How Firewalls Work?

At their most basic, firewalls work like a filter between your computer/network and the Internet. You can program what you want to get out and what you want to get in. Everything else is not allowed. There are several different methods firewalls use to filter out information, and some are used in combination. These methods work at different layers of a network, which determines how specific the filtering options can be.

Firewalls can be used in a number of ways to add security to your home or business. Large corporations often have very complex firewalls in place to protect their extensive networks. On the outbound side, firewalls can be configured to prevent employees from sending certain types of emails or transmitting sensitive data outside of the network. On the inbound side, firewalls can be programmed to prevent access to certain websites (like social networking sites). Additionally, firewalls can prevent outside computers from accessing computers inside the network. A company might choose to designate a single computer on the network for file sharing and all other computers could be restricted. There is no limit to the variety of configurations that are possible when using firewalls. Extensive configurations typically need to be handle and maintained by highly trained IT specialists, however.

For home use, firewalls work much more simply. The main goal of a personal firewall is to protect your personal computer and private network from malicious mischief. Malware, malicious software, is the primary threat to your home computer. Viruses are often the first type of malware that comes to mind. A virus can be transmitted to your computer through email or over the Internet and can quickly cause a lot of damage to your files. Other malware includes Trojan horse programs and spyware. These programs are usually designed to acquire your personal information for the purposes of identity theft of some kind. There are two ways a firewall can prevent this from happening. It can allow all traffic to pass through except data that meets a predetermined set of criteria, or it can prohibit all traffic unless it meets a predetermined set of criteria.

Comodo Firewall Pro uses the latter way to prevent malware from installing on your computer. This Free Firewall Software, from a leading global security solutions provider and certification authority, use the patent pending “Clean PC Mode” to prohibit any applications from being installed on your computer unless it meets one of two criteria. Those criteria are a) the user gives permission for the installation and b) the application is on an extensive list of approved applications provided by Comodo. With this feature, you don’t have to worry about unauthorized programs installing on your computer without your knowledge.

Comodo Firewall Pro is rated as Top Firewall recommended for both beginners and advanced users. It has a number of unique features including “Defense +,” an advanced Host Intrusion Prevention system (HIPS), which prevents changes to critical system resources. This software is highly customizable, so that you can adjust it to suit your specific needs.

Written by Vijayanand

Read more: http://www.articlesbase.com/security-articles/how-firewalls-work-559241.html

Best Free Firewall Software

You don’t have to spend a fortune to protect your home or business network from hacker intrusions. Comodo Firewall Pro is a free firewall software program that offers all of the security features of expensive and best firewall programs and then some. Comodo Firewall Pro provides complete protection from a variety of malware (malicious software) programs including spyware, Trojan horses, viruses, worms and more.

Unlike many other types of free firewall software, Comodo Firewall Pro works proactively to prevent malware from ever installing on your computer. Many other programs only work after the fact to discover malware that has already been installed on your computer. Between the time that the malware is discovered and you can purge it from your system, however, significant damage can be done. A savvy hacker can gain access to your sensitive information in very little time. The only way to be completely protected from such damage is to prevent such malicious software from ever gaining access to your computer.

Comodo Firewall Pro uses the patent pending “Clean PC Mode” to register your existing applications as safe. From then on, it only allows applications that either you specifically allow or are listed in Comodo’s “White List Database” of trusted applications to be installed on your computer. That database contains over 1 million applications and continues to grow. The Clean PC Mode prevents virtually all types of malware from being installed on your computer and keeps your personal information safe from prying eyes.

This Free Firewall Software program also boasts a suite of other valuable features including on of the most advanced Host Intrusion Prevention Systems (HIPS) available. This system, called “Defense +” prevents all levels of intrusion into your computer system including unauthorized changes made to your operating system files and registry entries. Complemented by an intuitive user interface and highly customizable configurations, Comodo Firewall Pro is easily one of the best firewalls on the market.

