Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Re: Firewall-Wizards Digest V1 #316

Re: Firewall-Wizards Digest V1 #316

Campi, Nathan P. (jak0npcjak10.med.navy.mil)
Tue, 15 Jun 1999 16:58:22 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Stephen P. Berry: "Re: Firewall RISKS"
Previous message: Rama Kant: "Re: Forrester Research foresees death of firewalls"
In reply to: SMITH, Michael Ottawa: "Forrester Research foresees death of firewalls"

David,
According to Paul "Rusty" Russell (sorry Rusty if I don't get the quote
quite right) there are two types of people when it comes to security:
Those who have 5 minutes to devote to it, and those who use packet
filters, network based intrusion detection, host based intrusion
detection, cryptographic integrity checking, application level proxies,
and kernel hacks to secure their boxes (that was his point, at least).
Hence "Rusty's Three-Line Guide To Masquerading".
see http://www.rustcorp.com/linux/ipchains/HOWTO-3.html#ss3.1 for
Rusty's 3 line guide

If you just want to set up the firewall, like you said in your post, you
get a linux gateway box with packet filtering enabled and use the Mason
tool to automatically set up your firewall filtering rules. You now have
a firewall. Whether or not you are done is up to you.

If you want to understand the firewall, and get some satisfaction from
designing and building your own from the ground up you need to see the
books that Mr. Chuck Yerkes mentioned below, and start researching on
the net.
Many of the pioneers in the field (Ranum, Bellovin, Cheswick, etc.)
posted their white papers and tutorials on the net. I've been trying to
gather as many of these together as I can, in order to help me with my
research, but I'd be glad to share my work with you.
Check it out at
http://www.geocities.com/Heartland/Plains/4805/links.html

I haven't been at it too long, and the list just keeps getting bigger
and bigger.
I think that it will be a good starting place for you, and tell me if
you find anything you want me to add.

Original message:
> Date: Sat, 5 Jun 1999 01:14:13 -0400
> From: "Carric Dooley" <carriccom2usa.com>
> Subject: Re: Configuring a firewall under Unix
>
> One could always read the "firewall-howto" for linux or the "pchains-howto".
> Also, check out:
>
> www.trinux.org
>
> Lots of goodies (not to mention free firewalls) to be had in the tools
> section.
>
> - -----Original Message-----
> From: chuck yerkes <fwwizyerkes.com>
> To: David Rainville <lrainvilleyahoo.com>; firewall-wizardsnfr.net
> <firewall-wizardsnfr.net>
> Date: Friday, June 04, 1999 3:16 PM
> Subject: Re: Configuring a firewall under Unix
>
> >There are some firewall books - OReilly's has a practical one, and
> >Cheswick and Bellovin have the more theoretical one. The latter was
> >THE documentation of good principles.
> >
> >Steven's and Comer's (pick one set) TCP/IP books are good to know.
> >Design and Implemenation of 44BSD is an interesting read.
> >
> >There are lists. Greatcircle has the large one, hit their majordomo
> >server for it.
> >
> >You can put a toolkit in, you can setup ipfilter. Now you have proxies
> >and filtering on an unsecure machine.
> >
> >I've said it before. To build and run a secure firewall you need
> >to know the operating system really, really well. In your case,
> >FreeBSD (me? I lean towards Openbsd). But either way, you have
> >to know the system and Unix really thoroughly. Can I emphasize it
> >more? I'd expect my admins to be able to rewrite all the rc files
> >from memory (or come close).
> >
> >It's easy to build a box that sort of looks like a firewall, but WHOA!
> >there's a big ass hole because you don't know that rpcs were still
> >running and your rpc server proxies for you (how nice). What's an
> >RPC? Go buy a vendors firewall.
> >
> >Wanna learn? Well, you'll make mistakes. Don't bet the farm on what
> >you build for the first couple years. Once you really know what you're
> >doing, say after a year or so, then you are at the beginning.
> >
> >chuck
> >
> >Quoting David Rainville (lrainvilleyahoo.com):
> >>
> >> Hi everyone!
> >>
> >> I'm sure glad to be registered to this mailing list! Everyone is very
> >> clever! I just started the unix World a few months ago and decided to
> >> put my FreeBSD box on the internet. But before doing this, I decided to
> >> protect myself against the outside malicious world so I decided to
> >> install a firewall. My question is .. is there someone or a doc file
> >> which explains how to configure from a to z a firewall including the
> >> program installation? Any config example is welcome.. linux or
> >> freebsd.. I have two boxes..
> >>
> >> Thank you in advance!
> >>
> >> David Rainville
> >> lrainvilleyahoo.com
> >> _________________________________________________________
> >> Do You Yahoo!?
> >
> >No, in fact I don't.
> >
>

Nate Campi
npcampi at jak10.med.navy.mil

Next message: Stephen P. Berry: "Re: Firewall RISKS"
Previous message: Rama Kant: "Re: Forrester Research foresees death of firewalls"
In reply to: SMITH, Michael Ottawa: "Forrester Research foresees death of firewalls"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:00 CDT