Solved

How to get help to design firewall

Posted on 2001-07-11
20
297 Views
Last Modified: 2013-11-16
I want to design a firewall and I am now collect the document that talking about how to do this.
who can tell me where to get it !!!

sicerely yours
lovedelphi
0
Comment
Question by:lovedelphi
  • 6
  • 4
  • 3
  • +4
20 Comments
 
LVL 5

Expert Comment

by:Droby10
ID: 6272882
probably the best site for firewall principles and configuration is at http://www.phoneboy.com

0
 

Author Comment

by:lovedelphi
ID: 6275672
I have visite the http://www.phoneboy.com and find that there is limited thing I want. I want to know if there is a site that discuss the theory of the firewall and how to program a firewall.

thank you
lovedelphi
0
 

Author Comment

by:lovedelphi
ID: 6275740
I have visite the http://www.phoneboy.com and find that there is limited thing I want. I want to know if there is a site that discuss the theory of the firewall and how to program a firewall.

thank you
lovedelphi
0
 
LVL 5

Expert Comment

by:Droby10
ID: 6276559
ohhh...

probably the best you're going to do is by digging through source code for some of the unix-based firewalls.

here's a url that contains a list of various firewall sources

http://packetstormsecurity.org/UNIX/firewall/
0
 
LVL 3

Expert Comment

by:Bruce_R
ID: 6277828
there's a good article here.

http://www.securityportal.com/articles/prereq20010219.html

the rest of his articles are worth reading as well.

http://www.bastille-linux.org/jay/security-articles-jjb.html


0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6277979
For the theory of firewalls, you need to get some genuine paper book.  I usggest Checwick and Bellovin 's _Firewalls_and_Internet_Security_ and Chapman and Zwickey's _Building_Internet_Firewalls)
0
 
LVL 3

Expert Comment

by:ne0
ID: 6278909
There are several Web pages that will walk you through (some what) in configuring a box running a BSD/Linux/Unix variant to act as a firewall.

The FAQS:
http://www.faqs.org/faqs/firewalls-faq/

A Book:
http://www.wiley.com/legacy/compbooks/catalog/35366-3.htm

Some Articles:
http://tha.lmann.ch/projects/BBISEC/Setting_up_a_secured_OpenBSD_Box.html
http://members.theglobe.com/pattonme/firewall_guide.html
http://www.cpio.org/obsd_firewall.html
http://www.acme.com/firewall.html
http://vintners.net/~mikel/howto/firewall.html
http://www.onlamp.com/pub/a/bsd/2000/07/05/OpenBSD.html
http://www.openlysecure.org/content/html/ch9-27.html

Some Free Firewalls (floppy):
Linux Floppy Firewall - http://www.zelow.no/floppyfw/
NetBSD Floppy Firewall - http://www.dubbele.com/

Some Free Firewalls (Partition):
Smoothwall - http://www.smoothwall.org/
http://www.sentryfirewall.com/

I personally like these two articles:
http://members.theglobe.com/pattonme/firewall_guide.html
http://www.cpio.org/obsd_firewall.html

Even though some call OpenBSD the "lazy system administator's OS", one can't argue with the fact - "OpenBSD - Four years without a remote hole in the default install!"

Plus a floppy firewall (read-only) with the Harddisk used as log storage is pretty secure.

Hope This Helps

ne0
0
 

Author Comment

by:lovedelphi
ID: 6279329
Thank you for your advices and I now just want to design firewall on windows 2000 , and I want the resource about this field.

yours
lovedelphi
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6280401
In the Win* world, you're pretty much stuck with the more expensive commercial firewalls.  Check out PGP.com's (nee NAI's) Gauntlet and Symantec's Raptor.

But be aware that you could get a much better system for less money.  Either by using the same hardware to run Linux or OpenBSD and free firewall code, or by using a firewall appliance like Netscreen, Cisco PIX, or Intrusion.com's CheckPoint based appliance.
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281378
I assume you mean a hardware based firewall rather than a software based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 3

Expert Comment

by:ne0
ID: 6281396
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281413
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281418
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281420
Sorry about those, looks like EE had a little downtown and it queued up.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6286750
ditto ne0, go w/ H/W.  For Win2K consider following Microsoft lead (sample):

Microsoft Internet Security and Acceleration Server 2000 (ISA) Technical Overview
http://www.microsoft.com/TechNet/isa/isatecov.asp

"By default, no traffic can pass through the ISA Server. The packet-filtering feature of ISA Server allows the administrator to control the flow of IP packets to and from ISA Server. When packet filtering is enabled, all packets on the external interface are dropped unless they are explicitly allowed?either statically by IP packet filters or dynamically by access policy or publishing rules. "
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6286777
0
 
LVL 4

Accepted Solution

by:
anzen earned 200 total points
ID: 6457281
I saw an article about win2k packet filtering interface on Windows Developers Journal some time ago, maybe You could do a quick search on WDJ site to find the article and to download the related code, it could be a good starting point.

To continue You could examine the APIs used to implement the filters and take a look at them through MSDN on line

0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6457345
Given MS's track record on high security coding, I woulnd't use MS ISA if you paid me.  It remains one of three firewalls on the market which have had exploitable vulnerabilities crop up in them.  This is the kiss of death for a security device.
0
 
LVL 4

Expert Comment

by:anzen
ID: 6459747

Just to be complete:

The WDJ issue is October 2000 (Vol 11, Nr 10)
and as for all others WDJ articles the full
code for a simple packet filter is available
for download

I used it to create a simple "fw" based on a text
file describing filtering rules, btw there's more
to do (like logging etc..) but imho it's a really
good starting point
0
 

Author Comment

by:lovedelphi
ID: 6478394
thank you anzen
lovedelphi
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now