List one of the technologies used to combat computer crimes and discuss its strengths and weaknesses.

University Degree Mathematical and Computer Sciences

Question:

1. List one of the technologies used to combat computer crimes and discuss its strengths and weaknesses.

Securing a computer system or a network from inside or outside threats is a matter of, first identifying those threats than identifying the value of what we are protecting, and then implementing appropriate mechanisms or technologies to reduce the risk to an acceptable level, why an acceptable level?. The reason is there is no a zero tolerance system and if such a system exists it becomes unusable even for legitimate users.

In this report I’ll be talking about firewalls and their use to protect our networks and PC’s from intruders. First a firewall is a system or group of systems that enforces an access control policy between two networks or PC’s. and it consists of two parts the first one to block traffic, and the other one permits traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. Otherwise the user of this technology has to determine what kind of access he wants to allow or to deny. Then he can start configuring it.

But why do we need a firewall?. from my experience I believe that as there is no way to stop those people who have nothing to do but wasting time and money for other people, who are trying to do their work or deliver information to others through the internet, so a firewall is very helpful for them as it keeps intruders out of the network while legitimate users could finish their work.

After knowing the need for a firewall we can start working on designing one, but we talked before we need to define policies for our application, as the firewall will be filtering the traffic or allow services to be delivered to users so it’s better to define a network policy or a service access policy than we can define our firewall design policy, the two basic rules are: permit any service unless it is expressly denied, or/and deny any service unless it is expressly permitted. A firewall that implements the first rule allows all services to pass into the site by default, with the exception of those services that the service access policy has identified as disallowed that’s why it’ s less desirable as users could access unlisted services. a firewall that implements the second rule denies all services by default, but then passes those services that have been identified as allowed. This second rule follows the classic access model used in all areas of information security for this reason this rule is safer but very difficult to implement.

Now after defining a policy we can go and purchase or design our firewall, usually big organisations build their own firewall as it takes time and cost more money but the designers understand better the specifics of the design and the use of the application.

The type of firewall we have to choose will depend on its location in the network

This is a preview of the whole essay

The type of firewall we have to choose will depend on its location in the network

so if it was intended to filter traffic coming from outside by checking for example the IP address of the source and destination, MAC address and port number this type is called Network Firewall but if it was the other case like user authentication and filtering traffic between networks or what we call proxy servers these firewalls are called application layers firewalls.

The following terms are used to describe basic firewalls Gateway: a gateway acts as a connector between networks, by transmitting information and defining what should and should not be able to pass between the internal network and the Internet.

Network Address Translation (NAT): NAT hides the internal addresses from the external network (Internet), by translating all internal addresses to public IP addresses when leaving the internal network.

Proxy servers:A proxy server replaces the network's IP address and effectively hides the actual IP address from the rest of the Internet. Examples of proxy servers include Web proxies, circuit level gateways, and application level gateways.

Packet filtering firewall: This is a simple firewall solution that is usually implemented on routers that filter packets. The IP headers of network packets are inspected when going through the firewall. Depending on the rules, the packet is either accepted or denied. Because most routers can filter packets, this is an easy way to quickly configure firewall rules to accept or deny packets. However, it's difficult for a packet filtering firewall to differentiate between a benign packet and a malicious packet like viruses.

Screening routers: This is a packet filtering router that contains two network interface cards. The router connects two networks and performs packet filtering to control traffic between the networks. This type of router is also known as an outside router or border router.

Application level gateway: This type of gateway allows the network administrator to configure a more complex policy than a packet filtering router. It uses a specialized program for each type of application or service that needs to pass through the firewall.

Bastion host: A bastion host is a secured computer that allows an untrusted network (such as the Internet) access to a trusted network (internal network). It is typically placed between the two networks and is often referred to as an application level gateway.

Demilitarized zone (DMZ): A DMZ sits between the internal network and the outside world (Internet), and it's the best place to put the public servers. Examples of systems to place on a DMZ include Web servers and FTP servers and Mail servers.

Now after choosing a firewall or designing one it is time to test our product and see how it works is is going to do the job that it was intended to do, blocking or stopping some of the traffic and allowing the other, scanning packets giving permission to other users to login well if it does all this or perhaps more. The job is done if not we have to review our design or the policy. Since this firewall is going to work on a live network so the best way is to put for testing on a live one but not with the system it is supposed to protect. However most of the designers would advertise their application or ask other organisations to test it for them, usually tests are carried out by hackers who are experts in this field. And this could be by performing any attack on the system, Denial of service attack, cracking, spoofing…. etc.

After passing the tests now our application is ready to protect our network from intruders, but we have to bear in mind that this solution is not hundred percent safe as it has some vulnerabilities some of them are:

flexibility suffers as all designated packets or protocols are rejected from a filtered site. A fully filtered site cannot be accessed at all from users within the "Trusted" network

Complex to maintain. as the Network Administrator has to enter all addresses and protocols to be filtered manually.

Proxies require large amounts of computing resources in the host system, which can lead to performance bottlenecks or slowdowns on the network. And they must
be written for specific application programs, and not all applications have proxies available.

Stateful Inspection and Hybrid (combined firewall technologies) functionality currently requires the purchase of additional hardware and/or software and is not typically "bundled" with another existing network device

Other vulnerabilities are firewalls cannot detect viruses, worms and Trojan horses or attacks from inside (traitors). Theses matters are to be solved by other tools or the user policy.

At the end of this report I would like to list some of the firewalls available to purchase or to download for free and they are:

tiny personel firewall this firewall is a freeware software very suitable for any PC running any windows version

Cisco PIX 535 Firewall, provides over 1 Gbps of firewall throughput with the ability to handle up to 500,000 concurrent connections this firewall is suitable for large enterprises.

BlackICE Defender Protocol analysis based intrusion detection firewall for home and corporate users

Kerio Blocks all externally originated IP traffic, making computer invisible to outsiders

All types of firewalls described earlier are in use today, which suggests that there is no one "best" firewall. Different firewalls are built for different systems. So to design the best firewall for an organization it is important to identify their requirements to particular firewall architecture. In addition, the best firewall for depends on several factors, including the level of expertise of firewall administrators, the types of services company plans to support, company's budget, and the organizational needs. And in the end we have to admit that the Internet has helped us a lot to exchange information and every technology has its pros and cons, and the main problem with using the Internet is those misusing it either to prevent others from using it or looking into their accounts and secrets or ….etc. To date there has been minimal political or legal action taken to establish policies or review the law regarding those crimes. As this continue to be the situation we are in today, there will continue a need for firewalls.