Solved

How to get help to design firewall

Posted on 2001-07-11
20
296 Views
Last Modified: 2013-11-16
I want to design a firewall and I am now collect the document that talking about how to do this.
who can tell me where to get it !!!

sicerely yours
lovedelphi
0
Comment
Question by:lovedelphi
  • 6
  • 4
  • 3
  • +4
20 Comments
 
LVL 5

Expert Comment

by:Droby10
Comment Utility
probably the best site for firewall principles and configuration is at http://www.phoneboy.com

0
 

Author Comment

by:lovedelphi
Comment Utility
I have visite the http://www.phoneboy.com and find that there is limited thing I want. I want to know if there is a site that discuss the theory of the firewall and how to program a firewall.

thank you
lovedelphi
0
 

Author Comment

by:lovedelphi
Comment Utility
I have visite the http://www.phoneboy.com and find that there is limited thing I want. I want to know if there is a site that discuss the theory of the firewall and how to program a firewall.

thank you
lovedelphi
0
 
LVL 5

Expert Comment

by:Droby10
Comment Utility
ohhh...

probably the best you're going to do is by digging through source code for some of the unix-based firewalls.

here's a url that contains a list of various firewall sources

http://packetstormsecurity.org/UNIX/firewall/
0
 
LVL 3

Expert Comment

by:Bruce_R
Comment Utility
there's a good article here.

http://www.securityportal.com/articles/prereq20010219.html

the rest of his articles are worth reading as well.

http://www.bastille-linux.org/jay/security-articles-jjb.html


0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
For the theory of firewalls, you need to get some genuine paper book.  I usggest Checwick and Bellovin 's _Firewalls_and_Internet_Security_ and Chapman and Zwickey's _Building_Internet_Firewalls)
0
 
LVL 3

Expert Comment

by:ne0
Comment Utility
There are several Web pages that will walk you through (some what) in configuring a box running a BSD/Linux/Unix variant to act as a firewall.

The FAQS:
http://www.faqs.org/faqs/firewalls-faq/

A Book:
http://www.wiley.com/legacy/compbooks/catalog/35366-3.htm

Some Articles:
http://tha.lmann.ch/projects/BBISEC/Setting_up_a_secured_OpenBSD_Box.html
http://members.theglobe.com/pattonme/firewall_guide.html
http://www.cpio.org/obsd_firewall.html
http://www.acme.com/firewall.html
http://vintners.net/~mikel/howto/firewall.html
http://www.onlamp.com/pub/a/bsd/2000/07/05/OpenBSD.html
http://www.openlysecure.org/content/html/ch9-27.html

Some Free Firewalls (floppy):
Linux Floppy Firewall - http://www.zelow.no/floppyfw/
NetBSD Floppy Firewall - http://www.dubbele.com/

Some Free Firewalls (Partition):
Smoothwall - http://www.smoothwall.org/
http://www.sentryfirewall.com/

I personally like these two articles:
http://members.theglobe.com/pattonme/firewall_guide.html
http://www.cpio.org/obsd_firewall.html

Even though some call OpenBSD the "lazy system administator's OS", one can't argue with the fact - "OpenBSD - Four years without a remote hole in the default install!"

Plus a floppy firewall (read-only) with the Harddisk used as log storage is pretty secure.

Hope This Helps

ne0
0
 

Author Comment

by:lovedelphi
Comment Utility
Thank you for your advices and I now just want to design firewall on windows 2000 , and I want the resource about this field.

yours
lovedelphi
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
In the Win* world, you're pretty much stuck with the more expensive commercial firewalls.  Check out PGP.com's (nee NAI's) Gauntlet and Symantec's Raptor.

But be aware that you could get a much better system for less money.  Either by using the same hardware to run Linux or OpenBSD and free firewall code, or by using a firewall appliance like Netscreen, Cisco PIX, or Intrusion.com's CheckPoint based appliance.
0
 
LVL 3

Expert Comment

by:ne0
Comment Utility
I assume you mean a hardware based firewall rather than a software based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 3

Expert Comment

by:ne0
Comment Utility
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
Comment Utility
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
Comment Utility
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
Comment Utility
Sorry about those, looks like EE had a little downtown and it queued up.
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
ditto ne0, go w/ H/W.  For Win2K consider following Microsoft lead (sample):

Microsoft Internet Security and Acceleration Server 2000 (ISA) Technical Overview
http://www.microsoft.com/TechNet/isa/isatecov.asp

"By default, no traffic can pass through the ISA Server. The packet-filtering feature of ISA Server allows the administrator to control the flow of IP packets to and from ISA Server. When packet filtering is enabled, all packets on the external interface are dropped unless they are explicitly allowed?either statically by IP packet filters or dynamically by access policy or publishing rules. "
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
0
 
LVL 4

Accepted Solution

by:
anzen earned 200 total points
Comment Utility
I saw an article about win2k packet filtering interface on Windows Developers Journal some time ago, maybe You could do a quick search on WDJ site to find the article and to download the related code, it could be a good starting point.

To continue You could examine the APIs used to implement the filters and take a look at them through MSDN on line

0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
Given MS's track record on high security coding, I woulnd't use MS ISA if you paid me.  It remains one of three firewalls on the market which have had exploitable vulnerabilities crop up in them.  This is the kiss of death for a security device.
0
 
LVL 4

Expert Comment

by:anzen
Comment Utility

Just to be complete:

The WDJ issue is October 2000 (Vol 11, Nr 10)
and as for all others WDJ articles the full
code for a simple packet filter is available
for download

I used it to create a simple "fw" based on a text
file describing filtering rules, btw there's more
to do (like logging etc..) but imho it's a really
good starting point
0
 

Author Comment

by:lovedelphi
Comment Utility
thank you anzen
lovedelphi
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now