Results 1 to 8 of 8

Thread: Firewall Discussions...

  1. #1

    Post Firewall Discussions...

    Hwody y'all,

    I'm looking to set up a small network in the home. Would like to discuss my options... After reading the tutorial by "Ennis" in the forums section... I've already read the advatanges and disadvantages of each- I'd like to see some of the AO users go into further detail about how each one works and maybe, which are better for what? Thanx a lot guys/gals...

    Packet Filter Firewalls
    Application Gateways
    Circuit Level Gateways
    Hybrid Firewalls

    I will be doing my own research on each of these and will post more later...
    -[http://www.google.com]-

    <edit>
    How do you guys/gals like my custom avatar? I made it my-self :-)
    </edit>
    When you connect to your ISP, you are potentially opening your computer to the world. There are \'naughty people\' out there who enjoy breaking into other people\'s computers. Give some thought to the security of your computer...
    http://www.AntiOnline.com/sig.php?imageid=360

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    Well I'm going for an iptables/ipchains firewall..

    You'll have to write the rules yourself, but that makes it realy YOUR firewall that has the features you like and or need..
    It even helps in the dreaded "Security thrue Obscurity" way, since you are the only one that knows what makes your firewall tick..

    If you configure it well and keep as little ports you need opened you should be safe..
    and perhaps some nice combo with a retaliating firewall (email offenders ISP's etc..)

    ow and BTW your avatar is kewl.. realy fluidy.. attractive... psychedelic even !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Packet Filters
    A packet filter rests between the internal network and the rest of the world. Clients and servers connect directly, but the packets pass through the packet filter to travel between the internal network and the outside world. When packets pass through, the packet filter compares the packets to a set of filter rules. If the configuration is set up to permit a packet, it continues its travels through the network, forwarded on to its next hop. If the configuration does not permit the packet, it is discarded. (Optionally, some firewalls will send a notice to the source of the that the packet was rejected.)

    Typically, the comparison performed by the packet filter involves the source address, the source port, the destination address, and the destination port. Filtering on source and destination addresses grants control over who may communicate with the internal network. All traffic from undesirable networks can be screened out. Ports, on the other hand, are used to distinguish network services. By filtering out a port, it is possible to deny the outside world access to a service offerend on the internal network.

    You can find this information at: http://www.burningvoid.com/iaq/

    According to the above information, the "filter" is a set of rules, much like the_jinx explained ipchains/iptabes, et cet era... Are these the same kind of firewall, just different names? and- can you you're-self change the filters rules? Any one out there run something similar? If so please post :-)
    When you connect to your ISP, you are potentially opening your computer to the world. There are \'naughty people\' out there who enjoy breaking into other people\'s computers. Give some thought to the security of your computer...
    http://www.AntiOnline.com/sig.php?imageid=360

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Packet Filter Firewalls
    Application Gateways
    Circuit Level Gateways
    Hybrid Firewalls
    Ok, I am going to explain them how I understand them:

    Packet Filter. Typically revolves strictly around source/destination with a state table to keep track of existing connections (note, routers can do this), although, it can include protocol and port. The state table is needed to keep track of whether or not the connection is being initiated or is a response to a previously sent packet (this keeps things like nmaps with a source port of 53 from being successful). These types of firewalls are typically faster but usually suffer from not understanding the application on top of the protocol (ie, it wouldn't know if someone malformed an http packet, it is at a different layer (3 comes to mind); however, I will note that this line is becoming rapidly blurred. (A Cisco router comes to mind)

    Application Gateways. Usually based on a packet filter firewall; however, it attempts to address deficiencies in the packet firewall by actually inspecting the application layer of the packet. These firewalls do understand such protocols as SMTP, HTTP, FTP, etc, and can be used to do rigorous inspection of the packets (filtering spam mail, restricting web sites, restrict FTP commands, forcing authentication to use certain protocols, etc) and can help weed out alot of malformed traffic; however, kicking the packet up to the application layer for inspection also has the effect of making application gateways slower than packet filter firewalls. (A Raptor or TIS Gauntlet come to mind).

    Circuit Level Gateways. Not really sure what this is, will have to look that one up, havent really heard this term before.

    Hybrid Firewalls. These firewalls try to have the best of both the packet filtering firewalls (speed) along with some of the benefits of the application gateway (rigourous inspection of certain protocols). They typically do not support as many application layer programs as an application gateway, but usually focus on the more popular protocols (like http, smtp, ftp) and typically do not look as much in depth at the packet as an application gateway; however, it is more than a packet filtering firewall, and because the inspection isn't as in depth, they typically are closer in performance to a packet filter firewall with some of the benefits of an application gateway (Cisco PIX and Checkpoint come to mind, although PIX is primarily packet filter based).

    If you would like more information, I wouldn't be the least bit suprised if google has tons of information.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Wow, that's great nebulus200 !

    I like the idea of the ipchains/iptables firewall, unfortunately I have to use windows xp for the host machine (I wish this was not so, but you deal with what you got). Are there any distributions of this product for WinXP? If so, where? I’d also like to see some examples of how the rules work? maybe there is a tutorial in the forums? i wouldn't know what to search for?

    Again- i thank you guys/gals for the help so far. This is great for a newbie to learn so much from others experienced in such subjects :-)
    When you connect to your ISP, you are potentially opening your computer to the world. There are \'naughty people\' out there who enjoy breaking into other people\'s computers. Give some thought to the security of your computer...
    http://www.AntiOnline.com/sig.php?imageid=360

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    There are several factors you should take into account when choosing something like this:

    How big is your network (how much traffic will the firewall have to be able to pass)?
    Are you going to have any servers reachable from internet (have to make sure it allows incoming connections)?
    How big is your budget?
    What kind of connection do you have to internet?

    I would suspect that you probably are on some kind of DSL or cable modem, in which case a simple NAT capable router/firewall combo (LinkSys and Dlink come to mind) would be more than adequate to protect you. Since you are also running a windows product, it wouldn't hurt to have a personal firewall (zonealarm and agnitum outpost come to mind). They are able to hand a good bit of traffic, are very good at protecting you from outside (my personal firewalls haven't even had one hit (of course I have no rule holes either), and are very cheap (~50$). Of course, if you are talking about a corporate network, then things start to snowball towards bigger better things.

    I am pretty sure there are tuts on ipchains/iptables in the Tutorial forum. Just search for ipchains or search for iptables.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    You're correct nebulus200: i'm running it off of dsl or cable... small network, only 3-4 computers at anytime, there will be internet services, so i will need to allow incoming traffic, although i'd like to set up some sort of way to deny those services to anyone not meeting certain requirements, such as IP address, et cet era... anyway, thank you very much for your help, appreciated very much it is!

    :-)
    When you connect to your ISP, you are potentially opening your computer to the world. There are \'naughty people\' out there who enjoy breaking into other people\'s computers. Give some thought to the security of your computer...
    http://www.AntiOnline.com/sig.php?imageid=360

  8. #8
    Junior Member
    Join Date
    May 2003
    Posts
    12

    Talking

    [As an added precaution, you might try going to Steve Gibson Research. There are a number of tiny, free programs which you can use to close unused ports, universal plug and play, and raw sockets. You will probably have to install them on every computer in your network, but they are very tiny programs and they work like a charm. In fact, I would be interested to know if they can be installed on a server and do the job from there, instead of having to be spread throughout the network. color=#ff003f][/color]
    The world is a museum and I am it\'s willing patron.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •