TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:8400] newbie firewall questions...
On Mon, Sep 20, 1999 at 09:08:23AM -0700, Carl Wilhelm Soderstrom (carls@agritech.com) wrote:
> I've seen the discussions of how to do IP masquerading & IP
> forwarding. I basically understand how a firewall works; what I need to know
> is more about the specifics.
> which ports should I filter, and how? (I know, it depends on which
> services I'm running from behind the firewall).
Start by blocking everything and then allowing in only the services
you need to. As for how to filter, read the HOW-TOs.
> what software do people use to monitor/configure their firewall, and
> how well do they like it?
For a linux firewall using ipchains, see the HOW-TOs. They will explain
how to configure and monitor your firewall.
> A security guy I met at HPWorld said that he could break any
> firewall out there with a program called "Firewalk". he seemed to say that a
> proxy server would be much tougher, tho. what's the difference (in actual
> implementation), and what software do people like for such things?
I think the term proxy server is often used interchangeably with firewall.
It's more important to ask what type of filtering the particular
firewall/proxy software does. There are 3 types of filtering:
1. network packet filter
ex: ipchains
2. circuit-level (session-level)
ex: SOCKS
3. application level (proxies for each application)
ex: Squid, TIS Firewall Toolkit
There are advantages/disadvantages to all of the above. Probably the
best firewalls use combinations of all 3. I do not have experience
with SOCKS, Squid or TIS - I've just heard of them.
I see the term proxy server most often applied to application-level
filtering.
--
Amy Tanner Voice: 612.943.8700
Real Time Enterprises, Inc. Fax: 612.943.8500
amy@real-time.com http://www.real-time.com
PGP fingerprint = 67 6C 8F DB B1 7A 8D 41 DC 7B CA 0B 28 1E 67 AD