|
|
IPTables Linux firewall with packet string-matching support
Linux firewalling code has come a long way since the time ipfwadm was introduced in kernel version 1.2.1 in 1995. Ipfwadm enabled standard TCP/IP packet filtering features such as filtering by source/target addresses and port numbers. Then, in early 1999, when the first stable 2.2.0 kernel was released, firewalling code was replaced with new ipchains-controlled code. New features included support for chains of rules, fragmentation handling, better network address translation (NAT) support and several usability improvements. Readers should be reminded that Linux firewalling includes kernel-level code (usually in form of loadable module or kernel source patch) and user-level code (a control utility such as /usr/bin/ipchains, that is used to insert packet rules into kernel-space). Thus whenever new Linux firewalling code was introduced it involved both kernel and userspace code rewrite.
|
|
Oskar Andreasson IP Tables Tutorial
Oskar Andreasson speaks with LinuxSecurity.com about his comprehensive IP Tables tutorial and how this document can be used to build a robust firewall for your organization.
|
|
SunScreen, Part One: An Overview of the Sun Microsystem Firewall
SunScreen is Sun Microsystem's firewall that runs under the Solaris operating system. It is the latest version of Sun's long line of firewall software that allows administrators to provide firewall capabilities to the Solaris operating system. SunScreen 3.1 is available in a full version which can be purchased from Sun Microsystems or a "lite" version which could be downloaded from Sun's Web site. With the release of Solaris 9, Sun has now bundled the SunScreen software with the OS.
|
|
SunScreen, Part Two: Policies, Rules, and NAT
The first article in this series introduced SunScreen 3.2, which is available as part of the Solaris 9 distribution. SunScreen is Sun Microsystem's firewall product and provides a variety of features that allow system and network administrators to secure their networks as well as provide for remote access capabilities. This article will cover the some of the rudimentary facilities in SunScreen such as adding and removing rules, setting up a remote management station, and network address translation.
|
|
Firewall Comparison: Checkpoint Firewall-1 and Cisco PIX
Checkpoint FW-1 has been the firewall market leader since shortly after its introduction in 1994/95. Its well designed GUI interface was, and still is, the best visual interface to any firewall product. This intuitive interface makes FW-1 easy to work with even for those new to firewalls. Why other firewall vendors have been so slow to copy the FW-1 interface is a question worth asking. The drawback to this GUI is that you have to use it
|
|
Firewall Evolution - Deep Packet Inspection
Firewalls provide a variety of services to networks in terms of security. They provide for network address translation (NAT), virtual private networks (VPN), and filtering of traffic that does not conform to the network's stated security policy. There are many forms of firewalls from simple packet filters to circuit-level gateways to proxy firewalls. Firewalls are being asked to fill a larger and more varied role in network security these days than several years ago. One of the more recent innovations in firewall technology is the application of deep packet inspection or DPI. Deep Packet Inspection can be seen as the integration of Intrusion Detection (IDS) and Intrusion Prevention (IPS) capabilities with traditional stateful firewall technology. Traditional networks have a defined boundary demarcated by a firewall with an IDS sensor sitting behind it.
|
|
Linux Firewall-related /proc Entries
Most people, when creating a Linux firewall, concentrate soley on manipulating kernel network filters: the rulesets you create using userspace tools such as iptables (2.4 kernels,) ipchains (2.2 kernels,) or even ipfwadm (2.0 kernels). However there are kernel variables -- independent of any kernel filtering rules -- that affect how the kernel handles network packets. This article will discuss these variables and the effect they have on the network security of your Linux host or firewall.
|
|
The Enemy Within: Firewalls and Backdoors
As a modern IT professional you've done all the right things to keep the "bad guys" out: you protected your network with firewalls and/or proxies, deployed anti-virus software across all platforms, and secured your mobile workstations with personal firewalls. You may even be in the process of designing and deploying an enterprise-wide network and host intrusion detection framework to help keep an even closer eye on what's going on. Even with all this, are you really safe? Can your multiple-lines of defense truly protect your network from modern methods of intrusion? This article presents an overview of modern backdoor techniques, discusses how they can be used to bypass the security infrastructure that exists in most network deployments and issues a wake-up call for those relying on current technologies to safeguard their systems/networks.
|
|
Transparent, Bridging and In-line Firewall Devices
There are many tools we use as network and security professionals to build a secure network. Routers, virtual private networks, intrusion detection systems and vulnerability scanners are regularly employed to tackle this challenging task. Many would agree that the foundation of such a defense is the firewall. While the traditional implementation of a firewall as a router works well in most situations, another version can strengthen existing configurations or succeed where its brethren fail. In this article we will examine the concept of a bridging or transparent firewall which sits in-line with the network it protects.
|
|
Linux Firewall - the Traffic Shaper
This article will look at ways for users to get more out of that faithful but somewhat dull firewall. In particular, we will look at traffic shaping, a technique that prevents high-bandwidth traffic like Napster from making other Internet applications, such as Web browsing and gaming, unusable. By making some simple adjustments to the Linux kernel, users can implement an effective traffic shaping setup that ensures that the Web traffic can flow smoothly, even when a lot of outsiders are busy working with your Napster store. By restricting certain types of traffic which may otherwise dominate the Internet link, firewalls can not only optimize bandwidth but can also serve as an effective tool against certain types of 'Denial of Access' attacks.
|
|
|
|
|
|
The Perils of Deep Packet Inspection
This paper looks at the evolution of firewall technology towards Deep Packet Inspection, and then discusses some of the security issues with this evolving technology.
|
|
Actions
Category Stats