Comodo Firewall Pro is completely free with no license fees ever. Comodo can afford to provide this powerful software to consumers at no charge because Comodo’s main revenue comes from providing SSL certificates (proof of web authentication) to web businesses. Providing free firewall software is Comodo’s way of increasing the customer pool for the businesses it serves. Customers who are more confident in the security of their networks are more likely to shop online, which will in turn create more business that require web authentication. Essentially, Comodo provides one of the best firewalls available for free as an incentive for consumers to participate more in e-commerce.

While the Comodo Firewall Pro software is a complete Firewall solution, you can upgrade to Comodo Firewall Pro Plus for installation and configuration by Comodo security experts for a small fee. In addition, Comodo also offers other free desktop security solutions. If you take the time to download and install these simple preventative applications, you can rest easy that the next time you surf the Internet, no one else is watching.

Written by Vijayanand

Read more: http://www.articlesbase.com/security-articles/best-free-firewall-software-559302.html

Network Security: Firewalls

What is the purpose of a Firewall?

Firewalls are absolutely vital for keeping network security in force. The firewall stops and controls the traffic that comes between your network and the different sites you go to. A firewall is a constituent of a company's network protection, and it acts to keep in force the network security policy. It can log inter-network activity with efficiency. It can also reduce a network's vulnerability. Whenever an organization is connected to the Internet but is not using a firewall, any host on the network has direct access to all resources on the internet. If you don't have a firewall, every host online can attack every host in your network.

What is a Firewall Incapable of Doing?

Firewalls can't always detect malicious data. For the most part they cannot offer any protection against an attack from inside, although they may log network activity should the criminal use the Internet gateway. A connection that doesn't go through a firewall cannot be protected by a firewall. To put it another way, if you connect directly to the internet via modem, there is no way the network firewall can protect you. Some firewalls cannot protect from viruses. Firewalls also cannot totally protect against previously unknown attacks; while a simple firewall provides little protection against computer viruses.

Firewall User Authentication or Verification

You establish a claimed identity's validity via user authentication. The use of a password and user name can provide this authentication; however, it is not really strong authentication. When you use a public connection, for example if you have a connection to the Internet that is not encrypted, your user name and password can easily be copied by other people and replayed. Powerful user authentication makes use of cryptography, for example SSL certificates. A certificate of this sort can prevent "replay attacks" from occurring. A replay attack happens when a user name and password are captured and used again to gain unauthorized access.

Firewall-to-firewall encryption

A connection that is encrypted is sometimes called a VPN, or Virtual Private Network. Cryptography makes this more or less private. Of course it isn't really private. The information may be private but it is sent on a public network -- the Internet. While VPNs were available before firewalls were, they became more common when they began running on firewalls. Today, most firewall vendors offer a VPN option.

Additional Purposes of Firewalls

* Increasingly, firewalls are being used for purposes of content filtration. Virus scanning is a common addition to firewalls in this area as well. Though this may be a waste of resources, because filtering for viruses needs to be carried out by every computer since information might be transmitted to these computers via routes besides through the firewall itself - for example, via separate disks.
* URL Screening: Firewall regulated accessibility to the internet as well as content filtering of both files and messages appears to be a practical extension of a firewall. The drawback of utilizing a firewall for URL or content filtering is minimized performance.
* To restrict the size of network space that any single user can occupy, or restrict the amount of the network's bandwidth that may be utilized for given purposes.

Written by Stephen Grisham Sr.

Read more: http://www.articlesbase.com/security-articles/network-security-firewalls-810920.html

Juniper Networks

Juniper Networks, Inc. (NYSE:JNPR) is an information technology and computer networking products multinational company, founded in 1996. It is headquartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services. Juniper's main products include T-series, M-series, E-series, MX-series, and J-series families of routers, EX-series Ethernet switches and SRX-series security products. JUNOS , Juniper's network operating system runs on most of the Juniper products. In 2009, Juniper made its debut on Fortune Magazine's 100 Best Companies to Work for Juniper ranked 4 in Fortune Magazine's World's Most Admired Companies list in Networking Communications category in 2009.

