Definition of Firewalls
What is a firewall?
A firewall is piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction. It has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust).
|
|
Firewalls
|
|
Linux Firewall-related /proc Entries
Most people, when creating a Linux firewall, concentrate soley on manipulating kernel network filters: the rulesets you create using userspace tools such as iptables (2.4 kernels,) ipchains (2.2 kernels,) or even ipfwadm (2.0 kernels). However there are kernel variables -- independent of any kernel filtering rules -- that affect how the kernel handles network packets. This article will discuss these variables and the effect they have on the network security of your Linux host or firewall.
Read the Article
|
The Enemy Within: Firewalls and Backdoors
As a modern IT professional you've done all the right things to keep the "bad guys" out: you protected your network with firewalls and/or proxies, deployed anti-virus software across all platforms, and secured your mobile workstations with personal firewalls. You may even be in the process of designing and deploying an enterprise-wide network and host intrusion detection framework to help keep an even closer eye on what's going on. Even with all this, are you really safe? Can your multiple-lines of defense truly protect your network from modern methods of intrusion? This article presents an overview of modern backdoor techniques, discusses how they can be used to bypass the security infrastructure that exists in most network deployments and issues a wake-up call for those relying on current technologies to safeguard their systems/networks.
Read the Article
|
Transparent, Bridging and In-line Firewall Devices
There are many tools we use as network and security professionals to build a secure network. Routers, virtual private networks, intrusion detection systems and vulnerability scanners are regularly employed to tackle this challenging task. Many would agree that the foundation of such a defense is the firewall. While the traditional implementation of a firewall as a router works well in most situations, another version can strengthen existing configurations or succeed where its brethren fail. In this article we will examine the concept of a bridging or transparent firewall which sits in-line with the network it protects.
Read the Article
|
Linux Firewall - the Traffic Shaper
This article will look at ways for users to get more out of that faithful but somewhat dull firewall. In particular, we will look at traffic shaping, a technique that prevents high-bandwidth traffic like Napster from making other Internet applications, such as Web browsing and gaming, unusable. By making some simple adjustments to the Linux kernel, users can implement an effective traffic shaping setup that ensures that the Web traffic can flow smoothly, even when a lot of outsiders are busy working with your Napster store. By restricting certain types of traffic which may otherwise dominate the Internet link, firewalls can not only optimize bandwidth but can also serve as an effective tool against certain types of 'Denial of Access' attacks.
Read the Article
|
High Availability Firewall - WatchGuard Firebox Vclass V60
Availability is but one of the three cornerstones in information security: Confidentiality, Integrity, and Availability. Nevertheless, its importance cannot be undermined. With the advent of simplified computing technologies, it is not impossible to achieve a high availability firewall setup within a reasonably short span of time. The focus of this paper is on the subject of high availability (HA). It kicks off by acquainting oneself with the term HA, analyzing the need for HA, categorizing the modes of HA, understanding the technicalities of HA, and finally setting up an HA model based on the WatchGuard Firebox Vclass V60, including troubleshooting procedures. It wraps up by emphasizing the fact that high availability is not the sole factor for total system reliability. Interdependency between other factors plays a key role in ensuring the availability aspect of information security.
Read the Article
|
Internet Service Providers: The Little Man's Firewall.
There has recently been call for Internet Service Providers to begin filtering traffic related to the spread of malicious data traffic such as viruses, worms and open proxy abuse to and from their end-users. This case study outlines the planning, implementation, and results phase of such an endeavour by a medium sized national Australian ISP. It illustrates that a significant improvement in the security of the ISP network, end-user connections and indeed the Internet as a whole may be achieved by filtering access to ten TCP/IP ports extensively targeted by this malicious data traffic. By providing an "opt-out" mechanism for those end-users that do not wish to have such filtering applied, this heightened security is possible without negatively impacting connectivity or functionality. This document is intended to be a high level case study in order to have relevance beyond the scope of the specific organization, but at the same time provide enough detail to serve as a good illustration.
Read the Article
|
Comprehensive Anomaly Detection (CAD)
When researching possible open source solutions, one utility stood out as an example of what we needed to accomplish: portsentry. Portsentry is a port-monitoring tool that is able to take action when a change occurs in the signature of a machine's ports. Put another way, if an intruder accesses a port that is not in the allowed port list, portsentry can automatically add a packet filtering rule (among other responses) to block the intruder from any further connection efforts. Watching how portsentry reacted led to the idea that we could build a set of firewalls that could monitor their own health once they were connected to the Internet. This monitoring went beyond the usual combination of Tripwire and HID/NID systems and included the ability to take automated action in response to detecting a change in the known and expected state of each firewall.
Read the Article
|
Securing the Perimeter: A Case Study
My employer is a small consulting firm whose specialty is providing their customers with Microsoft Windows and Citrix networked business solutions. They believed their internal servers were secure due to their diligence in keeping the Operating Systems up to date with the latest service packs, hotfixes and patches. Virus signatures and scanning software was also kept current. I was given the task of evaluating the security of the network perimeter and to make recommendations for securing our Internet connection. Examination of the perimeter infrastructure showed the network to be virtually defenseless. There was no Firewall installed and very little filtering of inbound or outbound Internet traffic on either the router at the corporate office or the router at the branch office. The Linux, Help Desk, Mail server and the two Active Directory servers had direct network links to both the internal network and the Internet making them prime targets for intruders.
Read the Article
|
Benefits Of Implementing Secure Computing's Sidewinder Firewall Appliance At A U.S. Army Military Installation
The implementation of the Sidewinder firewall solution would transparently support the upgraded network demands and add essential security mechanisms such as Application Layer protection, Stateful Inspection technology, etc. These functionalities increased the site's ability to defend itself against attacks. In addition, real-time event monitoring, as well as uniquely configured Strikeback response alerts, allow IT Security personnel to proactively monitor attempted intrusions and suspicious activity. The added protection mechanisms supplied by the implementation of a Sidewinder firewall appliance, along with strict "least privilege" access control policies would assist the Designated Approval Authority in accepting the new minimized level of risk and, therefore, approve the site's new DITSCAP accreditation.
Read the Article
|
Support guides for the Cyberguard Firewall Appliance
The reason for this document is that there is very little out there on the internet, on training courses, product cd's, release notes or "readme" help files for Cyberguard firewall administrators to "pick up and use". Additionally, there are many occasions where there is just little information if none at all to assist (excluding paying for support) in tuning, troubleshooting and special unique guidelines. This aims to bridge the gap by providing a comprehensive guide that has been accumulated over the years of administration and to alleviate some of the frustration for Cyberguard firewall administrators. This list of various tips and notes gathered together forms an invaluable guide due to the fact that its based on years of experience; undocumented by official lines, but proven, tried and tested in our lab plus on many Cyberguard pairs under maintenance contracts.
Read the Article
|
|
|
Page: 1 2 3 4 5 6
Members currently browsing this category:
|
|
