TO FIND THE REQUIRED SERIALS PRESS CTRL + F AND TYPE YOUR REQD SOFTWARE NAME
Please suscribe to support this free site
LIST OF SERIAL KEYS
Microsoft windows 7 keys
J7PYM-6X6FJ-QRKYT-TW4KF-BY7H9
D67PP-QBKVV-6FWDJ-4K2XB-D4684
HQDKC-F3P6D-C9YYM-HRB89-QDBB7
76DX2-7YMCQ-K2WCP-672K2-BK44W
2RG93-6XVFJ-RKHQ7-D2RTT-3FMQT
TT63R-8JGWP-WWT97-R6WQC-4CVWY
YQJX6-D6TRM-VWBM7-PHDJK-YPXJH
Q7J7F-GQHBT-Q42RQ-2F8XV-2WKKM
KH4X7-JY8G7-RCD7G-BYDJW-YTPXH
WYBJ8-8QVP3-24R82-VV2VP-72Q9W
9DP2R-W78GJ-GJBKW-CKR46-H3WYT
CXB7F-WWCM4-BP9V3-2YH43-RK8Y6
W9BYV-K2TB8-4YDJT-QBQWP-KFDHB
WGDJW-B8DYC-WVKX4-6MKF4-B8PK8
2PHXF-9PBDW-D3WWY-CPDKD-XG87V
Microsoft Windows XP Pro Sp2
G8TVB-PD7YR-GTXX8-X6QWJ-T66R8
VTTW8-M24JG-XTCV2-86CKX-H4H28
FYD38-7G2MV-PH8HT-DJ76R-62Q7B
DBW2Y-Q3TCX-V9K4V-H4Q7P-HVV2M
JYXFX-J72W6-WD46Q-KMJX4-TXBVQ
HY3GY-MBTRD-4FQD8-H46R2-8V836
M7KMT-4C48B-VF8FJ-2H7WJ-P2MRJ
CJ9DD-HDFY8-29J6X-9YKK9-FX3FD
RXVVR-X76JB-K29PK-GW2YC-V3K3M
RHF6D-3H64G-4BFVM-DQRCY-RBJDY
HRT73-TJ8K6-P6PYT-4YJ9T-6XT4Q
PWMP8-6R8CP-DRFH4-42QM8-BWFXB
V9BDD-6TC2K-JTMBC-7XGMQ-B6KPG
GD2QT-VGT98-QF4CD-PW7HB-9YJDJ
GWRR2-XDH2X-D7THG-279P4-MRKBD
W9JX2-G8TFB-RBCGG-2K9HQ-BXBW3
HWGW2-6FQ7Y-T93HT-3K2TR-B3FW6
KG79T-9Q2JV-33YG7-PTWX7-YYTDQ
VRTWG-G4D4J-4X6Y9-GBQRD-4P99D
J4VQG-W727H-29CFX-G3C2X-MJG2D
DXMBX-XGQV8-JC2K6-BWGYH-R23RG
V473B-KJWJW-R27HW-DBQ68-W8XGJ
GXYMW-K6J7X-DFVBP-JDVK3-RBYHW
GKJFB-DT3KF-F9PX3-TMMDH-T7Y33
RQ4GC-YG4H3-BDX4H-M7GKG-R4DRG
QRX7R-RK8H6-HP2RY-H8M7M-66XTT
RM6FT-V69M3-3TDDH-YDMY4-KBBT3
H684R-GRB3R-GJ96D-DPC46-CVV8J
TVRRY-F367Q-9X47C-QM7WY-92VFW
by http://sneaktech.com
Microsoft Windows XP Professional
CHYVW-V63RT-67XVC-XJ4VC-M3YWD
XMDCV-2TJMR-7JD66-YTVMK-V7PBD
RQHFJ-X47QJ-G2XKK-WYQ8P-7W6RG
X6MYY-6BH3T-YRBT8-H8YPH-RG68T
YWVHF-GT3M6-3QYB2-FCYCH-X47PQ
QJ68H-G7T8R-WFR77-D8X8Y-VJ398
6KYDY-JT4MB-6V3JQ-4KKFG-P6C63
6JQPJ-84CFG-JCBQP-PVRJP-9G24Q
MQ8JV-XXKVG-DB8V3-67WJB-RCB6W
J3T66-JTP72-TGT7H-PMMWH-XM4K3
DB4H8-DQJJB-KXMWP-GPJVY-H7P6W
38BXC-F2C4R-PXMXV-DBQXM-3C7V6
H2RP3-8KK4G-RJY27-RRMH7-6J4B6
V3VQV-J76TM-JBQJQ-PPCP2-8RWPM
QDGR2-BM67K-G4F2K-PC3CM-7FY6Q
