One of the most classic attacks in computer science is the denial of service attack. For instance, you may have a competitor who is jealous of your successful adult website. If there were no firewalls, this person could grind your website to a halt simply by using DoS methods of attack.
The most common DoS method of attack is simply to flood a computer with network requests. For instance, if we type in the command "ping google.com" from a computer connected to the Internet, we will get a response from Google telling us that it exists.
A DoS attack is accomplished when an intruder sends a large packet of data repeatedly over the Internet to a computer, forcing the computer to repeatedly respond. Typically, these packets are ICMP ECHO packets, ping requests, but with huge buffer sizes. Your computer has to accept this packet, read it and send a reply every time an intruder attacks you. If this attack is done at a fast enough rate, your network and computer will be swamped with requests and thus be unable to function for its user base.
Another common DoS attack that we all experience is flooding a network and computer drive with unwanted email. In today's world, the problem of spam is so bad that one can be attacked in this way — not from a secret enemy but simply due to the inherent nature of Internet and the large amount of spam that is generated.
A more sophisticated form of DoS attacks is to use an "echo" attack. In an echo attack, the intruder will send forged UDP packets to connect the echo service on one server to the chargen service on another server. This will cause an endless echo between two machines, thus taking them out of service for legitimate users.
Aside from DoS attacks, another classic vulnerability, especially on more vulnerable Windows servers, is the use of a virus or a spyware program to secretly communicate from a host machine. There are many cases of Windows viruses or spyware programs that will install themselves in a computer's registry and from there, perform tasks over the Internet, such as sending out huge amounts of mail.
In the case of a virus (without a firewall), once it is installed, it is very hard to detect orders made by the virus over the Internet. In some cases these viruses communicate back to their own servers, receive mailing lists and sending spam in huge SMTP (Mail Protocol) bursts. Once you have a virus on your machine that does this, your computer essentially becomes a node on the Internet that sends spam throughout the world and, possibly, even breaks the law.
Firewalls address all of the above attacks, and these attacks are not abstract rarities but realities of the Internet age.
Firewalls
A firewall is essentially a barrier between your computer and the Internet. This barrier can either be a hardware or software barrier. A firewall is supposed to protect and monitor your computer from malicious outside attacks.
The good news regarding the dangers of the Internet is that your enemy, just like you, has to approach your servers with an IP address. Of course DoS attackers will probably use proxy servers to mask their actual IP addresses, since a DoS attack is illegal, but every attack on your system must come from an IP address on the Internet.
The IP address allows the firewall to distinguish requests. If you have 10 requests for services and one is a DoS attack, at least your firewall will be able to identify "good" requests from malicious ones.
The first task of a firewall is to have state-of-the-art IP address verification tools. Many times the attacker will scan for open computers and use many intermediate machines to mask an attack. A good firewall has a traceback utility that will be able to follow the offender back to, at least, his original proxy server.
What a firewall does is decide which IP packets will pass through to a computer and which will not. For instance, if a user pings a computer with a firewall, that firewall might deny the request or send a message to the system administrator informing them of the ping and maybe even prompting them — asking if the request should be allowed.
Using the ping command with a large packet of data is a common way to flood a computer with useless requests. For instance, if I ping Google.com, I am sending 2,000 times the usual packet size, which is usually 16 bytes. I notice that when I do this, the request times out. This is probably because Google has a firewall that is instructed to not accept ping requests over a certain byte size.
We could also write a small program that just issued ping requests in a very fast loop to Google. But of course, a good firewall will detect unusual activity — like many ping requests from one IP address — and report it back to a system administrator. In most cases, the firewall can be programmed to automatically block an offending IP address that is attempting a DoS attack.
The final major task that a firewall performs relates to virus and spyware software that tries to broadcast out from a server after installed. If you are unfortunate enough to host one of these viruses, your computer could be turned into a spam server, as the virus utilizes SMTP to send mail from your machine. A good firewall will prevent this by monitoring which applications are sending requests out to the Internet.
