RE: Firewalls

[Golden_Eternity]

> What is the difference between the various levels of Firewalls.
> My current requirement is comparing a (router-based) level 3 firewall to a
> (PIX) level 7 firewall.   Can anyone explain the differences?

The different layers being discussed are the from the OSI networking model.
So, a layer 7 firewall would be an application layer firewall (e.g., a
proxy) while a layer 3 firewall would be network layer (e.g., packet
filtering).

-G_E

Re: Firewalls

[Shane M Ryan]

They are referring to the OSI model.  Just look in any TCP/IP text book and
it will make sense.

Highlights:

Level 3)  IP addresses, routing
Level 4)  Ports (tcp/udp)
Level 7) Application intelligence, like detecting activeX plugins, java, etc




- Original Message -
From: "David Campbell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 01, 2002 2:27 PM
Subject: Firewalls


> What is the difference between the various levels of Firewalls.  My
current
> requirement is comparing a (router-based) level 3 firewall to a (PIX)
level
> 7 firewall.   Can anyone explain the differences?
>
> Does anyone know of a good resource that defines/compares the attributes
of
> firewalls of different levels (perhaps in tabular form)?
>
> Thanks,
>
> Dave
>
>
>

RE: Firewalls

[Yinal Ozkan]

Levels map to the OSI layers of TCP/IP.. Level 3 is network level or level 7
is the application level. At level 7 the firewall can differentiate the
applications such as HTTP or SMTP.. There are many pros and cons (speed,
security etc..)
Check out: NIST's SP 800-41 Guidelines on Firewalls and Firewall Policy @
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf

FYI,
yinal.


-Original Message-
From: David Campbell [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 01, 2002 3:27 PM
To: [EMAIL PROTECTED]
Subject: Firewalls


What is the difference between the various levels of Firewalls.  My current
requirement is comparing a (router-based) level 3 firewall to a (PIX) level
7 firewall.   Can anyone explain the differences?

Does anyone know of a good resource that defines/compares the attributes of
firewalls of different levels (perhaps in tabular form)?

Thanks,

Dave

RE: Firewalls

[MeaCulpa]

Can't help you out in the tabula form...

Anyways, a level 3 firewall (router based as you say) works at the
network layer. Thus security will be based on source and/or destination
IP. Also ports can be used. You create packet filters / port mapping,
naming depends on the used products. Cisco calls them ACL.'s

One problem... They only route packets... They hardly check a damn
thing. Well, some flag settings : )

A level 7 firewall will do Application Filtering. For instance, it could
detect a HTTP string and decided that the content will not go throught
(remember Nimda et al). 

A good resource for more firewall information could be
http://rr.sans.org or you might try http://www.firetower.com.

O, I was writing this msg and I checked firetower.com for yah: Here's a
link with all the info... The link might even correct what I wrote, I am
just to damn lazy to verify

http://www.firetower.com/forum/applicationproxy.html

meaculpa

-Original Message-
From: David Campbell [mailto:[EMAIL PROTECTED]] 
Sent: Monday, April 01, 2002 10:27 PM
To: [EMAIL PROTECTED]
Subject: Firewalls


What is the difference between the various levels of Firewalls.  My
current requirement is comparing a (router-based) level 3 firewall to a
(PIX) level
7 firewall.   Can anyone explain the differences?

Does anyone know of a good resource that defines/compares the attributes
of firewalls of different levels (perhaps in tabular form)?

Thanks,

Dave

Re: firewalls

[Jason Dixon]

The difference is negligible, given that the individual is an expert in 
their respective operating system.  The proof is in the pudding... which 
ones are *easier* to configure initially, easier to maintain in the long 
run, and requires the least security patches?  OpenBSD wins *hands_down* on 
the first requirement.  The 2nd depends (again) on how competent a SysAdmin 
you are on the particular system.  The 3rd is highly subjective... Linux 
probably requires more patching per system than most other OS's... Windows 
included.  This is due to two primary influences...

1) The code is open, leading to much more peer review than found in 
proprietary systems, ala Solaris and Windows.
2) Is much more widespread in use than other unices, ala the *BSD's.

That said, Solaris still requires much more patching than I'd ever put up 
with in a firewall.  OpenBSD and NetBSD both require occassional patching, 
but this is usually not the type of code fix that leaves the system open to 
remote attack (as you've referred to).  The BSD's are wonderful in that you 
can set them up and let them rock (excluding the occassional security audit).


Security is not a product, it's a process.



-J.

