It is for the new users those don't have much knowledge regarding IT Security. Here i focus on Windows In built firewall, Comodo, Zone Alarm and Out Post pro configuration basics.
2. 1
Introduction
Our project “Study Different Firewalls” is related to study the functioning of
different firewalls available to us and find out each others pros and cons. We have
selected few firewalls like Windows Firewall, Zone Alarm Firewall,Comodo
Firewall etc for our project. In our project we are concerned only about the
software firewalls.
Objective
Microsoft Windows provides a variety of methods by which security software can
perform network traffic filtering and other security-related tasks. However, these
same capabilities can be used by malicious software, also known as malware, to
tap into the operating system’s network architecture in order to circumvent security
software, open backdoors, and steal information. A number of articles have been
published that discuss and compare the features of different software firewalls, but
there are few resources that explore the filtering techniques that these firewalls use.
Understanding these filtering techniques is not only useful for choosing a software
firewall and troubleshooting problems with it, but it also helps to understand,
detect, and prevent the malware threats that exploit inherent weaknesses in them.
3. 2
Scope
The Internet, like any other society, is plagued with the kind of jerks who enjoy the
electronic equivalent of writing on other people's walls with spray-paint, tearing
their mailboxes off, or just sitting in the street blowing their car horns. Some
people try to get real work done over the Internet, and others have sensitive or
proprietary data they must protect. Usually, a firewall's purpose is to keep the jerks
out of your network while still letting you get your job done.
Many traditional-style corporations and data centers have computing security
policies and practices that must be followed. In a case where a company's policies
dictate how data must be protected, a firewall is very important, since it is the
embodiment of the corporate policy. Frequently, the hardest part of hooking to the
Internet, if you're a large company, is not justifying the expense or effort, but
convincing management that it's safe to do so. A firewall provides not only real
security--it often plays an important role as a security blanket for management.
Some firewalls permit only email traffic through them, thereby protecting the
network against any attacks other than attacks against the email service. Other
firewalls provide less strict protections, and block services that are known to be
problems.
Generally, firewalls are configured to protect against unauthenticated interactive
logins from the ``outside'' world. This, more than anything, helps prevent vandals
from logging into machines on your network. More elaborate firewalls block
traffic from the outside to the inside, but permit users on the inside to communicate
freely with the outside. The firewall can protect you against any type of network-
borne attack if you unplug it.
4. 3
What is a Firewall?
The Internet is a network of computer networks. It has evolved from the
interconnection of networks around the globe. Interconnection is a good thing; it
allows the free exchange of information via the Web, e-mail and file transfer. But
it also carries a price, namely the risk that your Internet connection may be used by
“hackers” (or as some would rather call them “crackers”) to gain unauthorized
access to your local network. Availability of computing facilities can also be
targeted by Denial of Service (DoS) attacks.
A firewall is a system that implements and enforces an access control (or security)
policy between two networks; it usually guards an internal private network from an
external public one, isolating an intranet from the Internet. Essentially a firewall
connects two or more networks but only allows specified forms of traffic to flow
between them. The firewall is a means by which a security policy can be enforced.
5. 4
Types of Firewall
There have historically been two main types of firewall; application layer and
network layer:
1. Application layer firewalls implement a proxy server for each service
required. A proxy is a server that enables connections between a client and
server, such that the client talks to the proxy, and the proxy to the server on
behalf of the client. They prevent traffic from passing directly between
networks, and as the proxies are often implemented for a specific protocol
they are able to perform sophisticated logging and auditing of the data
passing through them.
A disadvantage of application layer firewalls is that a proxy must exist for
each protocol that you wish to pass through the firewall; if one does not
exist then that protocol cannot be used.
Some protocols, such as SMTP for e-mail, are natural proxies. Others, such
as FTP for file transfer, are not.
6. 5
2. Network layer firewalls make decisions on whether to allow or disallow
individual Internet Protocol (IP) packets to pass between the networks. IP
is the protocol by which almost all data is routed around the Internet. IP
connections rely on a unique source and destination IP address for the
communicating hosts. TCP layer port numbers (the “application layer
endpoints”) are also readily available to a network layer firewall.
For example, port 25 is the agreed port number for SMTP e-mail transfer.
The firewall can make filtering decisions based on the IP and port number
values. This type of firewall can be very flexible. However the added
complexity increases the risk of security holes through misconfiguration.