GYTKC-RVYVK-4BRDW-PY7XF-PXJBG
MTBKG-PMMBH-TFWCR-GDBV9-7MRHJ
by http://sneaktech.com
Microsoft Windows XP
8RCKG - 36TH8 - VWBGK - T3CB6 - RHG48
7G4H4 - T4XXW - BVXTH - 4QP4V - 9CV28
PG274 - 383QX - 6C32H - P8RWC - 48M4Q
CWY3F - JGYHJ - W6KBG - 3VYK7 - DGG7M
X6YWJ - M4TG2 - DPGWJ - QCFR8 - 927M6
QCP6D - 7VGVJ - JBKB4 - DQMB2 - 9GTJ3
F7GV4 - B7JGY - Q2KQW - 6R8BM - FR8D6
HFVK4 - TFWFG - 4JKDH - H3FTT - 8B23W
HRPR7 - WGJFC - VPHRB - XVFRW - 2KPWY
V3V63 - 3QW2G - JMFBY - 8F4CM - PDMQW
WX736 - 8YJCM - 2JW33 - 4KJGY - XCDJ6
CQKYH - GKDJC - MJTWP - FPTJX - PKK23
CHYVW - V63RT - 67XVC - XJ4VC - M3YWD
XMDCV - 2TJMR - 7JD66 - YTVMK - V7PBD
RQHFJ - X47QJ - G2XKK - WYQ8P - 7W6RG
by http://sneaktech.com
Microsoft Windows XP sp1
7HCHR-2Y7MW-7RCRH-WMYDY-Y22CT
if u want more plz let me know in comments
by http://sneaktech.com
Microsoft Windows Server 2003
HWVF7-7CH9K-6MPYY-9BGGW-FT9VM
GKTBM-VM9JJ-C2HTV-PWRHB-D9CMB
JWR69-KGWXF-M4JDW-3GKDY-PQGBB
HCPHG-H6XM8-PVKB2-J3BGV-C4CMB
KJYJ8-3TB32-9JD6V-Q424Y-G9CMB
KXV22-MYBJ8-49DGB-9CBQW-QWKVM
KGRDG-D24M4-3RC2P-VHKRF-73GBB
G9YXJ-C9CH6-8QTBF-986FP-KKG7M
F8BYH-GYMG8-HJGGR-WYDQG-RK4DY
H3VVQ-JMHFX-T8YHT-93XGG-69CMB
FFV2G-B6YD9-WPYDY-YVHHP-KM6BB
J6W9D-687QK-QPR72-94B8V-2BDHM
DTB9H-JB697-PJHHX-4R9JQ-JVQHM
by http://sneaktech.com
Microsoft office 2007 Enterprise
RD4KH-TT6DK-FYQHM-CH8P8-JVFMJ
FVT4G-T7GDW-GHDP8-RWMMK-4MJBJ
GM9G8-9GB8M-M4H27-M3CPP-WM6HW
WDVRC-93DP2-D27PK-BXDVV-VHQQ8
TPGWM-BWF6T-W42BH-23DTR-472VW
VK6C7-273J4-GDDXM-942RB-JCWBJ
JTWJ6-YVJWR-TBGKF-8T6BH-BHWBJ
by http://sneaktech.com
Microsoft office 2007
serials:
HWGJF-GV42Q-HM3HT-H9QGM-683Q8
TTC8Q-XH24K-J2BM4-2KG7K-6R4MJ
FD6JX-JCGVX-4TX63-D3YDQ-HJBYJ
KH4FJ-42QBK-3QQT6-9YM8V-6HFMJ
FBT8B-K6JM6-F6TJF-P2WMJ-6D3Q8
TV4QQ-P8H98-XX72G-PVPCB-944MJ
TK88M-8PKR4-6GPXD-K8FQQ-644MJ
MFXF8-7HF3M-CDFKX-B2B4X-X9THW
DM72R-CVP3X-RC6Y9-28T43-BVQQ8
BGQKV-9BF66-HWBMW-2GCYM-MRCVW
by http://sneaktech.com/
Microsoft Office Home and Student 2007
B4MKP-KP9YP-7TBQ4-7T4XF-MTGWY
TXF6Y-H24H8-H8YHX-46DY2-HCPCD
