Kurt Seifried, [email protected]
A complete overview of firewalls from placement to what to block and common configuration errors.
Firewalls - it's time to evolve or die
I come not to praise firewalls but to tear them apart and expose their soft underbelly. However a disclaimer first: even though there are many problems with firewalls and they are far from perfect you are probably better of leaving them in, they are better than nothing most of the time. In some cases they are about the only major line of defense for many networks (more on this particular issue later) so please do not remove your firewall without some serious thought. I hope I am being clear enough, if you still think I am advocating the removal of firewalls stop reading now and please do not email me.
There was a time (believe it or not) when firewalls were a pretty new concept, and many people thought that only the government, military and other paranoid organizations would ever use them. However the Internet expanded at a furious rate and all sorts of people become connected, many of whom have hostile intentions. Add to this the sheer number of network services on most networks now (file and print sharing, user authentication, interactive services, email, web, etc.) and there are plenty of network services to be exploited and abused. There are two primary types of firewall currently in use, network and application. Firewalls are good at many things, and also very poor at others.
NIST Guide to firewall selection and policy reccomendations (offsite. PDF)
This is an excellent document, 67 pages in length. I highly reccomend reading it.
Last updated 23/10/2001
Copyright Kurt Seifried 2001