Last Day to Save $500 for SANS Boston 2013

SANS InfoSec Reading Room - Firewalls & Perimeter Protection

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Entrust

Featuring 67 papers as of Jun 19, 2013
PDF Deploying a Vyatta Core Firewall
By: Jason Todd (posted on September 20, 2010)
It wasn’t long ago when simply placing a firewall in between your clients, servers, and the Internet was considered a good information security measure. For some organizations the firewall was put in place to simply check a box on a security audit without giving it much attention as to what the firewall was actually protecting, or not protecting. For many the firewall was viewed as a burden and tunneling protocols were developed to make applications work with firewalls.
PDF Leveraging the Load Balancer to Fight DDoS
By: Brough Davis (posted on July 30, 2010)
DDoS (Distributed Denial of Service) attacks have been an ever increasing concern in the Internet world. As technologies becomes less expensive and the Internet grows it is becoming easier and profitable for criminal organizations and the naive vandal to launch destructive attacks on organizations (Mikovic et al., 2005). DDoS attacks are also becoming common tools for governments or activist groups to help serve political agendas (Ristic, 2005). Security professionals will likely always be one step behind new attack methods. In order to understand how Load Balancing technologies can be used to help mitigate DDoS attacks a quick DDoS and Load Balancing primer is needed.
PDF Securing the Network Perimeter of a Community Bank
By: Steven Launius (posted on December 17, 2009)
Allocating the investment for perimeter protection and detection mechanisms can be an unique challenge with the budget of a smaller community bank. This paper’s purpose is to raise awareness of the external threats present to confidential customer information held on the private network of community banks, and recommend technologies and designs to protect the perimeter of the network, while taking heed of the limited resources of community banks.
PDF Securing the Enterprise Service Bus: Protecting business critical web-services
By: Michael Taylor (posted on April 23, 2009)
My paper will briefly discuss Enterprise Web Services and the uses of Enterprise Service Buses, but will concentrate on potential threats and vulnerabilities to these and suggest suitable means to mitigate risks.
PDF Intrusion Detection & Response - Leveraging Next Generation Firewall Technology
By: Ahmed Abdel-Aziz (posted on March 30, 2009)
This paper will address a recent trend in network security, which is leveraging next-generation firewalls (NGFW) at the network perimeter.
PDF Perimeter Defense-in-Depth with Cisco ASA
By: Michael Simone (posted on February 9, 2009)
Over the course of this document, the reader will learn what to do to use the ASA security device for perimeter security, why these choices would be made, what best practices are, and business justifications for each of these decisions.
PDF Human Being Firewall
By: Muhammad EL-Harmeel (posted on January 9, 2009)
This publication seeks to assist organizations in mitigating the risks from Human based attacks.
PDF Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
By: Matt Austin (posted on December 12, 2008)
PDF Cleaning Up the Back Yard - A discussion on your mother's home network security.
By: Wil Knoll (posted on November 5, 2008)
It is possible to clean up the back yard with Free Open Source Software and a little design. Using off the shelf components and Open Source software the family geek can deploy a more multilayered security stance that will provide far more visibility and control over the network. This is not to say that large swaths of the Internet can be cleaned up just by plugging in a box, but to say that if anything should be a safe haven on the internet, it should be the family network, the backyard. It makes sense to clean up the backyard before taking on the world’s trash.
PDF Check Point firewalls - rulebase cleanup and performance tuning
By: Barry Anderson (posted on September 5, 2008)
PDF Performing Egress Filtering
By: Dennis Distler (posted on August 20, 2008)
PDF Microsoft Vista Firewall; Dissected
By: Phil Kostenbader & Bob Rudis (posted on August 9, 2007)
PDF Redefining your perimeter with MPLS - an integrated network solution
By: Vijay Sarvepalli (posted on July 17, 2007)
This paper attempts to help network and security professionals to meet the demand to build multiple logical networks on a single physical infrastructure.
PDF Don't Just Patch, Protect!
By: Richard Sillito (posted on May 1, 2007)
Security analysts need to stop trying to be movie stars and start shaking up their networks and readdress how security is implemented.
PDF XML Firewall Architecture and Best Practices for Configuration and Auditing
By: Don Patterson (posted on April 30, 2007)
This paper will discuss the building blocks of Web services, Web services threats and security requirements, the XML firewall for first-line perimeter defense, best practices for configuring an XML security gateway device, and industry recommended security testing procedures for ensuring the effectiveness of thsi security control.
