Building Internet Firewalls Tutorial
What is the Threat?
A D V E R T I S E M E N T
There are many benefits to connecting your site to the Internet, but there
are risks as well. Today's Internet security threats range from curious prowlers
to well-organized, technically-knowledgeable intruders that could gain access to
your site's private information or interfere with your (or your clients') use of
your own systems. The number and sophistication of these threats grow each year,
just like the Internet itself.
While it's a good idea to make your workstations, servers, and other systems
as individually secure as possible, this is not sufficient to defend your site
from attack. Without the ability to protect your entire network at its
connection point, your defense is only as strong as its weakest link, and
securing each and every system is a complex and cumbersome job with no guarantee
of success, because of the variety of different operating systems, releases,
vendor patches, and administrative domains.
However, by analyzing and defending against threats at your site's point of
connection to the Internet (or a parent organization's WAN) you can take
advantage of most Internet services, such as the World Wide Web, electronic
mail, and anonymous FTP, while at the same time limiting your risk of
What is a Firewall?
An Internet firewall is a security mechanism that allows limited access to
your site from the Internet, allowing approved traffic in and out according to a
thought-out plan. This lets you select the services appropriate to your business
needs, while barring others which may have significant security holes.
The tutorial covers firewall architectures and variations, as well as both
theory and practice of packet filtering and proxy systems, and includes an
in-depth look at a sample firewalls configuration.
If you are considering the purchase of a commercial firewall product, this
tutorial will teach the concepts and mechanisms behind firewall products and
help you make the best choice for your site.
Throughout the tutorial, the emphasis is on practical and useful material,
including examples, case studies, and war stories. The Building Internet
Firewalls Tutorial will provide information and insights valuable in any
TCP/IP networked installation, ranging from single-system sites to large
enterprise networks with thousands of nodes.
Each tutorial participant will receive a comprehensive package of materials,
including a full copy of the tutorial presentation, reference information, and a
copy of theO'Reilly & Associates book
Building Internet Firewalls.
Who Should Attend
The intended audience for this tutorial includes network managers, system
administrators, information systems managers, and others who are considering
implementing an Internet security firewall or are maintaining an existing
firewall system. This includes persons at sites planning a firewall system
between an organizational wide-area network and site networks with special
security needs or sensitivity.
The tutorial materials assume that all attendees understand basic Internet
networking principles including IP addressing and routing, differences between
TCP and UDP, and packet encapsulation.
- Why Internet firewalls?; Security strategies
- Building Firewalls
- Firewall design; Bastion hosts; Packet filtering;
- Proxy systems; Configuring Internet services for
- firewalls; Authentication and inbound services;
- A sample firewall configuration
- Keeping Your Site Secure
- Security policies; Maintaining firewalls;
- Responding to security incidents
- WWW pages, FTP sites, mailing lists, newsgroups, organizations,
conferences, papers, books