Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 16. Network Security Issues > 35. So which type of firewall is better t... - Pg. 490

490 Networking Explained, Second Edition 35. So which type of firewall is better than the others? The fact is, each firewall architecture has its merits and drawbacks. Let's review the features of all major firewall types. Router screening is fast and allows rejection of com- mon errors, cracker attacks, and user strangeness which is part of any network connection. Application filtering firewalls provide extensive application control and monitoring of application behavior. Proxy facilities provide application control and session control between sources and destinations as well as address translation facilities. Stateful firewalls allow technical attacks from breaching a network and provide sophisticated filtering tech- niques that rival almost any proxy or application gateway. In short, almost all firewall approaches have strengths and weaknesses. In fact, this is a good thing for customers. What is best for the customer is security, implemented for the right reasons and in the most productive manner. This means that the optimal firewall configuration is one that can per- form all the various types of rule-based filtering previously described depending on the type of application being used and the best security methodology approach to solve the security problem for the application environment. No single security rule-based approach that has been described can properly address all security issues in a networked environ- ment. Most network security experts will tell you that it is impractical to expect one approach to be useful in all environments. A list of other security features that you might want to consider when evaluating routers or firewalls is given in Table 16.3 36. OK, I think I understand firewalls. You also mentioned encryption. What is that? Encryption is a process that converts sensitive data into a coded form. When retrieved by authorized users, this coded form is then reconverted (i.e., decoded) into meaningful text. Encryption essentially hides or disguises information from unintended recipients, but enables authorized users retrieve it. The study of secret communication is called cryptol- ogy, and the practice or art of encoding messages is called cryptography. Unencrypted data is referred to as plaintext and its encrypted output is called ciphertext. A simple encryption technique is a letter-substitution cipher. For example, let's agree that we will use the following "key" for coding and decoding messages: A O B D C C J M S K K F L R D I E S F V G A H P P B Y T Z L I Y , # M Z N X O E Q G R N T W U H V Q W U X J Now, the message, DEAR JANE, NOT GETTING ANY BETTER, HURRY HOME is coded by substituting the plaintext characters with those of our cipher. Thus, the encrypted message is, ISON MOXS# XEW ASWWYXA OXT DSWWSN# PHNNT PEZS This message can now be sent via public channels and decoded by an authorized person who knows the key. If the message is intercepted or finds its way into the hands of an unauthorized person, it will most likely appear as meaningless gibberish. Of course, it is always possible that an unintended recipient could crack the code.