PDF Egress Filtering FAQ
By: Chris Brenton (posted on January 18, 2007)
This FAQ covers the benefits of performing egress filtering on the end points of your perimeter.
PDF Firewall Analysis and Operation Methods
By: Kim Cary (posted on October 23, 2006)
This paper shows how to leverage pre-install analysis data collection systems for post-install response via a selfservice security information application. This application was useful in securing and retaining the open community's good will for future security projects (without the motivation of a incident).
PDF Wired 802.1x Security
By: Mohammed Younus (posted on July 27, 2006)
This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.
PDF Exploiting BlackICE When a Security Product has a Security Flaw
By: Peter Gara (posted on July 9, 2005)
This paper contains a fictional story about a computer expert who gets into evil ways and tries to denigrate his ex-colleague at her new workplace.
PDF Regaining Control over your Mobile Users
By: Shelly Biller (posted on June 23, 2005)
No matter how much time or money some corporations spend on securing their network, once they allow mobile (laptop) users to connect to their internal network; they are exposing that network to a wide variety of security risks. Their once-secure network has now potentially become a hacker's playground.
PDF Ethical Deception and Preemptive Deterrence in Network Security
By: Brian McFarland (posted on May 17, 2005)
Network administrators have several tools in their arsenal for thwarting such attacks such as firewalls and intrusion detection systems. A relatively recent concept developed to compliment existing network defense tools is the Honeypot.
PDF Using Secure Sockets Layer bridging and content filtering mechanisms to provide defense in-depth when publishing SSL encrypted web hosts.
By: John Hallberg (posted on May 5, 2005)
In this paper we discuss the benefits of Secure Sockets Layer (SSL) bridging, also known as SSL initiation, a practice that allows Internet security professionals to successfully proxy encrypted traffic, thus enabling intrusion detection and/or prevention, virus detection, and content filtering of encrypted communications.
PDF Utilizing Static Packet Filters to Enhance Network Security
By: Scott Foster (posted on January 17, 2005)
Many network installations today consist of a firewall to provide security between the increasing hostile environment of the Internet and the corporate network. This paper examines utilizing Access Control Lists to implement static packet filters at a network perimeter to enhance security in any sized network.
PDF 3Com Distributed Embedded Firewall
By: Kyle Kelliher (posted on July 25, 2004)
As the Internet community becomes more skilled in their use of attack tools, we are seeing an increase in the number and severity of Internet attacks. Internet neophytes and professionals alike are asking the same question "There are hundreds of thousands of computers on the Internet, why was my computer attacked?"
PDF Netfilter and IPTables: A Structural Examination
By: Alan Jones (posted on May 2, 2004)
In this paper a study is made of the Linux packet manipulation framework, Netfilter, and the packet matching system built on top of it, IPTables.
PDF Support guides for the Cyberguard Firewall Appliance
By: Chris Bodill (posted on November 19, 2003)
This paper combines various troubleshooting guides, how-to, tips and warnings known to date, for the Cyberguard Firewall Appliance, aimed to be both functional and practical.
PDF Configuring Watchguard Proxies: A Guideline to Supplementing Virus Protection and Policy Enforcement
By: Alan Mercer (posted on November 6, 2003)
This paper focuses upon the layered use of the Watchguard Live Security System (LSS) proxy services to mitigate these risks and reduce exposure.
PDF High Availability Firewall - WatchGuard Firebox Vclass V60
By: Wee Leng Chia (posted on November 6, 2003)
This paper proposes that implementation of high availability firewalls in itself cannot be considered sufficient to ensure overall system reliability.
PDF Private Internet Exchange: The Fastest Firewall in the World?
By: Keith Cancel (posted on October 31, 2003)
There are now numerous amounts of firewalls available in today's market with a wide array of speeds, strengths and weaknesses.
PDF Sidewinder 5.1 Split DNS Architecture
By: Charlene Keltz (posted on October 31, 2003)
This paper provides an operating system overview of Sidewinder, a short overview of a Generic Split DNS Architecture, and explains Sidewinder's Secure Split DNS Architecture.
PDF Using Open Source to Create a Cohesive Firewall/IDS System
By: Thomas Dager (posted on October 31, 2003)
In this paper the author discusses two main components of the layered defense, a firewall and intrusion detection system.
PDF Active Net Steward - Distributed Firewall
By: Daniel L. Safeer (posted on October 31, 2003)
In this paper, the author addresses the question, "How do I deal with the implied trust afforded to users who are inside of the firewall, either physically or electronically (via VPN or dialup)?
PDF Cisco Router Hardening Step-by-Step