In Figure , a network layer firewall called a ``screened host firewall'' is
represented. In a screened host firewall, access to and from a single host is
controlled by means of a router operating at a network layer. The single
host is a bastion host; a highly-defended and secured strong-point that can
resist attack.
7. 6
Modes of operation
There are two very distinct and different modes for network firewalls to operate in.
1.Default allow firewalls allow all traffic in and out of a site. Some specified
services may be blocked on the firewall, but all others can freely pass through.
2.Default deny firewalls block all traffic in or out of a site (though commonly they
only block inbound, rather than outbound, traffic). Only named services are
allowed to pass through the firewall.
All firewall systems which were tested were found to be
susceptible to packet spoofing which tricks the server into thinking packets
have come from a trusted host, or into using its intrusion-detection counter
measures to cut connectivity to legitimate sites.
Detection mainly via sending packets (requests) and collecting
responses from client machines about packets and thereby getting a detail
report about the port to which the packet was send across the Network. When
one machine sends its request, the request is encapsulated in an 'IP packet'.
The 'IP packet' consists of two parts, i.e. header and data part. The header
part consists of all information of data i.e. the 'Source IP Address' and
'Destination IP Addresses', the send time and checksums. This can be used
for analyzing data integrity.
The 'TCP-IP Protocol Suit' is responsible for converting low-level
Network Frames into Packets and Segments. TCP is an independent,
general-purpose protocol. Since TCP makes very few assumptions about the
underlying network, it is possible to use it over a single network like an
Ethernet as well as over a complex Internet, It is a communication protocol.
8. 7
A connection consists of virtual circuit between two application programs.
TCP defines an end point to be a pair of integers (host, port).
It defines various protocols they are TCP,
UDP, ICMP, IGMP TCP
TCP is a connection oriented reliable protocol. For sniffing
purpose like sniffing the details of a packet based on 'TCP' protocol. It
would list out the following details of the packet.
Source IP, Destination IP, Source Port, Destination Port,
Sequence, Acknowledgement
UDP
For sniffing purpose like sniffing the details of a packet based
on 'UDP' protocol. UDP is a connectionless unreliable protocol. It would
list out the following details of the packet.
Source IP, Destination IP, Source Port, Destination Port, length
ICMP
For sniffing purpose like sniffing the details of a packet based on
'ICMP' protocol. It would list out the following details of the packet.
Source IP, Destination IP, Source Port, Destination Port IGMP
For sniffing purpose like sniffing the details of a packet based on
'ICMP' protocol. It would list out the following details of the packet.Source IP,
Destination IP, Source Port, Destination Port.
Firewall policies must be realistic and reflect the level of security in the entire
network .For a firewall to work, it must be a part of a consistent overall
9. 8
organizational security architecture. A firewall cannot replace security-
consciousness on the part of your users.
Firewall is a software/hardware which functions in a networked
environment to prevent unauthorized access. Its goal is to provide controlled
connectivity between internet and internal network. This is acquired by enforcing a
security policy .A firewall is that it implements an access control policy .A firewall
is a system or group of systems that enforces an access control policy between two
or more networks .
For firewalls where the emphasis is on security instead of
connectivity, you should consider blocking everything by default, and only
specifically allowing what services you need on a case-by-case basis.
If you block everything, except a specific set of services, then you've already made
your job much easier. Instead of having to worry about every security problem
with everything product and service around, you only need to worry about every
security problem with a specific set of services and products.
10. 9
Popular hardware & software firewalls
Software Firewall Hardware Firewall
Windows Firewall Cisco PIX
ZoneAlarm Fortiguard
Comodo Firewall Cyberoam
Norton Internet Security Check Point
Outpost NetScreen
BlackICE NetD
Macfee Internet Security WatchGuard
11. 10
Windows Firewall
Windows Firewall is a software component of Microsoft Windows that provides
firewalling and packet filtering functions. It was first included in Windows XP and
Windows Server 2003. Windows Firewall, previously known as Internet
Connection Firewall or ICF, is a protective boundary that monitors and restricts
information that travels between your computer and a network or the Internet. This
provides a line of defense against someone who might try to access your computer
from outside the Windows Firewall without your permission.
Windows Firewall was first introduced as part of Windows XP Service Pack 2.
Every type of network connection, whether it is wired, wireless, VPN, or even
FireWire, has the firewall enabled by default, with some built-in exceptions to
allow connections from machines on the local network. It also fixed a problem
whereby the firewall policies would not be enabled on a network connection until
several seconds after the connection itself was created, thereby creating a window
of vulnerability. XP's Windows Firewall cannot block outbound connections; it is
only capable of blocking inbound ones.
