SANS InfoSec Reading Room - Firewalls & Perimeter Protection

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Featuring 66 papers as of Feb 10, 2010

Protecting Data From the Cyber Theft Pandemic
FireEye - April 2009 (Opens in new window)

Securing the Network Perimeter of a Community Bank

By: Steven Launius (posted on December 17, 2009)

Allocating the investment for perimeter protection and detection mechanisms can be an unique challenge with the budget of a smaller community bank. This paper’s purpose is to raise awareness of the external threats present to confidential customer information held on the private network of community banks, and recommend technologies and designs to protect the perimeter of the network, while taking heed of the limited resources of community banks.

Securing the Enterprise Service Bus: Protecting business critical web-services

By: Michael Taylor (posted on April 23, 2009)

My paper will briefly discuss Enterprise Web Services and the uses of Enterprise Service Buses, but will concentrate on potential threats and vulnerabilities to these and suggest suitable means to mitigate risks.

Intrusion Detection & Response - Leveraging Next Generation Firewall Technology

By: Ahmed Abdel-Aziz (posted on March 30, 2009)

This paper will address a recent trend in network security, which is leveraging next-generation firewalls (NGFW) at the network perimeter.

Perimeter Defense-in-Depth with Cisco ASA

By: Michael Simone (posted on February 9, 2009)

Over the course of this document, the reader will learn what to do to use the ASA security device for perimeter security, why these choices would be made, what best practices are, and business justifications for each of these decisions.

Human Being Firewall

By: Muhammad EL-Harmeel (posted on January 9, 2009)

This publication seeks to assist organizations in mitigating the risks from Human based attacks.

Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco

By: Matt Austin (posted on December 12, 2008)

Cleaning Up the Back Yard - A discussion on your mother's home network security.

By: Wil Knoll (posted on November 5, 2008)

It is possible to clean up the back yard with Free Open Source Software and a little design. Using off the shelf components and Open Source software the family geek can deploy a more multilayered security stance that will provide far more visibility and control over the network. This is not to say that large swaths of the Internet can be cleaned up just by plugging in a box, but to say that if anything should be a safe haven on the internet, it should be the family network, the backyard. It makes sense to clean up the backyard before taking on the world’s trash.

Check Point firewalls - rulebase cleanup and performance tuning

By: Barry Anderson (posted on September 5, 2008)

Performing Egress Filtering

By: Dennis Distler (posted on August 20, 2008)

Microsoft Vista Firewall; Dissected

By: Phil Kostenbader & Bob Rudis (posted on August 9, 2007)

Redefining your perimeter with MPLS - an integrated network solution

By: Vijay Sarvepalli (posted on July 17, 2007)

This paper attempts to help network and security professionals to meet the demand to build multiple logical networks on a single physical infrastructure.

Don’t Just Patch, Protect!

By: Richard Sillito (posted on May 1, 2007)

Security analysts need to stop trying to be movie stars and start shaking up their networks and readdress how security is implemented.

XML Firewall Architecture and Best Practices for Configuration and Auditing

By: Don Patterson (posted on April 30, 2007)

This paper will discuss the building blocks of Web services, Web services threats and security requirements, the XML firewall for first-line perimeter defense, best practices for configuring an XML security gateway device, and industry recommended security testing procedures for ensuring the effectiveness of thsi security control.

Egress Filtering FAQ

By: Chris Brenton (posted on January 18, 2007)

This FAQ covers the benefits of performing egress filtering on the end points of your perimeter.

Firewall Analysis and Operation Methods

By: Kim Cary (posted on October 23, 2006)

This paper shows how to leverage pre-install analysis data collection systems for post-install response via a selfservice security information application. This application was useful in securing and retaining the open community's good will for future security projects (without the motivation of a incident).

Wired 802.1x Security

By: Mohammed Younus (posted on July 27, 2006)

This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.

Exploiting BlackICE When a Security Product has a Security Flaw

By: Peter Gara (posted on July 9, 2005)

This paper contains a fictional story about a computer expert who gets into evil ways and tries to denigrate his ex-colleague at her new workplace.

