1. Firewalls Priyanka Verma & Jessica Wong

2. What is it? n A firewall is a collection of security measures designed to prevent unauthorised electronic access to a networked computer system. n It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.

3. Types n There are many different types of firewalls, depending on where the communication is taking place, where the communication is intercepted, and the state of when it being traced.

4. Network layer and packet filters  Network layer firewalls, also called packet filters, operate at a low level of the TCP/IP protocol stack (basically layers that information passes through when exchanging information)  It does not allow packets to pass through the firewall unless they match the established rule set.  The firewall administrator may define the rules; or default rules may apply.  Network layer firewalls generally fall into two sub-categories. Stateful and stateless.  Stateful firewalls maintain context about active sessions, and use that "state information" to speed packet processing. Any existing network connection can be described by several properties, including source and destination IP address and the current stage of the connection's lifetime (including session initiation, handshaking, data transfer, or completion connection).  If a packet does not match an existing connection, it will be evaluated according to the ruleset for new connections. If a packet matches an existing connection based on comparison with the firewall's state table, it will be allowed to pass without further processing.  Stateless firewalls require less memory, and can be faster for simple filters that require less time to filter than to look up a session. They may also be necessary for filtering stateless network protocols that have no concept of a session. However, they cannot make more complex decisions based on what stage communications between hosts have reached.

5. Application Layers n On inspecting all packets for improper content, firewalls can restrict or prevent outright the spread of networked computer worms and Trojans. n Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets travelling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines.

6. Proxies n A proxy device (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. n Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured).

7. Network Address Translation n Firewalls often have such functionality to hide the true address of protected hosts. n Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range."

8. How it works n There are two ways a firewall decides to give or deny access to the information of a computer. It may either allow everything unless it meets a certain criteria, or it may not allow anything unless it meets a certain criteria. n A firewall looks for certain things when deciding whether or not to let the traffic through. It looks for the source of the traffic and the potential destination. It may also analyze the application data to determine if it should be allowed access or look at which network layer it operates in.

9. Benefits/Problems of a firewall n Many times, people don’t like being restricted from doing what they want to on the Internet, but the firewall's job is to do this. They block out and deny access to many websites, which can be frustrating for the user. Also, firewalls are never 100% effective. So the only other option to this is either having no Internet access or no security, neither of which are acceptable. So even though having a firewall can have a downside, it still has many more benefits. Firewalls protect private local area networks from intrusion from the Internet. If there was no protection, there could be great risks of hackers, spyware and adware, and viruses. The firewall does not only protect the information, but also knows who has access to what.

10. Relationship to E-commerce n You will need a firewall to prevent unauthorised access to your e-commerce site. n If your server does not offer a firewall, you could be exposing your business and your customers to some danger, such as: n Customer Information: If your database contains e-mails and physical addresses, you need to treat this information with the most absolute care. Your customers are trusting that you make their information safe from other prying eyes. n Credit Card Numbers: Credit card information can be temporarily stored in a directory or a database. You could very well be putting your customers at risk for identity theft, and costly credit card theft. n Property Information: If an area of your site is not visible to customers, but allowed to be accessed by your employees or yourself when storing propriety information, you could be setting yourself up for corporate espionage. It may not be the case for all e-commerce businesses, however, sensitive company information stored on your sever is not something you want to fall into anybody else's hands. Regardless if they are a spy or a hacker. Integrity of your site: Hackers can have a lot of fun with web sites. They may change the information on your site, just to mess you up, or because they want to try it out. They can change or rearrange the entire prices etc… It can be a disaster if you find that your web site contains something absolutely objectionable for your consumers to see. Depending on how bad they messed everything around, you might result in a lot of unhappy customers, or at the worst run you out of business. n Having a firewall can help guard you against all these problems in your e-commerce web site. However, no firewall is 100% effective, it still reduces the chance of them happening by a long shot.

11. References n http://en.wikipedia.org/wiki/Firew all http://en.wikipedia.org/wiki/Firew all n http://www.vicomsoft.com/knowledge/ref erence/firewalls1.html#2 http://www.vicomsoft.com/knowledge/ref erence/firewalls1.html#2 n http://www.howstuffworks.com/firewall.h tm http://www.howstuffworks.com/firewall.h tm n http://ezinearticles.com/?How-Does-A- Firewall-Work?&id=68659 http://ezinearticles.com/?How-Does-A- Firewall-Work?&id=68659