Firewalls & Perimeter Protection
Featuring 68 Papers as of December 4, 2013
Testing Application Identification Features of Firewalls
William McGlasson - December 4, 2013
Firewalls have evolved over the last couple decades from simple packet filters as add-ons to an operating system to the latest application-layer firewalls running their own, sometimes purpose-built operating systems.
Deploying a Vyatta Core Firewall
Jason Todd - September 20, 2010
It wasnt long ago when simply placing a firewall in between your clients, servers, and the Internet was considered a good information security measure. For some organizations the firewall was put in place to simply check a box on a security audit without giving it much attention as to what the firewall was actually protecting, or not protecting. For many the firewall was viewed as a burden and tunneling protocols were developed to make applications work with firewalls.
Leveraging the Load Balancer to Fight DDoS Masters
Brough Davis - July 30, 2010
DDoS (Distributed Denial of Service) attacks have been an ever increasing concern in the Internet world. As technologies becomes less expensive and the Internet grows it is becoming easier and profitable for criminal organizations and the naive vandal to launch destructive attacks on organizations (Mikovic et al., 2005). DDoS attacks are also becoming common tools for governments or activist groups to help serve political agendas (Ristic, 2005). Security professionals will likely always be one step behind new attack methods. In order to understand how Load Balancing technologies can be used to help mitigate DDoS attacks a quick DDoS and Load Balancing primer is needed.
Securing the Network Perimeter of a Community Bank
Steven Launius - December 17, 2009
Allocating the investment for perimeter protection and detection mechanisms can be an unique challenge with the budget of a smaller community bank. This papers purpose is to raise awareness of the external threats present to confidential customer information held on the private network of community banks, and recommend technologies and designs to protect the perimeter of the network, while taking heed of the limited resources of community banks.
Securing the Enterprise Service Bus: Protecting business critical web-services
Michael Taylor - April 23, 2009
My paper will briefly discuss Enterprise Web Services and the uses of Enterprise Service Buses, but will concentrate on potential threats and vulnerabilities to these and suggest suitable means to mitigate risks.
Intrusion Detection & Response - Leveraging Next Generation Firewall Technology
Ahmed Abdel-Aziz - March 30, 2009
This paper will address a recent trend in network security, which is leveraging next-generation firewalls (NGFW) at the network perimeter.
Perimeter Defense-in-Depth with Cisco ASA
Michael Simone - February 9, 2009
Over the course of this document, the reader will learn what to do to use the ASA security device for perimeter security, why these choices would be made, what best practices are, and business justifications for each of these decisions.
Human Being Firewall
Muhammad EL-Harmeel - January 9, 2009
This publication seeks to assist organizations in mitigating the risks from Human based attacks.
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
Matt Austin - December 12, 2008
The focus of this paper is to demystify and review how to configure and deploy Juniper and Cisco firewalls in transparent mode.
Cleaning Up the Back Yard - A discussion on your mother's home network security.
Wil Knoll - November 5, 2008
It is possible to clean up the back yard with Free Open Source Software and a little design. Using off the shelf components and Open Source software the family geek can deploy a more multilayered security stance that will provide far more visibility and control over the network. This is not to say that large swaths of the Internet can be cleaned up just by plugging in a box, but to say that if anything should be a safe haven on the internet, it should be the family network, the backyard. It makes sense to clean up the backyard before taking on the worlds trash.
Check Point firewalls - rulebase cleanup and performance tuning
Barry Anderson - September 5, 2008
Firewall rulebases tend naturally toward disorder over time, and as the size of the ruleset grows, the performance of the firewall starts to suffer. In this paper, a simple procedure for culling unused rules and ordering the rulebase for performance will be presented.
Performing Egress Filtering
Dennis Distler - August 20, 2008
The purpose of this paper is to explain egress filtering and the risk that can be mitigated along with it.
Microsoft Vista Firewall; Dissected
Phil Kostenbader & Bob Rudis - August 9, 2007
The firewall provided by Microsoft has pretty much gone unchanged since windows 2000. Their release of the firewall included with Vista, however, has seen a few new and useful features. Under the right environment, it may be possible for large organizations to make use of this facility. But why would an organization consider dropping their current solution? Flexibility in the rule construction, the ability to apply a specific policy based on 'domain' authentication, multiple methods of policy distribution, or a single vendor solution may have some organizations considering a change.
