Many companies use firewall systems that are not strictly firewalls. They are used to block dangerous traffic only.
The essence of a firewall system is to allow or deny passage to network traffic. They are application level for particular communications protocols, such as HTTP, e-mail, FTP (You need to configure the rule)
For example, if you decided to block all active X, you then program the proxy to check the contents of all HTML and block those that have active X.
Filter types:Network filters based on application level proxies gives the programmers control over what passes across the firewall. Network filters based on circuit-level proxies have better performance such as IP packet-filtering system.
Logging: A firewall performs exhaustive logging with tools to analyse the log and summarise the log.
Administration: Some firewalls are configured with graphical user interfaces, others use text only.
Simplicity: Good firewall systems are simple. The proxies are small and easy to understand.
Tunneling: Some firewall systems provide the ability to setup up an encrypting tunnel across the Internet in order to securely connect two networks. ( Tunneling is the transmission of data intended for use only within a private, usually corporate network through the Internet in such a way that the routing node s in the Internet are unaware that the transmission is part of a private network. VPN is an example.)
Products No need to memorise Available a a software-only package or as a turnkey combination. Gauntlet Packet filtering an stateful inspection for NT and Unix Firewall-1 Uses application and circuit level proxy and is available for NT and Unix machines Eagle Unix to support packet filtering, application and circuit-level. CyberGuard A Unix-only system for both application-level and packet-level BorderWare Uses a combination of packet filters, application level proxies and circuit-level AltaVista Feature Product
The first column indicates whether it is allowed or blocked that traffic.
The second and third columns indicate which traffic shows from the source. Here port number is specified as well.
The fourth and fifth columns indicate that outgoing (destination) traffic. Again, port number is specified as well.
Flags indicates whether it is an
Another simple example – block IE and allow FTP
Assume that you need to provide filter exceptions for outgoing connections to the FTP (port 21) and the data sent back in response to those connections. We simply block all traffic expect FTP.
important ftp - incoming ACK * * 21 * Allow ftp - outgoing * 21 * * [internal user] Allow Block all * * * * * Block Comment Flags Port Dest Port Src Action
Picture – Gopher protocol is blocked, the table is in the Proxy
A simple example – application level – outgoing, linux environment
If the firewall uses application level proxy to provide Internet access, we need to enable separate proxies for each of the protocols commonly used on the Web such as HTTP, FTP, SSL. Below is an example for FTP for a Class C network at 189.45.56
#rules for the FTP gateway
ftp-gw: denial-msg /usr/local/ect/ftp-deny.txt
ftp-gw: welcome-msg /us/local/ect/ftp-welcome.txt
ftp-gw: help-msg /usr/local/etc/ftp-help.txt
ftp-gw: timeout 3600
ftp-gw: deny-hosts unknown
ftp-gw: permit-hosts 189.45.56.*
#rules for the http/gopher gateway
http-gw: permit-hosts 189.45.56.*
No need to memorise , step by step, but have to understand