Firewalls & Perimeter Protection
Featuring 81 Papers as of November 9, 2016
Forcepoint Review: Effective Measure of Defense Analyst Paper
by Eric Cole, PhD - November 9, 2016
Effective security is all about the quality of the solution, not the quantity of products. Indeed, buying more products can make the problem worse. All of the major breaches over the last several years have had one thing in common: Multiple products were issuing alerts, but there were too many alerts and not enough people charged with monitoring and responding to them. When that is the case, putting more products in place spreads current resources even thinner--the problem gets worse, not better. This paper explains the advantages of an integrated defense-in-depth approach to security and looks at how Forcepoint's integrated solution suite meets the needs of such an approach.
Out with the Old, In with the New: Replacing Traditional Antivirus Analyst Paper
by Barbara Filkins - November 2, 2016
- Associated Webcasts: Ready to Replace AV? Criteria to Evaluate NGAV Solutions
- Sponsored By: Carbon Black
Research over the past 10 years indicates that traditional antivirus products are rarely successful in detecting smart malware, unknown malware and malware-less attacks. This doesn’t mean that antivirus is “dead.” Instead, antivirus is growing up. Today, organizations look to spend their antivirus budget on replacing current solutions with next-generation antivirus (NGAV) platforms that can stop modern attacks. This paper provides a guide to evaluating NGAV solutions.
From the Trenches: SANS 2016 Survey on Security and Risk in the Financial Sector Analyst Paper
by G. Mark Hardy - October 18, 2016
- Associated Webcasts: From the Trenches, the SANS 2016 Survey on Security and Risk in the Financial Sector: Part 1 Incidents, Risks and Preparedness From the Trenches, the SANS 2016 Survey on Security and Risk in the Financial Sector: Part 2 Securing Financial Environments
- Sponsored By: ForeScout Technologies Guidance Software Arbor Networks WhiteHat Security NSFOCUS
The financial services industry is under a barrage of ransomware and spearphishing attacks that are rising dramatically. These top two attack vectors rely on the user to click something. Organizations enlist email security monitoring, enhanced security awareness training, endpoint detection and response, and firewalls/IDS/IPS to identify, stop and remediate threats. Yet, their preparedness to defend against attacks isn’t showing much improvement. Read on to learn more.
Exploits at the Endpoint: SANS 2016 Threat Landscape Survey Analyst Paper
by Lee Neely - August 10, 2016
- Associated Webcasts: 2016 Threat Landscape Survey Report: Europe Edition 2016 Threat Landscape Survey Report
- Sponsored By: Check Point Software Technologies, Inc.
The perfect storm it is upon us: Users with their many devices are falling victim to phishing and ransomware at alarming rates, with user actions at the endpoint representing the most common entry points allowing threats into organizations. Results reveal that ransomware, which spreads by phishing and web downloads, is the No. 1 type of malware making its way into organizations. Read on to learn more.
Can We Say Next-Gen Yet? State of Endpoint Security Analyst Paper
by G. W. Ray Davidson, PhD - March 16, 2016
- Associated Webcasts: SANS 2016 Endpoint Security Survey Part 1: The Evolving Definition of Endpoints SANS 2016 Endpoint Security Survey Part 2: Can We Say Next-Gen Yet?
- Sponsored By: Guidance Software IBM Sophos Inc. Malwarebytes Great Bay Software
The survey results show that although conventional devices such as desktops and servers represent the largest segment of endpoints connected to the network, the variety of endpoints is growing quickly. Read this survey results paper for insight into endpoint management strategies and processes.
The Edge (of the Network) is Everywhere Redefining the traditional sense of the perimeter by John Drosyk - January 14, 2016
Securing a network from untrusted access is not a new concept. It is an essential component to network design. Similar to the ancient city of Troy, networks are built with solid walls surrounding them in an attempt to prevent unauthorized access.
Infrastructure Security Architecture for Effective Security Monitoring STI Graduate Student Research
by Luciana Obregon - December 11, 2015
The biggest challenges that Information Security departments face is identifying the critical assets that makes an organization unique, locating these assets on the network, and building security defenses around them while maintaining functionality.
Tactical Data Diodes in Industrial Automation and Control Systems by Austin Scott - June 30, 2015
In recent years, there has been an increased interest in the use of Data Diodes (also known as unidirectional gateways) within Industrial Automation and Control System (IACS) networks. As a result, there has been a substantial amount of confusion around where and how best to use this effective barrier technology. Although not a direct replacement for Firewalls, Data Diodes are well suited for specific tasks within IACS networks such as data replication, system state monitoring, remote backup management and patch management. This paper demystifies the use of Data Diodes within the IACS domain by detailing the process and challenges of building a simple Data Diode and applying it an IACS network.