Redefining your perimeter with MPLS - an integrated network solution
Vijay Sarvepalli - July 17, 2007
This paper attempts to help network and security professionals to meet the demand to build multiple logical networks on a single physical infrastructure.
Don't Just Patch, Protect!
Richard Sillito - May 1, 2007
Security analysts need to stop trying to be movie stars and start shaking up their networks and readdress how security is implemented.
XML Firewall Architecture and Best Practices for Configuration and Auditing
Don Patterson - April 30, 2007
This paper will discuss the building blocks of Web services, Web services threats and security requirements, the XML firewall for first-line perimeter defense, best practices for configuring an XML security gateway device, and industry recommended security testing procedures for ensuring the effectiveness of thsi security control.
Egress Filtering FAQ
Chris Brenton - January 18, 2007
This FAQ covers the benefits of performing egress filtering on the end points of your perimeter.
Firewall Analysis and Operation Methods
Kim Cary - October 23, 2006
This paper shows how to leverage pre-install analysis data collection systems for post-install response via a selfservice security information application. This application was useful in securing and retaining the open community's good will for future security projects (without the motivation of a incident).
Wired 802.1x Security
Mohammed Younus - July 27, 2006
This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.
Exploiting BlackICE When a Security Product has a Security Flaw
Peter Gara - July 9, 2005
This paper contains a fictional story about a computer expert who gets into evil ways and tries to denigrate his ex-colleague at her new workplace.
Regaining Control over your Mobile Users
Shelly Biller - June 23, 2005
No matter how much time or money some corporations spend on securing their network, once they allow mobile (laptop) users to connect to their internal network; they are exposing that network to a wide variety of security risks. Their once-secure network has now potentially become a hacker's playground.
Ethical Deception and Preemptive Deterrence in Network Security
Brian McFarland - May 17, 2005
Network administrators have several tools in their arsenal for thwarting such attacks such as firewalls and intrusion detection systems. A relatively recent concept developed to compliment existing network defense tools is the Honeypot.
Using Secure Sockets Layer bridging and content filtering mechanisms to provide defense in-depth when publishing SSL encrypted web hosts.
John Hallberg - May 5, 2005
In this paper we discuss the benefits of Secure Sockets Layer (SSL) bridging, also known as SSL initiation, a practice that allows Internet security professionals to successfully proxy encrypted traffic, thus enabling intrusion detection and/or prevention, virus detection, and content filtering of encrypted communications.
Utilizing Static Packet Filters to Enhance Network Security
Scott Foster - January 17, 2005
Many network installations today consist of a firewall to provide security between the increasing hostile environment of the Internet and the corporate network. This paper examines utilizing Access Control Lists to implement static packet filters at a network perimeter to enhance security in any sized network.
3Com Distributed Embedded Firewall
Kyle Kelliher - July 25, 2004
As the Internet community becomes more skilled in their use of attack tools, we are seeing an increase in the number and severity of Internet attacks. Internet neophytes and professionals alike are asking the same question "There are hundreds of thousands of computers on the Internet, why was my computer attacked?"
Netfilter and IPTables: A Structural Examination
Alan Jones - May 2, 2004
In this paper a study is made of the Linux packet manipulation framework, Netfilter, and the packet matching system built on top of it, IPTables.
Support guides for the Cyberguard Firewall Appliance
Chris Bodill - November 19, 2003
This paper combines various troubleshooting guides, how-to, tips and warnings known to date, for the Cyberguard Firewall Appliance, aimed to be both functional and practical.
Configuring Watchguard Proxies: A Guideline to Supplementing Virus Protection and Policy Enforcement
Alan Mercer - November 6, 2003
This paper focuses upon the layered use of the Watchguard Live Security System (LSS) proxy services to mitigate these risks and reduce exposure.
High Availability Firewall - WatchGuard Firebox Vclass V60
Wee Chia - November 6, 2003
This paper proposes that implementation of high availability firewalls in itself cannot be considered sufficient to ensure overall system reliability.
Private Internet Exchange: The Fastest Firewall in the World?
Keith Cancel - October 31, 2003
There are now numerous amounts of firewalls available in today's market with a wide array of speeds, strengths and weaknesses.
