..::You can change the world with the knowledge::..

A firewall is a way / system / mechanism that applies both to hardware, software or system itself in order to protect, either by filtering, limiting, or even reject one or all relations / activities of a segment on a private network with external network that is not a space scope. These segments can be a workstation, server, router, or local area network (LAN).
Firewalls generally designated to serve:
1. machine / computer
Any individual who is directly connected to outside networks or the Internet and wants all contained on their computers unprotected.
2. Network
Computer network consisting of more than one computer and various types of network topologies are used, both owned by companies, organizations, etc..

CHARACTERISTICS OF THE FIREWALL
1.All relations / events from the inside out, must pass through the firewall. This can be done by blocking / limiting physical access to all the local network, except through a firewall. Lots of networking possible.
2.Only activities listed / known which can pass through / have sex, this can be done by adjusting the local security policy configuration. There are so many types of firewalls to choose from as well as various types of policy offered.
3.Firewall itself must be strong or relatively invulnerable to attacks / weaknesses. this means the use of a reliable system with a relatively secure operating system.

TECHNIQUES USED BY THE FIREWALL
1.Service control (control of the service)
based on the types of services used on the Internet and be accessible both to into or out of the firewall. Usually the firewall will check the IP Address and also no port number in use both on TCP and UDP, can even be equipped with software for proxy which will receive and translate every demand for a service before recomendation . could be software on the server itself, such as services for the Web or to mail.
2.Direction Conrol (control of direction)
under the direction of the various requests (request) to the services that will be recognized and allowed to pass through the firewall.
3.User control (control of the user)
based on user / user to be able to run a service, meaning that a user can and some can not run a service, it is in because the user is not allowed to pass through the firewall. Typically used to restrict users from the local network to access the exit, but it can also be applied to restrict the users from the outside.
4.Behavior Control (control over their treatment)
based on how many services it has been used. For example, firewalls can filter emails to overcome / prevent spam.

TYPE of FIREWALL
1.Packet Filtering Router
Packet filtering is applied in a way to set all the IP packet toward the good, past or will be addressed by this type of packet; its packet will be arranged whether it will be received and forwarded, or in this packet refused. configured to filter packets that are going on transfer in both directions (either from or to the local network). Filtering rules based on IP header and transport header, including the beginning address (IP) and destination address (IP), transport protocol in use (UDP, TCP), as well as the port number used.
The advantages of this type are easy to implement, transparent to users, faster
The weakness is quite complicated to set its packet to be filtered appropriately, and weak in terms of authentication.
The attacks that can occur on the firewall with this type are:
+ IP address spoofing: An intruder (intruder) from the outside can do this a way to include / use the ip address local network has allowed through the firewall.
+ Source routing attacks: This type does not analyze the routing information source IP, making it possible to bypass the firewall.
+ Tiny fragment attacks: an intruder (intruder) into the IP divides the parts (fragments) that are smaller and forced division of the TCP header information. This type of attack designed to fool the filtering rules that depend on information from the TCP header. Attackers expect only a part (fragment) The first course will be in check and the rest will be able to pass freely. This can be in the tackle by rejecting all the packets with the TCP protocol and has offset = 1 in the IP fragment (the IP)
2.Application-Level Gateway
Application-level Gateway is also commonly known as a proxy server which serves to reinforce / deliver the application flow. This type of relationship that will govern all use the application layer, be it FTP, HTTP, GOPHER, etc..
The way it works is if there are users who use an application such as FTP to access remotely, the gateway will require the user to enter the address on the remote host will send the user access. User ID and other information that is appropriate then the gateway will do the relationships of the application located on the remote host, and distribute data between the two points. if the data does not match then the firewall will not forward the data or reject it. Furthermore, in this type of firewall can be configured to only support multiple applications and rejected any other applications to pass through the firewall.
The surplus is relatively safer than the type of packet filtering router is easier to check (audit) and record (log) all the incoming data stream at the application level.
The drawback is an excessive additional processing on every relationship. which will result in a connection there are two connections between the user and the gateway, where gateway will check and forward all flows from two directions.
3.Circuit-level Gateway
This third type can be a stand-alone system, or can also be a special function that is formed from the type of application-level gateway.tipe does not allow TCP connections end to end (direct)
how it works: Gateway will manage both the tcp connection, one between himself (i) with TCP on the local user (inner host) and 1 more between himself (i) with TCP users outside (outside host). When the two relations is done, the gateway will deliver TCP segments from one relationship to another without checking its contents. The security function lies in the determination of which relationships are allowed.
Use of this type is usually because administrators believe with internal users (internal users).
FIREWALL CONFIGURATION
1.Screened host firewall system (single-homed bastion)
In this configuration, the firewall function will be performed by packet filtering routers and bastion hosts *. This router is configured such that for all the current data from the Internet, only the IP packet to the bastion host are allowed. As for the flow of data (traffic) from the internal network, only IP packets of the bastion host are allowed to exit.
This configuration supports fleksibilitas in Internet access directly, for example if there is a web server on the network can then configure it so that the web server can be accessed directly from the internet.
Bastion Host performs the function of the Authentication and functions as a proxy. This configuration provides a better level of security than packet-filtering router or application-level gateway independently.
2.Screened Host Firewall System (Dual-homed bastion)
In this configuration, there will physically break / gap in the network. The surplus is the presence of a separating two line physically it will further enhance the security configuration than the first, while for the servers that require direct access (direct access) it can be put into place / segment are directly related to internet
This can be done by using 2 pieces of NICs (network interface card) on the bastion host.
3.Screened subnet firewall
This is the configuration of the highest level of security. why? because in this configuration in use 2 pieces of packet filtering router, first between the Internet and the bastion host, while a longer among bastian host and local network configuration to form an isolated subnet.
As for the advantages are:
+ There are 3 layers / levels of defense against an intruder / intruders.
+ External router serves only the relationship between the Internet and the bastion host so that the local network becomes invisible (invisible)
+ Local network can not mengkonstuksi routing directly to the internet, or in other words, the Internet became Invinsible (not mean it can not connect to the internet).
STEPS TO BUILD FIREWALL
1.identification form a network that is owned
Knowing the particular form of network owned toplogi that is in use as well as network protocol, will facilitate the design of a firewall
2.determine Policy or policies
Determination or Policy is policy that should be done, good or bad in the wake of a firewall is determined by the policy / policy is enforced. Among them:
1. Determine what needs to be on serve. That is, what will be subjected to the policy or policies that we will make
2. Determine the individuals or groups who will be subject to policy or policy
3. Determining the services needed by each of the individuals or groups who use the network
4. Based on each service that is in use by individuals or groups will be determined how best configuration that would make it more secure
5. Apply any policy or policy
3.prepare Software or hardware that will be used Whether it's operating system that supports or supporting specialized software firewall such as ipchains, or iptables on Linux, etc.. And hardware configuration that will support the firewall.
4.doing test configuration
Tests on the firewall that has been completed in the wake must be done, especially to know the results that we will get, how to use the usual tools tools such as nmap to audit.
* Bastion Host is a system / part are considered the strongest in the network security system by administrator.atau can be considered as blind leading the most powerful in blocking an attack, so it becomes the most important part in securing the network, usually the firewall component or the outer portion of the public system. Bastion hosts generally will use the operating system that can handle all the needs (eg, Unix, Linux, NT)