audit we really don’t need to wait for the accounts to avail the money for an outsider to carry it out. All you need is some free tools especially the open source ones but be careful not to download a Trojan.
Catch you later on my next topic
Squadron Uganda. www.squadronug.com