{"id":313,"date":"2020-08-18T19:23:47","date_gmt":"2020-08-18T20:23:47","guid":{"rendered":"http:\/\/www.linux-tutorial.info\/?page_id=77"},"modified":"2020-08-22T19:26:01","modified_gmt":"2020-08-22T20:26:01","slug":"this-is-the-page-title-toplevel-148","status":"publish","type":"page","link":"http:\/\/www.linux-tutorial.info\/?page_id=313","title":{"rendered":"Firewalls"},"content":{"rendered":"\nFirewalls<\/title>\n<question id=\"\" type=\"mc\" text=\"What is the term use for a piece of software or hardware that protects your network from improper network access.\" \/>\n<p>\nIf you are connecting yourself to the Internet at all, then you need to consider protecting your\ninternal <glossary>network<\/glossary>. If you set up an Internet server that has only one network\ninterface, that being to the Internet, then your internal network is safe from intruders. This\nsolution provides the ultimate in <glossary>security<\/glossary> (short of not connecting at all),\nbut requires more work on your part to transfer data to and from that machine.\n<\/p>\n<p>\nThe alternative is to implement a system by which someone from the outside has the least chance\nof getting into your <glossary>network<\/glossary>, but you have the ability to get to and through\nthat <glossary>gateway<\/glossary> machine. This is the concept of a <i><glossary>firewall<\/glossary><\/i>.\n<\/p>\n<concept id=\"\" description=\"A firewall functions more or less as 'damage control', preventing problems from spreading.\" \/>\n<p>\nLike a firewall in a building, a <glossary>network<\/glossary>\nfirewall functions more or less as “damage control”. Should a fire break out, the firewall prevents\nit from spreading further. With a network firewall, should an intruder break into the\n<glossary>gateway<\/glossary> machine, the potential for further damage is limited.\n<\/p>\n<p>\nIn the following section, we will be talking about the basic issues involved with implementing a\nfirewall on your machine. Keep in mind that these are the <i>basics<\/i>. There is more to it if\nyour want to make your system as safe as possible. In comparison to car\n<glossary>security<\/glossary>, this is analogous to telling you about locking your door or\ninstalling an anti-theft device like “The Club”, but we won’t go into details like electronic devices that cut the gas flow if the car is “hot-wired”.\n<\/p>\n<p>\nFirst let’s briefly, talk about the firewall itself. Your firewall is a machine that has routing\ncapabilities. Technically, it does not need to be a computer, but can be something as simple as a <glossary>router<\/glossary>. As it’s name implies, a router is a machine that routes <glossary term=\"packet\">packets<\/glossary>. Most\nrouters allow you to not only configure where packets are allowed to go to, but also from where they\nare allowed to come. In addition, many can be even more finely tune it, such as limiting the type of\npackets and to\/from what <glossary term=\"port\">ports<\/glossary>.\n<\/p>\n<p>\nIf you use a computer as your <glossary>router<\/glossary>,\nit needs to have routing capabilites such as a Linux machine. Because of the features such as <glossary>FTP<\/glossary>\nand <glossary>HTTP<\/glossary> services, a Linux machine is well suited to the task. This explains why approximately 10{3f0b0cf5c640d99e599990c4a720721a04ec3a009b1323dd81fc335ceb655a63} of all Internet servers are running Linux.\n<\/p>\n<concept id=\"\" description=\"A good way of making the firewall safe is to prevent all external packets from going through it.\" \/>\n<concept id=\"\" description=\"Certain routers will allow you to configure them in such a way that incoming packets are blocked, but outgoing packets are let through.\" \/>\n<p>\nA good way of making the firewall safe is to prevent all external <glossary term=\"packet\">packets<\/glossary> from going <i>through<\/i> it. This\nmeans that packets are not <i>forwarded<\/i>. Certain routers will allow you to configure them in\nsuch a way that incoming packets are blocked, but outgoing packets are let through.\n<\/p>\n<p>\nNote that this does not mean that you can only send <glossary term=\"packet\">packets<\/glossary> to the outside, but never hear their\nanswer. Instead that means that packets that <i>originate<\/i> on the outside are blocked.\nWhen you send a request from an internal machine, the <glossary>packet<\/glossary> that you receive\nis a response or acknowledgment. Such packets are allowed through, but those sending the initial request are not.\n<\/p>\n<p>\nThis has a slight danger in that acknowledgment packets can be intercepted and manipulated. This\nrequests detailed knowledge of both the <glossary>TCP<\/glossary>\/<glossary>IP<\/glossary> protocols and the <glossary>application<\/glossary>\ninvolved, so it is not something that the casual hacker is going to try. However, it is <i>possible.<\/i>\n<\/p>\n<concept id=\"\" description=\"To increase the security of your system, you turn off packet routing completely.\" \/>\n<p>\nTo increase the <glossary>security<\/glossary>\nof your system, you turn off <glossary>packet<\/glossary>\n<glossary term=\"route\">routing<\/glossary> altogether. This means that no packet is let through. In such as system, you need to connect\nfirst to the firewall machine and <i>then<\/i> to the Internet. At this point, you now have two\ndistinct networks. Although the <glossary>firewall<\/glossary> can see <i>both <\/i>of them, neither can see the other.\nSince nothing gets through, not even email, your internal <glossary>network<\/glossary> is (fairly)\nsafe.\n<\/p>\n<p>\nThis means that an intruder cannot reach your internal <glossary>network<\/glossary>,\nhe must first reach the firewall and use it as a “springboard” to get inside. Unfortunately, this\nalso means that people on the inside cannot reach the Internet without first getting to the\n<glossary>gateway<\/glossary> machine. If this is your choice, then the <glossary>security<\/glossary>\nis more important than the slight inconvenience that the users encounter.\n<\/p>\n<question id=\"\" type=\"mc\" text=\"What is the function of a 'proxy server'?\" \/>\n<p>\nThe alternative is what is called a <i>proxy server<\/i>. In essence, this functions like a\ntranslator. When packets reach the <glossary>proxy<\/glossary> server, they are redirected to another connection on the\nother side of the firewall. For example, <command>httpd<\/command> (your web server daemon) normally listens on <glossary>port<\/glossary> 80.\nHowever, this has been\ndisabled. Instead, I connect to port 1080 (or something greater than 1024). The services that is\nlistening on that port makes a connection to port 80 on the destination machine to complete the\n<glossary>HTTP<\/glossary> connection. This middleman, or <glossary>proxy<\/glossary>, does the translation for my\n<glossary>application<\/glossary>. Other than knowing that I need to connect to the proxy server\nfirst, the functionality is the same as if there were no firewall.\n<\/p>\n<p>\nThere are a couple of ways of implementing the proxy under Linux, which we will get to later.\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Firewalls If you are connecting yourself to the Internet at all, then you need to consider protecting your internal network. If you set up an Internet server that has only one network interface, that being to the Internet, then your … <a href=\"http:\/\/www.linux-tutorial.info\/?page_id=313\">Continue reading <span class=\"meta-nav\">→<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-313","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=313"}],"version-history":[{"count":1,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/313\/revisions"}],"predecessor-version":[{"id":561,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/313\/revisions\/561"}],"wp:attachment":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}