Firewalls | Midgard IT

What is a Firewall? A firewall guards the “doors” to your computer-that is, the [TCP/IP] ports through which Internet traffic comes in and goes out. The firewall only lets traffic through the ports that you have specified can be used. This has two security benefits: No one can sneak into your computer through an unguarded port. Programs on your computer can’t use unguarded ports to contact the outside world without your permission. Since the TCP/IP Protocol has over 65,000 ports, a Firewall makes good sense to not only watch what comes IN to your PC but also what goes OUT of your PC. A Firewall can include, Packet Filtering, Proxy Server, Network Address Translation (NAT) and Stateful Packet Inspection. Defence in Depth Benefits What is it going to take to make my enterprise truly secure? Times have certainly changed. Long gone are the days when information security consisted mainly of making sure that everyone had a hard-to-guess password and appropriate access to sensitive data. No more is your greatest security concern from internal threats (a.k.a. disgruntled employees), and it’s probably been a long time since you were able to clearly define the perimeter of your network. IT managers have trouble sleeping at night, wondering if their companies’ networks are safe and how much a breach might cost the company, and they have every reason to be nervous. By now, there are over 30,000 hacking-oriented web sites on the Internet, many of which provide easy-to-use tools that people with limited technical skills and even fewer ethical values can use to wreak all kinds of havoc. They can do everything from defacing web sites and making them unavailable to stealing credit card information. And the costs to the infiltrated companies can be enormous. The CodeRed worm alone is believed to have caused at least $2.5 billion in damages. It’s not just IT professionals who worry about security anymore, either. Security vulnerabilities and breaches have become so commonplace lately-and so many non-business computer users are becoming vulnerable to them-that even general newspapers, magazines and TV news programs report on new viruses and threats with alarming regularity. Defence-in-Depth Solution What would really be nice is a simple solution to this growing problem, but the only truly uncomplicated answer would be to disconnect from the Internet, turn all of your computers off, lock the doors and go home. It’s not very useful, but it’s certainly secure. Otherwise, your security solution needs to have the same breadth as the security problems themselves, which has become very significant indeed! Such an approach is often referred to as “defence-in-depth” since it involves creating multiple layers of protection around your computers and valuable data. The reason that such an exhaustive approach is required is that there are new and innovative types of security threats, and what’s worse is that some of them use multiple methods and techniques to propagate themselves. These are called “blended threats,” and a good example is the Nimda worm. Nimda tries many ways to propagate itself: through vulnerabilities in IIS web servers, through infected attachments to e-mail, through default Windows disk shares, and through previously infected machines (see the diagram below). Then, like any other worm, a machine once infected will begin using all of the attack methods to find more machines to infect. There simply is no one-size-fits-all approach that can save you from such a versatile attack. Protection from blended threats such as the latest viruses requires at the very least security tools in the following areas: Vulnerability Management, Antivirus and Content Filtering, Firewalls and VPNs, Intrusion Detection and Disk Imaging. We have already installed AV software to take care virus problems inside the network. The proposed firewall will prevent unauthorized access from outside. In addition the firewall allows us to manage authorized access from the Internet. For example it can be setup to allow certain users access to the network from outside, from home for example. The firewall as supplied by Midgard uses a compact PC and converts it to an industrial strength firewall using a hardened version of Linux. Its reputation is second to none, and as far as we are aware has never been compromised. The system’s main feature is as a firewall system for small offices. It supports up to four network interfaces, and includes the following features: Ipchains-based firewall External interface can be an ADSL modem, an cable modem, or a network switch to a leased line. It can support PPtP or PPPoE ADSL connections to Ethernet or USB modems. DMZ Support Web-based GUI Administration System SSH server for Remote Access DHCP server Caching DNS TCP/UDP port forwarding Intrusion detection system (Snort) IPSec based VPN Support (FreeSWAN) with Control Area and support for Check Point SecuRemote This system is a complete firewall installation, taking control of the machine and replacing any other operating system that is installed. Therefore, it is not similar to packages like ipchains or any of the GUI firewall administration tools. It is not an additional security service you would run on your machine; rather, it is a complete operating system and firewall administration kit in a box that the user would dedicate a single machine to house and run as an Internet gateway. Content Filtering As an optional extra we are able to supply content filtering software for use with the firewall. This allows you to decide what sites your staff can visit.