Firewalls

Dr Lawrie Brown

School of Computer Science,
University College, UNSW,
Australian Defence Force Academy
Canberra

Lawrie.Brown@adfa.edu.au

Abstract

The Internet continues to grow exponentially, and the information and people contactable on it becomes more indespensible. Organisations are finding increasing pressure to connect in order to fulfil their goals. However there are persistent security concerns with an Internet connection. This workshop will summarise the threats to be considered, and the possible countermesures. In particular we will discuss the use of firewalls to provide perimeter defence around private networks, by providing a single controlled and monitored point of connection. We will discuss several practical firewall configurations: a screening router, a single bastion host, and a double host scheme. These provide a range of tradeoffs between ease of design and maintenance, access to service and security. Some guides to building these alternatives will be provided.

Contents

  • Introduction
  • Threats
  • Malicious Humans
  • Malicious Software
  • Countermeasures
  • Internet
  • Internet Services
  • Firewalls
  • Why a Firewall
  • Is a Firewall Enough?
  • Host Security
  • Some Resources - References
  • Some Resources - Sources
  • Security Policies
  • Possible Services
  • Firewall Components
  • Some Practical Firewalls
  • Screening Router
  • Security Policy and Access
  • Router Configuration
  • Sample Router Configuration 1
  • Sample Router Configuration 2
  • Remote Login (In)Security
  • OPIE - One-time Passwords
  • OPIE in use
  • Single Bastion Host
  • Security Policy and Access
  • System Configuration
  • Domain Name Service
  • IP Addreses and Routing
  • Applications
  • SOCKS
  • SOCKS - Installation
  • SOCKS - Configuration
  • TIS Firewall Toolkit
  • Mail
  • News
  • External Remote Login
  • External FTP or Web Server
  • Other Applications
  • inetd.conf
  • TIS - Configuration
  • TIS - Configuration
  • TIS - Configuration
  • Logging - syslogd
  • Double Bastion Host
  • Security Policy and Access
  • External Gateway and Router
  • Internal Router
  • Domain Name Service
  • IP Addreses and Routing
  • Internal Gateway - Applications
  • TIS Firewall Toolkit
  • Mail
  • News
  • Administration
  • Log Analysis and Anomalous Event Detection
  • Packet Sniffing
  • Summary
    • Copyright © 1995 Lawrie Brown