Solved

How to get help to design firewall

Posted on 2001-07-11
20
302 Views
Last Modified: 2013-11-16
I want to design a firewall and I am now collect the document that talking about how to do this.
who can tell me where to get it !!!

sicerely yours
lovedelphi
0
Comment
Question by:lovedelphi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +4
20 Comments
 
LVL 5

Expert Comment

by:Droby10
ID: 6272882
probably the best site for firewall principles and configuration is at http://www.phoneboy.com

0
 

Author Comment

by:lovedelphi
ID: 6275672
I have visite the http://www.phoneboy.com and find that there is limited thing I want. I want to know if there is a site that discuss the theory of the firewall and how to program a firewall.

thank you
lovedelphi
0
 

Author Comment

by:lovedelphi
ID: 6275740
I have visite the http://www.phoneboy.com and find that there is limited thing I want. I want to know if there is a site that discuss the theory of the firewall and how to program a firewall.

thank you
lovedelphi
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 5

Expert Comment

by:Droby10
ID: 6276559
ohhh...

probably the best you're going to do is by digging through source code for some of the unix-based firewalls.

here's a url that contains a list of various firewall sources

http://packetstormsecurity.org/UNIX/firewall/
0
 
LVL 3

Expert Comment

by:Bruce_R
ID: 6277828
there's a good article here.

http://www.securityportal.com/articles/prereq20010219.html

the rest of his articles are worth reading as well.

http://www.bastille-linux.org/jay/security-articles-jjb.html


0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6277979
For the theory of firewalls, you need to get some genuine paper book.  I usggest Checwick and Bellovin 's _Firewalls_and_Internet_Security_ and Chapman and Zwickey's _Building_Internet_Firewalls)
0
 
LVL 3

Expert Comment

by:ne0
ID: 6278909
There are several Web pages that will walk you through (some what) in configuring a box running a BSD/Linux/Unix variant to act as a firewall.

The FAQS:
http://www.faqs.org/faqs/firewalls-faq/

A Book:
http://www.wiley.com/legacy/compbooks/catalog/35366-3.htm

Some Articles:
http://tha.lmann.ch/projects/BBISEC/Setting_up_a_secured_OpenBSD_Box.html
http://members.theglobe.com/pattonme/firewall_guide.html
http://www.cpio.org/obsd_firewall.html
http://www.acme.com/firewall.html
http://vintners.net/~mikel/howto/firewall.html
http://www.onlamp.com/pub/a/bsd/2000/07/05/OpenBSD.html
http://www.openlysecure.org/content/html/ch9-27.html

Some Free Firewalls (floppy):
Linux Floppy Firewall - http://www.zelow.no/floppyfw/
NetBSD Floppy Firewall - http://www.dubbele.com/

Some Free Firewalls (Partition):
Smoothwall - http://www.smoothwall.org/
http://www.sentryfirewall.com/

I personally like these two articles:
http://members.theglobe.com/pattonme/firewall_guide.html
http://www.cpio.org/obsd_firewall.html

Even though some call OpenBSD the "lazy system administator's OS", one can't argue with the fact - "OpenBSD - Four years without a remote hole in the default install!"

Plus a floppy firewall (read-only) with the Harddisk used as log storage is pretty secure.

Hope This Helps

ne0
0
 

Author Comment

by:lovedelphi
ID: 6279329
Thank you for your advices and I now just want to design firewall on windows 2000 , and I want the resource about this field.

yours
lovedelphi
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6280401
In the Win* world, you're pretty much stuck with the more expensive commercial firewalls.  Check out PGP.com's (nee NAI's) Gauntlet and Symantec's Raptor.

But be aware that you could get a much better system for less money.  Either by using the same hardware to run Linux or OpenBSD and free firewall code, or by using a firewall appliance like Netscreen, Cisco PIX, or Intrusion.com's CheckPoint based appliance.
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281378
I assume you mean a hardware based firewall rather than a software based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281396
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281413
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281418
It sounds like you want a software based firewall rather than a hardware based one.

chris_calabrese is right on the money...

I wouldn't want to run a software firewall on the environment you stated. That would essentially still be allowing everyone to your server which is not good considering the vulnerabilities of the OS in question. Not to mention that Win OSes leave different fingerprints than Nix OSes. So If a vulnerability came out about the software firewall then you would still be in trouble.

Also don't forget the memory usage of the software based firewalls. Gauntlet I believe is TSR (Unsure though). None-the-less that would be one more program in memory that would be using the same system resources as the other application on that server... Example: IIS/Firewall on the same box.... SQL/Firewall.... eeeiiisshh

You would get a better product if you wnet with a BSD/Nix firewall or an appliance. At least then if someone is poking around in your system they will only get to you firewall, not your firewall/application server.

Hope This Helps

ne0
0
 
LVL 3

Expert Comment

by:ne0
ID: 6281420
Sorry about those, looks like EE had a little downtown and it queued up.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6286750
ditto ne0, go w/ H/W.  For Win2K consider following Microsoft lead (sample):

Microsoft Internet Security and Acceleration Server 2000 (ISA) Technical Overview
http://www.microsoft.com/TechNet/isa/isatecov.asp

"By default, no traffic can pass through the ISA Server. The packet-filtering feature of ISA Server allows the administrator to control the flow of IP packets to and from ISA Server. When packet filtering is enabled, all packets on the external interface are dropped unless they are explicitly allowed?either statically by IP packet filters or dynamically by access policy or publishing rules. "
0
 
LVL 4

Accepted Solution

by:
anzen earned 200 total points
ID: 6457281
I saw an article about win2k packet filtering interface on Windows Developers Journal some time ago, maybe You could do a quick search on WDJ site to find the article and to download the related code, it could be a good starting point.

To continue You could examine the APIs used to implement the filters and take a look at them through MSDN on line

0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6457345
Given MS's track record on high security coding, I woulnd't use MS ISA if you paid me.  It remains one of three firewalls on the market which have had exploitable vulnerabilities crop up in them.  This is the kiss of death for a security device.
0
 
LVL 4

Expert Comment

by:anzen
ID: 6459747

Just to be complete:

The WDJ issue is October 2000 (Vol 11, Nr 10)
and as for all others WDJ articles the full
code for a simple packet filter is available
for download

I used it to create a simple "fw" based on a text
file describing filtering rules, btw there's more
to do (like logging etc..) but imho it's a really
good starting point
0
 

Author Comment

by:lovedelphi
ID: 6478394
thank you anzen
lovedelphi
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question