Windows Firewall is turned on by default. However, some computer
manufacturers and network administrators might turn it off.To open Windows
Firewall
1. Click Start and then click Control Panel.
2. In the control panel, click Windows Security Center.
3. Click Windows Firewall.
13. 12
How Windows Firewall Works
When someone on the Internet or on a network tries to connect to your computer,
we call that attempt an "unsolicited request." When your computer gets an
unsolicited request, Windows Firewall blocks the connection. If you run a program
such as an instant messaging program or a multiplayer network game that needs to
receive information from the Internet or a network, the firewall asks if you want to
block or unblock (allow) the connection. You should see a window like the one
below.
If you choose to unblock the connection, Windows Firewall creates an exception
so that the firewall won't bother you when that program needs to receive
information in the future.
The Exceptions tab includes a list of programs and services that you can select or
deselect to allow or remove access to the network. You can also add or delete ports
(both TCP and UDP).
When adding programs or ports, you also have the following options to limit the
scope of access: Any Computer (Including Those On The Internet), My Network
(Subnet) Only, or Custom List, which allows you to choose a mix of IP addresses
and subnets.
On the Advanced tab, you can choose which connections the firewall will apply to,
and you can specify logging features. You can also control, with some granularity,
how the firewall handles Internet Control Message Protocol (ICMP) packets.
14. 13
Finally, if you get completely lost and make changes that prevent the computer
from connecting to the Internet, you can click the Restore Defaults button. This
removes all of your changes, returning Windows Firewall to the Microsoft default
state.
15. 14
What Windows Firewall Does and Does Not Do
It does It does not
Help block computer viruses and Detect or disable computer viruses and worms if they
worms from reaching your computer. are already on your computer. For that reason, you should
also install antivirus software and keep it updated to help
prevent viruses, worms, and other security threats from
damaging your computer or using your computer to spread
viruses to others.
Ask for your permission to block or Stop you from opening e-mail with dangerous
unblock certain connection requests. attachments. Don't open e-mail attachments from senders
that you don't know. Even if you know and trust the
source of the e-mail you should still be cautious. If
someone you know sends you an e-mail attachment, look
at the subject line carefully before opening it. If the
subject line is gibberish or does not make any sense to
you, check with the sender before opening it.
Create a record (a security log), if Block spam or unsolicited e-mail from appearing in your
you want one, that records successful inbox. However, some e-mail programs can help you do
and unsuccessful attempts to connect this.
to your computer. This can be useful
as a troubleshooting tool.
17. 16
Pros and Cons of Windows Firewall
The Windows Firewall does a good job of proxying inbound responses to
outbound connection requests, and it does a good job of blocking inbound
connection requests for TCP or UDP conversations that you haven't initiated. It
will block any connection attempts that you haven't specifically allowed in the
settings. However, that's only half of what a firewall needs to do.
A firewall should also monitor, inspect, and proxy outbound communication—and
this is where Windows Firewall fails. Any program on your computer can initiate
any type of connection to any IP address on the Internet, and the Windows Firewall
will sit by passively and let it happen!
Don't let any prompts fool you: Even though it tells you a program has initiated a
connection to the Internet and asks if you want to allow this connection, the
connection has already occurred. What it’s really asking is whether you want to
allow the Internet to connect to this program.
18. 17
ZoneAlarm Firewall
ZoneAlarm is a personal firewall software application originally developed by Zone
Labs, which was acquired by Check Point. It includes an inbound intrusion detection
system, as well as the ability to control which programs can create outbound
connections.
In ZoneAlarm, program access is controlled by way of "zones", into which all
network connections are divided. The "trusted zone" generally includes the user's
local area network and can share resources such as files and printers, while the
"Internet zone" includes everything not in the trusted zone. The user can specify
which "permissions" (trusted zone client, trusted zone server, Internet zone client,
Internet zone server) to give to a program before it attempts to access the Internet
(e.g. before running it for the first time) or, alternatively, ZoneAlarm will ask the user
to give the program permission on its first access attempt.
19. 18
Features
Designed to be used in conjunction with an antivirus program, the strongest
tool in ZoneAlarm's belt is the outbound firewall. Though Windows does offer some
outbound protection, it's not activated by default. Most users tend to leave it off
because they either don't know about it, or when they do turn it on it regularly
interrupts their workflow with pop-up security warnings. Older versions of
ZoneAlarm used to be noisy with pop-ups as well, but the new version has been set to
be quieter without changing the level of protection. If you prefer, this can be changed
in the program settings.
