Network Security

Home

Download

Network Security

Links

  • Netfilter.org
  • Sourceforge.net

    		•

    Disclaimer: I am only a undergrad student in computer engineering at Clemson University. I have never had a course in networking. Everything that I know about networking, I have taught myself by reading books and web pages and a whole lot of trial and error. If anything on this page is incorrect, I will not be held responsible. Now, on to the good stuff!

    How does networking work?

    To understand network security, you must first know how networking works. Modern networking is a very complex process, and many books have been written about it, but I will explain the basics.

    Networking is similar to snail-mail. If you want to send a letter to somebody, the most important thing you need to put on the packet is the address you want to send it to. If you want to send it to one particular person at that building, you will need to put a name on the packet.

    Networking is no different. Every computer on a network has an address (in the case of the Internet, it is called an Internet Protocol address, or IP address). Most computers also have multiple programs accessing the network. Each program uses what is called a port to uniquely identify itself from other programs on that computer. Ports are identified by a number (up to about 65000). Any type of information can be sent over the network through these ports.

    This is only a tip of the iceberg. For more info on networking, visit the Networking HOWTO or search your local book store for networking books.


    What is a Firewall?

    This is the definition that The Free On-line Dictionary of Computing gives:

    A dedicated gateway machine with special security precautions on it, used to service outside network, especially Internet, connections and dial-in lines. The idea is to protect a cluster of more loosely administered machines hidden behind it from crackers. The typical firewall is an inexpensive microprocessor-based Unix machine with no critical data, with modems and public network ports on it, but just one carefully watched connection back to the rest of the cluster. The special precautions may include threat monitoring, call-back, and even a complete iron box keyable to particular incoming IDs or activity patterns.

    Right...

    So you've got the idea that a firewall is a very complex machine - too complex to describe in a simple web page. What I am going to be going over is simply a small part of a modern firewall - a packet filter.


    Okay, so what's a Packet Filter?

    First, a little bit more knowledge is needed about networking. There are three main protocols - ICMP, TCP, and UDP. Each of these has it's own specific use, but they are all encapsulated within an IP packet. The IP packet is what contains the address of the computer. The protocol encapsulated within the IP packet contains the information it needs (i.e.: in the case of TCP or UDP, the port number).

    A basic packet filter will do exactly what the name implies: filter out IP packets based on a set of rules. The current packet filter under Linux 2.4 is called netfilter/iptables. iptables support can (must) be built directly into the Linux kernel, right down there with the networking code. What should this mean to you? iptables is really fast.

    However, this built in packet filter does you no good unless you supply it with a set of rules. You can do this with the iptables userspace program. This provides you with the 'iptables' comand that is used to communicate with the kernel level packet filter.


    How do I use iptables?

    'iptables' is a very powerful program. You can completely change how your computer will react when it recieves a packet on the network. The only problem with all this power is that it is very hard to use. If you would like to learn how to use this program to it's full extent, get a life (like I should have). There are too many command line parameters that the program needs in order for normal humans to understand.


    How does LNSK help me?

    LNSK is capable of many things via modules. Currently, the only completed module is the firewall4 module. This module is simply a user friendly front end to iptables. It reads a simple configuration file and it automaticaly runs the appropriate commands to set up a packet filter on your Linux machine.