By: Dana Graesser (posted on October 31, 2003)
The three main categories of routers in use at companies today are Internet Gateway routers, Corporate Internal routers and B2B routers which should all be given careful consideration from a security perspective, as each pose unique security problems that are addressed in this paper.
PDF IPSec VPN Using FreeBSD
By: Greg Panula (posted on October 31, 2003)
This paper will demonstrate a way to setup an IPSec VPN that will allow for NAT'ing using FreeBSD boxes as the gateway machines.
PDF Comparison Shopping for Scalable Firewall Products
By: Laura Keadle (posted on October 31, 2003)
No Network Designer worth their salt would dream of purchasing a router or switch without demanding benchmark test results on throughput and subscription rates.
PDF Achieving Defense-in-Depth with Internal Firewalls
By: Steve Bridge (posted on October 31, 2003)
A sound security perimeter today requires more than a single firewall connected at the Internet router. By segmenting the network with multiple firewalls, we can achieve the holy grail of network security - Defense-In-Depth.
PDF Proxies and Packet Filters in Plain English
By: Scott Algatt (posted on October 31, 2003)
The firewall's ability to decide what is and what is not allowed are configurations that are setup by the system administrator as policies or rules and define what traffic the firewall will or will not allow to enter the network.
PDF Personal Firewalls - Protecting the Home Internet User
By: Bonnie McDougall (posted on October 31, 2003)
Firewalls were one of the first protectors of computer crime and before anyone downloads a Personal Firewall, they should have an understanding of how they work.
PDF Application Level Content Scrubbers
By: Benjamin Sapiro (posted on October 31, 2003)
This paper presents an overview of some of the available content scrubbers (this is not meant to be a comprehensive product comparison).
PDF Cisco Way
By: Joseph S. White (posted on October 31, 2003)
This document will be an overview to " Cisco SAFE: "A Security Blueprint for Enterprise Networks" (Convery).
PDF Disconnect from the Internet - Whale's e-Gap In-Depth
By: Kevin Gennuso (posted on October 31, 2003)
While there are a number of variations on the air gap concept, the focus of this paper will be on one implementation of this technology: Whale Communications' e-Gap.
PDF Protecting the Next Generation Network -Distributed Firewalls
By: Robert Gwaltney (posted on October 31, 2003)
Corporate networks are constantly changing to meet the needs of businesses and continue to expand in ways that we couldn't have imagined only a few years ago.
PDF Fighting Cyber Terrorism - Where Do I Sign Up?
By: Pamela Dodge (posted on October 31, 2003)
Cyber attacks have historically not been treated in the same fashion as physical defense of the country.
PDF A Layer-7 Secure Security Posture
By: Paul Vinciguerra (posted on October 31, 2003)
This paper intends on applying the lessons learned from the lower levels of the OSI model to the upper layers.
PDF CBAC - Cisco IOS Firewall Feature Set Foundations
By: Evan Davies (posted on October 31, 2003)
This paper discusses the operation and configuration of CBAC.
PDF Building an IPv6 Firewall with OpenBSD
By: Eric Millican (posted on October 31, 2003)
This paper is intended to be a how-to for IPv6 firewalls running on OpenBSD 3.0. It will cover the basics of installing OpenBSD, setting up a tunnel to the 6Bone, and configuring the Packet Filter firewall included with OpenBSD.
PDF A Review Of Floppy-Based Firewalls And Their Security Considerations
By: Sean Closson (posted on October 31, 2003)
For the user that is evaluating inexpensive perimeter firewall solutions, this paper discusses the features and security implications amongst three of the more popular choices available, providing an understanding of floppy disk-based firewalls and some of the technologies they employ.
PDF Protecting the Network without Breaking the Bank
By: Gerald Clevenger (posted on October 31, 2003)
The high cost of securing a Network may drive managers to look for ways to outsource Network Security instead of using available resources.
PDF The Firewall has been Installed, Now What? Developing a Local Firewall Security Policy
By: Richard Walker (posted on October 31, 2003)
This paper details the process I used to draft a perimeter device security policy for these firewalls.
PDF Getting the Most out of your Firewall Logs
By: Matt Willard (posted on October 31, 2003)
The goal of this paper is use the logs of CheckPoint FW-1 v4.1 and provide examples of tools that will automate the process of maintaining and monitoring a firewall's logs.
PDF Configuring a NetScreen Firewall: Best practice guideline for the basic setup of a NetScreen firewal
By: Robert Bayley (posted on October 31, 2003)
This paper will detail how to setup a NetScreen firewall using the command line configuration options.
PDF The Installation and Configuration of a Cisco PIX Firewall with 3 Interfaces and a Stateful Failover
By: Steve Textor (posted on October 31, 2003)
This paper is intended to guide the reader through the installation and configuration of a Cisco PIX firewall.