During the testing of the default ZoneAlarm Firewall settings, the only pop-ups
encountered were those blocking new software installations. The pop-ups for the
three programs tested went away and allowed the installation to proceed with one
click. More than just a low rate of interference, only encountering pop-ups for
program installations is precisely the kind of warning that keeps you aware of
what's occurring on your computer without distracting you simply for surfing the
Web.
20. 19
The benefits of an outbound firewall might not be readily apparent. An inbound
firewall blocks threats coming in from the outside, but an outbound firewall does
more than prevent your computer from spreading viruses and malware to others. If
your computer has been compromised by a botnet, for example, outbound
protection will stop it from sending your data back to its host servers. It can also
stop program spoofing, which is when a malicious program pretends to be a good
one, and IP spoofing, which is when harmful network transmissions dress up as
safe ones.
21. 20
The ZoneAlarm toolbar has also been given more than a simple spit-shine. We can
opt out of installing it when you run the main installer, and install it later if you
wish, but ZoneAlarm was quick to point out that it without it key security features
are not activated. Hiding the toolbar after it's been installed won't disable its
protections, which include the aforementioned signature and heuristic-based anti
phishing protections.
22. 21
It also adds a site check option that can be used to reveal the date founded and
physical location of the site and has customizable safe site buttons for launching
regularly visited sites such as Facebook or your banking site. The e-mail checker
built into the toolbar is compatible with Hotmail, Gmail, Yahoo, RR, Univision,
and POP3 accounts.
23. 22
Performance
ZoneAlarm's performance was notable simply for how unnoticeable it was.
Shutdown time did not appear to be affected at all, and neither did starting up cold
nor rebooting. Changing the antivirus program that it was partnered with didn't
affect the firewall's behavior, either.
Pros and Cons of ZoneAlarm
Pros: Free for non commercial use, frequently updated, protects incoming and
outgoing connections without additional configuration
Cons: Did not automatically configure as many applications.
24. 23
Outpost Firewall
Outpost Firewall Pro is a software-based personal firewall package developed by the
Russian firm Agnitum. Outpost Firewall 2009 Free now includes full Windows Vista
(32 and 64bit) support and a completely revamped user interface.
Outpost Firewall Pro (personal firewall) is designed to monitor incoming and
outgoing network traffic on Windows machines. Like most advanced PC firewalls
(ZoneAlarm, Comodo, etc.), Outpost goes beyond monitoring internet traffic and also
monitors application behavior in an attempt to stop malicious software covertly
infecting Windows systems. Agnitum calls this technology "Component Control" and
"Anti-Leak Control" (included into HIPS-based "Host Protection" module). The
product also includes a spyware scanner and monitor, together with pop-up
blocker/spyware filter for Internet Explorer and Mozilla Firefox (Outpost's web
surfing security tools include black-lists for IPs and URLs, unwanted web page
element filters and ad-blocking. The technology altogether is known as "Web
control").
25. 24
Outpost Firewall Pro allows the user to specifically define how a PC application
connects to the Internet. This is known as the "Rules Wizard" mode, or policy, and
is the default behavior for the program. When in this mode, Outpost Firewall Pro
displays a prompt each time a new process attempts network access or when a
process requests a connection that is not covered by its pre-validated rules. The
idea being that this then lets the user decide whether an application should be
allowed a network connection to a specific address, port or protocol.
In practice, prompting users can make the product seem over complicated to less
experienced users. Agnitum engineers includes pre-set rules for many popular
applications. Users can optionally submit rules they have created through the
AgnitumImproveNet system for validation and sharing new rules by Agnitum
engineers via product updates.
Outpost is a very powerful and feature rich firewall. Many users will barely scratch
the surface of what can be done with the configuration manager.
We're happy to report that the instant nagging prompts pushing users to upgrade to
the paid version, which plagued the previous version of Outpost Firewall are gone.
Gone too are the concerns about lack of support for the software. Agnitum seem fully
committed to supporting this new free firewall and we had no concerns about the
26. 25
software being out of date this time. Configuring and working with Outpost may
initially seem a bit daunting, although with the new interface it is much easier.
Pros and Cons of ZoneAlarm
Pros: Very powerful firewall, extensive configuration options, protects incoming
and outgoing connections without additional configuration, automatic
configuration for lots of popular software, full 64 bit operating system support.
