ON

Submitted in partial fulfillment of the requirement for the degree of bachelor of Engineering under B.P.U.T

Submitted By Satyajit Samal Regd.No. : 0401227112 Year : 2007-08

DEPARTMENT OF ELECTRONICS & TELECOMMUNICATIONENGG. C.V. RAMAN COLLEGE OF ENGINEERING BHUBANESWAR Abstract

The Internet is a volatile and unsafe environment when viewed from a computer-security perspective, therefore "firewall" is an excellent metaphor for network security.

This paper discusses about firewall technology , different types of firewall,how they work and what kinds of threats they can protect you from.

It also discusses about different forms of firewall like hardware firewall and software firewall and its security policy characterstics, its connection properties.

With careful assessment and planning, including choosing the security policy and type of firewall that best meet your needs, installing a firewall can go a long way toward easing your network security concerns.

Department of Electronics & Telecommunication Engineering C.V. Raman College of Engineering Bhubaneswar

Certificate

This is to certify that Satyajit Samal bearing Regd. No. 0401227112 student of 7th Semester 08, branch: Electronics & Telecommunication Engineering, C. V. Raman College of Engineering, Bhubaneswar has submitted seminar report on

“firewall”

This is required for fulfillment for Bachelors degree in Electronics & Telecommunication Engineering under B.P.U.T.

External Internal HOD Acknowledgement

Exchange of ideas generates a new object to work in a better way. Apart from the ability, labour and time devotion, guidance and co-operation are the two pillars for success of project. Whenever a person is helped and co-operated by others, his/her heart is bound to pay gratitude to them. Success is a goal which can be achieved by confidence, innovation and motivation.

I am heartily thankful to the college and Department of Electronics & Telecommunication for permitting me to undergo this useful and interesting seminar on the topic of “FIREWALL”.

I am grateful to H.O.D Mr. P. Kanungo, seminar co-coordinator Miss. Rashmita Mohapatra & all the faculty members of Electronics & Telecommunication who had given valuable guidance throughout the study of this topic. They not only supervised and guided the work but also were instrumental in creating an urge and insight necessary for this seminar.

Satyajit Samal Regn No::0401227112 Branch: E&TC B.Tech 7th Sem.

Contents S no topic pageno 1 Introduction 1 2 History 2 3 Function 5 4 Proxyserver and DMZ 9 5 Making firewall fit 10 6 Types of firewall techniques 12 7 Hardware vs software firewalls 16 8 Firewall security zone 17 9 Appropriate use of firewall 18 10 Firewall security policy characteristics 19 11 Firewall connection properties 20 12 Conclusion 21 13 Reference 22 Introduction to firewall

The term "fire wall" originally meant, and still means, a fireproof wall intended to prevent the spread of fire from one room or area of a building to another. The Internet is a volatile and unsafe environment when viewed from a computer-security perspective, therefore "firewall" is an excellent metaphor for network security.

In computer networking, the term firewall is not merely descriptive of a general idea. It has come to mean some very precise things. A firewall's basic task is to transfer traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).

A firewall's function within a network is similar to firewalls in building construction, because in both cases they are intended to isolate one "network" or "compartment" from another. However, network firewalls, unlike physical firewalls, are designed to allow some traffic to flow.

A firewall is a computer and software combination that is installed at the internet entry point of a network system. The firewall provides a defence- sometimes the first line of the defence-between a network to be protected and the internet or other network that could pose a threat. All corporate communication to and form the internet flows through firewalls.

According to the Webopedia Computer Dictionary, a firewall is a system designed to prevent unauthorized access to or from a private network. It is considered a first line of defense in protecting private information, and for greater security, data can be encrypted.

A computer firewalls can itself take different forms. It can be a software programme or physical hardware device or often a combination of both. Its ultimate job is to block unauthorised and unwanted traffic from getting into a computer system.

Having a firewall at home is smart. You may choose to employ the software firewall like “zone alarm’’. You may also install a hardware firewall “router”, or use a combination of both hardware or software.

