Re: [TCLUG:8400] newbie firewall questions...

[Amy Tebbe <atebbe@real-time.com>]

On Mon, Sep 20, 1999 at 09:08:23AM -0700, Carl Wilhelm Soderstrom (carls@agritech.com) wrote:
>         I've seen the discussions of how to do IP masquerading & IP
> forwarding. I basically understand how a firewall works; what I need to know
> is more about the specifics.
>         which ports should I filter, and how? (I know, it depends on which
> services I'm running from behind the firewall).

Start by blocking everything and then allowing in only the services
you need to.  As for how to filter, read the HOW-TOs.

>         what software do people use to monitor/configure their firewall, and
> how well do they like it?

For a linux firewall using ipchains, see the HOW-TOs.  They will explain
how to configure and monitor your firewall.  

>         A security guy I met at HPWorld said that he could break any
> firewall out there with a program called "Firewalk". he seemed to say that a
> proxy server would be much tougher, tho. what's the difference (in actual
> implementation), and what software do people like for such things?

I think the term proxy server is often used interchangeably with firewall.
It's more important to ask what type of filtering the particular
firewall/proxy software does.  There are 3 types of filtering:

1. network packet filter
ex: ipchains
2. circuit-level (session-level)
ex: SOCKS
3. application level (proxies for each application)
ex: Squid, TIS Firewall Toolkit

There are advantages/disadvantages to all of the above.  Probably the
best firewalls use combinations of all 3.  I do not have experience
with SOCKS, Squid or TIS - I've just heard of them.

I see the term proxy server most often applied to application-level
filtering.

-- 
Amy Tanner                                      Voice: 612.943.8700
Real Time Enterprises, Inc.	                  Fax: 612.943.8500
amy@real-time.com		    	   http://www.real-time.com
PGP fingerprint =  67 6C 8F DB B1 7A 8D 41  DC 7B CA 0B 28 1E 67 AD