With the advent of the internet and the proliferation of users and businesses attached to it, the need for being able to keep sensitive information private has become more and more important. Additionally, the threat of malicious attacks on the IT environment grows almost daily. In order to allow users access to information via the Internet, whilst at the same time denying improper use of sensitive information and attacks by hackers, the concept of firewalls was introduced. In general, a firewall may be defined as a method for filtering the flow of data communication between one network and another. The actual filtering is accomplished based on different criteria.
This section provides a brief introduction to some of the IP networking basics. Each topic is explained to the level needed to understand the firewall concepts.
Each system, printer, router or any other device (node) connected to local network or global internet is identified with its IP address. This IP address must be unique within the network the node is connected to. This means that nodes participating in the global internet must have their IP addresses unique at the global level. On the other hand, two nodes communicating on a private, isolated network must have their IP addresses unique on this particular local level.
The IP addresses are numerical, four-byte quantities, usually presented in so-called dotted decimal notation.
Most network nodes, especially general purpose computer systems, usually run a wide variety of different programs, some of them reachable over the network. In order to be able to distinguish between these programs, each of them monitors the network requests at different port. There are 65535 ports available at each network node. The first 1024 ports (0 through 1023) are special and reserved for well known services.
IP (Internet Protocol), TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) denote different layers on the network protocol stack. Each of them has different tasks and functions to perform. The hierarchy of IP, TCP and UDP layers and their position within the original four layer TCP/IP Internet network model is the following:
Both TCP and UDP
use the following quadruple to identify the sending and receiving application:
<source IP address, source port,
destination IP address, destination port>
TCP uses the above quadruple also to identify the applications which established
the virtual connection. The destination IP address and destination port number
are normally determined by the sending application and contain the target node
IP address and target application listening port. The source IP address is automatically
determined by using the IP address of sending network node. The only undefined
part of the quadruple is the source port. Normally, the TCP/IP stack API implementations
uses the randomly selected ports in the range
1024-65535.
Telnet session example
Remote procedure
calls (RPCs) are at the heart of client-server applications built with DCE.
The interaction between the client and server is defined in terms of procedure
calls. In order for the client to call a remote procedure call supported by
a server, the client needs a binding handle. The binding handle is used to associate
a client with a server so that the RPC mechanism knows where and how to make
the remote procedure calls. The binding handle contains the network address
of the server, the protocol (TCP, UDP, etc.) and the endpoint (for UDP and TCP,
this is a port number).
DCE provides a service called endpoint mapping which allows the client to determine
the endpoint for a given server. To use endpoint mapping, the server must register
with the local endpoint map. This registration will include the interface, protocol,
and endpoint. On UNIX, either the rpcd or dced process manages the endpoint
map. On Windows NT/2000, the rpcss process manages the endpoint map.
OV Performance Agent (OVPA) and OV Performance Manager (OVPM) utilize both TCP socket and DCE RPCs for interprocess communication
OVPA Interprocess Communication
OVPM Interprocess Communication
Protocols specify how data is transmitted between computers and how the computers should respond to various conditions that might arise. DCE defines a set of protocol sequences that specify the type of RPC protocol and the underlying networking protocols to use. The most common DCE protocol sequences are
ncadg_ip_udp
and
ncacn_ip_tcp.
The RPC datagram protocol (abbreviated dg) is used with network datagram protocols, such as UDP (connectionless protocol). The advantages of the datagram protocol are independent packets and low overhead. The disadvantages are unreliable delivery and limited packet lengths.
The RPC connection-oriented
protocol (abbreviated cn) is used with network connection-oriented protocols,
such as TCP (Transmission Control Protocol. TCP is a connection based protocol).
The advantages of a connection-oriented protocol are a dedicated connection
between the sender and receiver and reliable delivery. The disadvantage is more
connection overhead.