On Windows machines, it is a good idea to actually have the firewall prompt you before a service or application can speak to the Internet. This also is helpful with unwanted online registration and update programs, which connect to the host company every time they are executed.
In most cases, you can program firewalls to let certain applications access the Internet and prompt you for other applications. A good firewall also will store version and executable sizes of these applications and inform you if they have changed. This is to protect users from viruses that write over or insert themselves in common applications.
Now that we have defined the problem, let us look at some solutions. The cheapest and easiest firewall solutions are obviously software based. These programs simply install on your Windows or UNIX machines and begin to monitor all outgoing and in-going ports. These software-based firewalls are also programmable.
One of the best firewall solutions is Sygate (www.sygate.com). This company was recently purchased by Symantec, and its least expensive offering, Sygate Personal Firewall Pro, is being discontinued. Yet with Symantec's help, Sygate is now offering enterprise solutions that embed themselves on many computers at the same time. These solutions can even be extended to home users who temporarily might connect to a corporate network.
For users who simply want to protect their personal computers from DoS attacks and outbound virus broadcasts, there is an excellent free personal firewall called Zone Alarm. Recently the software has been purchased by Checkpoint. You can download this firewall at www.zonelabs.com.
The Zone Labs site also is helpful because it offers a free scan of spyware software before firewall installation. For users who browse adult sites, checking for spyware on a regular basis is a must. More insidious and illegal spyware installations will actually read and broadcast your Outlook Express address book and send spam to your friends. A tool like Zone Alarm will detect these programs and inform you if they attempt to broadcast outbound from your server to the Internet.
For Linux users, there is an open-source firewall called Smooth Wall. With Smooth Wall, you can configure web proxy servers, DHCP servers, Dynamic DNS support and manage an Intrusion Detection System and SSH remote access. To download this software, check out www.smoothwall.org. If you are looking for a full corporate version of this firewall, it can be obtained for a price at www.smoothwall.net.
Hardware Solutions
If you have a great deal of traffic, and attacks on your system are frequent, there comes a point when the software-based firewall will start to take up too much CPU and bandwidth of its own. For instance, a company like Google will have hardware-based firewalls simply
because software can't handle the huge amount of traffic that they receive.
Most hardware firewalls are built into broadband routers, but you also can purchase standalone blades that provide firewall functions. Hardware firewalls use a technique called packet filtering.
Using this technique, the hardware firewall reads header information from every request sent to it. For instance, a ping command has both a data and a header component. A hardware firewall would identify each ping command by looking at its header.
Once the header is read, the hardware firewall will apply a set of rules to determine if the packet should get through. Therefore, a great many pings from one IP address or a ping with a huge amount of data in the buffer would be rejected, thus thwarting a DoS.
Hardware solutions also can read the header of SMTP (mail) transmissions. If one IP address is sending a huge amount of unverifiable mail or mail with large attachments, this can be stopped by the hardware device or, at least, flagged for later review. All of this is done outside of your server, thus freeing your machines resources from firewall software that would make the same decisions while using your server's CPU.
Another example of a hardware-based firewall is HotBrick's Firewall VPN. This small component only costs $500 and will protect you from most common DoS attacks. The module also can be programmed to block out undesirable IP addresses from outgoing broadcasts. To learn more about this firewall component, visit www.hotbrick.com.
If you are a small adult web company and most of your hosting is done via an ISP, it still behooves you to install a software firewall on any machine that is connected to the Internet. This is especially crucial for Windows users because the nature of the OS makes it easier for viruses and spyware to install themselves.
The cost of firewall software will more than make up for the time lost combating spyware and unknown DoS attacks, and if you are a large adult hosting company, then you should employ both hardware and software solutions. But regardless, not using a firewall is akin to leaving your house open in a dangerous neighborhood.
As we move into the future, firewall attacks will become more sophisticated, and firewalls will become a necessity for everyone.