Examples of software-only firewall: zone alarm, sygate, kerio . Examples of hardware firewall: linksys,D- link,Netgear.

History: Although the term firewall has gained a new meaning in the modern era, the word dates back to over a century ago. Many houses were constructed with bricks in the wall in order to stop the spread of a potential fire. These bricks in the wall were referred to as a firewall.

Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The original idea was formed in response to a number of major internet security breaches, which occurred in the late 1980s. In 1988 an employee at the NASA Ames Research Center in California sent a memo by email to his colleagues that read, “ We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames. ”

The Morris Worm spread itself through multiple vulnerabilities in the machines of the time. Although it was not malicious in intent, the Morris Worm was the first large scale attack on Internet security; the online community was neither expecting an attack nor prepared to deal with one. First generation - packet filters

The first paper published on firewall technology was in 1988, when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what would become a highly evolved and technical internet security feature. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based upon their original first generation architecture.

Packet filters act by inspecting the "packets" which represent the basic unit of data transfer between computers on the Internet. If a packet matches the packet filter's set of rules, the packet filter will drop (silently discard) the packet, or reject it (discard it, and send "error responses" to the source).

This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (it stores no information on connection "state"). Instead, it filters each packet based only on information contained in the packet itself (most commonly using a combination of the packet's source and destination address, its protocol, and, for TCP and UDP traffic, which comprises most internet communication, the port number).

Because TCP and UDP traffic by convention uses well known ports for particular types of traffic, a "stateless" packet filter can distinguish between, and thus control, those types of traffic (such as web browsing, remote printing, email transmission, file transfer), unless the machines on each side of the packet filter are both using the same non-standard ports. Second generation - "stateful" filters From 1980-1990 three colleagues from AT&T Bell Laboratories, Dave Presetto, Howard Trickey, and Kshitij Nigam developed the second generation of firewalls, calling them circuit level firewalls.

Second Generation firewalls do not simply examine the contents of each packet on an individual basis without regard to their placement within the packet series as their predecessors had done, rather they compare some key parts of the trusted database packets. This technology is generally referred to as a 'stateful firewall' as it maintains records of all connections passing through the firewall, and is able to determine whether a packet is the start of a new connection, or part of an existing connection. Though there is still a set of static rules in such a firewall, the state of a connection can in itself be one of the criteria which trigger specific rules.

This type of firewall can help prevent attacks which exploit existing connections, or certain Denial-of-service attacks, including the SYN flood which sends improper sequences of packets to consume resources on systems behind a firewall.

Third generation - application layer

Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories and Marcus Ranum described a third generation firewall known as application layer firewall, also known as proxy based firewalls. Marcus Ranum's work on the technology spearheaded the creation of the first commercial product. The product was released by DEC who named it the SEAL product. DEC’s first major sale was on June 13, 1991 to a chemical company based on the East Coast of the USA.

The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol, DNS or web browsing), and can detect whether an unwanted protocol is being sneaked through on a non-standard port, or whether a protocol is being abused in a known harmful way. Subsequent developments In 1992, Bob Braden and Annette DeSchon at the University of Southern California (USC) were developing their own fourth generation packet filter firewall system. The product known as "Visas" was the first system to have a visual integration interface with colours and icons, which could be easily implemented to and accessed on a computer operating system such as Microsoft's Windows or Apple's MacOS. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1.

A second generation of proxy firewalls was based on Kernel Proxy technology. This design is constantly evolving but its basic features and codes are currently in widespread use in both commercial and domestic computer systems. Cisco, one of the largest internet security companies in the world released their PIX product to the public in 1997.

Some modern firewalls leverage their existing deep packet inspection engine by sharing this functionality with an Intrusion-prevention system (IPS).

Currently, the Middlebox Communication Working Group of the Internet Engineering Task Force (IETF) is working on standardizing protocols for managing firewalls and other middleboxes, a way of transferring policy enforcement. Function

A firewall's basic task is to regulate the flow of traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).

