FIREWALL The ability to connect any computer anywhere is a mixed blessing. In addition to the danger of information leaking out, there is also a danger of viruses, worms, and other digital pests can breach security and can destroy valuable data. A mechanism is needed to keep ''good'' bits in and ''bad'' bits out. A firewall is a device (usually a router or a computer) installed between the internal network of an organization and rest of the Internet. It is designed to forward some packets and filter others. A firewall is usually classified as a packet-filter firewall or a proxy-based firewall.

Packet Filter Firewall The firewall has two components: o Two routers that do packet filtering and an application gateway. The advantage of this design is that every packet must transit the filter and an application gateway to go in or out. No other route exists. Each packet filter is a standard router equipped with some extra functionality. The extra functionality allows every incoming or outgoing packet to be inspected. Packets meeting some criterion are forwarded normally. Those that fail are dropped.

The packet filter on the inside LAN checks outgoing packets and the one on the outside LAN checks incoming packets. The packet-filter firewall is based on the information available in the network layer and transport layer headers. Packet filters are typically driven by tables configured by the system administrator. These tables list sources and destinations that are acceptable, sources and destinations that are blocked, and default rules about what to do with packets coming from or going to other machines. Example 1. Incoming packets from network 131.34.0.0 are blocked (security precaution). The symbol * (asterisk) means "any." 2. Incoming packets destined for any internal TELNET server (port 23) are blocked. 3. Incoming packets destined for internal host 194.78.20.8 are blocked. The organization wants this host for internal use only. 4. Outgoing packets destined for an HTTP server (port 80) are blocked. The organization does not want employees to browse the Internet

Proxy Firewall The second half of the firewall is the application gateway. Rather than just looking at raw packets, the gateway operates at the application level. A mail gateway, for example, can be set up to examine each message going in/out. For each one, the gateway decides whether to transmit or discard based on header fields, message size, or even the content.

When the user client process sends a message, the proxy firewall runs a server process to receive the request. The server opens packet at the application level and finds out if the request is legitimate. If it is, the server acts as a client process and sends the message to the real server. If it is not, the message is dropped and an error message is sent to the external user. In this way, the requests of the external users are filtered based on the contents at the application layer. Disadvantages There is a whole class of attacks such as DoS or DDoS which firewalls cannot deal with. An intruder outside firewall can put in false source addresses to bypass firewall check. If an insider wants to ship out secret documents, he can encrypt them or even photograph them and ship the photos as JPEG files, which by passes any word filters.