Penney Procsal Saturday, December 11, 1999

CECS 5400

I originally choose the topic of the Internet in elementary classrooms but soon realized this was too broad of a topic. Instead, I choose to focus on firewalls. The Internet, like any other society, is plagued with the kind of people who enjoy destroying other people’s property, or just annoying people beyond belief. Some people try to get real work done over the Internet such as grade school students researching or looking for fun games to play, and others have sensitive or proprietary data they must protect such as people ordering products online. Usually a firewall’s purpose is to keep the bothersome people out of the network while still letting the "honest" people get their work done. Firewalls are necessary in all situations including school districts and households with children.

Firewalls are a combination of hardware (routers and servers) and software (systems and applications) working together. Firewalls are generally thought of as a type of ‘protected gateway’ through which traffic coming into and leaving a computer can be regulated. According to Internet University, "firewalls can control external access to site systems, block or hide IP addresses from the Internet, and log activity for analysis." Firewalls use two major strategies: packet filtering systems and proxy systems.

Packet filtering was the first form of firewall technology. Packet filtering is when filtering or screening routers examine every IP packet and decide, based on a set of customized rules, whether or not a message should be passed or a connection allowed. These rules can filter by IP (Internet Protocol) type, TCP (Transmission Control Protocol), or UDP (User Datagram Protocol) port numbers. Packet filtering is the least expensive and least intrusive of the firewall strategies. Packet filtering firewalls are transparent to the users, therefore, they typically will not even know that filtering is happening. Because very little data is analyzed and logged, filtering firewalls take less CPU, but are also the least secure. Packet filtering leaves you vulnerable to attack on ports that are allowed through the firewall. This usually happens unknowingly, but sometimes knowingly, when someone sets up a machine that exposes the network.

Proxy server filtering was the next type of firewall technology. Unlike packet filters, proxy networks usually require special configuration of the client machines. A proxy server resides on a separate network from client machines. Proxy servers have access to the Internet. The client machines on the network do not have direct access to the Internet. This keeps unwanted traffic out of the local network and ensures that only traffic that meets the rules previously configured is allowed to pass in and out of the network. Because of this, proxy servers provide a much higher level of security than packet filters. Proxy servers can record logs of all activity between the network and the Internet. These log files can be valuable in tracking attempted break-ins. Proxy servers also protect the identity of internal systems by acting as a middle man for all outgoing requests. A web page request sent through the proxy server would be intercepted by the proxy and halted. The proxy would start another request for the same page and deliver it back to the requesting system. This action keeps the IP address of the requesting system hidden from the Internet. The only IP address that goes out is that of the proxy server. Proxy servers are more reliable than packet filtering systems. There is no chance of someone configuring a machine on the local network that allows outside traffic in without custom configuration of the proxy server. Some proxy servers have the ability to cache commonly requested data, freeing up valuable Internet bandwidth.

With increased integration of the Internet in classrooms across the nation comes the need for firewalls in school districts. Many students are being required to locate information online and with this comes the possibility that they may come across inappropriate information. Firewalls help to limit this exposure. Many school districts choose a proxy system for the level of control. Richardson ISD, along with many others, use a proxy system called "Bess, the Internet Retriever" by N2H2. All Internet page requests are first sent to Bess. Bess, then, passes on the request to the actual web site. When the information from the site returns through "Bess", she monitors for content. If any questionable content is listed on the page, students will not be able to access the page. Bess also keeps a log of the sites accessed and denied. Many filtering systems are available for school districts to use, so using the Internet in schools has become more "safe" than it was in the past.

As more and more homes are getting connected to the Internet, firewalls become an issue in commonplace America. Many households do not think about having a firewall on their computers because they do not feel they are in danger of being attacked by a hacker. This assumption is not correct. If you leave your computer online, any hacker can access your files unless you are protected. Also, if there are children in the house, it is a good idea to have a filtering system to keep them away from inappropriate material. There are many software programs available to help filter the information entering and leaving your computer. Bess, I-Gear, Safe Surf, Smart Filter, Surfwatch ProServer, Websense, and X-Stop Shadow are examples of proxy server systems available to use from home. On Guard is a packet filter and Cyber Patrol, Cyber Snoop, Cybersitter, Library Channel, Net Nanny, Net Shepherd, and Surfwatch are client-filtering systems.

Client-filtering systems are software programs installed on individual computers. With client-filters, parents have more control over what is filtered from their computer. Parents are also able to get a log of the sites requested with many client-filtering systems.

With increased use of the Internet in America, and the knowledge that all societies (including the Internet) have troublemakers waiting to disrupt lives and cause havoc, firewalls are becoming more and more important. When deciding what type of firewall to use in a situation, you must first evaluate your computer system, the amount of security needed, and the reliability of the different types of firewalls. Hopefully, after weighing all of this information, the best firewall can be chosen for your system.