Firewalls FAQ
Frequently Asked Questions about Internet Firewalls.
This FAQ about Internet Firewalls was compiled and written by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.
02 For Whom Is the FAQ Written? (Firewalls FAQ)- Firewalls have come a long way from the days when this FAQ started....
- 03 Before Sending Mail (Firewalls FAQ)
- Note that this collection of frequently-asked questions is a result ...
- 04 Where Can I find the Current Version of the FAQ? (Firewalls FAQ)
- The FAQ can be found on the Web ...
- 05 Where Can I Find Non-English Versions of the FAQ? (Firewalls FAQ)
- Several translations are available. (If you've done a translation and it'...
- 06 Contributors (Firewalls FAQ)
- Many people have written helpful suggestions and thoughtful commentary....
- 07 Copyright and Usage (Firewalls FAQ)
- Copyright ©1995-1996, 1998 Marcus J. Ranum. Copyright ©1998-2000 ...
- 08 What is a network firewall?
- A firewall is a system or group of systems that enforces an access ...
- 09 Why would I want a firewall?
- The Internet, like any other society, is plagued with the kind of ...
- 10 What can a firewall protect against?
- Some firewalls permit only email traffic through them, thereby ...
- 11 What can't a firewall protect against?
- Firewalls can't protect against attacks that don't go through ...
- 12 What about viruses? (Firewalls)
- Firewalls can't protect very well against things like viruses. There ...
- 13 Will IPSEC make firewalls obsolete?
- Some have argued that this is the case. Before pronouncing such a ...
- 16 What are some of the basic design decisions in a firewall?
- There are a number of basic design issues that should be addressed by ...
- 17 What are the basic types of firewalls?
- Conceptually, there are two types of firewalls:...
- 18 Network layer firewalls
- These generally make their decisions based on the source, ...
- 19 Application layer firewalls
- These generally are hosts running proxy servers, which permit no ...
- 20 What are proxy servers and how do they work?
- A proxy server (sometimes referred to as an application gateway ...
- 21 What are some cheap packet screening tools?
- The Texas AMU security tools include software for implementing ...
- 22 What are some reasonable filtering rules for a kernel-based packet screen?
- This example is written specifically for ipfwadm on Linux, but ...
- 23 Implementation (filtering rules for a kernel-based packet screen)
- Here, our organization is using a private (RFC 1918) Class C ...
- 24 Explanation (filtering rules for a kernel-based packet screen)
- * Line one flushes (-f) all forwarding (-F) rules....
- 25 What are some reasonable filtering rules for a Cisco?
- The example in figure 4 shows one possible configuration for using ...
- 26 Implementation (filtering rules for a Cisco)
- * Allow all outgoing TCP-...
- 27 Explanations (filtering rules for a Cisco)
- * Drop all source-routed packets. Source routing can be used for ...
- 28 Shortcomings (filtering rules for a Cisco)
- * You cannot enforce strong access policies with router access lists....
- 29 What are the critical resources in a firewall?
- It's important to understand the critical resources of your ...
- 30 What is a DMZ, and why do I want one?
- ``DMZ'' is an abbreviation for ``demilitarized zone''. In the context ...
- 31 How might I increase the security and scalability of my DMZ?
- A common approach for an attacker is to break into a host that'...
- 32 What is a `single point of failure', and how do I avoid having one?
- An architecture whose security hinges upon one mechanism has a ...
- 33 How can I block all of the bad stuff? (Firewalls)
- For firewalls where the emphasis is on security instead of connectivity,...
- 34 How can I restrict web access so users can't view sites unrelated to work?
- A few years ago, someone got the idea that it's a good idea to ...
- 35 What is source routed traffic and why is it a threat? (Various Attacks - Firewalls)
- Normally, the route a packet takes from its source to its destination ...
- 36 What are ICMP redirects and redirect bombs? (Various Attacks - Firewalls)
- An ICMP Redirect tells the recipient system to over-ride something in ...
- 37 What about denial of service? (Various Attacks - Firewalls)
- Denial of service is when someone decides to make your network or ...
- 38 SMTP Server Hijacking (Unauthorized Relaying) (Common Attacks - Firewalls)
- Each site is a little different from every other in terms of what ...
- 39 Exploiting Bugs in Applications (Common Attacks - Firewalls)
- Various versions of web servers, mail servers, and other Internet ...
- 40 Bugs in Operating Systems (Common Attacks - Firewalls)
- Again, these are typically initiated by users remotely. Operating ...
- 41 Do I really want to allow everything that my users ask for? (Firewalls)
- It's entirely possible that the answer is ``no''. Each site has its ...
- 42 How do I make Web/HTTP work through my firewall?
- There are three ways to do it....
- 43 How do I make SSL work through the firewall?
- SSL is a protocol that allows secure connections across the Internet....
- 44 How do I make DNS work with a firewall?
- Some organizations want to hide DNS names from the outside. Many ...
- 45 How do I make FTP work through my firewall?
- Generally, making FTP work through the firewall is done either using ...
- 46 How do I make Telnet work through my firewall?
- Telnet is generally supported either by using an application proxy such ...
- 47 How do I make Finger and whois work through my firewall?
- Many firewall admins permit connections to the finger port from ...
- 48 How do I make gopher, archie, and other services work through my firewall?
- The majority of firewall administrators choose to support gopher ...
- 49 What are the issues about X11 through a firewall?
- The X Windows System is a very useful system, but unfortunately has ...
- 50 How do I make RealAudio work through my firewall?
- RealNetworks maintains some information about how to get ...
- 51 How do I make my web server act as a front-end for a database thatlives on my private network?
- The best way to do this is to allow very limited connectivity between ...
- 52 But my database has an integrated web server, and I want to use that. Can't I just poke a hole in the firewall and tunnel that port?
- If your site firewall policy is sufficiently lax that you're willing ...
- 53 How Do I Make IP Multicast Work With My Firewall?
- IP multicast is a means of getting IP traffic from one host to a set ...
- 56 How do I know which application uses what port? (Firewalls - TCP and UDP Ports)
- There are several lists outlining the ``reserved'' and ``well known''...
- 57 What are LISTENING ports? (Firewalls - TCP and UDP Ports)
- Suppose you did ``netstat -a'' on your machine and ports 1025 and ...
- 60 The behavior of FTP (Firewalls - TCP and UDP Ports)
- Or, ``Why do I have to open all ports above 1024 to my FTP server?''...
- 61 What software uses what FTP mode? (Firewalls - TCP and UDP Ports)
- It is up to the client to decide what mode to use; the default mode when ...
- 62 Is my firewall trying to connect outside? (Firewalls - TCP and UDP Ports)
- My firewall logs are telling me that my web server is trying to ...
- 63 The anatomy of a TCP connection (Firewalls - TCP and UDP Ports)
- TCP is equipped with 6 ``flags'', which may be ON or OFF. These flags are:...
My Books
