Most major Linux distributions, SuSE ones included, feature some user interface for firewall configuration. There's nothing wrong with them but I couldn't get quite the configuration I wanted and chose to create configurations manually. The iptables man pages are really a documentation of syntactical detail of the iptables command line and don't provide guidance on composition of a firewall from a series of rules. There's a lot of scattered information about iptables that can be found using your favourite search engine but none of it quite taught me what I needed to know. In the end I figured out what I needed using a Vmware virtual machine running SuSE Linux Pro 10.0. The following is offered as documentation of simple firewall configuration using iptables. Verifying that the resultant firewall adequately secures the relevant hosts is left as an exercise for the reader.
Firewalls are used to protect your network from the outside world. Using a Linux firewall, you can do a lot more than just filtering packets. This book shows you how to implement Linux firewalls and Quality of Service using practical examples from very small to very large networks.
After giving us a background of network security, the book moves on to explain the basic technologies we will work with, namely netfilter, iproute2, NAT and l7-filter. These form the crux of building Linux firewalls and QOS. The later part of the book covers 5 real-world networks for which we design the security policies, build the firewall, setup the script, and verify our installation.
Providing only necessary theoretical background, the book takes a practical approach, presenting case studies and plenty of illustrative examples.
All ports were open to the world and practically every application had holes in it. It was like the Wild West. Eventually application security became a big deal as more serious issues were uncovered and more commerce depended upon secure platforms. Network security was next on the scene. It made sense to build a single choke point for all security needs. It was slick because it could see all the packets in transit to and from your servers, and turn off all access to anything that had a known hole in it. Those were the good times. Times have since changed.
Network routing and switching giant Cisco Systems has issued an alert for a potentially serious security flaw affecting multiple firewall products, warning that the bug could cause passwords to be changed without any user interaction.
The goal of this article is to present a few effective methods to revamp the way you work in a restricted corporation-like network. In order to achieve it we’re going to use SSH tunneling to bypass the firewall rules applied by your system administrator. We’ll start with breaking through simple restrictions and gradually pass to more and more elaborate firewalls while we move on. This article is a continuation of a previous text: SSH tricks published in our vortal last month. The spirit of this article is a little bit different, though. It targets more experienced users, especially those who have to work in computer networks with harsh security rules. To make it clear - using SSH to tunnel insecure protocols like FTP or CVS is not in the scope. Perhaps another SSH article will cover this.
Source: Light Reading - Posted by Efren J. Belizario
EU funding of 2 million Euros has been announced for a major new three-year project to develop a re-configurable photonic 'firewall on a chip'. Called WISDOM, (WIrespeed Security Domains Using Optical Monitoring), the new system will plug a major gap in the global data network security armoury - the lack of tools to implement security checks and algorithms directly at high optical data communications rates.
Computer researchers in Europe are developing a new prototype architecture for halting distributed denial-of-service (DDOS) attacks, where a barrage of traffic is directed at a Web site or server to shut it down.The Diadem Firewall deploys both hardware and software on the edge of a provider's network rather than within, said Georg Carle, chair of the computing and Internet department at the University of Tübingen in Germany.
Source: IT Business Net - Posted by Benjamin D. Thomas
"Packet-Filtering Concepts," covers the background ideas and concepts behind a packet-filtering firewall. Each built-in rule chain has its own default policy. Each rule can apply not only to an individual chain, but also to a specific network interface, message protocol type (such as TCP, UDP, or ICMP), and service port or ICMP message type number. Individual acceptance, denial, and rejection rules are defined for the INPUT chain and the OUTPUT chain, as well as for the FORWARD chain, which you'll learn about at the end of this chapter and in Chapter 6, "Packet Forwarding." The next chapter pulls those ideas together to demonstrate how to build a simple, single-system, custom-designed firewall for your site.
Ubuntu's desktop install provides a bunch of useful software for desktop users, but it doesn't install a firewall by default. Luckily, it's really simple to get a firewall up and running on Ubuntu.
Frankly, I'm glad that the default install doesn't set up a firewall. Most of my computers live behind a firewall at all times anyway, and I've always been annoyed by installers that demand I deal with firewall questions when I've already got the situation well in hand. If I want a firewall on a machine, I can set one up on my own. Since Ubuntu is, in part, aimed at corporate desktops, a firewall is unnecessary for many installations.
The idea of a common desktop firewall policy in any size organization is a very good thing. It makes responses to external or internal situations such as virus outbreaks or network-oriented propagation of viruses more predictable. In addition to providing a level of protection against port scanning, attacks or software vulnerabilities, it can provide the organizations local security team a baseline or starting point in dealing with such events. The purpose of this article is to discuss the need for a desktop firewall policy within an organization, determine how it should be formed, and provide an example of one along with the security benefits it provides an organization.
