Firewalls
A
firewall is a hardware device or software application that looks at all raw
data transferred to the server from the public Internet. Its purpose is to
protect the data stored on the Web server, or any server attached to the
network for that matter, from external (cracker) attacks. It is possible to
configure the firewall software to look for particular types of data, for
example, specific commands that are not permitted on your server.
Furthermore, it is even possible to block data that comes from a particular
source, like a country or individual user.
Firewalls are used by
organisations who run their own Web servers like Microsoft or IBM. They are
also used by ISPs (Internet service providers) and domain hosting services.
In fact, any organisation large or small, connected to the Internet, should
install a firewall.
When a user, friendly or
malicious, tries to access your Internet server, they send commands to the
server requesting that it carries out actions. If a user wants to view a Web
page, the client’s Web browser sends an HTTP command to the server asking it
to send back the data for a particular page, which it can then display. This
transfer is transparent to the user, and if it were only friendly users who
accessed your server, the use of a firewall would not be required.
The job of a firewall is to
block the attempts of a cracker, who attempts to view more than is
authorised, by blocking the commands used. The firewall whilst blocking
these illegal attempts, must allow legal traffic to go through unhindered.
Design
Generally, there are two types
of firewall that are available. The simpler of the two is called a packet
filter. This method examines each bit of the raw data that comes in from the
Internet. Configuring a packet filter requires that you edit a table, called
a filter table, which contains various rules, either denying or permitting
packets. For example, you could configure it to block packets from a
particular address, or define rules that prevent access to certain parts of
the server.
Probably the simplest way to set
up a firewall is to have a router that sits between your server and the
internet connection, which will filter out unwanted traffic to the server.
The second, and more complex type of firewall is called a bastion host. This
is a dedicated computer that also sits between the link to the Internet and
your Web server. It has a basic configuration, containing a minimum number
of data files and spends its time continually checking incoming data. If the
incoming data satisfies the firewalls rules, it is passed onto the Web sever
for processing.
The bastion host can examine
traffic at the application level, rather than the IP level of the simpler
firewall. It can also generate logs and alerts to show who has tried to hack
into your network, providing a further layer of protection.
Using a bastion host, means that your network will likely
have a minimum of three dedicated machines; the network server, the Web
server and the bastion host.
|
