Computer firewall

Computer Security

Computer privacy and security was an issue many years ago; security and privacy must be maintained the access to a better consumer wellness with computer products. Especially with the evolution of Internet, computer information is risked to be hacked or exploited. The authenticity and availability, integrity and confidentiality of electronic information must be preserved and well secured for privacy rights of the consumers.

Authenticity and availability comes in the same manner, they both deal with the accessibility of the user with only through their authenticity and availability. Integrity tackles with the securing information against unauthorized users; information may be hacked sometimes due to unsecured privacy. Confidentiality must be also preserved because it is the privacy of the user that he may only be the one to access any information he tasked for the computer.

The security measure is necessarily given attention to because of hacked accounts and privacy related problems in the past. Since it was a problems to the entire Internet and computer community, the challenges is for the web developers, consumers and programmers and any related individuals for the computer security.Computer Firewalls

With computer firewall known to as a system used for restricted access to a private network, especially in the case of using internet where there much billions of users worldwide. With the used of computer firewall, any information that would pass or enter the private network will be examined and be avoided if does not comply with security criteria. It was told to be the first and primary line of security and protection. It avoided intrusion or even denies any entry from any intruders that could lead to data corruption.

            Firewalls usually located at point where two networks were interconnected for instance a private network and internet. At first, firewalls were used to be only simply routers in the network connection. The main part of firewalls were segmentation of the network into different subnets thus limiting and restraining greater amount of damages from extending to other subnets. Firewalls may come in hardware or software.

Types of Computer Firewalls

Packet filter works by looking or describing every packet that seems to penetrate or leave from the network and the passage acceptance or rejection will be based with regards to user-defined rules. Packet filter were used to be only a component of a router. Configuring a packet filter was hard to make but it does serves as an efficient and transparent firewall. The only risk of packet filter was its defenselessness to IP spoofing but it advantageous due to its little amount of outlay and low contact on the network. IP spoofing is a method of unauthorized intrusion to computers with the aid of hacking and modifying IP address of trusted host.

Circuit-level gateway works with application of security measures with the establishment of TCP or UDP connection. The connection was mainly the working station of the packets; packets flow will be smooth without the checking process of packet. It was also used in knowing the legitimacy of a session by monitoring TCP handshaking of packets. It also helps in protection and security of information that passed through legitimacy. The significance is that it was also low cost compared with packet filter.

Another type that is merely related and similar with circuit-level gateways was called to be application level gateways. It sometimes seen as proxies but does not requires application to be precise and definite. It is concern with the protection measures to specific applications, in the name FTP and Telnet servers. Efficiency is can be counted but performance can be degraded. The use of proxy is really needed factor for the authoritative passage of incoming and outgoing packets. Application level gateways were also made for the convenience of activity login and user login. High level of security was to be imposed to acquire greater performance and impact on the network. This is due to framework switches that slow down system entrée considerably. Application level gateways could be concealed and secreted to end client and does only needed to be manually or handily configured.

With the emerging types of firewall also exists another firewall that is called as stateful multilayer inspection firewalls. It was used for filtration process of packets that urge for entry  in and out the firewall . Client and host interaction were allowed in this type of firewall; understanding and recognizing the problems of transparency shortage. High security, good performance and transparency were the main concern of the firewall that were dissimilar with other types of firewalls.  Inexpensive as other types but less secured if not properly administered.

Network Address Translation

Network Address Translation, or abbreviated as NAT, is an Internet Engineering Task Force (IETF) standard were customary employed to allow several computers on a private network to allocate and share with a single and global IP address. Network Address Translations are usually used and deployed due to scarcity of public IP addresses. With the scarcity problem faced with IP addresses, NATs came to the rescue.

The NAT is an instant respondent to the IP address exhaustion problem and temporarily unrewarded because it is unnecessary with regards with the development of IPv6 Address. Since IPv4 address collapse was particular global problem, the solutions were being unstable for this kind of issue in the world.

With regards to the scarcity of IPv4 addresses necessary for the interconnection within internet host, the aid of NAT is to provide filtering of simple packet by means of giving passage for only solicited traffic to private networks. Solicited traffic was referred to as the only traffics that accompanied by a request of the private network host. In an instance when private networks want to access page content from the web source they were to have a request for the Web page. Thus the entry of the traffic was allowed and those that unsolicited were to be avoided for the passage of page contests to the host.

There were two kind of network address translation that used to known. The most popular or known was the Network Address Port Translation, eventually known as PAT or NAPT. It was to involved mapping of port numbers that used to allow to employment of share a common IP Address. The other type was the basic or static NAT, also known as One –to-One NAT which only involves much simpler address translation not requiring the mapping of ports. And it had been requiring external IP address for each connection made instantaneous. One popular router that used this type of NAT is the Broadband router because it was used by the router as to allot computers to allow external connections not necessarily if the router is available.

Network Address Translation that comes with port translations divide in two subtypes. The first type is the source NAT, only used to perform the copying or rewriting the IP address of the connection host. And on the other hand the destination NAT for the IP address of the destination. These two were commonly related in terms of two way communication process between the destination and the source.