Nftables as a Second Language STI Graduate Student Research
by Kenton Groombridge - May 11, 2015
The iptables Linux kernel firewall has been around for a long time and many Linux users are well versed in it, but now a new player in town, nftables, is now merged into the Linux kernel source and is touted to replace iptables.
Small devices needs a large Firewall by Paul Mastad - August 18, 2014
Palo Alto Networks (PAN) next-generation firewall encapsulates a full line of products.
Advanced Network Protection with McAfee Next Generation Firewall Analyst Paper
by Dave Shackleford - June 19, 2014
- Associated Webcasts: Analyst Webcast: Advanced Network Protection with McAfee Next Generation Firewall
- Sponsored By: McAfee
A review of McAfee Next Generation Firewall by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including clustering and redundancy, numerous varieties of VPN access, policy options and features such as end-user identification and advanced anti-evasion tools
Health Care Cyberthreat Report: Widespread Compromises Detected, Compliance Nightmare on Horizon Analyst Paper
by Barbara Filkins - March 6, 2014
The use of threat intelligence to improve the security of information systems in the health care industry.
Testing Application Identification Features of Firewalls by William McGlasson - November 8, 2013
Firewalls have evolved over the last couple decades from simple packet filters as add-ons to an operating system to the latest application-layer firewalls running their own, sometimes purpose-built operating systems.
Real-World Testing of Next-Generation Firewalls Analyst Paper
by Dr. Eric Cole - September 13, 2013
Advice on what to expect from a next-generation firewall, features and business needs to consider, and a test methodology for IT and business professionals to use to enhance their investments in security through enhanced firewall capabilities.
Deploying a Vyatta Core Firewall by Jason Todd - September 20, 2010
It wasn’t long ago when simply placing a firewall in between your clients, servers, and the Internet was considered a good information security measure. For some organizations the firewall was put in place to simply check a box on a security audit without giving it much attention as to what the firewall was actually protecting, or not protecting. For many the firewall was viewed as a burden and tunneling protocols were developed to make applications work with firewalls.
Leveraging the Load Balancer to Fight DDoS by Brough Davis - July 29, 2010
DDoS (Distributed Denial of Service) attacks have been an ever increasing concern in the Internet world. As technologies becomes less expensive and the Internet grows it is becoming easier and profitable for criminal organizations and the naive vandal to launch destructive attacks on organizations (Mikovic et al., 2005). DDoS attacks are also becoming common tools for governments or activist groups to help serve political agendas (Ristic, 2005). Security professionals will likely always be one step behind new attack methods. In order to understand how Load Balancing technologies can be used to help mitigate DDoS attacks a quick DDoS and Load Balancing primer is needed.
Securing the Network Perimeter of a Community Bank by Steven Launius - December 17, 2009
Allocating the investment for perimeter protection and detection mechanisms can be an unique challenge with the budget of a smaller community bank. This paper’s purpose is to raise awareness of the external threats present to confidential customer information held on the private network of community banks, and recommend technologies and designs to protect the perimeter of the network, while taking heed of the limited resources of community banks.
Securing the Enterprise Service Bus: Protecting business critical web-services by Michael Taylor - April 23, 2009
My paper will briefly discuss Enterprise Web Services and the uses of Enterprise Service Buses, but will concentrate on potential threats and vulnerabilities to these and suggest suitable means to mitigate risks.
Intrusion Detection & Response - Leveraging Next Generation Firewall Technology by Ahmed Abdel-Aziz - March 26, 2009
This paper will address a recent trend in network security, which is leveraging next-generation firewalls (NGFW) at the network perimeter.
Perimeter Defense-in-Depth with Cisco ASA by Michael Simone - February 9, 2009
Over the course of this document, the reader will learn what to do to use the ASA security device for perimeter security, why these choices would be made, what best practices are, and business justifications for each of these decisions.
Human Being Firewall by Muhammad EL-Harmeel - January 9, 2009
This publication seeks to assist organizations in mitigating the risks from Human based attacks.
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco by Matt Austin - December 12, 2008
The focus of this paper is to demystify and review how to configure and deploy Juniper and Cisco firewalls in transparent mode.
Cleaning Up the Back Yard - A discussion on your mother's home network security. by Wil Knoll - November 3, 2008
It is possible to clean up the back yard with Free Open Source Software and a little design. Using off the shelf components and Open Source software the family geek can deploy a more multilayered security stance that will provide far more visibility and control over the network. This is not to say that large swaths of the Internet can be cleaned up just by plugging in a box, but to say that if anything should be a safe haven on the internet, it should be the family network, the backyard. It makes sense to clean up the backyard before taking on the world’s trash.
