Monday, February 4, 2002		On Hardware

A sentry named Firewall
Satinder Ahuja

THE Internet is an incredible tool for information sharing. The Net's single biggest drawback stems from its main asset; its openness and therefore Netizens could be subjected to lack of privacy. This could be crucial when the Net handles sensitive data.

Firewall is a little box that not only secures the local area network but also configures your workstations' TCP/IP settings automatically for Internet sharing. Firewalls allow authorised personnel inside the corporate network to access outside resources on the Internet, while preventing outside parties from accessing corporate internal resources. You just connect the box between your Internet router's Ethernet port and the LAN -whether you have a digital subscriber line (DSL), cable modem, or any other connection. From any workstation on the LAN, you can manage and configure firewall.

The firewall probes incoming packets and determines the address of the request and either allows or denies connections that are safe for entrance. The firewall also monitors computer ports for incoming and outgoing data for the users' protection. Configuration of firewall is simple.

Configure firewall as DHCP server and set the TCP/IP properties on your workstations to obtain IP addresses automatically. The firewall then automatically configures all workstations to share the Internet connection. Also you need not configure any proxy settings in the Internet browsers or related Internet software.

Also this firewall can be set up to allow HTTP and DNS Web browsing, POP3 and SMTP e-mail and FTP. Also this system provides optional content filter means to allow or deny access to sites containing a dozen content categories, be it partial nudity, full nudity, drug culture and so on. Also you can define your own criteria based on keywords or URLs or allow selected users unrestricted access. You could set the filter to operate from 9 a.m. to 5 p.m. on weekdays and allow employees to surf freely outside of working hours.

A firewall should be selected based upon a number of client needs such as scalability of the network infrastructure, bandwidth requirements, protocols and services needed, adaptability, operating system expertise of company personnel, and granularity needed.

Let us have a look at what typically a Wide Area Network (WAN) with firewall looks like. In it we have two remote protected Local Area Networks (LANs) connected by a Virtual private network (VPN). Both "intranet" (short for "internal networks") can share data via the encrypted tunnel provided by the VPN. Both networks are protected by firewalls.

The administrator of network "A" is directed to open a hole in the firewall that's protecting the network because the client behind the firewall wants to use an application that the firewall can't proxy. The hole not only exposes network "A" to a potential security risk but network "B" also has been exposed due to the VPN tunnel connecting them. Connect the VPN servers on both sides to a router. Do not connect the VPN servers to a switch or hub, physically and logically isolate them as much as possible.

Build an access list on the routers that connect the VPN servers on both sides of the tunnel. Allow only the services that you want to pass between both networks and block all others. Also you can configure the router to be your firewall via software. The software is expensive, but it still works.