A firewall's function within a network is similar to firewalls with fire door in building construction. In former case, it is used to prevent network intrusion to the private network. In latter case, it is intended to contain and delay structural fire from spreading to adjacent structures.

Without proper configuration, a firewall can often become worthless. Standard security practices dictate a "default-deny" firewall ruleset, in which the only network connections which are allowed are the ones that have been explicitly allowed. Unfortunately, such a configuration requires detailed understanding of the network applications and endpoints required for the organization's day-to- day operation. Many businesses lack such understanding, and therefore implement a "default-allow" ruleset, in which all traffic is allowed unless it has been specifically blocked. This configuration makes inadvertent network connections and system compromise much more likely.

What It Protects You From There are many creative ways that unscrupulous people use to access or abuse unprotected computers: Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.

Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.

SMTP session hijacking - SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.

Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of.

Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.

E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.

Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.

Viruses - Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.

Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.

Redirect bombs - Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up.

Source routing - In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default. Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail.

The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.

One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind. Proxy Servers and DMZ

A function that is often combined with a firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server.

Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server.

There are times that you may want remote users to have access to items on your network. Some examples are: Web site Online business FTP download and upload area In cases like this, you may want to create a DMZ (Demilitarized Zone). Although this sounds pretty serious, it really is just an area that is outside the firewall. Think of DMZ as the front yard of your house. It belongs to you and you may put some things there, but you would put anything valuable inside the house where it can be properly secured. Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ. Making the Firewall Fit

Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are: IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.

Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human- readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names.

Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include:

IP (Internet Protocol) - the main delivery system for information over the Internet TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet HTTP (Hyper Text Transfer Protocol) - used for Web pages FTP (File Transfer Protocol) - used to download and upload files UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail) SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer Telnet - used to perform commands on a remote computer

A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines. Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.

Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need. Some operating systems come with a firewall built in. Otherwise, a software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet.

With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. Computers in your home network connect to the router, which in turn is connected to either a cable or DSL modem. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information.

Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and Ethernet hub for broadband connections can be found for well under $100. Types of firewall techniques

• The most basic type firewall performs Packet Filtering.

• A second type of firewall, which provides additional security, is called a Circuit Relay.

• Another and still more involved approach is the Application Level Gateway.

Packet Filtering

All Internet traffic travels in the form of packets. A packet is a quantity of data of limited size, kept small for easy handling. When larger amounts of continuous data must be sent, it is broken up into numbered packets for transmission and reassembled at the receiving end. All your file downloads, Web page retrievals, emails -- all these Internet communications always occur in packets. A packet is a series of digital numbers basically, which conveys these things:

• The data, acknowledgment, request or command from the originating system

• The source IP address and port

• The destination IP address and port

• Information about the protocol (set of rules) by which the packet is to be handled

• Error checking information

• Usually, some sort of information about the type and status of the data being sent

• Often, a few other things too - which don't matter for our purposes here.

In packet filtering, only the protocol and the address information of each packet is examined. Its contents and context (its relation to other packets and to the intended application) are ignored. The firewall pays no attention to applications on the host or local network and it "knows" nothing about the sources of incoming data.

Filtering consists of examining incoming or outgoing packets and allowing or disallowing their transmission or acceptance on the basis of a set of configurable rules, called policies.

Packet filtering policies may be based upon any of the following:

• Allowing or disallowing packets on the basis of the source IP address

• Allowing or disallowing packets on the basis of their destination port

• Allowing or disallowing packets according to protocol.

This is the original and most basic type of firewall.

Packet filtering alone is very effective as far as it goes but it is not foolproof security. It can potentially block all traffic, which in a sense is absolute security. But for any useful networking to occur, it must of course allow some packets to pass. Its weaknesses are:

• Address information in a packet can potentially be falsified or "spoofed" by the sender

• The data or requests contained in allowed packets may ultimately cause unwanted things to happen, as where a hacker may exploit a known bug in a targeted Web server program to make it do his bidding, or use an ill-gotten password to gain control or access. An advantage of packet filtering is its relative simplicity and ease of implementation.

