The previous section introduced a few oddly useful features of firewalls that increase network performance. While increasing your network’s performance is a major concern, so is keeping network security tight.
In this section, we’ll look at a few extra security features in firewalls you probably aren’t familiar with, and look at where you may wish to potentially invest your resources to enhance your security system.
Advanced Intrusion Detection Systems
Odds are, you’ve heard of the intrusion detection system, or IDS, before. An intrusion detection system is a tool used to find patterns in user activity on the network. Any pattern that seems to be suspicious of an attack will send a red flag to the intrusion detection system, and then will usually notify the system administrator by email or pager.
The traditional IDS system will run a few thousand dollars for higher-end models. Interesting enough, you might already have one in your firewall. These function much like the higher-end models do. A common technique a hacker will use is to scan the victim’s computer or network for weaknesses. With an IDS in place, a port scan or address scan will be recognized, and the system administrator will be alerted immediately.
Think about it - wouldn’t it get slightly annoying to wake up in the middle of the night each time a port scan is conducted? Some IDS systems will instead modify the firewall to prepare for a possible attack, and log actions taken for the system administrator to read at a more suitable time. This kind of auto-pilot feature is nice to have, but false alarms may send the network into DEFCON 5 for no good reason. Nevertheless, it is a step in the right direction for handling attacks as they happen.
Modern Day Encryption
Encryption is great to have for making sure data isn’t intercepted, modified, or even read while en route to its destination. Encrypting data is simply the act of scrambling data around to the point where it is not readable to anyone but the receiver - who has the key to unlock the cryptic message. This actively solves most security problems that may arise - so why is network security still a big issue? Sadly, encryption has a few major flaws that are still being worked on.
First, encrypting data renders firewall inspection useless. If the data can’t be read by outside sources, then this includes your trusty firewall’s defense mechanisms. This makes techniques such as content filtering and routing not possible with current technology.
Even more disappointing is the fact that we can’t use NAT technology with encryption. If you recall from the previous sections, NAT technology lets networks only use one IP address for outgoing data packets. Not only does this save IP addresses like it was intended, but it also essentially “hides” computers on the network from the rest of the internet. When encrypting data, the packet header that contains the source IP address cannot be modified - thus, rendering NAT translation impossible.
There are, however, applications that absolutely require encryption - and have found ways to use NAT despite current limitations. You may have heard of SSL, or secure sockets layer. Secure sockets layer is a protocol that allows secure connections for HTTP connections. You’ll notice websites that use this protocol have an “https://website-name.com”, instead of “http://website-name.com”. Luckily, SSL does indeed support NAT translation. This is vital to the security of online banks that might need encryption to send data, of which may have credit card numbers, social security numbers, and other confidential information.
Covering up TCP/IP Vulnerabilities with IPSec
IPSec was the solution to the TCP/IP blunder. It seems when TCP/IP was created as a means of allowing computers to communicate with each other, security wasn’t a concern in its development. Soon after the release of TCP/IP, there arose major problems in security, and work was undertaken to make the TCP/IP protocol secure.
IPSec, or IP Security, was by no means the first solution to the problem. In fact, it has been recently developed. We have previously discussed other solutions, such as SSL. Other types of application-level encryption protocols include Pretty Good Privacy, or PGP, and Security Multipurpose Internet Mail Extensions, or S/MIME. What makes IPSec so brilliant is that it is implemented on the TCP/IP protocol itself - not the application level. This means that any kind of network can make use of this protocol’s security measures.
There are two basic types of protection that come with IPSec: authentication header, or AH, and encapsulation security payload, or ESP. Authentication header simply adds a verification number to each packet - no real encryption is undertaken. This verification number, called the checksum, verifies that the packet has arrived unchanged. Encapsulation security payload encrypts the entire packet, except the header. This lets the source and destination addresses still have opportunity to be readable to firewalls and routers - and still hold packet integrity with heavy encryption.
With all the security discusses in this section, one more issue needs to be addressed. If in fact a hacker is traced down to a specific location, there are a few rules of etiquette to keep in mind before and decision is taken.
First, keep in mind that the hacker in question is likely using a spoofed IP address, or using someone else’s computer to initiate attacks. This means that attacking back can not only be destructive to innocent internet users, but also against the law - and may land you in a world of trouble.
Instead, focus on logging and documenting every action possible in order to better incarcerate the malicious hacker. The first reaction may be to disconnect everything to prevent any damage, but if possible, logging every action taken can help leaps and bounds when trying to track the hacker down.
Of course, we haven’t even scratched the surface as to what hackers can do to your network. In the next section, we’ll take a look at just how many different techniques hackers use to get into an unsecure network. If an ounce of prevention is worth a pound of cure, then becoming familiar with these techniques may indeed save your network from disaster.