Products

Network Operating Systems

JUNOS is the Operating System that runs on most of Juniper's networking equipment.[37] It is Juniper's single in-house network operating system spanning routing, switching and security platforms on its router products. Juniper JUNOS was the first commercially available full-fledged modular OS with full memory protection available on the routing products, which greatly impacted competitive landscape. Initially, the biggest competitor of JUNOS was Cisco Systems's IOS, but now JUNOS mainly competes against other modular systems, such as Cisco IOS-XR and Alcatel-Lucent SR-OS. JUNOS features both vertical and horizontal modularity, and provides API for third-party applications (known as "JUNOS Space"). Although JUNOS was originally derived from FreeBSD, subsequent product development resulted in major kernel and infrastructure improvements (like In-Service Software Upgrade and real-time packet forwarding plane).

Router Products

M40 of M-series was the first product by Juniper Networks, which was released in 1998. The M40 was the first of its kind product, capable of forwarding packets in entirely silicon, without support from the general-purpose CPUs. This was achieved by using a proprietary chipset codenamed "ABC". The chipset consisted of three ASIC types, "A", for high-speed switching, "B" for L2 processing and memory interface and "C" for L3 services, together forming a packet processing engine (PFE). The PFE also included shared packet memory, a single packet forwarding table, and a one-write, one-read architecture.The entire PFE was capable of forwarding at 40 Mpps, a capacity more than 100 times faster than that of any other available router architectures at that time. Many features of M40 (such as separation of control and forwarding plane and modular OS) has formed the industry standard.

* E-series routers are broadband edge routers. The E series was developed by Unisphere, which Juniper acquired in 2002.

The E series routers run the JUNOSe operating system inherited from acquisition of Unisphere.
* J-Series routers are small customer-premises equipment or enterprise routers.
* M-series routers are multiservice edge routers.
* T-series routers are large core routers.
* MX-series routers are Ethernet services routers.

The J, M, T, and MX series routers run JUNOS.

While the E, M, and T series are all high speed ASIC based devices capable of terminating multiple broadband optical connections, the J series forwarding plane is partially software-driven. Capable of terminating DS3 (45 Mbit/s) and slower lines, the J-series product line heavily draws from the modern multicore CPU technology and is aimed at corporate branch offices and service provider premise equipment. In the fall of 2006, the J series got a refresh of the modular products offering significantly increased performance to meet updated WAN technologies requirements. In the same announcement Juniper shared that it would co-operate with Avaya to integrate Avaya IP Telephony in the J series of routers.

Switch Products

* EX Series Switches - Juniper's switch line-up was introduced in 2008 and runs JUNOS. Available in fixed and modular form factors with full or partial PoE functionality, EX family represents Juniper's bid for enterprise and cost-optimized Ethernet markets, augmenting the "One Operating System" strategy and generating $74 million in revenue during 4Q2009.
Security Products

# SRX Series Dynamic Service Gateways. A series of security services devices running JUNOS. Ranging from branch-office models to the SRX 5800, the world's fastest firewall. Combines Security (S) Routing (R) and Switching (X) in one chassis. Security features include the full UTM functionality previously found on ScreenOS, including web filtering, IDP and antivirus.

# NetScreen SSG Series and ISG Series firewalls - The SSG Series runs the ScreenOS operating system and provide firewall, anti-virus, intrusion protection and VPN services. Added to the product lineup after purchase of the NetScreen Technologies company, they do not run the JUNOS that the higher-end products do. Instead they run ScreenOS which provides a sophisticated mid-tier level of service. While capable of complex configurations, these are targeted mostly to small and medium sized business. The ISG series is capable of more advanced IDP and virtualisation functionality and higher performance.

# Secure Access SSL VPN gateways — Secure Access products provide SSL based VPN services to remote users without specialized clients.