Circuit Relay

Also called a "Circuit Level Gateway," this is a firewall approach that validates connections before allowing data to be exchanged.

What this means is that the firewall doesn't simply allow or disallow packets but also determines whether the connection between both ends is valid according to configurable rules, then opens a session and permits traffic only from the allowed source and possibly only for a limited period of time. Whether a connection is valid may for examples be based upon:

• destination IP address and/or port

• source IP address and/or port

• time of day

• protocol

• user

• password

Every session of data exchange is validated and monitored and all traffic is disallowed unless a session is open.

Circuit Level Filtering takes control a step further than a Packet Filter. Among the advantages of a circuit relay is that it can make up for the shortcomings of the ultra- simple and exploitable UDP protocol, wherein the source address is never validated as a function of the protocol. IP spoofing can be rendered much more difficult.

A disadvantage is that Circuit Level Filtering operates at the Transport Layer and may require substantial modification of the programming which normally provides transport functions (e.g. Winsock).

Application Gateway

In this approach, the firewall goes still further in its regulation of traffic. The Application Level Gateway acts as a proxy for applications, performing all data exchanges with the remote system in their behalf. This can render a computer behind the firewall all but invisible to the remote system.

It can allow or disallow traffic according to very specific rules, for instance permitting some commands to a server but not others, limiting file access to certain types, varying rules according to authenticated users and so forth. This type of firewall may also perform very detailed logging of traffic and monitoring of events on the host system, and can often be instructed to sound alarms or notify an operator under defined conditions.

Application-level gateways are generally regarded as the most secure type of firewall. They certainly have the most sophisticated capabilities.

A disadvantage is that setup may be very complex, requiring detailed attention to the individual applications that use the gateway.

An application gateway is normally implemented on a separate computer on the network whose primary function is to provide proxy service.

As you can see, all firewalls regardless of type have one very important thing in common: they receive, inspect and make decisions about all incoming data before it reaches other parts of the system or network. That means they handle packets and they are strategically placed at the entry point to the system or network the firewall is intended to protect. They usually regulate outgoing data as well. The types and capabilities of firewalls are defined essentially by:

• Where they reside in the network hierarchy (stack);

• how they analyze and how they regulate the flow of data (packets);

• and additional security-related and utilitarian functions they may perform. Some of those additional functions:

o data may be encrypted/decrypted by the firewall for secure communication with a distant network

o Scripting may allow the operator to program-in any number of specialized capabilities

o The firewall may facilitate communications between otherwise incompatible networks. Hardware vs. Software Firewalls

Firewalls come in two forms, hardware and software. Hardware firewalls are stand-alone devices, with the software built in to the hardware device. Hardware firewalls sit at the border of the private and public network, and protects all devices on the private network from the public. Hardware firewalls have two or more network jacks, one external (public side), one internal (private side), and possibly a third connection for the DMZ. The firewall protects the networks on each of these jacks from each other, as set up by the firewall administrator.

Software firewalls operate in much the same manner as hardware, with the difference being that software firewalls are just a software package that has been loaded onto and is being run from a computer. Software firewalls can sit at the border between public and private networks, which protects the entire network. Software firewalls can also be loaded onto workstations (Windows firewall, for example), which provides another layer of protection for the workstation itself.

Firewall Security Zones

The multiple network adapters on firewalls allow networks to be grouped into "zones," which are networks with varying degrees of security. Zones are typically divided into three types, public, private, and the Demilitarized Zone (DMZ).

The public zone, or the Internet connection, has the highest level of security between it and other zones. This is because the public network is where most if not all of the attacks against the network originate from.

The private zone, or the internal LAN, has the highest level of security. Typically, the firewall will not allow unsolicited data form the other zones into the private zone. Instead, requests for data will need to originate from the private zone, and only the requested data is allowed to return through the firewall.

