Sunday 2 October 2011

Firewall

A firewall in computer terminology refers to a system that helps you block malicious softwares or hackers from gaining access to your computer for unethical purposes. It is designed in a way so that the access to the computer through network based machines is restricted by rules which maybe pre-defined or user customizable. Most operating systems available for personal computer use have an inbuilt software system for the firewall functionality.

In this blog we will discuss how to setup a firewall in Windows 7 [as an example for windows OS] and Ubuntu [as an example for Linux OS] and define rules for opening/closing ports and other functionalities of the firewall. Also we will describe one utility to check for the ports being currently accessed by the running applications.



Windows 7 Firewall
Windows 7 has a quite user friendly environment for the firewall such that even a user with little or no knowledge about it can change the settings according to his needs with pretty ease. The firewall in Windows 7 can be found as follows :
· Go to the start menu and find the option “Control Panel”

· Select the “System And Security” option

· Select the “Windows Firewall” option

The window that would open would be like this


The user should make sure that the firewall on his system is turned on by opening the highlighted option in the given page.

This opens up a page that shows the status of the firewall in the following manner

The user should make sue that the firewall on his computer is always switched on for the safety of his computer system and data stored within.
Windows’ firewall divides the network into three parts for the sake of easy administration and to make it user friendly. The three parts are listed as follows:
· Home Network
This is the network where almost all authorities are given to the networked machines, in other words the most trusted network domain.
· Office Network
This is the network which has a balance of the permissions over the network, where critical functionalities are not given control of while most other things are shared.
· Public Network
This is the least trusted network. Almost no rights or permissions are shared over the network
The user has the option to define the workability of all applications, based upon the selection of the network they are allowed to work on. If an application’s rights have not been defined so far it opens up a prompt message to define its rights.


[My version of windows 7 only provides private (Home) and public networks option but later releases incorporate all the three options given in the list above]
Now the user can specify the kind of network he wants to allow the application to run on. The user should be careful in choosing the kinds of network he wants the application to run on as a wrong selection may allow malicious softwares to gain entry through the firewall and may land up all your data into a corrupted system or your computers administration being handed over to some anonymous hacker.
The user can know the current settings of the current input and output network access from the firewall menu. The option boxed in red color shows the option to be clicked to know the inbound rules, while the one in purple shows the one for outbound rules.

The list for the options in Inbound rules looks something like this.

In case a new rule has to be included in the list the new rule option should be selected. The following dialog box appears as follows:

Here we specify the kind of that has to be declared. The steps that follow require the specifying the rule completely by entering the identity of the rule kind you selected.
The Outbound rules display page looks like this:



And the process to add an Outbound rule is same as that of adding an Inbound rule.
That covers almost all the major changes and tune ups that one can do in a Windows 7 firewall.
The thing here to notice is the need of a dedicated anti-virus filter for the OS. Though the firewall blocks the data packets that enter from sources that can’t be trusted upon, e-mails downloads are by default into the list of trusted sources [otherwise no attachments from mail-clients would be downloadable]. Therefore an anti-virus program would be needed to check for the presence of a computer virus in a mail downloaded mail-attachment. The anti-virus would also come in handy when the source of a program is a physical device like a pen-drive or a CD-ROM because in those cases the firewall is not as efficient.
Application to check softwares currently accessing the network and the address they are linked up to
Windows 7 has pre-defined software that gives a list of programs that are currently accessing the available network connections, the address they are linked up to, the data download and upload rate and such things. The application is Resource Monitor. It can be searched for by typing in its name in the search bar displayed at the bottom of the start menu. The screen of the application looks like this.

The highlighted option is the one that should be clicked to know the current usage of the network access by utilities running in windows. The graph third from the top shows the plot of network usage versus time. The drop down menu when clicked shows the network user in the following manner.

The highlighted option shows the address each corresponding utility is currently linked up to.