RBRT6-KV6YX-687MH-34HKG-97HR3
P7FXC-C4XJJ-6224W-6WMX3-J8VVB
by http://sneaktech.com/
Microsoft Office Standard 2007
CTKXX-M97FT-89PW2-DHKD3-74MYJ
KD3RD-TKY7Y-6QDP8-WXKX6-24BF3
B7MTR-PBJVD-47GWX-RJXTG-268PJ
JY46M-9BV6V-JJ2YH-JM6T8-2TR2D
QX8VX-QVF3W-MJ49F-6436K-PJ6WQ
by http://sneaktech.com/
Microsoft Office Small Business 2007
CKMPB-6B4QT-MG4C6-2VH4C-RDD43
HTPWX-FR6J8-2WBCQ-T63JR-3M8PD
by http://sneaktech.com/
Microsoft Office Professional 2007
RQ7XB-WB9TB-DYHMY-XGK9Y-4KWPD
WRWWX-G9MMD-X4B8X-7JQP3-CMD93
M2QKF-KDQ4R-YHQKD-M4YYK-GPWVD
KGFVY-7733B-8WCK9-KTG64-BC7D8
HGJH4-9W9FY-8C7B6-P2H6X-9DQ9T
R8JH9-Q3JDV-H7CFG-FVY8Y-P6R2D
TT3M8-H3469-V89G6-8FWK7-D3Q9Q
by http://sneaktech.com/
Microsoft Office Professional Plus 2007
V9MTG-3GX8P-D3Y4R-68BQ8-4Q8VD
DBXYD-TF477-46YM6-W74MH-6YDO8
CTKXX-M97FT-89PW2-DHKD3-74MYJ
RYC22-PRMXB-8HP8W-384PD-GXHX3
WHV8B-6FB6R-MY36T-2F8P7-VQQ9T
WFDWY-XQXJF-RHRYG-BG7RQ-BBDHM
TT3M8-H3469-V89G6-8FWK7-D3Q9Q
KT7WY-RHPHH-WWPT6-CX2H3-7HJ7W
XBGKY-8VY28-4C4J9-Y4MKC-RK87W
QBX6B-8MDWH-GYYFP-Y8KJQ-CFTHW
MTP6Q-D868F-448FG-B6MG7-3DBKT
KGFVY-7733B-8WCK9-KTG64-BC7D8
WRWWX-G9MMD-X4B8X-7JQP3-CMD93
by http://sneaktech.com/
Microsoft Office Enterprise 2007
KGFVY-7733B-8WCK9-KTG64-BC7D8
DBXYD-TF477-46YM4-W74MH-6YDQ8
by http://sneaktech.com/
Microsoft Office Ultimate 2007
J67F8-BB7GM-8VPH2-8YMXP-K49QQ
WRWWX-G9MMD-X4B8X-7JQP3-CMD93
RYC22-PRMXB-8HP8W-384PD-GXHX3
VM98J-C9X4C-MM7YX-93G64-BJMK3
VK626-MQWCC-FXXWY-W2H6F-KVKQQ
PGHBF-6K7PC-J9989-BGGJD-TKT3Q
by http://sneaktech.com/
REQUEST 2:
Norton 360
serials:
TDC97-R4MHQ-TY83R-6HQ4J-TGRKG
by http://sneaktech.com/
REQUEST 3:
Nero
serials:
Nero 8 Ultra edition
4K22-2636-1191-1KX9-5041-CE53-60E6
1K22-3141-1100-3243-5780-9909-X158
1K22-4461-110E-8XE7-5373-K68C-ACMM
1K22-1003-1197-7343-5718-X469-9152
1K22-2017-118M-5861-5080-13E3-0749
by http://sneaktech.com/
Nero 8 Ultra edition site license
7K21-6060-1196-K978-5789-KC90-09A6
7K21-3272-110E-5903-5925-MC9C-1449
7K22-2633-1107-CX43-5455-0EKE-63EM
7K21-0547-1182-1X8M-5474-175K-AA5E
7K21-5161-118C-4C00-5497-8MEK-7129
