3.9 Conclusions

3.9    Conclusions

Today, many companies and organizations want to have interconnectivity between their internal computer systems and the global Internet. As such, they interconnect their intranets to the Internet and try to control access using firewalls. Depending on the basic components and configuration, there are several grades of firewall protection that can be obtained. For example, there is no security by allowing unrestricted access between a corporate intranet and the Internet. Next, packet filters can be added to obtain a certain level of data traffic interception, and stateful inspection technologies may help to make more intelligent decisions whether to forward particular IP packets. Also, the firewall can include both packet filters and application gateways. A variety of circuit-level and application-level gateways can be added along with different strengths of the corresponding authentication mechanisms. Similarly, the firewall can also reside on a secure operating system, ^[23] thereby improving the underlying security for the firewall code and files. Finally, the firewall can provide support for Internet layer security protocols to build secure tunnels between firewall-protected sites and to build virtual private networks (VPNs) accordingly . Similarly, intrusion detection systems may be used to detect illegitimate attempts to access the intranet environment. Last but not least, a company can also deny any access to and from the Internet, thereby ensuring isolation and complete security from the outside world. Although this is seemingly a theoretical option in these euphoric times for Internet access, it is still the only prudent approach to follow for certain highly secure environments.

Firewall systems are a fact of life on the Internet today. If properly implemented and deployed, they provide efficient and effective access control services for corporate intranets. Consequently, more and more network managers are setting up firewalls as their first line of defense against outside attacks. Nevertheless, the firewall technology has remained an emotional topic within the Internet community. Let s briefly summarize the main concerns:

• Firewall advocates consider firewalls as important additional safeguards, because they aggregate security functions in a single point, simplifying installation, configuration, and management.

• Firewall detractors are usually concerned about the difficulty of using firewalls, requiring multiple logins and other out-of- band mechanisms, as well as their interference with the usability and vitality of the Internet as a whole. They claim that firewalls foster a false sense of security, leading to lax security within the firewall perimeter.

At minimum, firewall advocates and detractors both agree that firewalls are a powerful tool for network security, but that they aren t by any means a panacea or a magic bullet for all network and Internet- related security problems. For example, any firewall can be circumvented by tunneling unauthorized application protocols in authorized ones. For example, if a firewall is configured to deny POP traffic between an intranet client and an Internet server, it is always possible to tunnel POP traffic inside HTTP. In fact, there are many tools that support this kind of tunneling and make it transparent to the user. Consequently, firewalls should not be regarded as a substitute for careful security management within a corporate intranet. Also, a firewall is useful only if it handles all traffic to and from the Internet. This is not always the case, since many sites permit dial-in access to modems that are located at various points throughout the site. This is a potential back door and could negate all the protection provided by the firewall. A much better method for handling modems is to concentrate them into a modem pool. In essence, a modem pool consists of several modems connected to a terminal server. A dial-in user connects to the terminal server and then connects from there to other internal hosts. Some terminal servers provide security features that can restrict connections to specific hosts , or require users to authenticate themselves . Obviously, RADIUS, TACACS, and TACACS+ can again be used to secure communications between the terminal server and a centralized security server. Sometimes, authorized users also wish to have a dial-out capability. These users, however, need to recognize the vulnerabilities they may be creating if they are careless with modem access. A dial-out capability may easily become a dial-in capability if proper precautions are not taken. In general, dial-in and dial-out capabilities should be considered in the design of a firewall and incorporated into it. Forcing outside users to go through the strong authentication of the firewall should be reflected in the firewall policy.

In summary, firewall systems provide basic access control services for corporate intranets. A pair of historical analogies can help us better understand the role of firewall technology for the current Internet [22]:

• Our Stone-Age predecessors lived in caves, each inhabited by a family whose members knew each other quite well. They could use this knowledge to identify and authenticate one another. Someone wanting to enter the cave would have to be introduced by a family member trusted by the others. History of human society has shown that this security model is too simple to work on a large scale. As families grew in size and started to interact with one another, it was no longer possible for all family members to know all other members of the community, or even to reliably remember all persons who had ever been introduced to them.

• In the Middle Ages, our predecessors lived in castles and villages surrounded by town walls. The inhabitants were acquainted with each other, but they did not trust each other. Instead, identification and authentication, as well as authorization and access control, were centralized at a front gate. Anyone who wanted to enter the castle or village had to pass the front gate and was thoroughly checked there. Those who managed to pass the gate were implicitly trusted by all inhabitants. But human history has shown that this security model doesn t work either. For one thing, town walls don t protect against malicious insider attacks; for another, town walls and front gates don t scale easily (since they are so massive). Many remnants of medieval town walls bear witness to this lack of scalability.

Using the above analogies, the Internet has just entered the Middle Ages. The simple security model of the Stone Age still works for single hosts and local area networks. But it no longer works for wide area networks in general and the Internet in particular. As a first ”and let s hope intermediate ”step, firewalls have been erected at the Internet gateways. Because they are capable of selectively dropping IP packets, firewalls also restrict the connectivity of the Internet as a whole. The Internet s firewalls are thus comparable to the town walls and front gates of the Middle Ages. Screening routers correspond to general-purpose gates, while application gateways correspond to more specialized gates. Today, we don t see town walls anymore. Instead, countries issue passports to their citizens to use worldwide for identification and authentication. It is possible and very likely that the Internet will experience a similar development and that trusted parties will issue locally or globally accepted certificates for Internet principals. These certificates could then be used to provide complementary security services, such as authentication, data confidentiality and integrity, and nonrepudiation services. The tool to achieve this goal is cryptography. The following chapters elaborate on cryptography and its use providing security services on the WWW.