Sidewinder 5.1 Split DNS Architecture
Charlene Keltz - October 31, 2003
This paper provides an operating system overview of Sidewinder, a short overview of a Generic Split DNS Architecture, and explains Sidewinder's Secure Split DNS Architecture.
Using Open Source to Create a Cohesive Firewall/IDS System
Thomas Dager - October 31, 2003
In this paper the author discusses two main components of the layered defense, a firewall and intrusion detection system.
Active Net Steward - Distributed Firewall
Daniel Safeer - October 31, 2003
In this paper, the author addresses the question, "How do I deal with the implied trust afforded to users who are inside of the firewall, either physically or electronically (via VPN or dialup)?
Cisco Router Hardening Step-by-Step
Dana Graesser - October 31, 2003
The three main categories of routers in use at companies today are Internet Gateway routers, Corporate Internal routers and B2B routers which should all be given careful consideration from a security perspective, as each pose unique security problems that are addressed in this paper.
IPSec VPN Using FreeBSD
Greg Panula - October 31, 2003
This paper will demonstrate a way to setup an IPSec VPN that will allow for NAT'ing using FreeBSD boxes as the gateway machines.
Comparison Shopping for Scalable Firewall Products
Laura Keadle - October 31, 2003
No Network Designer worth their salt would dream of purchasing a router or switch without demanding benchmark test results on throughput and subscription rates.
Achieving Defense-in-Depth with Internal Firewalls
Steve Bridge - October 31, 2003
A sound security perimeter today requires more than a single firewall connected at the Internet router. By segmenting the network with multiple firewalls, we can achieve the holy grail of network security - Defense-In-Depth.
Proxies and Packet Filters in Plain English
Scott Algatt - October 31, 2003
The firewall's ability to decide what is and what is not allowed are configurations that are setup by the system administrator as policies or rules and define what traffic the firewall will or will not allow to enter the network.
Personal Firewalls - Protecting the Home Internet User
Bonnie McDougall - October 31, 2003
Firewalls were one of the first protectors of computer crime and before anyone downloads a Personal Firewall, they should have an understanding of how they work.
Application Level Content Scrubbers
Benjamin Sapiro - October 31, 2003
This paper presents an overview of some of the available content scrubbers (this is not meant to be a comprehensive product comparison).
Joseph White - October 31, 2003
This document will be an overview to " Cisco SAFE: "A Security Blueprint for Enterprise Networks" (Convery).
Disconnect from the Internet - Whale's e-Gap In-Depth
Kevin Gennuso - October 31, 2003
While there are a number of variations on the air gap concept, the focus of this paper will be on one implementation of this technology: Whale Communications' e-Gap.
Protecting the Next Generation Network -Distributed Firewalls
Robert Gwaltney - October 31, 2003
Corporate networks are constantly changing to meet the needs of businesses and continue to expand in ways that we couldn't have imagined only a few years ago.
Fighting Cyber Terrorism - Where Do I Sign Up?
Pamela Dodge - October 31, 2003
Cyber attacks have historically not been treated in the same fashion as physical defense of the country.
A Layer-7 Secure Security Posture
Paul Vinciguerra - October 31, 2003
This paper intends on applying the lessons learned from the lower levels of the OSI model to the upper layers.
CBAC - Cisco IOS Firewall Feature Set Foundations
Evan Davies - October 31, 2003
This paper discusses the operation and configuration of CBAC.
Building an IPv6 Firewall with OpenBSD
Eric Millican - October 31, 2003
This paper is intended to be a how-to for IPv6 firewalls running on OpenBSD 3.0. It will cover the basics of installing OpenBSD, setting up a tunnel to the 6Bone, and configuring the Packet Filter firewall included with OpenBSD.
A Review Of Floppy-Based Firewalls And Their Security Considerations
Sean Closson - October 31, 2003
For the user that is evaluating inexpensive perimeter firewall solutions, this paper discusses the features and security implications amongst three of the more popular choices available, providing an understanding of floppy disk-based firewalls and some of the technologies they employ.
Protecting the Network without Breaking the Bank
Gerald Clevenger - October 31, 2003
The high cost of securing a Network may drive managers to look for ways to outsource Network Security instead of using available resources.