Regaining Control over your Mobile Users

By: Shelly Biller (posted on June 23, 2005)

No matter how much time or money some corporations spend on securing their network, once they allow mobile (laptop) users to connect to their internal network; they are exposing that network to a wide variety of security risks. Their once-secure network has now potentially become a hacker's playground.

Ethical Deception and Preemptive Deterrence in Network Security

By: Brian McFarland (posted on May 17, 2005)

Network administrators have several tools in their arsenal for thwarting such attacks such as firewalls and intrusion detection systems. A relatively recent concept developed to compliment existing network defense tools is the Honeypot.

Using Secure Sockets Layer bridging and content filtering mechanisms to provide defense in-depth when publishing SSL encrypted web hosts.

By: John Hallberg (posted on May 5, 2005)

In this paper we discuss the benefits of Secure Sockets Layer (SSL) bridging, also known as SSL initiation, a practice that allows Internet security professionals to successfully proxy encrypted traffic, thus enabling intrusion detection and/or prevention, virus detection, and content filtering of encrypted communications.

Utilizing Static Packet Filters to Enhance Network Security

By: Scott Foster (posted on January 17, 2005)

Many network installations today consist of a firewall to provide security between the increasing hostile environment of the Internet and the corporate network. This paper examines utilizing Access Control Lists to implement static packet filters at a network perimeter to enhance security in any sized network.

3Com Distributed Embedded Firewall

By: Kyle Kelliher (posted on July 25, 2004)

As the Internet community becomes more skilled in their use of attack tools, we are seeing an increase in the number and severity of Internet attacks. Internet neophytes and professionals alike are asking the same question "There are hundreds of thousands of computers on the Internet, why was my computer attacked?"

Netfilter and IPTables: A Structural Examination

By: Alan Jones (posted on May 2, 2004)

In this paper a study is made of the Linux packet manipulation framework, Netfilter, and the packet matching system built on top of it, IPTables.

Support guides for the Cyberguard Firewall Appliance

By: Chris Bodill (posted on November 19, 2003)

This paper combines various troubleshooting guides, how-to, tips and warnings known to date, for the Cyberguard Firewall Appliance, aimed to be both functional and practical.

Configuring Watchguard Proxies: A Guideline to Supplementing Virus Protection and Policy Enforcement

By: Alan Mercer (posted on November 6, 2003)

This paper focuses upon the layered use of the Watchguard Live Security System (LSS) proxy services to mitigate these risks and reduce exposure.

High Availability Firewall - WatchGuard Firebox Vclass V60

By: Wee Leng Chia (posted on November 6, 2003)

This paper proposes that implementation of high availability firewalls in itself cannot be considered sufficient to ensure overall system reliability.

Private Internet Exchange: The Fastest Firewall in the World?

By: Keith Cancel (posted on October 31, 2003)

There are now numerous amounts of firewalls available in today's market with a wide array of speeds, strengths and weaknesses.

Sidewinder 5.1 Split DNS Architecture

By: Charlene Keltz (posted on October 31, 2003)

This paper provides an operating system overview of Sidewinder, a short overview of a Generic Split DNS Architecture, and explains Sidewinder's Secure Split DNS Architecture.

Using Open Source to Create a Cohesive Firewall/IDS System

By: Thomas Dager (posted on October 31, 2003)

In this paper the author discusses two main components of the layered defense, a firewall and intrusion detection system.

Active Net Steward - Distributed Firewall

By: Daniel L. Safeer (posted on October 31, 2003)

In this paper, the author addresses the question, "How do I deal with the implied trust afforded to users who are inside of the firewall, either physically or electronically (via VPN or dialup)?

Cisco Router Hardening Step-by-Step

By: Dana Graesser (posted on October 31, 2003)

The three main categories of routers in use at companies today are Internet Gateway routers, Corporate Internal routers and B2B routers which should all be given careful consideration from a security perspective, as each pose unique security problems that are addressed in this paper.

