HEMANTS NETWORK SECURITY ZONE (HNSZ) At HNSZ, I intend to give you clearer and better ways to effectively convey

security concepts and best practices to our customers and to the general security professionals community as a whole. As part of this security education focused column, we would like to take this opportunity to share with you this guide on network security concepts. Security professionals love to speak in buzzwords, acronyms, and jargons. It is a thinly veiled attempt to mainstream computer geeks and make them more attractive to the opposite sex. We can write entire sentences and convey complex ideas without actually using any real words. Studies have shown that clearly this is not the best communication method for relating to the average, normal human being (were lying about the studies have shown part, most notably because we didnt have any average/normal people in the office to consult). Effective security professionals must not only be competent, but they need to be able to interact with everyone within an organization, including those who might not be as familiar with technical concepts. Today lets understand what Firewall is all about. Firewalls: A firewall is the source of all computer or network problems. Whenever something isnt working properly, the firewall should always be blamed. Firewalls serve as the first line of defense for your network, separating the bad guys (hackers, script kiddies, etc.) from your information and systems. Think of a firewall as the tattoo covered, hairy bouncer (or if you prefer, somewhat rude self-absorbed receptionist) protecting your network it is responsible for checking guests (network traffic) to ensure they are permitted to enter (the source address), where they are going (the destination address), and who they are there to see (the port/service). Depending on how these factors match, the firewall can take various actions, such as ignoring the person (dropping the packet) or punching them in the face and calling the police (rejecting and alerting). Some firewalls offer Stateful Packet Inspection (SPI) technology. Sometimes, individuals (such as movers) may need to make multiple trips into a building (think of a file transfer). These people would be expected to go in and out multiple times, carrying boxes with them (packets). However, you would not want someone to simply walk in without following the proper procedures for a first time visitor (three way

handshake, etc.). A SPI firewall takes steps to ensure that proper entry protocols are followed on your network. Anyone attempting to violate these protocols (bringing boxes in out of order, jumping through a window, etc.) is barred from entry, ignored, or destroyed. Unfortunately, firewalls dont always display the best people skills they tend to keep to themselves, ignore many visitors, and occasionally kick someone out and report them. All of this traffic monitoring and control is often done silently, with the final destination blissfully unaware of the firewalls day to - day efforts and activities. Fortunately, even though they are the quiet introverted types, firewalls are often configured to keep detailed diaries of their every action. These logs are a firewalls way of speaking to the world, which allow the higher ups (security administrators) to review everything the aforementioned firewall does. Depending on the nature of your environment, visitors might make it past the receptionist but get attacked by zombies along the way. You might also have stairwells that lead to nowhere (routing issues) or random holes in the floor. If someone is expecting a visitor, they might be inclined to blame the firewall for not letting that individual in. However, the firewalls diaries (logs) would be the perfect verification and vindication of the firewalls actions. It can be quite possible that the firewall did exactly what it was tasked to do, but something else happened to your visitor, causing him or her to be lost somewhere else. Fortunately, packets are much easier to duplicate than people. The moral of the story here is when troubleshooting an incident you think might be a firewall issue; it is prudent and also great idea to check the logs first. We will learn more about malicious softwares in the next issue. If there are any other topics you would like to see us explain, let us know! - By Hemant Pandya, Pre Sales Consultant - Security at Redington Gulf, Riyadh Saudi Arabia