# NSM Network and Security Manager (formerly Netscreen Security Manager, renamed Aug. 2008) - This is an enterprise-wide management tool for Juniper devices which allows for a single-point bastion control over multiple Juniper devices as well as serving as a syslog host & configuration backup repository, as well as the NSMXpress appliance that furthermore provides distributed hierarchical features.

# IDP Intrusion detection and prevention appliances

Source from Wikipedia - http://en.wikipedia.org/wiki/Juniper_Networks

Juniper J-Series, Juniper Router Review

Juniper J-Series The Juniper J-Series Routers range consists of the following models:

* Juniper J-Series J2300
* Juniper J-Series J2320
* Juniper J-Series J2350
* Juniper J-Series J4350

The Juniper J-Series routers offer the most advanced set of security features to protect from outside threats. Even while under attacks the Juniper J-Series routers gives staff complete control through the console port, allowing users to constantly add new filters and policies.

Computrad has been established since 1992 and since our inception we have been working with our enterprise clients as a trusted advisor to help shape their network infrastructure. Our current clients have had enormous benefits from this approach with organisations ranging from the US Federal Government for which we are one of Europe's only approved networking solution provider to smaller SME's. Our client base includes the US Navy, US Army, US Airforce and many other bluechip enterprises included within the FTSE 100.

The Juniper J-Series offers unmatched value as no licensing fees are required for advanced services such as IPv6, MPLs, IPSec and stateful firewall.
The Fault-protected and modular design of the JUNOS operating system delivers high levels of stability and resiliency unlike traditional routers where any small bug can quickly spread into a bigger problem. Juniper J-series Services Routers are available in three models of increasing bandwidth

Juniper Networks is an information technology company based in Sunnyvale, California and founded in 1996. The company designs and sells Internet Protocol network products and services. Juniper also partners with Nokia Siemens Networks, Ericsson, and Alcatel-Lucent to provide IP/MPLS network solutions to customers. Juniper's products include T-series, M-series, E-series, MX-series, and J-series families of routers, EX-series Ethernet switches, WX-series WAN optimization devices, and SRC Session and Resource Control appliances. All J-series Services Routers run on the JUNOS software and are reachable through the J-Web browser interface on the JUNOS command-line interface

Juniper J2300

The Juniper J2300 comes with a Smaller chassis (1 U) with a nonredundant AC power supply, 256 MB to 512 MB of RAM, and a Universal Serial Bus (USB) port for external storage. Three available versions have two Fast Ethernet LAN interfaces plus one of the following sets of fixed WAN interfaces: This can handle up to 4 Mbps 20,000 to 50,000 packets per second (pps)

The Juniper J-Series routers include the most advanced set of features for protecting routers from outside threats, the JUNOS software offers high levels of resiliency, stability and uptime.

Juniper J4300

Larger chassis (2 U) with a nonredundant AC power supply, 256 MB to 512 MB of memory, and a Universal Serial Bus (USB) port for external storage. In addition to two Fast Ethernet LAN interfaces, this model has six open slots for the following WAN Physical Interface Modules (PIMs):Up to 16 Mbps 50,000 to 80,000 pps

Juniper J6300

Larger chassis (2 U) with a redundant AC power supply, 256 MB to 1 GB of memory, and a Universal Serial Bus (USB) port for external storage. In addition to two Fast Ethernet LAN interfaces, this model has six open slots for the following WAN Physical Interface Modules (PIMs): Up to 90 Mbps 100,000 to 150,000 pps.

Written by Parmy Stevens

Article Source: http://EzineArticles.com/?expert=Parmy_Stevens

Security EQ, New site offering deep discounts on security products; Firewalls, Anti-virus, Intrusion Detection and Prevention

Today marked the debut of securityeq.com, a new shopping site for network security products. This is a site for shoppers looking for industry leading products at great discounts. Shoppers can sort through the products from companies such as Juniper Networks, Fortinet, Blue Coat, TippingPoint, TopLayer, Bradford Networks, ESET, Kaspersky, and more through an addictively easy web experience. The site gives consumers the ability to compare prices not typically posted to the public so they can avoid the harassing sales person and empowers the shopper to make informed, economical choices.