PDF Using ISA Server Logs to Interpret Network Traffic
By: Brian McKee (posted on October 31, 2003)
This paper focuses on ISA logs and how you can use them to interpret the types of traffic passed through the network.
PDF IPFilter: A Unix Host-Based Firewall
By: Dana Price (posted on October 31, 2003)
This paper will explain the benefits of using IPFilter on a unix host by detailing its configuration and implementation on a Solaris 8 SPARC box, and providing examples users can follow to safeguard their machines against some of the more popular remote exploits.
PDF Securing Extranet Connections
By: Jeff Pipping (posted on October 31, 2003)
This paper will present one solution to securing a large number of extranet connections. In particular, the focus will be on the corporation who is the extranet network provider, or at the hub of a large extranet.
PDF Securing Solaris Servers Using Host-based Firewalls
By: William Kirt Karl (posted on October 31, 2003)
This paper will cover the addition of security to several Solaris servers through the use of host-based firewall software.
PDF Denial of Service Attacks and the Emergence of "Intrusion Prevention Systems"
By: Adrian Brindley (posted on October 31, 2003)
The objective of this paper is to give a review of DoS / DDoS attacks, provide a list of basic network attack prevention techniques, provide a brief comparison of current and emerging Intrusion Prevention devices available and to give an example implementation scenario using one of these products.
PDF Build your own firewall using SuSE Linux: A mechanics guide.
By: Paul ONeil (posted on October 31, 2003)
The following paper describes the different tools that can be used in setting up an appropriate router and firewall combination using Linux that offers the necessary functionality and security to its users as well as the means to monitor it by an administrator.
PDF Case Study: Deploying and Configuring a Netscreen 100 Firewall Appliance to Secure the Network
By: James Murphy (posted on October 31, 2003)
The purpose of this document is to show the reader on how I deployed the Netscreen 100 firewall security appliance.
PDF Using The Cisco Pix Device Manager
By: Jason Holcomb (posted on October 31, 2003)
This paper examines the PDM starting with an overview of the PIX, requirements of the PDM software, initial configuration guide, and finally a walkthrough of the software.
PDF Long Distance Failover - High Availability using Cisco PIX Firewall
By: Chris Ellem (posted on October 31, 2003)
The purpose of this document is to provide information security professionals with an understanding of the requirements in implementing long distance failover using Cisco PIX Firewalls.
PDF Secure Configuration of a Cisco 837 ADSL firewall router
By: Brett McIntosh (posted on October 31, 2003)
This paper describes, hopefully, a fairly typical small office/business scenario and one method to connect it securely to the Internet using a commercially available firewall/router, the Cisco 837 ADSL router.
PDF Migrating Services Between Firewall Technologies
By: Andrew Barratt (posted on October 31, 2003)
This paper describes the considerations that are essential to address when a corporate firewall infrastructure is replaced with new technology.
PDF Designing a DMZ
By: Scott Young (posted on October 31, 2003)
This paper takes a look at DMZ, which greatly increases the security of a network.
PDF Choosing The Best Firewall
By: Gerhard Cronje (posted on October 31, 2003)
This paper briefly touches on most of the issues involved in choosing a firewall and provides a good starting point for selecting a firewall.
PDF Solaris 8 and Checkpoint NG FP3 install with SSH, JASS and Syslog
By: Mike Shannon (posted on October 31, 2003)
This paper provides a detailed account of the pre-existing insecurity, a brief note of the catalytic event precipitating the actual changes to the firewall, a discussion of the implementation, and the results and ultimate success of the procedure 'hardening' the corporate firewall.
PDF Scanning for viruses
By: Dan Boyd (posted on October 31, 2003)
In my first job position after college, I was hired to design and implement a firewall as well as a virus scanning mail solution and this paper addresses the processes I went through that increased security at this company.
SANS Reading Room

SANS provides the best up to date training relating to security issues. The sessions are relevant and well presented with well written manuals.
-Ravindranath Goswami, The Power Generation Company of Trinidad and Tobago Ltd.

Network Security 2013 - Las Vegas

Latest Whitepapers

Web Application Injection Vulnerabilities: A Web App&#039;s Security Nemesis?
By Erik Couture

Electronic Medical Records: Success Requires an Information Security Culture
By Thomas Roberts

Analyzing Polycom&reg; Video Conference Traffic
By Chris Cain

Latest Tweets

#windowssecurity "Windows Security Course: Las Vegas in Sept [...]
June 7, 2013 - 5:47 AM

New Blog Post: Windows Memory Analysis In-Depth - Discount C [...]
June 7, 2013 - 12:37 AM

Save $500 through 6/12 on important cybersecurity courses at [...]
June 6, 2013 - 10:05 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP