| Author |
Message |
Nick Roberts
Guest
|
 Posted:
Wed Jan 19, 2005 8:19 am Post subject:
What does a firewall do? |
|
|
I'll be as brief as possible. I am leading a project that is writing a new
operating system (yes, really), and naturally it will have an IP stack. This
entire stack will be written from scratch, and it will be written to be
secure (as will the entire OS).
I recently had an argument (in comp.lang.ada) with someone who simply could
not believe that a secure OS will completely obviate the need for any
firewall. Obviously, I believe that it will.
I'd be very, very grateful if someone could post a list of all the different
kinds of protection a really good firewall could be expected to provide. Be
as technical as possible (but no need for piles of detail).
I'll follow up such a post with some more details on the security of the OS.
--
Thanks in advance,
Nick Roberts |
|
| Back to top |
|
 |
Wolfgang Kueter
Guest
|
| Posted:
Wed Jan 19, 2005 4:10 pm Post subject:
Re: What does a firewall do? |
|
|
Nick Roberts wrote:
| Quote: | I'd be very, very grateful if someone could post a list of all the
different kinds of protection a really good firewall could be expected to
provide.
|
A firewall filters and controls network traffic on the layers that is
programmed to filter traffic. This can be any layer above the physical.
| Quote: | Be as technical as possible (but no need for piles of detail).
|
I tried to be as untechnical as possible, because that is adequate to the
level of of your question. After reading your posting I think you'd better
keep off from from writing an OS.
Wolfgang |
|
| Back to top |
|
|
Arthur Hagen
Guest
|
| Posted:
Wed Jan 19, 2005 6:45 pm Post subject:
Re: What does a firewall do? |
|
|
Nick Roberts <nick.roberts@acm.org> wrote:
| Quote: |
I'd be very, very grateful if someone could post a list of all the
different kinds of protection a really good firewall could be
expected to provide. Be as technical as possible (but no need for
piles of detail).
|
Exactly how grateful? The above is a request for *work*, and that requires
palm greasing.
--
*Art |
|
| Back to top |
|
|
CyberDroog
Guest
|
| Posted:
Wed Jan 19, 2005 7:23 pm Post subject:
Re: What does a firewall do? |
|
|
On Wed, 19 Jan 2005 06:14:19 +0000, Nick Roberts <nick.roberts@acm.org>
wrote:
| Quote: | I'll be as brief as possible. I am leading a project that is writing a new
operating system (yes, really), and naturally it will have an IP stack. This
entire stack will be written from scratch, and it will be written to be
secure (as will the entire OS).
I recently had an argument (in comp.lang.ada) with someone who simply could
not believe that a secure OS will completely obviate the need for any
firewall. Obviously, I believe that it will.
I'd be very, very grateful if someone could post a list of all the different
kinds of protection a really good firewall could be expected to provide. Be
as technical as possible (but no need for piles of detail).
|
I'd like to help but I'm busy leading a project to build the world's most
powerful supercollider. Not knowing much about physics has made this quite
a challenge.
If anybody who doesn't jump on this firewall question has time to tell me
how you get these little atom bastards to hit each other, I'd really
appreciate it!
--
The government consists of a gang of men exactly like you and me. They
have, taking one with another, no special talent for the business of
government; they have only a talent for getting and holding office. Their
principal device to that end is to search out groups who pant and pine for
something they can't get and to promise to give it to them. Nine times out
of ten that promise is worth nothing. The tenth time is made good by
looting A to satisfy B. In other words, government is a broker in pillage,
and every election is sort of an advance auction sale of stolen goods.
- H.L. Mencken |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Wed Jan 19, 2005 7:45 pm Post subject:
Re: What does a firewall do? |
|
|
In article <8pqsu01q1o4lk7jsoa61uc20qcpsg57c1c@4ax.com>,
CyberDroog@ClockworkOrange.com says...
| Quote: | I'd like to help but I'm busy leading a project to build the world's most
powerful supercollider. Not knowing much about physics has made this quite
a challenge.
If anybody who doesn't jump on this firewall question has time to tell me
how you get these little atom bastards to hit each other, I'd really
appreciate it!
|
You can't get them to smack into each other until you remove the
firewall, they don't like heat.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
Nick Roberts
Guest
|
| Posted:
Wed Jan 19, 2005 8:52 pm Post subject:
Re: What does a firewall do? |
|
|
CyberDroog <CyberDroog@ClockworkOrange.com> wrote:
| Quote: | I'd like to help but I'm busy leading a project to build the world's most
powerful supercollider. Not knowing much about physics has made this
quite a challenge.
If anybody who doesn't jump on this firewall question has time to tell me
how you get these little atom bastards to hit each other, I'd really
appreciate it!
|
Look, I appreciate a little dry humour on Usenet -- it's rare enough for
anyone to show any wit these days -- but I suspect that I didn't phrase the
question in quite the right way. Let me try again.
I am a computer professional who has worked in the industry for 22 years, on
embedded systems and systems software of all kinds. I have been studying
systems software and operating systems technology /all my life/. It just so
happens that I am not an expert on firewall technology, and I would
appreciate somebody being kind enough to volunteer some information about
them. Please?
--
Nick Roberts |
|
| Back to top |
|
|
Nick Roberts
Guest
|
| Posted:
Wed Jan 19, 2005 8:53 pm Post subject:
Re: What does a firewall do? |
|
|
"Arthur Hagen" <art@broomstick.com> wrote:
| Quote: | ...
Exactly how grateful? The above is a request for *work*, and that
requires palm greasing.
|
I understand if you don't have the time -- time is money -- I'd just be
grateful if someone could spare a little time to help me. I try to spare
some time to help others on Usenet when I can.
--
Nick Roberts |
|
| Back to top |
|
|
Nick Roberts
Guest
|
| Posted:
Wed Jan 19, 2005 8:57 pm Post subject:
Re: What does a firewall do? |
|
|
Wolfgang Kueter <wolfgang@shconnect.de> wrote:
| Quote: | A firewall filters and controls network traffic on the layers that is
programmed to filter traffic. This can be any layer above the physical.
Be as technical as possible (but no need for piles of detail).
I tried to be as untechnical as possible, because that is adequate to the
level of of your question. After reading your posting I think you'd better
keep off from from writing an OS.
|
As I replied to another replier, I think you may have got the wrong
impression. I am grateful for any replies, but would you be willing, please,
to actually make you answer as technical as possible? I'll tell you if I
don't understand anything.
--
Nick Roberts |
|
| Back to top |
|
|
Geoff
Guest
|
| Posted:
Wed Jan 19, 2005 9:05 pm Post subject:
Re: What does a firewall do? |
|
|
On Wed, 19 Jan 2005 14:23:16 +0000, CyberDroog wrote:
| Quote: |
I'd like to help but I'm busy leading a project to build the world's
most powerful supercollider. Not knowing much about physics has made
this quite a challenge.
If anybody who doesn't jump on this firewall question has time to tell
me how you get these little atom bastards to hit each other, I'd really
appreciate it!
|
Route 'em through Usenet, the flames are hotter than anything seen since
the Big Bang and half the inhabitants would be delighted to hit the other
half if only the opportunity arose.
(I love the Mencken btw)
Geoff
Geoff |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Wed Jan 19, 2005 9:06 pm Post subject:
Re: What does a firewall do? |
|
|
In article <gemini.iakmsx000nypa01u4.nick.roberts@acm.org>,
nick.roberts@acm.org says...
| Quote: | "Arthur Hagen" <art@broomstick.com> wrote:
...
Exactly how grateful? The above is a request for *work*, and that
requires palm greasing.
I understand if you don't have the time -- time is money -- I'd just be
grateful if someone could spare a little time to help me. I try to spare
some time to help others on Usenet when I can.
|
What you are asking for is that someone take the time to retype what's
already available in google searches. While I can understand your
wanting to know, we, as professionals, do expect that people with a
desire to learn will at least scan the Internet for information before
asking for such detailed information.
The answer could entail spending hours typing a proper response, or we
could let you read up on firewalls, then post any questions you have
that you were not able to understand to your satisfaction.
The short of it - Firewalls block access to networks and services that
you don't configure them to allow access to. Firewalls also allow access
to specific services/networks without allowing access to non-configured
services/networks.
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
IPGrunt
Guest
|
| Posted:
Wed Jan 19, 2005 9:24 pm Post subject:
Re: What does a firewall do? |
|
|
Nick Roberts <nick.roberts@acm.org> confessed in
news:gemini.iajvzu001jomo04h4.nick.roberts@acm.org:
| Quote: | I'll be as brief as possible. I am leading a project that is writing a
new
operating system (yes, really), and naturally it will have an IP stack.
This
entire stack will be written from scratch, and it will be written to be
secure (as will the entire OS).
I recently had an argument (in comp.lang.ada) with someone who simply
could
not believe that a secure OS will completely obviate the need for any
firewall. Obviously, I believe that it will.
I'd be very, very grateful if someone could post a list of all the
different
kinds of protection a really good firewall could be expected to provide.
Be
as technical as possible (but no need for piles of detail).