The DMZ is a medium security zone that is created for certain server types (email, web servers, etc.) that need to be accessed from the web. In order for the rest of the world to access these servers, the firewall must allow unsolicited data packets, using the correct port numbers and protocols (HTTP, port 80 for example), to pass through the firewall to the DMZ. Appropriate use of firewall

 Firewalls are applicable when –  When there is two networks that have a distinct trust factor (friend/foe).  When network topology is designed to flow all traffic through a single interface which connects to the firewall (i.e. protected networks connection must terminate behind firewall).  When there is need for extra layer of protection for certain applications.

 Firewalls are NOT applicable when  When applications that transverse two networks are QoS sensitive.  Vendors use scare tactics and not give a qualified reason for firewall.  When you are only support and haven’t been trained.  When application/resource accessibility is more critical than security (timing).

Firewall security policy characterstics

 If your network group comprises a large number of computers or has valuable assets at riskDefines network use and responsibilities for:

 Users

 Management

 Network administrators

 Identifies who is allowed use of network resources

 Defines who is authorized to grant/deny access

 Defines auditing requirements

 Defines recovery plan

Firewall connection properties

Hostname/Address You can enter the firewall/proxy server's address either as the hostname, e.g. ourfirewall, or as a dotted IP address, e.g. 192.186.100.123

Port

Enter the port that the firewall uses for FTP. This is usually 21. If this doesn't work check with your network/firewall administrator.

Username

If your firewall needs a logon, enter your username here. Only enabled for some firewall types.

Password

If your firewall needs a password, enter your password here. Only enabled for some firewall types.

Firewall type

Select your firewall type from the eight options. WinProxy and WinGate are two of the most commonly used and are frequently set up as "USER with no logon". If you're unsure of your firewall type, check with your network/firewall administrator, or if that's not possible try them all until you find the one that works. Conclusion

Firewall is the primary method for keeping a computer secure from intruders. A firewall allows or blocks traffic into and out of a private network or the user's computer. Firewalls are widely used to give users secure access to the Internet as well as to separate a company's public Web server from its internal network. Firewalls are also used to keep internal network segments secure; for example, the accounting network might be vulnerable to snooping from within the enterprise.

In the home, a personal firewall typically comes with or is installed in the user's computer . Personal firewalls may also detect outbound traffic to guard against spyware, which could be sending your surfing habits to a Web site. They alert you when software makes an outbound request for the first time .

In the organization, a firewall can be a stand-alone machine or software in a router or server. It can be as simple as a single router that filters out unwanted packets, or it may comprise a combination of routers and servers each performingIf your network group comprises a large number of computers or has valuable assets at risk, you may need to install a firewall to ensure security.

With careful assessment and planning, including choosing the security policy and type of firewall that best meet your needs, installing a firewall can go a long way toward easing your network security concerns. References

 Schneider G and Perry J. T, Electronic Commerce – Course Technology – Third Annual Edition, 2002

 Stallings, W (2000) Network security Essentials: applications and standards. NY Prentice Hall.

 Mariet, P. (1997), Decus Presentation, Alta Vista Firewall. Retrieved 7 May, 2003, from hp- interex web site:

 www.hp-interex.ch/presentations/ge_19970415_av/index.htm

 Wack, J. P. & Carnahan L.J. (1995) Keep your site comfortably secure: An Introduction to internet firewalls. US Department of Commerce. NIST special publication 800-10.

 Retrieved 7 May, 2003, from National Institute of Standards and Technology web site:

 http://csrc.nist.gov/publications/nistpubs/800-10/main.html

 Firewall cx (2000).Introduction to firewall. Retrieved 7 May, 2003, from firewall cx web site:

 http://www.firewall.cx/index.php?c=firewall

 Tech Web (81-2002). Firewall Appliance. Retrieved 7 May, 2003, from Tech Web site:

 http://www.techweb.com/encyclopedia/defineterm?term=FIREWALLAPPLIANCE&exact=1