Check Point firewalls - rulebase cleanup and performance tuning by Barry Anderson - September 5, 2008
Firewall rulebases tend naturally toward disorder over time, and as the size of the ruleset grows, the performance of the firewall starts to suffer. In this paper, a simple procedure for culling unused rules and ordering the rulebase for performance will be presented.
Performing Egress Filtering by Dennis Distler - August 20, 2008
The purpose of this paper is to explain egress filtering and the risk that can be mitigated along with it.
Microsoft Vista Firewall; Dissected by Phil Kostenbader & Bob Rudis - August 9, 2007
The firewall provided by Microsoft has pretty much gone unchanged since windows 2000. Their release of the firewall included with Vista, however, has seen a few new and useful features. Under the right environment, it may be possible for large organizations to make use of this facility. But why would an organization consider dropping their current solution? Flexibility in the rule construction, the ability to apply a specific policy based on 'domain' authentication, multiple methods of policy distribution, or a single vendor solution may have some organizations considering a change.
Redefining your perimeter with MPLS - an integrated network solution by Vijay Sarvepalli - July 17, 2007
This paper attempts to help network and security professionals to meet the demand to build multiple logical networks on a single physical infrastructure.
Don't Just Patch, Protect! by Richard Sillito - May 1, 2007
Security analysts need to stop trying to be movie stars and start shaking up their networks and readdress how security is implemented.
XML Firewall Architecture and Best Practices for Configuration and Auditing by Don Patterson - April 30, 2007
This paper will discuss the building blocks of Web services, Web services threats and security requirements, the XML firewall for first-line perimeter defense, best practices for configuring an XML security gateway device, and industry recommended security testing procedures for ensuring the effectiveness of thsi security control.
Firewall Analysis and Operation Methods by Kim Cary - October 23, 2006
This paper shows how to leverage pre-install analysis data collection systems for post-install response via a selfservice security information application. This application was useful in securing and retaining the open community's good will for future security projects (without the motivation of a incident).
Wired 802.1x Security by Mohammed Younus - July 27, 2006
This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.
Egress Filtering FAQ by Chris Brenton - June 22, 2006
This FAQ covers the benefits of performing egress filtering on the end points of your perimeter.
Exploiting BlackICE When a Security Product has a Security Flaw by Peter Gara - July 9, 2005
This paper contains a fictional story about a computer expert who gets into evil ways and tries to denigrate his ex-colleague at her new workplace.
Regaining Control over your Mobile Users by Shelly Biller - June 23, 2005
No matter how much time or money some corporations spend on securing their network, once they allow mobile (laptop) users to connect to their internal network; they are exposing that network to a wide variety of security risks. Their once-secure network has now potentially become a hacker's playground.
Ethical Deception and Preemptive Deterrence in Network Security by Brian McFarland - May 17, 2005
Network administrators have several tools in their arsenal for thwarting such attacks such as firewalls and intrusion detection systems. A relatively recent concept developed to compliment existing network defense tools is the Honeypot.
Using Secure Sockets Layer bridging and content filtering mechanisms to provide defense in-depth when publishing SSL encrypted web hosts. by John Hallberg - May 5, 2005
In this paper we discuss the benefits of Secure Sockets Layer (SSL) bridging, also known as SSL initiation, a practice that allows Internet security professionals to successfully proxy encrypted traffic, thus enabling intrusion detection and/or prevention, virus detection, and content filtering of encrypted communications.
Utilizing Static Packet Filters to Enhance Network Security by Scott Foster - January 17, 2005
Many network installations today consist of a firewall to provide security between the increasing hostile environment of the Internet and the corporate network. This paper examines utilizing Access Control Lists to implement static packet filters at a network perimeter to enhance security in any sized network.
3Com Distributed Embedded Firewall by Kyle Kelliher - July 25, 2004
As the Internet community becomes more skilled in their use of attack tools, we are seeing an increase in the number and severity of Internet attacks. Internet neophytes and professionals alike are asking the same question "There are hundreds of thousands of computers on the Internet, why was my computer attacked?"
Netfilter and IPTables: A Structural Examination by Alan Jones - May 2, 2004
In this paper a study is made of the Linux packet manipulation framework, Netfilter, and the packet matching system built on top of it, IPTables.
Support guides for the Cyberguard Firewall Appliance by Chris Bodill - November 19, 2003
This paper combines various troubleshooting guides, how-to, tips and warnings known to date, for the Cyberguard Firewall Appliance, aimed to be both functional and practical.
