Re: What does a firewall do?
From: Nick Roberts (nick.roberts_at_acm.org)
Date: 01/19/05
- Next message: dak: "Re: Port 62396 connection"
- Previous message: Jose Maria Lopez Hernandez: "Re: firewall with parental control filtering needed for usenet, p2p and web"
- In reply to:(deleted message) Leythos: "Re: What does a firewall do?"
- Next in thread: Eirik Seim: "Re: What does a firewall do?"
- Reply: Eirik Seim: "Re: What does a firewall do?"
- Reply:(deleted message) Leythos: "Re: What does a firewall do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Jan 2005 20:51:08 +0000
Leythos <void@nowhere.lan> wrote:
> What you are asking for is that someone take the time to retype what's
> already available in google searches. While I can understand your wanting
> to know, we, as professionals, do expect that people with a desire to
> learn will at least scan the Internet for information before asking for
> such detailed information.
>
> The answer could entail spending hours typing a proper response, or we
> could let you read up on firewalls, then post any questions you have that
> you were not able to understand to your satisfaction.
>
> The short of it - Firewalls block access to networks and services that you
> don't configure them to allow access to. Firewalls also allow access to
> specific services/networks without allowing access to non-configured
> services/networks.
Okay, but I have done that, and found that the information available does
not go into sufficient technical detail. But I'll keep looking. Thanks.
Perhaps I could ask another question (or the same question in another way)?
Supposing there is a network of computers (bog standard PCs) -- let's say
they are connected by Fast Ethernet -- all running AdaOS (the new OS in
question). AdaOS is fully distributed, so this network acts as if it were
one computer, and is called a cluster. A new protocol is used for
intercommunication between the AdaOS computers in a cluster, totally
unrelated to IP (it will piggyback on the Ethernet as IP does), and has its
own security features (switched on by default).
One of the computers in the network has a (physically distinct) connection
to the global Internet (let's say through another Fast Ethernet adaptor to a
backbone computer). The cluster provides a few classic services to the
Internet. Let's say: a web server with several CGI programs offering
e-commerce or similar services (hence SSL is supported); an anonymous FTP
providing some public domain files for download; a POP3 mail server to
clients who log on with a password (and which therefore uses an
authentication exchange protocol).
I'll try to explain what would be the normal set up of the IP stack software
in AdaOS. First of all, all the IP stack will be made of application
programs, each running outside the TCB (Trusted Computing Base, the part of
AdaOS that is trusted to be secure), and so with full security controls
applied to it.
An authority is a token that a program (the client) 'quotes' when requesting
service from another program (the server), and cannot be forged. Every
application program is permitted to quote one (or several) 'authorities'.
Thus, every server program in AdaOS can rely upon the quoted authority when
making its security decisions. Upon this framework, typical security
structures are built, such as file groups, and user roles.
The whole operating system (outside the TCB) is object oriented: everything
is an object. Typical security controls allow each different kind of access
(e.g. 'read', 'write') for each object to be permitted or denied for each
authority (and hence for each role of each user). Generally, access is
denied by default.
The IP/UDP router program creates an object that permits 'host' objects to
be created. A host corresponds to an IP address. Each host object allows
'port range' objects to be created, each corresponds to a range of ports
(e.g. 0 to 1000), and may not overlap with any other port range). Each port
range object allows 'port' objects to be created. Each port object can then
be opened (which is a kind of access for this object) for input and/or
output (packet-oriented).
The TCP program opens a pair of port objects, and creates a 'connection'
object. The connection object can be opened for client session input/output
(byte stream based), corresponding to a TCP session. The connection object
can also be opened for server reception I/O; incoming session requests are
accepted and dealt with by the server. These two different ways of opening a
connection are two different kinds of access for this object.
The web server program opens a connection for reception, and deals with
incoming session requests by accepting HTTP requests, and running a CGI
program in response to each request. The server can be configured to execute
each CGI program under a different 'role', meaning that the program can be
given a different authority, and so a different set of access permissions.
The default set up of typical CGI programs will isolate them from each other
to a high extent. For example, suppose there are two sub-sites
("http://anycorp.com/sales" and ""http://anycorp.com/members", say) that
operate completely different services (one is e-commerce, another is a
society membership system). They will be configured so that one cannot
access the data of the other.
The same principle is applied to other IP services (FTP, POP3, whatever).
In particular, there is no 'root' user in AdaOS, and everything is installed
by default with access denied (rather than the other way around, as with
Unix in the old days). All sensitive activities (changing administrative
settings, modifying user privileges, changing your own password, etc.) are
done in a separate role (which uses a different authority) to normal
activities, and different normal activities are separated from each other by
a few broad roles (e.g.: Idle Web Surfing; Secretary to Mr Jones; Helping
the Typists; Personal Internet Banking; Personal Chat; and so on). There
would be a separate role (and authority) for running each different major
program in the IP stack, and access would be given on a fairly strict 'need
to access' basis.
Admittedly, I may not have got the above details exactly correct. However,
my question is, in essence, is there a form of attack that can be launched
over the Internet that would (probably?) be able to subvert the above
security arrangements, but that would (in combination with those
arrangements) be preventable by using a firewall? Assume typical corporate
conditions, but please assume the company only uses AdaOS on all its
computers. Would it be reasonable to say "I don't think it would be safe
without a firewall"?
Thanks for your patience. I don't think I asked the right question
originally!
-- Nick Roberts
- Next message: dak: "Re: Port 62396 connection"
- Previous message: Jose Maria Lopez Hernandez: "Re: firewall with parental control filtering needed for usenet, p2p and web"
- In reply to:(deleted message) Leythos: "Re: What does a firewall do?"
- Next in thread: Eirik Seim: "Re: What does a firewall do?"
- Reply: Eirik Seim: "Re: What does a firewall do?"
- Reply:(deleted message) Leythos: "Re: What does a firewall do?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
