A firewall approach provides numerous advantages to sites by helping
increase overall host security. The following section provides an
overview of the primary benefits of using a firewall.
1.4 Benefits of firewalls
A firewall provides a leveraged choke point for network security.
It allows the corporation to focus on a critically vulnerable point:
where the corporation’s information system connects to the Internet.
The firewall can control and prevent attacks from insecure network
services. A firewall can effectively monitor all traffic passing through
the system. In this manner, the firewall serves as an auditor for the
system and can alert the corporation to anomalies in the system. The
firewall can also log access and compile statistics, which can be used
to create a profile of the system.
Some firewalls, on the other hand, permit only e-mail traffic
through, thereby protecting the network against any attacks other
than attacks against the e-mail service. Other firewalls provide less
strict protection and block services that are known to be problems.
Generally, firewalls are configured to protect against unauthenti-
cated interactive logins from the outside world. This, more than
anything, helps prevent vandals from logging into machines on your
network. More elaborate firewalls block traffic from the outside to the
inside but permit users on the inside to communicate freely with the
outside. The firewall can protect against any type of network-borne
attack if you unplug it.
Firewalls are also important because they can provide a single
choke point (bottleneck) where security and audit can be imposed.
Unlike in a situation where a computer system is being attacked by
someone dialing in with a modem, the firewall can act as an effective
phone tap and tracing tool. Firewalls provide an important logging
and auditing function. Often, they provide summaries to the adminis-
trator about what kinds and amount of traffic has passed through it,
how many attempts there were to break into it, etc. The following
are the primary benefits of using a firewall:
Protection from vulnerable services that are running on the server
that may increase its vulnerability to attack
12 1.4 Benefits of firewalls
Controlled access to site systems
Concentrated security
Enhanced privacy
Logging and statistics on network use, misuse
Policy enforcement
VPN
DMZ
2
1.4.1 Protection from vulnerable services
A firewall can greatly improve network security and reduce risks to
hosts on the subnet by filtering inherently nonsecure services. As a
result, the subnet network environment is exposed to fewer risks,
because only selected protocols will be able to pass through the
firewall.
For example, a firewall could prohibit certain vulnerable services
such as NFS from entering or leaving a protected subnet. This
provides the benefit of preventing the services from being exploited
by outside attackers while permitting the use of these services with
greatly reduced risk to exploitation. Services such as NIS or NFS that
are particularly useful on a LAN basis can thus be enjoyed and used to
reduce the host management burden.
Firewalls can also provide protection from routing-based attacks,
such as source routing and attempts to redirect routing paths to
compromised sites via Internet Control Message Protocol (ICMP)
redirects. A firewall could reject all source-routed packets and ICMP
redirects and then inform administrators of the incidents.
1.4.2 Controlled access to site systems
A firewall also provides the ability to control access to site systems. For
example, some hosts can be made reachable from outside networks,
whereas others can be effectively sealed off from unwanted access.
A site could prevent outside access to its hosts except for special cases
such as mail servers or information servers.
1.4 Benefits of firewalls 13
Chapter 1

Get Firewalls now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.