High Availability Firewall - WatchGuard Firebox Vclass V60 by Wee Chia - November 6, 2003
This paper proposes that implementation of high availability firewalls in itself cannot be considered sufficient to ensure overall system reliability.
Configuring Watchguard Proxies: A Guideline to Supplementing Virus Protection and Policy Enforcement by Alan Mercer - November 6, 2003
This paper focuses upon the layered use of the Watchguard Live Security System (LSS) proxy services to mitigate these risks and reduce exposure.
Solaris 8 and Checkpoint NG FP3 install with SSH, JASS and Syslog by Mike Shannon - October 9, 2003
This paper provides a detailed account of the pre-existing insecurity, a brief note of the catalytic event precipitating the actual changes to the firewall, a discussion of the implementation, and the results and ultimate success of the procedure 'hardening' the corporate firewall.
Secure Configuration of a Cisco 837 ADSL firewall router by Brett McIntosh - September 8, 2003
This paper describes, hopefully, a fairly typical small office/business scenario and one method to connect it securely to the Internet using a commercially available firewall/router, the Cisco 837 ADSL router.
Migrating Services Between Firewall Technologies by Andrew Barratt - September 8, 2003
This paper describes the considerations that are essential to address when a corporate firewall infrastructure is replaced with new technology.
Long Distance Failover - High Availability using Cisco PIX Firewall by Chris Ellem - August 8, 2003
The purpose of this document is to provide information security professionals with an understanding of the requirements in implementing long distance failover using Cisco PIX Firewalls.
Build your own firewall using SuSE Linux: A mechanics guide. by Paul ONeil - July 14, 2003
The following paper describes the different tools that can be used in setting up an appropriate router and firewall combination using Linux that offers the necessary functionality and security to its users as well as the means to monitor it by an administrator.
Scanning for viruses by Dan Boyd - May 8, 2003
In my first job position after college, I was hired to design and implement a firewall as well as a virus scanning mail solution and this paper addresses the processes I went through that increased security at this company.
Case Study: Deploying and Configuring a Netscreen 100 Firewall Appliance to Secure the Network by James Murphy - February 13, 2003
The purpose of this document is to show the reader on how I deployed the Netscreen 100 firewall security appliance.
Using The Cisco Pix Device Manager by Jason Holcomb - January 25, 2003
This paper examines the PDM starting with an overview of the PIX, requirements of the PDM software, initial configuration guide, and finally a walkthrough of the software.
Denial of Service Attacks and the Emergence of "Intrusion Prevention Systems" by Adrian Brindley - November 1, 2002
The objective of this paper is to give a review of DoS / DDoS attacks, provide a list of basic network attack prevention techniques, provide a brief comparison of current and emerging Intrusion Prevention devices available and to give an example implementation scenario using one of these products.
Securing Solaris Servers Using Host-based Firewalls by William Karl - September 5, 2002
This paper will cover the addition of security to several Solaris servers through the use of host-based firewall software.
Securing Extranet Connections by Jeff Pipping - June 17, 2002
This paper will present one solution to securing a large number of extranet connections. In particular, the focus will be on the corporation who is the extranet network provider, or at the hub of a large extranet.
IPFilter: A Unix Host-Based Firewall by Dana Price - June 1, 2002
This paper will explain the benefits of using IPFilter on a unix host by detailing its configuration and implementation on a Solaris 8 SPARC box, and providing examples users can follow to safeguard their machines against some of the more popular remote exploits.
Using ISA Server Logs to Interpret Network Traffic by Brian McKee - May 3, 2002
This paper focuses on ISA logs and how you can use them to interpret the types of traffic passed through the network.
The Installation and Configuration of a Cisco PIX Firewall with 3 Interfaces and a Stateful Failover by Steve Textor - April 29, 2002
This paper is intended to guide the reader through the installation and configuration of a Cisco PIX firewall.
Configuring a NetScreen Firewall: Best practice guideline for the basic setup of a NetScreen firewal by Robert Bayley - April 14, 2002
This paper will detail how to setup a NetScreen firewall using the command line configuration options.
Getting the Most out of your Firewall Logs by Matt Willard - April 12, 2002
The goal of this paper is use the logs of CheckPoint FW-1 v4.1 and provide examples of tools that will automate the process of maintaining and monitoring a firewall's logs.
The Firewall has been Installed, Now What? Developing a Local Firewall Security Policy by Richard Walker - March 12, 2002
This paper details the process I used to draft a perimeter device security policy for these firewalls.
Protecting the Network without Breaking the Bank by Gerald Clevenger - March 11, 2002
The high cost of securing a Network may drive managers to look for ways to outsource Network Security instead of using available resources.
