Definition of Firewalls
What is a firewall?
A firewall is piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction. It has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust).
|
|
Firewalls
|
|
Migrating Services Between Firewall Technologies
This paper describes the considerations that are essential to address when a corporate firewall infrastructure is replaced with new technology. The focus is on a business environment where services pass through high availability firewalls and any loss of service can immediately result in significant financial loss or worse. This paper has deliberately been written independent of specific firewall products. This is not a step-by-step guide. It is an aid to assist firewall administrators with project management issues and technical issues that could result in unplanned outages.
Read the Article
|
Build your own firewall using SuSE Linux: A mechanics guide.
Let's assume for today we need a low cost yet highly functional router and firewall combination for a small office or medium sized business that offers Internet services such as email to its small network of employees and web services such as a web server serving web pages to its customers. The following paper describes the different tools that can be used in setting up an appropriate router and firewall combination using Linux that offers the necessary functionality and security to its users as well as the means to monitor it by an administrator. What follows is not a how-to but an outline to take "reasonable care" following due diligence in providing network security in an environment that requires it.
Read the Article
|
Case Study: Deploying and Configuring a Netscreen 100 Firewall Appliance to Secure the Network
Firewall implementation and deployments are done many times without much consideration or planning. Upper management in many organizations do not know what their firewall policies are, the type of firewall it is, or the configuration of the firewall. Often companies believe that firewalls are the magical silver bullet for their organization. It takes a lot to configure a firewall properly and to maintain it securely.
Read the Article
|
Using ISA Server Logs to Interpret Network Traffic
Firewalls are necessary for a defense-in-depth strategy. Microsoft entered the firewall market with Internet Security and Acceleration Server (ISA Server). ISA Server was a follow-on release of Microsoft Proxy Server and part of the .Net Family. As with most Microsoft products, logging capabilities are included. ISA Server contains detailed security and access logs. You can install ISA Server in three different modes: firewall mode, web caching mode, or integrated mode. In firewall mode, you can secure communication between an internal network and the Internet using rules. You can publish internal servers so that their services are available to Internet users. In web caching mode, you can decrease network bandwidth with ISA Server storing commonly accessed objects locally. You can route web requests from the Internet to an internal Web Server. In integrated mode, all of these features are available.
Read the Article
|
Configuring a NetScreen Firewall: Best practice guideline for the basic setup of a NetScreen firewall
Firewalls are generally accepted as the best defense for network security. This paper will detail how to setup a NetScreen firewall using the command line configuration options. It will demonstrate how to setup the trusted and untrusted ports, management IP address, SNMP, DNS and some critical security policies. The report will also show how to configure the syslog reporting, administrator email alerts, and the DHCP server.
Read the Article
|
A Review Of Floppy-Based Firewalls And Their Security Considerations
This paper is for the user that is evaluating inexpensive perimeter firewall solutions. Several distributions of miniature Linux systems are available for repurposing old computers into valuable firewalls and routers. There are many advantages in selecting one of these distributions for your firewall project, and this paper discusses the features and security implications amongst three of the more popular choices available. After reading this paper, the user will have a better understanding of floppy disk-based firewalls and some of the technologies they employ.
Read the Article
|
Building an IPv6 Firewall with OpenBSD
This paper is intended to be a how-to for IPv6 firewalls running on OpenBSD 3.0. It will cover the basics of installing OpenBSD, setting up a tunnel to the 6Bone, and configuring the Packet Filter firewall included with OpenBSD. This paper will not cover IPv6 firewalls as they apply to mobile IP, but only to hard-wired LANs. The OpenBSD installation will be performed via FTP. It is presumed that the user will have at least some familiarity with IPv4. Familiarity with IPv4 firewalls will also be helpful. I have decided upon OpenBSD 3.0 for two reasons. First is its security track record. Second is the new Packet Filter firewall included with 3.0. Out of all the open source firewalls I have used, it is my opinion that Packet Filter has the best support for IPv6.
Read the Article
|
CBAC - Cisco IOS Firewall Feature Set foundations
With the commercial firewall market dominated by expensive firewall products such as those from Checkpoint, Nokia and Cisco (PIX Firewall), many smaller organizations rely on packet filtering technologies and Access-Control Lists (ACLs) on perimeter routers to provide basic firewall features or perimeter defenses. Since IOS 11.2(P), Cisco has enhanced the ability of its perimeter routers to perform a basic firewall function with the introduction of the Cisco IOS Firewall feature set. Although not suitable for all situations the Firewall feature set is a substantial improvement over ACL based filters.
Read the Article
|
A Layer-7 Secure Security Posture
I find it interesting how guiding principles don't survive across IT disciplines. Take, for example, the concept of a security stance - your site's attitude toward security. The two fundamental postures are the secure, "default deny" and the reactive, "default permit" stances. In the "default deny" stance, you specify only what you allow and deny the rest, wherein with the "default permit" stance, the opposite is true; you specify only what you prohibit and allow the rest. The shortcoming of the default permit stance, of course, is that you must know what you need to deny prior to the exposure. This paper intends on applying the lessons learned from the lower levels of the OSI model to the upper layers.
Read the Article
|
Active Net Steward - Distributed Firewall
Recent studies have proven just how incorrect that assumption is. A Digital Research, Inc. reported, "Authorized users are by far a company's biggest security threat." (3) A study by the FBI and CSI showed 44% of respondents "reported unauthorized access by employees."(3) The report that opens the most eyes is a 1996 study by American Society for Industrial Security that reports, "A massive 75 per cent of all computer break-ins occurred internally."(4) Whether this access was malicious or simple curiosity is irrelevant, this access was possible because it was not stopped by traditional methods: firewalls and IDS. The question then becomes, how do I deal with the implied trust afforded to users who are inside of the firewall, either physically or electronically (via VPN or dialup)?
Read the Article
|
|
|
Page: 1 2 3 4 5 6
Members currently browsing this category:
|
|