IPSec VPN Using FreeBSD

By: Greg Panula (posted on October 31, 2003)

This paper will demonstrate a way to setup an IPSec VPN that will allow for NAT'ing using FreeBSD boxes as the gateway machines.

Comparison Shopping for Scalable Firewall Products

By: Laura Keadle (posted on October 31, 2003)

No Network Designer worth their salt would dream of purchasing a router or switch without demanding benchmark test results on throughput and subscription rates.

Achieving Defense-in-Depth with Internal Firewalls

By: Steve Bridge (posted on October 31, 2003)

A sound security perimeter today requires more than a single firewall connected at the Internet router. By segmenting the network with multiple firewalls, we can achieve the holy grail of network security - Defense-In-Depth.

Proxies and Packet Filters in Plain English

By: Scott Algatt (posted on October 31, 2003)

The firewall's ability to decide what is and what is not allowed are configurations that are setup by the system administrator as policies or rules and define what traffic the firewall will or will not allow to enter the network.

Personal Firewalls - Protecting the Home Internet User

By: Bonnie McDougall (posted on October 31, 2003)

Firewalls were one of the first protectors of computer crime and before anyone downloads a Personal Firewall, they should have an understanding of how they work.

Application Level Content Scrubbers

By: Benjamin Sapiro (posted on October 31, 2003)

This paper presents an overview of some of the available content scrubbers (this is not meant to be a comprehensive product comparison).

Cisco Way

By: Joseph S. White (posted on October 31, 2003)

This document will be an overview to " Cisco SAFE: "A Security Blueprint for Enterprise Networks" (Convery).

Disconnect from the Internet - Whale's e-Gap In-Depth

By: Kevin Gennuso (posted on October 31, 2003)

While there are a number of variations on the air gap concept, the focus of this paper will be on one implementation of this technology: Whale Communications' e-Gap.

Protecting the Next Generation Network -Distributed Firewalls

By: Robert Gwaltney (posted on October 31, 2003)

Corporate networks are constantly changing to meet the needs of businesses and continue to expand in ways that we couldn't have imagined only a few years ago.

Fighting Cyber Terrorism - Where Do I Sign Up?

By: Pamela Dodge (posted on October 31, 2003)

Cyber attacks have historically not been treated in the same fashion as physical defense of the country.

A Layer-7 Secure Security Posture

By: Paul Vinciguerra (posted on October 31, 2003)

This paper intends on applying the lessons learned from the lower levels of the OSI model to the upper layers.

CBAC - Cisco IOS Firewall Feature Set Foundations

By: Evan Davies (posted on October 31, 2003)

This paper discusses the operation and configuration of CBAC.

Building an IPv6 Firewall with OpenBSD

By: Eric Millican (posted on October 31, 2003)

This paper is intended to be a how-to for IPv6 firewalls running on OpenBSD 3.0. It will cover the basics of installing OpenBSD, setting up a tunnel to the 6Bone, and configuring the Packet Filter firewall included with OpenBSD.

A Review Of Floppy-Based Firewalls And Their Security Considerations

By: Sean Closson (posted on October 31, 2003)

For the user that is evaluating inexpensive perimeter firewall solutions, this paper discusses the features and security implications amongst three of the more popular choices available, providing an understanding of floppy disk-based firewalls and some of the technologies they employ.

Protecting the Network without Breaking the Bank

By: Gerald Clevenger (posted on October 31, 2003)

The high cost of securing a Network may drive managers to look for ways to outsource Network Security instead of using available resources.

The Firewall has been Installed, Now What? Developing a Local Firewall Security Policy

By: Richard Walker (posted on October 31, 2003)

This paper details the process I used to draft a perimeter device security policy for these firewalls.

Getting the Most out of your Firewall Logs

By: Matt Willard (posted on October 31, 2003)

The goal of this paper is use the logs of CheckPoint FW-1 v4.1 and provide examples of tools that will automate the process of maintaining and monitoring a firewall's logs.

Configuring a NetScreen Firewall: Best practice guideline for the basic setup of a NetScreen firewal

By: Robert Bayley (posted on October 31, 2003)

This paper will detail how to setup a NetScreen firewall using the command line configuration options.