I'll follow up such a post with some more details on the security of the
OS.
|
Hard to get a straight answer here, isn't it? I have no problem with your
question and will answer briefly.
Basically, a firewall does what a good protocol stack *should* do: controls
when ports are opened and closed, according to a rule set.
As an adjunct, firewalls these days are also part router, in that they
provide a port proxy service by implemeting network address translation,
and part filter, in that they can provide arbitrary port blocking (never
accept connections on port 111, for instance).
But one of the most important features that firewalls provide is so-called
"statewise" or "stateful" port access control, in that the firewall
software maintains an open connection table that records the source of an
open port, and acts accordingly, allowing packets from only that source to
enter that particular port, blocking packets from any other address.
Firewalls also provide very good logging capabilities these days, so add
that to your list.
Finally, firewalls are now managing private channels through public
transports, like VPN, using both standard and proprietary protocols. Some
of these involve data packet encryption/decryption using symmetric and
asymmetric key mechansism, for example, IPSec.
As we move toward universal use of IP6, some of these functions will
migrate naturally to the network stack, however, I say it's high time to
move firewalling, or at perhaps the hooks and stubs for firewalling
appliances inside the network stack. In this century, networking without
security is a fool's undertaking.
-- ipgrunt |
|
| Back to top |
|
|
Jose Maria Lopez Hernande
Guest
|
| Posted:
Wed Jan 19, 2005 9:55 pm Post subject:
Re: What does a firewall do? |
|
|
Wolfgang Kueter wrote:
| Quote: | Nick Roberts wrote:
I'd be very, very grateful if someone could post a list of all the
different kinds of protection a really good firewall could be expected to
provide.
A firewall filters and controls network traffic on the layers that is
programmed to filter traffic. This can be any layer above the physical.
|
To complete a little your answer there are basically three kinds of
firewalls:
Packet firewalls: They only allow/deny packets or sessions without
checking the payloads. Example: Netfilter/iptables for Linux.
Level 7 firewall: They allow/deny checking the payloads of the packets.
Example: l7 filter proyect for Linux
Proxy firewalls: The allow/deny connections checking the protocols of
each session that goes through the firewall. Example: TREX or fwtk.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road" |
|
| Back to top |
|
|
Arthur Hagen
Guest
|
| Posted:
Wed Jan 19, 2005 10:29 pm Post subject:
Re: What does a firewall do? |
|
|
IPGrunt <me@privacy.net> wrote:
| Quote: |
Basically, a firewall does what a good protocol stack *should* do:
controls when ports are opened and closed, according to a rule set.
|
Not exactly. An endpoint should never drop a packet intended for it, but
either accept or reject it (in which case there will be a packet back).
A firewall, on the other hand, doesn't normally[1] reject packets, but
silently discards them. Big difference.
[1]: The most common exception being the ident/auth port, which many
firewall implementations will mark as closed instead of discarding the
packets -- this greatly increases the speed of the hello phase for services
that can use auth (like SMTP (email) and to some extent FTP).
Regards,
--
*Art |
|
| Back to top |
|
|
Duane Arnold
Guest
|
| Posted:
Wed Jan 19, 2005 10:35 pm Post subject:
Re: What does a firewall do? |
|
|
| Quote: |
I am a computer professional who has worked in the industry for 22
years, on embedded systems and systems software of all kinds. I have
been studying systems software and operating systems technology /all
my life/. It just so happens that I am not an expert on firewall
technology, and I would appreciate somebody being kind enough to
volunteer some information about them. Please?
|
I am not into typing.
http://tinyurl.com/4awxu
Duane :) |
|
| Back to top |
|
|
Casey
Guest
|
| Posted:
Wed Jan 19, 2005 11:38 pm Post subject:
Re: What does a firewall do? |
|
|
In article <gemini.iajvzu001jomo04h4.nick.roberts@acm.org>,
nick.roberts@acm.org says...
| Quote: | I'll be as brief as possible. I am leading a project that is writing a new
operating system (yes, really), and naturally it will have an IP stack. This
entire stack will be written from scratch, and it will be written to be
secure (as will the entire OS).
I recently had an argument (in comp.lang.ada) with someone who simply could
not believe that a secure OS will completely obviate the need for any
firewall. Obviously, I believe that it will.
I'd be very, very grateful if someone could post a list of all the different
kinds of protection a really good firewall could be expected to provide. Be
as technical as possible (but no need for piles of detail).
I'll follow up such a post with some more details on the security of the OS.
Check here for firewall features. (see whats inside) |
http://smb.sygate.com/products/spf/comparison_spf.htm |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in