The Firewall has been Installed, Now What? Developing a Local Firewall Security Policy
Richard Walker - October 31, 2003
This paper details the process I used to draft a perimeter device security policy for these firewalls.
Getting the Most out of your Firewall Logs
Matt Willard - October 31, 2003
The goal of this paper is use the logs of CheckPoint FW-1 v4.1 and provide examples of tools that will automate the process of maintaining and monitoring a firewall's logs.
Configuring a NetScreen Firewall: Best practice guideline for the basic setup of a NetScreen firewal
Robert Bayley - October 31, 2003
This paper will detail how to setup a NetScreen firewall using the command line configuration options.
The Installation and Configuration of a Cisco PIX Firewall with 3 Interfaces and a Stateful Failover
Steve Textor - October 31, 2003
This paper is intended to guide the reader through the installation and configuration of a Cisco PIX firewall.
Using ISA Server Logs to Interpret Network Traffic
Brian McKee - October 31, 2003
This paper focuses on ISA logs and how you can use them to interpret the types of traffic passed through the network.
IPFilter: A Unix Host-Based Firewall
Dana Price - October 31, 2003
This paper will explain the benefits of using IPFilter on a unix host by detailing its configuration and implementation on a Solaris 8 SPARC box, and providing examples users can follow to safeguard their machines against some of the more popular remote exploits.
Securing Extranet Connections
Jeff Pipping - October 31, 2003
This paper will present one solution to securing a large number of extranet connections. In particular, the focus will be on the corporation who is the extranet network provider, or at the hub of a large extranet.
Securing Solaris Servers Using Host-based Firewalls
William Karl - October 31, 2003
This paper will cover the addition of security to several Solaris servers through the use of host-based firewall software.
Denial of Service Attacks and the Emergence of "Intrusion Prevention Systems"
Adrian Brindley - October 31, 2003
The objective of this paper is to give a review of DoS / DDoS attacks, provide a list of basic network attack prevention techniques, provide a brief comparison of current and emerging Intrusion Prevention devices available and to give an example implementation scenario using one of these products.
Build your own firewall using SuSE Linux: A mechanics guide.
Paul ONeil - October 31, 2003
The following paper describes the different tools that can be used in setting up an appropriate router and firewall combination using Linux that offers the necessary functionality and security to its users as well as the means to monitor it by an administrator.
Case Study: Deploying and Configuring a Netscreen 100 Firewall Appliance to Secure the Network
James Murphy - October 31, 2003
The purpose of this document is to show the reader on how I deployed the Netscreen 100 firewall security appliance.
Using The Cisco Pix Device Manager
Jason Holcomb - October 31, 2003
This paper examines the PDM starting with an overview of the PIX, requirements of the PDM software, initial configuration guide, and finally a walkthrough of the software.
Long Distance Failover - High Availability using Cisco PIX Firewall
Chris Ellem - October 31, 2003
The purpose of this document is to provide information security professionals with an understanding of the requirements in implementing long distance failover using Cisco PIX Firewalls.
Secure Configuration of a Cisco 837 ADSL firewall router
Brett McIntosh - October 31, 2003
This paper describes, hopefully, a fairly typical small office/business scenario and one method to connect it securely to the Internet using a commercially available firewall/router, the Cisco 837 ADSL router.
Migrating Services Between Firewall Technologies
Andrew Barratt - October 31, 2003
This paper describes the considerations that are essential to address when a corporate firewall infrastructure is replaced with new technology.
Designing a DMZ
Scott Young - October 31, 2003
This paper takes a look at DMZ, which greatly increases the security of a network.
Choosing The Best Firewall
Gerhard Cronje - October 31, 2003
This paper briefly touches on most of the issues involved in choosing a firewall and provides a good starting point for selecting a firewall.
Solaris 8 and Checkpoint NG FP3 install with SSH, JASS and Syslog
Mike Shannon - October 31, 2003
This paper provides a detailed account of the pre-existing insecurity, a brief note of the catalytic event precipitating the actual changes to the firewall, a discussion of the implementation, and the results and ultimate success of the procedure 'hardening' the corporate firewall.
Scanning for viruses
Dan Boyd - October 31, 2003
In my first job position after college, I was hired to design and implement a firewall as well as a virus scanning mail solution and this paper addresses the processes I went through that increased security at this company.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.