LINUX TIPS AND TRICKS --- November 17, 2000

Published by ITworld.com, the IT problem-solving network
http://www.itworld.com/newsletters

--------------------------------------------------------------------------------

Introducing Firewalls
By Danny Kalev

Introducing Firewalls

In essence, a firewall is a device that blocks external users from 
accessing your network. Typically, a firewall is a router -- a 
standalone computer running special filtering software -- or a 
proprietary device running such software ("firewall in a box"). A 
firewall can provide a single access point, or a choke point, to a 
site. Connection requests first arrive at the choke point. Only 
requests from authorized hosts are processed; other requests are 
discarded. 

Modern firewalls perform additional tasks. For example, they can 
disable certain protocols and content type. Just as you can disable 
your Web browser's Java and JavaScript support, a firewall can screen 
incoming content and disable Java applets, JavaScript code, cookies, 
etc.... In fact, firewalls are more capable than that -- they allow you 
to define rules to thwart attacks by specifying their signatures. We 
will get to this shortly. Another common task that firewalls perform is 
packet filtering and analysis. Because firewalls recognize many 
protocols, they can read incoming packets' content and apply certain 
restrictions and security measures to block malicious or illicit 
content. Finally, firewalls support encryption and authentication 
services. This enables them to verify users' identity and protect data 
from eavesdropping.

Attack Signatures
Usually, hostile attacks have typical commands, ports and flags 
associated with them. Consider the day and daytime denial-of-service 
attacks. The day and daytime protocols run on ports 13 and 37 
respectively. Linux 2.0.x crashes when attackers stealthily scan these 
ports via half-open connections that don't resolve to live sessions. 
Upgrading the kernel is the recommended remedy; however, if this is not 
an option, you can still use the firewall's ability to disable 
suspicious users from accessing these ports.

Firewall Types
Using a router as a firewall has two major advantages. First, it's 
platform neutral. Therefore, attackers can't exploit certain OS 
vulnerabilities. Second, since all the incoming network traffic must 
pass through the router anyway, it's an ideal location for blocking 
unwanted content and users from accessing a site. However, router-based 
firewalls have their drawbacks, too. Applying rigorous filtering 
policies can degrade routers' performance significantly. Furthermore, 
many routers aren't immune to spoofing attacks.  An application-proxy 
firewall, or application gateway, is another type of a firewall. 
Instead of running on a router, it operates on a computer. It replaces 
the connection between external users and a local network, accepts the 
original IP packets and substitutes them with corresponding data. In 
other words, it serves as a conduit and interpreter between external        
users and the local network.


About the author(s)
----------------
Danny Kalev is a system analyst and software engineer with more than 10 
years of experience, specializing in C++ and object-oriented analysis 
and design on various platforms including VMS, DOS, Windows, Unix, and 
Linux. His technical interests involve code optimization, networking, 
and distributed computing. He is also a member of the ANSI C++ 
standardization committee and the author of ANSI/ISO C++ Professional 
Programmer's Handbook (Que, 1999). Contact him at linuxnl@excite.com. 

--------------------------------------------------------------------------------

ADDITIONAL RESOURCES

Installing a firewall, Part 1 
Get the details of a secure Trustix 1.1 installation

http://www.itworld.com/jlw/lintps_nl/lw-2000-10/lw-10-fwinstall1.html

Installing a firewall, Part 2 
Tips for configuring secure, lean mail and network services

http://www.itworld.com/jlw/lintps_nl/lw-2000-10/lw-10-fwinstall2.html

Installing a firewall, Part 3 
The authors tweak Trustix to create a secure firewall and server

http://www.itworld.com/jlw/lintps_nl/lw-2000-10/lw-10-fwinstall3.html

--------------------------------------------------------------------------------

COMMUNITY DISCUSSIONS

Hone your Linux development skills, share your expertise, and put out 
the occasional call for help in this discussion for programmers of all 
levels.

http://www.itworld.com/jump/lintps_nl/forums.itworld.com/
webx?14@@.ee6b652/187!skip=120

Linux is making its presence felt on the desktop, but is it stable and 
polished enough for prime time? Talk distributions, window managers, 
themes, and desktop politics here.

http://www.itworld.com/jump/lintps_nl/forums.itworld.com/
webx?14@@.ee6b663/278!skip=21

--------------------------------------------------------------------------------

CONTACTS

* For editorial comments, write Andrew Santosusso, Associate Editor, 
  Newsletters at: andrew_santosusso@itworld.com

* For advertising information, write Dan Chupka, Account Executive at:
  dan_chupka@itworld.com

* For recruitment advertising information, write Jamie Swartz, Eastern
  Regional Sales Manager at: jamie_swartz@itworld.com or Paul Duthie,
  Western Regional Sales Manager at: paul_duthie@itworld.com

* For all other inquiries, write Jodie Naze, Product Manager, 
  Newsletters at: jodie_naze@itworld.com

--------------------------------------------------------------------------------

PRIVACY POLICY
http://www2.itworld.com/CDA/ITW_Privacy_Policy 

Copyright 2000 ITworld.com, Inc., All Rights Reserved.

http://www.itworld.com
