The primary task of a firewall is to prevent illicit connections to services from an insecure network. One common attack is to try to connect to servers and use them to break into the network. By only allowing the insecure network to access the allowed services, they are blocked from accessing other services. For example, the services on ports 139 and 1035 on the internal network are to be protected from the Internet. Set up a firewall that does not allow connection to these ports, which makes sure that no one uses these services incorrectly.
Ingate Firewall usually blocks everything. You set up rules and relays only for the traffic you want to receive.
One common attack is address spoofing. This means that a computer on an insecure network uses an IP number that belongs to the internal, secure network. This computer pretends to be part of the internal, secure network. Since Ingate Firewall detects which interface a connection originates from, it blocks this type of attack, preventing any packets from coming in from the wrong interface.
Denial of Service, DoS, is a class of attacks that prevents or interrupts a service. SYN flooding is an example of this. Most server computers have a limited number of simultaneous connections for a given service. Starting many half-connections to a service prevents others from accessing it. Ingate Firewall can prevent SYN flooding of the firewall itself to a certain degree, but the usual firewall rules do not prevent SYN flooding of the computers on an internal network. For good protection even for computers on an internal network, use relays for the traffic that passes through the firewall.
Another type of attack is the `ping of death.' A ping is a signal to detect if a computer is up and running. The ping sends an `echo request' ICMP packet and receives an `echo reply' ICMP packet in response. Receiving a ping packet that is larger than the usually accepted size can make a computer crash. Ingate Firewall does not fall for the ping of death. To protect computers on a network, you should not allow ICMP echo requests to pass through the firewall into your internal networks, only ICMP echo replies.
Another type of attack is to send packets with incorrect out-of-bounds data to a server. This can crash a server computer that has certain broken programs. The relays in Ingate Firewall will not forward out-of-bounds data, which gives some protection from some attacks, but the firewall rules do not protect against incorrect out-of-bounds data.
The most common type of attack is using bugs in some server software. Always make sure that you have the latest versions of all server software that you use. Another safety measure is not to allow the entire Internet access to all servers on your internal network unless absolutely necessary. This is easy to do with Ingate Firewall.
The above examples describe a few of the attacks you may fall prey to. A small list like this cannot be complete. New attacks and counter-attacks are constantly being developed. To keep abreast of developments, we recommend that you join some of the mailing lists and news groups listed in the next section.