Cons: Some users find ZoneAlarm easier to use, although thanks to the revamped
interface Outpost Firewall is no longer as daunting to beginners.
27. 26
Comodo Firewall
Comodo Internet Security is currently ranked number 1 in Matousec's Proactive
Security Challenge, and passing 100% of the 148 software firewall tests, and is the
only firewall and host intrusion prevention system to consistently score number 1 or
tie for number one (usually with Online Armor) in all independent tests.
Comodo Internet Security was designed around the concept of layered security, by
integrating components designed to prevent intrusions upon a computer system (the
Firewall, Defense+, and Memory Firewall), with components designed to resolve any
intrusions which the other components miss.
This free software firewall, from a leading global security solutions provider and
certification authority, use the patent pending "Clean PC Mode" to prohibit any
applications from being installed on your computer unless it meets one of two
criteria. Those criteria are a) the user gives permission for the installation and b) the
application is on an extensive list of approved applications provided by Comodo.
With this feature, you don't have to worry about unauthorized programs installing on
your computer without your knowledge.
28. 27
Configuration
Comodo Firewall Pro is a freeware software package for Windows that that controls
the programs that can connect to the outside world and the types of connections that
they can make. If Comodo Firewall isn't configured correctly, it can prevent Firefox
from accessing the Internet, causing Firefox to give Server not found errors.
This describes how to configure Comodo Firewall Pro to give Firefox access to the
Internet.
Open Comodo Firewall Pro - click the Windows Start button,
then click All Programs >Comodo> Firewall > COMODO Firewall Pro.
In the Summary window, under the Security Monitoring heading, click the
ApplicationMonitor.
29. 28
In the list of Application Control Rules, locate any mentions of Firefox or firefox.exe.
Click on each one, then click Remove.
After removing each instance of Firefox in the Application Control Rules list,
click the Tasks button.
In the Tasks window, click the Define a new Trusted Application.
30. 29
In the Trusted Application window, under the Specify Application heading, click
Browse... Navigate to your Firefox program folder (usually C:Program
FilesMozilla Firefox and choose firefox.exe. Click OK at the bottom of the
Trusted Application Window.
31. 30
Return to the Application Monitor by clicking its icon on the left side of the
Window. You should see Firefox listed, this time with full access rights.
Unless you have a whole lot of stuff to setup or multiple users
or youare on a network machine, we would suggest just install and enter the
settings as the firewall detects new applications and activities.
In the message box that shows up
1.set the action to do (allow . block ...)
2.set the type of app that it is (installer,.....)
3.Ifyou want to set this property for this app permanently check
the the box (do this always)
As you add more app to the do always list the frequency of the Message box will
go down.
32. 31
PROS of Comodo Firewall
1. Free means free! : Comodo firewall is a completely free software and they
actually mean free. They don’t give any nag screens, no promotional offers,
nothing. They are giving away the software at zero cost. They just require you to
supply you with your email address, so that they can send you the registration key
at no cost. They send registration keys to keep a track on how many people are
using their software.
2. Great security : It delivers, what it is supposed to and thus qualifies itself as
one of the better security softwares available on the Internet. In various tests, it has
proved its worth and helped in identifying the unwanted elements. It blocks attacks
from outside world and blocks malware-style leak tests. Let’s you take control of
the softwares or programs which will access the Internet connection. Watch out
bad guys, the firewall will not let you break into the computer so easily.
3. Simple Interface : The interface of the software is also simple. It is good
enough for any user and most of the users will find ease in using and going through
33. 32
the options it has to offer. However, still there is scope of improvement but I’m
sure that most of the users will be fine with it.
4. Recognize know programs : One of the good thing about this software is that it
lets you scan your computer first and then automatically puts the known programs
in the safe list and doesn’t give alerts for those softwares.
CONS of ComodoFirewall :
1. Too many alerts : Somehow, it gave lots and lots of alerts and thus it can alarm
any beginner in starting and can create problems in case a user clicks on the deny
button of an important software. Although, alerts can be minimized by letting the
program scan through the system for the known programs.
2. Starting problems in accessing the web based services : I did face some
problems in accessing the web based services like GMail, Google Reader.
However, once I restarted the computer, everything seemed normal. After, using it
for few days, I started to face the problem in connecting to the Internet and gave
me errors too. However, just a simple restart and everything used to get back to
normal.