The Installation and Configuration of a Cisco PIX Firewall with 3 Interfaces and a Stateful Failover

By: Steve Textor (posted on October 31, 2003)

This paper is intended to guide the reader through the installation and configuration of a Cisco PIX firewall.

Using ISA Server Logs to Interpret Network Traffic

By: Brian McKee (posted on October 31, 2003)

This paper focuses on ISA logs and how you can use them to interpret the types of traffic passed through the network.

IPFilter: A Unix Host-Based Firewall

By: Dana Price (posted on October 31, 2003)

This paper will explain the benefits of using IPFilter on a unix host by detailing its configuration and implementation on a Solaris 8 SPARC box, and providing examples users can follow to safeguard their machines against some of the more popular remote exploits.

Securing Extranet Connections

By: Jeff Pipping (posted on October 31, 2003)

This paper will present one solution to securing a large number of extranet connections. In particular, the focus will be on the corporation who is the extranet network provider, or at the hub of a large extranet.

Securing Solaris Servers Using Host-based Firewalls

By: William Kirt Karl (posted on October 31, 2003)

This paper will cover the addition of security to several Solaris servers through the use of host-based firewall software.

Denial of Service Attacks and the Emergence of "Intrusion Prevention Systems"

By: Adrian Brindley (posted on October 31, 2003)

The objective of this paper is to give a review of DoS / DDoS attacks, provide a list of basic network attack prevention techniques, provide a brief comparison of current and emerging Intrusion Prevention devices available and to give an example implementation scenario using one of these products.

Build your own firewall using SuSE Linux: A mechanics guide.

By: Paul ONeil (posted on October 31, 2003)

The following paper describes the different tools that can be used in setting up an appropriate router and firewall combination using Linux that offers the necessary functionality and security to its users as well as the means to monitor it by an administrator.

Case Study: Deploying and Configuring a Netscreen 100 Firewall Appliance to Secure the Network

By: James Murphy (posted on October 31, 2003)

The purpose of this document is to show the reader on how I deployed the Netscreen 100 firewall security appliance.

Using The Cisco Pix Device Manager

By: Jason Holcomb (posted on October 31, 2003)

This paper examines the PDM starting with an overview of the PIX, requirements of the PDM software, initial configuration guide, and finally a walkthrough of the software.

Long Distance Failover - High Availability using Cisco PIX Firewall

By: Chris Ellem (posted on October 31, 2003)

The purpose of this document is to provide information security professionals with an understanding of the requirements in implementing long distance failover using Cisco PIX Firewalls.

Secure Configuration of a Cisco 837 ADSL firewall router

By: Brett McIntosh (posted on October 31, 2003)

This paper describes, hopefully, a fairly typical small office/business scenario and one method to connect it securely to the Internet using a commercially available firewall/router, the Cisco 837 ADSL router.

Migrating Services Between Firewall Technologies

By: Andrew Barratt (posted on October 31, 2003)

This paper describes the considerations that are essential to address when a corporate firewall infrastructure is replaced with new technology.

Designing a DMZ

By: Scott Young (posted on October 31, 2003)

This paper takes a look at DMZ, which greatly increases the security of a network.

Choosing The Best Firewall

By: Gerhard Cronje (posted on October 31, 2003)

This paper briefly touches on most of the issues involved in choosing a firewall and provides a good starting point for selecting a firewall.

Solaris 8 and Checkpoint NG FP3 install with SSH, JASS and Syslog

By: Mike Shannon (posted on October 31, 2003)

This paper provides a detailed account of the pre-existing insecurity, a brief note of the catalytic event precipitating the actual changes to the firewall, a discussion of the implementation, and the results and ultimate success of the procedure 'hardening' the corporate firewall.

Scanning for viruses

By: Dan Boyd (posted on October 31, 2003)

In my first job position after college, I was hired to design and implement a firewall as well as a virus scanning mail solution and this paper addresses the processes I went through that increased security at this company.