by http://sneaktech.com/
Nero 8 Ultra edition demo license
3K22-135K-110E-55EX-5966-869E-CC98
5K22-135K-1104-63A1-5122-6611-313X
6K22-035K-110C-XE0K-5274-5XA6-E855
by http://sneaktech.com/
REQUEST 4:
all EA gmaes here
serials:
Need For Speed Carbon
0MZ9-9Z0F-FIGH-TING-4FUN
9DN6-HFLE-9T7F-M3HN-C88X
5GYQ-E2ZB-KTXB-NC6L-8XMN
MVBB-3F3E-AHTA-75G9-UV32
W5M5-R4FQ-XKQN-879Q-UAYH
G244-FMC4-W8R9-KZHA-PNLN
by http://sneaktech.com/
Need For Speed Hot Pursuit 2
CCN5-Y8N8-LTMA-K3XM
HR7P-BLZG-FYGZ-V9X7
8H65-2H2Y-3HKU-YBZ4
82G4-6J34-NKLR-Y5PW
ESB6-Y5ER-K8DW-ZSP9
by http://sneaktech.com/
Need For Speed Most wanted
LE5D-SKRY-V2JN-5VZW-SZ7Q
ERDV-5UXU-4RT9-VGHW-QMFX
95FF-US9Y-ZX5Y-2UH5-XWBM
K35M-UGJP-UR3M-TYE3-NJJB
3GD5-K3ZG-6826-5JHU-MAUZ
JUJA-FWGX-J86T-PYNJ-NGZ3
by http://sneaktech.com/
Need For Speed Prostreet
JGPF-VCGL-J86T-VYNJ-NGZ3
BWZZ-9CP4-M72G-WPX4-98M5
VR4U-5TCM-F22B-N573-QGLG
GBZH-7J34-ZM5X-AX8U-ZZ7L
X5KB-FNTZ-29KA-ALPN-LQ2H
by http://sneaktech.com/
Need For Speed underground
XNDV-FTM9-9PQ3-69JS-C87Y
HRMM-PLSU-MGAB-U9QZ-R9TH
6ZZ9-ZKJX-88DX-DNX8-F4SA
RED5-N5WW-6MXA-V267-DBD6
SEVD-5YRR-LB3Q-CDY3-HMGS
HHSJ-24QA-TW68-QZA7-RNNW
by http://sneaktech.com/
Need For Speed underground 2
6WPF-M7QA-J3XJ-3KG8-5FWU
PHS2-6M2S-A8QW-MZ6U-SELF
GDZ9-JTQC-53EF-GJ3P-QCQ9
B4A2-QPQ8-78CS-AF3V-V2RK
MGUU-3ZKR-U62F-JMDQ-H9AV
HM22-HGSV-ZKVH-QFPB-SQ8D
by http://sneaktech.com/
Crysis
AFC4-94KS-8BH2-PMWC-KLZS
GPZ9-R9Z7-C6UY-LFUQ-HEEQ
YJHZ-NQEU-FY27-486P-KZ38
BD9Z-26XN-N8YY-SPWF-TE7N
8BNW-KZ2U-M62L-YVRC-CG6J
by http://sneaktech.com/
Fifa 2008
Z7ZH-T6FD-Z7LV-V29Z-ST5L
L5ZZ-3CTJ-5SHP-TK5B-PCJW
LA2S-KCJA-8XX2-F4G6-6KHK
BB5V-REXP-RMME-S63H-7HWB
PB5D-Y25K-N2KH-3GRX-U7FE
by http://sneaktech.com/
Fifa manager 2008
R8DM-W4H9-HBU3-MFPB-PCKQ
C9GY-8DRZ-ZEF5-769R-EKBR
TMLL-HZ44-DLD8-TKAJ-33SU
GNEW-FYPP-9JBH-CX6E-FJ7S
XPH9-HU7T-PQLN-9YYR-E2S5
by http://sneaktech.com/
Madden NFL 2008
R4BT-Q3GU-4GZU-EL6K-GWS3
WPBT-5TP5-UGSS-SE97-BKGF
XWJJ-RFW4-CKSY-RB4W-G7GW
T6Y8-AA8P-WQCQ-Y7KN-BYN9
by http://sneaktech.com/
NBA live 2008
6KAJ-J856-LGEJ-PV4B-M6LT
3PPF-P3ZZ-TVJQ-VBHF-KSXL
UXXP-HUV2-SL2Q-V6RT-LQGE
JFGG-H2VA-3GYW-F8C9-2Q8H
by http://sneaktech.com/
Quake 4
JMDH-HHCP-KKHJ-FPWX-CXMD
77KC-NKPJ-TRTW-TKW7-XKG9
DWNG-WJP7-KD7P-NGWD-FFT7
MMRG-GMTJ-PPFG-HJ7F-9CXN
by http://sneaktech.com/
Sothink SWF quicker 4.0
031HE5-73WZMZ-M7ACTN-0BRXF7-90HHXP-3YHKER-67KPEX-FCJPE7-59D4H9-9DZY23-YP3J1A-C2BB3F
031HE5-73WZMZ-M7ACTN-0BRXF7-90HM85-HR4DZ0-2AM512-QAKD7A-4VD364-ZVHPCA-Y9BYE0-1G0A0T
031HE5-73WZMZ-M7ACTN-0BRXF7-90HH6U-CQRAP8-93U94A-2E3V1F-MHE0FR-HRYEY0-9U5H81-GP2WGN
031HE5-73WZMZ-M7ACTN-0BRXF7-90HXJC-X4MK15-D3M8Z7-NPTF48-CZR0CM-V3JQFZ-QP27KQ-3JVH21
031HE5-73WZMZ-M7ACTN-0BRXF7-90HUNW-DU37K0-PVFA6J-0PH33K-CG9VRY-70ZW5R-AF23QP-NFKEXCby http://sneaktech.com/
Sothink SWF quicker 3.0
000017-BMGBNB-HU805C-0EEZHW-RRX00B-KDGCG5-013YUH-X4P6QY-RFK5YF-0NB2NG
000017-BMGBNB-HU8CWU-JX8VDE-BKF5C5-DJTUX4-U331BC-UAQBT4-KBQFXM-VBCCDM
000017-BMGBNB-HU8F1R-FW2ZF6-XFUD0T-FRJQ2E-TZE5WU-TYECG8-ZVANE9-YKM8N6
000017-BMGBNB-HU80GY-K4EEPH-B363A9-7QA21K-0A1MMR-2GA29A-23WKGK-VEMMFA
000017-BMGBNB-HU835H-G6M7PY-UUDR3P-4PZNBP-WXZNA9-08YYZT-BAQUFD-D08B52
Microsoft expression Web 3
DDWJC-VFGHJ-7GFK6-9QK3D-PFTHW
or You can download it here
http://www.megaupload.com/?d=G16QELO2
Sothink_SWF_Quicker_4.5_Build_457
http://rapidshare.com/files/264544194/Sothink_SWF_Quicker_4.5_Build_457.zip
includes serial key
if u need more serials please let me know on the comment
DISCLAIMEIR
This site takes no responsibility for the use of this information
Tuesday, March 27, 2012
Wednesday, March 21, 2012
Firewalls
Firewalls
The Internet has made large amounts of information available to the average computer user at home, in business and in education. For many people, having access to this information is no longer just an advantage, it is essential. Yet connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Firewalls can protect both individual computers and corporate networks from hostile intrusion from the Internet, but must be understood to be used correctly.
We are presenting this information in a Q&A (Questions and Answers) format that we hope will be useful. Our knowledge of this subject relates to firewalls in general use, and stems from our own NAT and proxy firewall technology. We welcome feedback and comments from any readers on the usefulness or content.
We are providing the best information available to us as at date of writing and intend to update it at frequent intervals as things change and/or more information becomes available. However we intend this Q&A as a guide only and recommend that users obtain specific information to determine applicability to their specific requirements. (This is another way of saying that we can't be held liable or responsible for the content.)
Download the Firewalls PDFIntroduction
Vicomsoft develops and provides Network Address Translation technology, the basis of many firewall products. Our software allows users to connect whole LANs to the Internet, while protecting them from hostile intrusion. Click here to download free trial software.
Vicomsoft have gained significant experience in the area of firewall protection and would like to make this information available to those interested in this subject. For those who would like to study this subject in more detail useful links are listed at the end of this document.
Questions
- What is a firewall?
- What does a firewall do?
- What can't a firewall do?
- Who needs a firewall?
- How does a firewall work?
- What are the OSI and TCP/IP Network models?
- What different types of firewalls are there?
- How do I implement a firewall?
- Is a firewall sufficient to secure my network or do I need anything else?
- What is IP spoofing?
- Firewall related problems
- Benefits of a firewall
1. What is a firewall?
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device (see Figure 1) or a software program (see Figure 2) running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to.
A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact that by segmenting a network into different physical subnetworks, they limited the damage that could spread from one subnet to another just like firedoors or firewalls.
Figure 1: Hardware Firewall.
Hardware firewall providing protection to a Local Network.
Hardware firewall providing protection to a Local Network.
Figure 2: Computer with Firewall Software.
Computer running firewall software to provide protection
Computer running firewall software to provide protection
2. What does a firewall do?
A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
3. What can't a firewall do?
A firewall cannot prevent individual users with modems from dialling into or out of the network, bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced. These are management issues that should be raised during the planning of any security policy but that cannot be solved with firewalls alone.
The arrest of the Phonemasters cracker ring brought these security issues to light. Although they were accused of breaking into information systems run by AT&T Corp., British Telecommunications Inc., GTE Corp., MCI WorldCom, Southwestern Bell, and Sprint Corp, the group did not use any high tech methods such as IP spoofing (see question 10). They used a combination of social engineering and dumpster diving. Social engineering involves skills not unlike those of a confidence trickster. People are tricked into revealing sensitive information. Dumpster diving or garbology, as the name suggests, is just plain old looking through company trash. Firewalls cannot be effective against either of these techniques.
4. Who needs a firewall?
Anyone who is responsible for a private network that is connected to a public network needs firewall protection. Furthermore, anyone who connects so much as a single computer to the Internet via modem should have personal firewall software. Many dial-up Internet users believe that anonymity will protect them. They feel that no malicious intruder would be motivated to break into their computer. Dial up users who have been victims of malicious attacks and who have lost entire days of work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity presents itself.
5. How does a firewall work?
There are two access denial methodologies used by firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria (see figure 3). The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that analyse the application data to determine if the traffic should be allowed through. How a firewall determines what traffic to let through depends on which network layer it operates at. A discussion on network layers and architecture follows.
Figure 3: Basic Firewall Operation.
6. What are the OSI and TCP/IP Network models?
To understand how firewalls work it helps to understand how the different layers of a network interact. Network architecture is designed around a seven layer model. Each layer has its own set of responsibilities, and handles them in a well-defined manner. This enables networks to mix and match network protocols and physical supports. In a given network, a single protocol can travel over more than one physical support (layer one) because the physical layer has been dissociated from the protocol layers (layers three to seven). Similarly, a single physical cable can carry more than one protocol. The TCP/IP model is older than the OSI industry standard model which is why it does not comply in every respect. The first four layers are so closely analogous to OSI layers however that interoperability is a day to day reality.
Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. In the OSI model this is the network layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with routing packets to their destination. At this layer a firewall can determine whether a packet is from a trusted source, but cannot be concerned with what it contains or what other packets it is associated with. Firewalls that operate at the transport layer know a little more about a packet, and are able to grant or deny access depending on more sophisticated criteria. At the application level, firewalls know a great deal about what is going on and can be very selective in granting access.
Figure 4: The OSI and TCP/IP models
It would appear then, that firewalls functioning at a higher level in the stack must be superior in every respect. This is not necessarily the case. The lower in the stack the packet is intercepted, the more secure the firewall. If the intruder cannot get past level three, it is impossible to gain control of the operating system.
Figure 5: Professional Firewalls Have Their Own IP Layer
Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system's TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then "open the doors" from the inside.
Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system's TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then "open the doors" from the inside.
According To Byte Magazine*, traditional firewall technology is susceptible to misconfiguration on non-hardened OSes. More recently, however, "...firewalls have moved down the protocol stack so far that the OS doesn't have to do much more than act as a bootstrap loader, file system and GUI". The author goes on to state that newer firewall code bypasses the operating system's IP layer altogether, never permitting "potentially hostile traffic to make its way up the protocol stack to applications running on the system".
*June 1998
7. What different types of firewalls are there?
Firewalls fall into four broad categories: packet filters, circuit level gateways, application level gateways and stateful multilayer inspection firewalls.
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator. Rules can include source and destination IP address, source and destination port number and protocol used. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Most routers support packet filtering. Even if other firewalls are used, implementing packet filtering at the router level affords an initial degree of security at a low network layer. This type of firewall only works at the network layer however and does not support sophisticated rule based models (see Figure 5). Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering.
Figure 6: Packet Filtering Firewall
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets.
Figure 7: Circuit level Gateway
Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model. Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, an application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. Because they examine packets at application layer, they can filter application specific commands such as http:post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which know anything about the application level information. Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer. (See Figure 7)
Figure 8: Application level Gateway
Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. They allow direct connection between client and host, alleviating the problem caused by the lack of transparency of application level gateways. They rely on algorithms to recognize and process application layer data instead of running application specific proxies. Stateful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel. (See Figure 8).
Figure 9: Stateful Multilayer Inspection Firewall
8. How do I implement a firewall?
We suggest you approach the task of implementing a firewall by going through the following steps:
- Determine the access denial methodology to use.
It is recommended you begin with the methodology that denies all access by default. In other words, start with a gateway that routes no traffic and is effectively a brick wall with no doors in it. - Determine inbound access policy.
If all of your Internet traffic originates on the LAN this may be quite simple. A straightforward NAT router will block all inbound traffic that is not in response to requests originating from within the LAN. As previously mentioned, the true IP addresses of hosts behind the firewall are never revealed to the outside world, making intrusion extremely difficult. Indeed, local host IP addresses in this type of configuration are usually non-public addresses, making it impossible to route traffic to them from the Internet. Packets coming in from the Internet in response to requests from local hosts are addressed to dynamically allocated port numbers on the public side of the NAT router. These change rapidly making it difficult or impossible for an intruder to make assumptions about which port numbers to use.