With security breaches making headlines daily and the risk of compromise and data loss threatening IT infrastructures and data assets, securityeq.com brings together the technical and budgetary information at the shopper’s fingertips. With the strongest security products around, securityeq.com has the right solution at the right prices. Backed by their parent company founded in 1989, securityeq.com is an authorized reseller of the most complete line of network security products available anywhere. Their certified solution consultants and experienced engineers are ready to assist with product and pricing questions.

Some of the hottest products include the new Juniper SRX series of firewalls. Gartner has placed the new SRX Series as a Leader in the magic quadrant for Enterprise Firewalls. ESET recently released 4.0 of their flagship product, NOD32. With the most VirusBulletin 100 ratings of any other antivirus manufacturer around, this product will add the protection required on Workstations and Servers to combat today’s ever elusive malware. Visit them today at http:www.securityeq.com for all your security needs.

Written by Juan

Read more: http://www.articlesbase.com/security-articles/security-eq-new-site-offering-deep-discounts-on-security-products-firewalls-antivirus-intrusion-detection-and-prevention-1142038.html

The Need For Basic Internet Security

With the number of businesses that are connecting to the Internet and using cable modems, DSL lines, and T1 circuits, the need to secure their connections is not only necessary but also simply due diligence on the part of the company. Businesses rely on their Internet connection to send credit card payments through, to run their VoIP phones, and even to host their webpage. If Internet connectivity is disrupted then business can not operate as usual.

In order to insure that the connection to the Internet is secure there are some basic methods that can be utilized that are fairly cheap and will more than pay for themselves with the increased security and uptime of the Internet connection. A business does not need to make sure their network is as tight as an Army base; they just need to make sure they are more secure than others so that attackers will target the easier sites and leave theirs alone.

The very first thing that needs to be put in place at each and every Internet connection is a firewall. All businesses should have a hardware firewall that protects and separates their business from the Internet. A cable modem with built-in firewall may be adequate for a household, but a business should look at a commercially available firewall such as a Juniper firewall 5 series, a SonicWall firewall, or even a Cisco SOHO. These are all inexpensive and are easy to manage and configure. A firewall is the first step of protection that keeps out those who do not need to have access to the internal business network. Essentially installing a firewall is similar to installing locks on a house. Only those with the proper keys can access the house just as only those who have been specifically granted access can access the network behind the firewall.

Once a firewall has been installed, configured, and is working properly a business is going to want to look at the computers themselves. There are two things that need to be done on all the machines that will insure that the machines stay up and operational longer than those that are left unprotected. The two things are necessary are: patching the machines for the latest updates for both the operating system (OS) and the applications, and then installing antivirus software.

The patching of the systems will insure that the vulnerabilities that virus/worm writers are using to exploit and take over machines will not be effective against a patched machine. By patching the machine the entry door is closed and the worm will not be able to gain access. Application patches update their tools and software being used on the machine. With the latest patches this too will make it more difficult for attackers to exploit machines and gain entry to them.

Antivirus software is an absolute necessity on machines. System administrators and users can become annoyed with it as it is a resource hog but that is because the software is tasked with protecting the system and they continually scan the system for infections. When used in "real-time" mode each file is scanned before downloading, uploading, or being saved to the disk. This is important when reading emails, sending emails, or even surfing on the Internet.

There are many other steps that can be taken to give a business a stricter security posture. However, by taking the above steps a business can rest assure that they have taken the due diligence and installed the most basic security measures in their business that will make it difficult for an attacker to gain unauthorized access to a business's network.

Article Source: http://EzineArticles.com/?expert=Benjamin_Corll

Written by Benjamin corll