A Review Of Floppy-Based Firewalls And Their Security Considerations by Sean Closson - March 7, 2002
For the user that is evaluating inexpensive perimeter firewall solutions, this paper discusses the features and security implications amongst three of the more popular choices available, providing an understanding of floppy disk-based firewalls and some of the technologies they employ.
Building an IPv6 Firewall with OpenBSD by Eric Millican - March 1, 2002
This paper is intended to be a how-to for IPv6 firewalls running on OpenBSD 3.0. It will cover the basics of installing OpenBSD, setting up a tunnel to the 6Bone, and configuring the Packet Filter firewall included with OpenBSD.
CBAC - Cisco IOS Firewall Feature Set Foundations by Evan Davies - February 18, 2002
This paper discusses the operation and configuration of CBAC.
A Layer-7 Secure Security Posture by Paul Vinciguerra - November 17, 2001
This paper intends on applying the lessons learned from the lower levels of the OSI model to the upper layers.
Fighting Cyber Terrorism - Where Do I Sign Up? by Pamela Dodge - October 15, 2001
Cyber attacks have historically not been treated in the same fashion as physical defense of the country.
Protecting the Next Generation Network -Distributed Firewalls by Robert Gwaltney - October 7, 2001
Corporate networks are constantly changing to meet the needs of businesses and continue to expand in ways that we couldn't have imagined only a few years ago.
Disconnect from the Internet - Whale's e-Gap In-Depth by Kevin Gennuso - September 13, 2001
While there are a number of variations on the air gap concept, the focus of this paper will be on one implementation of this technology: Whale Communications' e-Gap.
Cisco Way by Joseph White - August 31, 2001
This document will be an overview to " Cisco SAFE: "A Security Blueprint for Enterprise Networks" (Convery).
Application Level Content Scrubbers by Benjamin Sapiro - August 22, 2001
This paper presents an overview of some of the available content scrubbers (this is not meant to be a comprehensive product comparison).
Personal Firewalls - Protecting the Home Internet User by Bonnie McDougall - August 17, 2001
Firewalls were one of the first protectors of computer crime and before anyone downloads a Personal Firewall, they should have an understanding of how they work.
Proxies and Packet Filters in Plain English by Scott Algatt - August 16, 2001
The firewall's ability to decide what is and what is not allowed are configurations that are setup by the system administrator as policies or rules and define what traffic the firewall will or will not allow to enter the network.
Achieving Defense-in-Depth with Internal Firewalls by Steve Bridge - August 15, 2001
A sound security perimeter today requires more than a single firewall connected at the Internet router. By segmenting the network with multiple firewalls, we can achieve the holy grail of network security - Defense-In-Depth.
Comparison Shopping for Scalable Firewall Products by Laura Keadle - August 13, 2001
No Network Designer worth their salt would dream of purchasing a router or switch without demanding benchmark test results on throughput and subscription rates.
IPSec VPN Using FreeBSD by Greg Panula - July 26, 2001
This paper will demonstrate a way to setup an IPSec VPN that will allow for NAT'ing using FreeBSD boxes as the gateway machines.
Cisco Router Hardening Step-by-Step by Dana Graesser - July 25, 2001
The three main categories of routers in use at companies today are Internet Gateway routers, Corporate Internal routers and B2B routers which should all be given careful consideration from a security perspective, as each pose unique security problems that are addressed in this paper.
Active Net Steward - Distributed Firewall by Daniel Safeer - July 20, 2001
In this paper, the author addresses the question, "How do I deal with the implied trust afforded to users who are inside of the firewall, either physically or electronically (via VPN or dialup)?
Using Open Source to Create a Cohesive Firewall/IDS System by Thomas Dager - July 9, 2001
In this paper the author discusses two main components of the layered defense, a firewall and intrusion detection system.
Sidewinder 5.1 Split DNS Architecture by Charlene Keltz - July 8, 2001
This paper provides an operating system overview of Sidewinder, a short overview of a Generic Split DNS Architecture, and explains Sidewinder's Secure Split DNS Architecture.
Private Internet Exchange: The Fastest Firewall in the World? by Keith Cancel - July 6, 2001
There are now numerous amounts of firewalls available in today's market with a wide array of speeds, strengths and weaknesses.
Choosing The Best Firewall by Gerhard Cronje - April 10, 2001
This paper briefly touches on most of the issues involved in choosing a firewall and provides a good starting point for selecting a firewall.
Designing a DMZ by Scott Young - March 26, 2001
This paper takes a look at DMZ, which greatly increases the security of a network.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.