Network Address Translation Transversal

When we would want the discovery of network-aware applications that they are using NAT, Network Address Translation Transversal is necessary. And also network-aware applications recognize the external IP address and most likely configuring map of ports to allow packets entry to and from the application. It was made for the easiness that the user will not have hard time configuring manually any operations in NAT.

            It has been used in cases that specialized solutions of NAT were primarily required knowledge on the application especially in technical and practical manner.  Even though the NAT transversal cause a solution to NAT problems, it does counted for a total solution to the problems thus does have the capabilities of providing solutions for every problems. It does truly gave satisfaction to the user with significance for the customer and also reduced or lessen calls from customer support. It was also significant in ways that it enables the customer of having innovative applications and services.

            The NAT transversal was needed and should acquire the capability of coping measures even if not work for every problem at different times. In time that the new IP address would come out to the world like IPv6, the essence of using NAT and NAT transversal was not really recommended because of evolution of IP address where every single client would have to acquire their own IP address. These NAT and NAT transversals were only recommended until the next few years before the development of new IPv6 Address.

Configuring Network Address Translation

            Network Address Translation configuration is a difficult process to make especially when innocent of the things regarding what NAT is for. Having a guide is the most appropriate move in doing so. Guide may be of a handbook or any person specialized in NAT. With the guide, it enables us to perform well the configurations steps we plan to do with the NAT.

            First of all, we must know and determine the internal and external interface of NAT itself. Knowing the internal or external may bring easiness to work it in terms of how to configure both interfaces in different manner. Secondly after knowing that, also know what the main concerns of the NAT are. The NAT may allow internal users to have an access to internet; this may be done but the availability of addresses was not too much for every client. In times like this a single valid address or bundle of valid addresses that may be accessible to everyone may be done.  It could be done by allowing certain devices internally to originate the communication of both internal and external. Then the invalid addresses were translated to valid pool of addresses.

 At this point, NAT configuration is ready. dynamic NAT is to be employed, with the dynamic NAT router is of its empty stage until traffic comes in it becomes populated. In this manner, internal devices can be translated into valid address.

 Another configuration is to be made if internet could be allowed for internal devices access. In this case, the inside users should originate communication on the outside devices. The communication to be originated by outside devises should only be on the mail server which is located inside. To finish, both static and dynamic NAT should be configured together. Configuring NAT is essential if there is need to readdress the devices on the network or fro replacement procedures of a device. This is commonly seen in cases that new IP address was to be put in replacement of the old one. By NAT configuration, the can old address can be translated and make to communicate with the new server. NAT configuration can also be use for overlapping cases of addresses; companies of the same IP address. With NAT, IP address can be translated to have its own specific address.

            After doing these entire configuration, the operation of NAT should be verified that it was operating smoothly at it was expected to be. These can be done in multiple and different manner; network analyzer could be use, the debug and show commands will be also most likely to be used for verification process.

            In generalization of deploy and configuration of NAT, this 4 basic steps should be considered. First, we should know how to define NAT inside and outside interfaces, technically speaking. Secondly, define and determine what you are trying to accomplish with NAT, meaning know what was the main concern or objective in configuring NAT.  Third is setting up for the configuration of NAT with regards with the main concern of your choice. Last and foremost, don’t ever forget to verify the application process of NAT whether it was performing or not. This is the much important step of the process.

With regards with the NAT configuration, here are some details and information on the command IP NAT inside source and IP NAT outside source. IP NAT inside source the action hat would take place were the translation of the source of IP packets that are passing inside to outside and the translation the destination of the IP packets that are passing outside to inside. The IP NAT outside sources works on the translation of the source of IP packets that are passing outside to inside and translation the destination of the IP packets that are passing inside to outside. It was reverse action of the IP NAT inside source(Cisco Systems, 2005).

            Network configuration is said to be a great achievement in the NAT. This could simply a help if there is lack of knowledge with computer security to be personally performed. The goal of configuration of and its objective can be attained with the help of the guide that we used for the configuration of NAT in the router we wished to.

Conclusion

            With the security measures made for the development and integration of computer technology with the community, there had been many instances that these were vividly seen. Programmers were making sure with the privacy and security it would bring about to every computer client all throughout the world.

            In connection with computer security comes the innovation of computer firewalls that were definitely used in order to secure rights of privacy to every user especially internet consumers. Firewalls merely a solution to any security issues globally that it seems to efficient protection measures though it have sometimes downfalls and drawbacks.

            Network Address Translation is one of the significant measures for the security, having it at low cost and convenience makes it a great tool for any computer network. It is known to enhance the reliability of ceasing any virus and worms that are pushing to enter the computer system in a network. It improves the privacy be discouraging the used of private materials from the restricted host. Thus many NAT enabled firewalls have great achievements in terms of security and privacy issues.

            Nat also a great solution for the problems of scarcity of IPv4 addresses in practical manner. Single address is only needed as means of connecting with the internet this is because of the application of NAT in a network. It aided to the loss of IPv4 address that was a great problem in the internet world.

The world of internet and computers as it was foremost a important world to the lives of every individuals should achieved great securities and privacies together with the future development and innovations regarding the internet and computers. This can be possibly done thru the aid of different internet and computer specialist.

Reference:

Cisco Systems, I. (2005). Configuring Network Address Translation: Getting Started. Retrieved August 12, 2007, from http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic10.