If your requirements involve secure access to LAN based services from Internet based hosts, then you will need to determine the criteria to be used in deciding when a packet originating from the Internet may be allowed into the LAN. The stricter the criteria, the more secure your network will be. Ideally you will know which public IP addresses on the Internet may originate inbound traffic. By limiting inbound traffic to packets originating from these hosts, you decrease the likelihood of hostile intrusion. You may also want to limit inbound traffic to certain protocol sets such as ftp or http. All of these techniques can be achieved with packet filtering on a NAT router. If you cannot know the IP addresses that may originate inbound traffic, and you cannot use protocol filtering then you will need more a more complex rule based model and this will involve a stateful multilayer inspection firewall. - Determine outbound access policy
If your users only need access to the web, a proxy server may give a high level of security with access granted selectively to appropriate users. As mentioned, however, this type of firewall requires manual configuration of each web browser on each machine. Outbound protocol filtering can also be transparently achieved with packet filtering and no sacrifice in security. If you are using a NAT router with no inbound mapping of traffic originating from the Internet, then you may allow LAN users to freely access all services on the Internet with no security compromise. Naturally, the risk of employees behaving irresponsibly with email or with external hosts is a management issue and must be dealt with as such. - Determine if dial-in or dial-out access is required.
Dial-in requires a secure remote access PPP server that should be placed outside the firewall. If dial-out access is required by certain users, individual dial-out computers must be made secure in such a way that hostile access to the LAN through the dial-out connection becomes impossible. The surest way to do this is to physically isolate the computer from the LAN. Alternatively, personal firewall software may be used to isolate the LAN network interface from the remote access interface. - Decide whether to buy a complete firewall product, have one implemented by a systems integrator or implement one yourself.
Once the above questions have been answered, it may be decided whether to buy a complete firewall product or to configure one from multipurpose routing or proxy software. This decision will depend as much on the availability of in-house expertise as on the complexity of the need. A satisfactory firewall may be built with little expertise if the requirements are straightforward. However, complex requirements will not necessarily entail recourse to external resources if the system administrator has sufficient grasp of the elements. Indeed, as the complexity of the security model increases, so does the need for in-house expertise and autonomy.
9. Is a firewall sufficient to secure my network or do I need anything else?
The firewall is an integral part of any security program, but it is not a security program in and of itself. Security involves data integrity (has it been modified?), service or application integrity (is the service available, and is it performing to spec?), data confidentiality (has anyone seen it?) and authentication (are they really who they say they are?). Firewalls only address the issues of data integrity, confidentiality and authentication of data that is behind the firewall. Any data that transits outside the firewall is subject to factors out of the control of the firewall. It is therefore necessary for an organization to have a well planned and strictly implemented security program that includes but is not limited to firewall protection.
10. What is IP spoofing?
Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the firewall. If the firewall thought that the packets originated from a trusted host, it may let them through unless other criteria failed to be met. Of course the cracker would need to know a good deal about the firewall's rule base to exploit this kind of weakness. This reinforces the principle that technology alone will not solve all security problems. Responsible management of information is essential. One of Courtney's laws sums it up: "There are management solutions to technical problems, but no technical solutions to management problems".
An effective measure against IP spoofing is the use of a Virtual Private Network (VPN) protocol such as IPSec. This methodology involves encryption of the data in the packet as well as the source address. The VPN software or firmware decrypts the packet and the source address and performs a checksum. If either the data or the source address have been tampered with, the packet will be dropped. Without access to the encryption keys, a potential intruder would be unable to penetrate the firewall.
11. Firewall related problems
Firewalls introduce problems of their own. Information security involves constraints, and users don't like this. It reminds them that Bad Things can and do happen. Firewalls restrict access to certain services. The vendors of information technology are constantly telling us "anything, anywhere, any time", and we believe them naively. Of course they forget to tell us we need to log in and out, to memorize our 27 different passwords, not to write them down on a sticky note on our computer screen and so on.
Firewalls can also constitute a traffic bottleneck. They concentrate security in one spot, aggravating the single point of failure phenomenon. The alternatives however are either no Internet access, or no security, neither of which are acceptable in most organizations.
12. Benefits of a firewall
Firewalls protect private local area networks from hostile intrusion from the Internet. Consequently, many LANs are now connected to the Internet where Internet connectivity would otherwise have been too great a risk.
Firewalls allow network administrators to offer access to specific types of Internet services to selected LAN users. This selectivity is an essential part of any information management program, and involves not only protecting private information assets, but also knowing who has access to what. Privileges can be granted according to job description and need rather than on an all-or-nothing basis.
Subscribe to:
Posts (Atom)