Linux firewall
Linux like Windows also has a firewall which is even easier to use and handle than that in Windows. Here I am discussing about the firewall of a popular Linux distribution Ubuntu. Ubuntu’s firewall is called the UFW (Uncomplicated Firewall) and the graphic interface of the same is called GUFW (GUI for Uncomplicated Firewall). I discuss both the two forms of firewall in Ubuntu here. We start with how to install the firewall and then see how to use it. In a firewall we have the options to create and delete rules which allow or deny a specific port, a service or an IP address. We see how to perform these functions in UFW.
Working with the Command-Line Interface (UFW)
Installing UFW
In a typical Ubuntu package UFW is already installed.
Enabling and Disabling the Firewall
You can enable of disable your firewall by the following commands.
sudo ufw enable [Activates the firewall]
sudo ufw disable [Deactivates the firewall]
Note: sudo is not a part of the command but just a prefix for getting the administrator privileges. For the first time in the session it asks you for the administrator password and then works normally.
Setting default mode
This command can help you set the default mode for the file.
sudo ufw default allow [The default mode for the firewall is allow]
sudo ufw default deny [The default mode for the firewall is deny]
Opening and closing ports
Open the terminal and use the following command to open a port.
sudo ufw allow /
Replacing allow with deny closes the port.
Here are some examples for this command.
· sudo ufw allow 67 [Allows incoming tcp and udp packets on port 67]
· sudo ufw allow 21/tcp [Allows only incoming tcp packets on port 21]
· sudo ufw allow 45/udp [Allows only incoming udp packets on port 45]
Allowing and blocking services
To allow or block a service we have the statement
sudo ufw allow
An example of this can be
sudo ufw allow ssh
Replacing allow with deny denies the service
Allowing and blocking an IP address
We can allow or deny a specific IP address by
sudo ufw allow [Deny for denying]
Checking the status
You can check the status by the following command which shows you if the firewall is activated or not and shows the various rules in the firewall.
sudo ufw status
This way we handle the Command-Line Interface of the UFW. Now let us see how we handle the Graphic-User Interface of the firewall.
Working with the Graphic-User Interface (GUFW)
Installing GUFW
There are two ways to install GUFW.
1. You can give the following command in the terminal window which will automatically install GUFW on your system.
sudo apt-get install gufw
2. Also you can download the Debian package and then install GUFW by double clicking on it.
Enabling and Disabling the Firewall
Checking the enable button activates the firewall and then you have the option to add or delete rules. The window given shows a deactivated firewall with no rules.

Setting default mode
With the menu given in front of incoming and outgoing you can set the default mode. There are in all three options
1. Allow (Red) – Allows traffic
2. Deny (Green) – Denies traffic
3. Reject (Blue) – Will deny the traffic and will inform you that the traffic has been rejected
The upper part of the shield icon chows a colour for incoming and the lower part shows a colour for outgoing.

Adding Rules
Simply click on the “Add” button to add a rule. A new dialogue box appears with three tabs.
For adding the rules we have another option beyond Allow, Deny and Reject that is
Limit – It denied a connection if an IP has initiated a request for 6 times in the last 30 seconds.
Preconfigured
Preconfigured gives you some configured program options.

There are four options in the box. The first one decides the permission, the next defines traffic direction, then the type, then the application.
For instance if you give Allow, Services, ssh then the firewall will allow the incoming ssh services.
Simple
We have the simple tab as not all the program configuration are available in Preconfigured. Here you can simply define the port in the blank box.

Advanced
Advanced tab gives us option to block several IP addresses from a certain value to another value in the numerical order.

Checking the status
The original firewall window shows the status including default permissions and various rules.

This way we handle the Graphic-User Interface of the UFW. Now let us see how we handle the Graphic-User Interface of the firewall.
A Utility
As in windows we have resource monitor, in linux we have an application “iftop” so as to check the addresses currently running applications are linked to. To download this utility we can enter in the terminal:
sudo apt-get install iftop
and enter your password when prompted for.
To run this utility enter in the terminal “sudo iftop”. A page like this would appear

The middle row shows the ports being accessed by the running applications. 

A “<=” shows data being downloaded from and “=>” shows data being uploaded to.
Here, i would like to end this blog [phew!!!!...............]
Sources:
www.google.com [i owe my life to you]
en.wikipedia.org [you are one saviour for me]
www.windows.microsoft.com [finally i could put you to some use]


By Ishan Goel and Shubham Pandey

No comments:

Post a Comment