At 07:28 PM 1/26/2002 +0100, DocValde wrote:
>Hallo Enphourell Security,
>am Samstag, 26. Januar 2002 um 10:27:50 schrieben Sie:
>
>ES>  Which OS do you guys think would make the best firewall, OpenBSD or 
>Linux?
>
>What a question! My first thought was "The one you're most familiar
>with!". But well, OpenBSD shouts to the world:"4 1/2 years without
>remote vulnerability!". I think the difference minimizes when you are
>a pro in Debian Linux, for example. Other thoughts?
>
>Doc.
>
>--
>
>DocValde
>
>web:   http://www.DocValde.net
>eMail: [EMAIL PROTECTED]


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Re: firewalls

[Jim Swanson]

 From personal experience, IPf (now PF) and NAT on OpenBSD are easier to 
set up than IP Chains, and are pretty straightforward.  Check out 
http://www.openlysecure.org for a little better idea of how each works.

Jim Swanson

DocValde wrote:

> Hallo Enphourell Security,
> am Samstag, 26. Januar 2002 um 10:27:50 schrieben Sie:
> 
> ES>  Which OS do you guys think would make the best firewall, OpenBSD or Linux?
> 
> What a question! My first thought was "The one you're most familiar
> with!". But well, OpenBSD shouts to the world:"4 1/2 years without
> remote vulnerability!". I think the difference minimizes when you are
> a pro in Debian Linux, for example. Other thoughts?
> 
> Doc.
> 
> --
> 
> DocValde
> 
> web:   http://www.DocValde.net
> eMail: [EMAIL PROTECTED]
> 

Re: firewalls

[Enphourell Security]

Thanks alot guys, sometimes I need that concensus.  OpenBSD is my first choice usually 
when I have to build something that needs to be secure.  I just wanted to see if 
anyone though linux with iptables might be a better choice than OPenBSD with pf, for 
some reason.


On Sat, 26 Jan 2002 19:28:47 +0100
DocValde <[EMAIL PROTECTED]> wrote:

> Hallo Enphourell Security,
> am Samstag, 26. Januar 2002 um 10:27:50 schrieben Sie:
> 
> ES>  Which OS do you guys think would make the best firewall, OpenBSD or Linux?
> 
> What a question! My first thought was "The one you're most familiar
> with!". But well, OpenBSD shouts to the world:"4 1/2 years without
> remote vulnerability!". I think the difference minimizes when you are
> a pro in Debian Linux, for example. Other thoughts?
> 
> Doc.
> 
> --
> 
> DocValde
> 
> web:   http://www.DocValde.net
> eMail: [EMAIL PROTECTED]
> 
> 

Re: firewalls

[Jeffrey Keyser]

> Which OS do you guys think would make the best firewall, OpenBSD or
> Linux?

While the various flavors of Linux can be secured, OpenBSD is built from the
ground up with security in mind.

Good luck,
Jeffrey C. Keyser

Re: firewalls

[DocValde]

Hallo Enphourell Security,
am Samstag, 26. Januar 2002 um 10:27:50 schrieben Sie:

ES>  Which OS do you guys think would make the best firewall, OpenBSD or Linux?

What a question! My first thought was "The one you're most familiar
with!". But well, OpenBSD shouts to the world:"4 1/2 years without
remote vulnerability!". I think the difference minimizes when you are
a pro in Debian Linux, for example. Other thoughts?

Doc.

--

DocValde

web:   http://www.DocValde.net
eMail: [EMAIL PROTECTED]

RE: firewalls

[Hornat, Charles]

Bypassing a firewall is a good question to be asked my security engineers.  And 
probably half of the people on this list know methods to beat different types of 
firewalls.  For those of you familiar with SANS, they offer classes that touch on this 
topic, like the Firewall class and the advanced hacker tools class.

however, it is important to note that there are different types of firewalls using 
different methods of protecting.  There are 3 basic types of Firewall systems used 
today:
·   Packet Filtering
·   Application Gateway Proxy
·   Stateful Inspection
And please don't exclude the personal software firewalls like Zonealarm, Blackice and 
so on.

Most hacks I see today are attacks that go right through the firewalls.  Like the new 
AIM exploit.  Or the old Unicode on IIS exploit.  If you had a web server, port 80 was 
open.  And allowed.  So why go through the trouble of going around, when you can pass 
through unnoticed?

In addition, to answer your question.  I suggest you check out some hack sites.  Like 
BSRF, Security Writers Guild, PacketStormSecurity, and so on.  They provide 
documentation and tools to help you achieve this very task.

Good Luck,

Chalres




The information contained in this message is intended only for the recipient, may be 
privileged and confidential and protected from disclosure. If the reader of this 
message is not the intended recipient, or an employee or agent responsible for 
delivering this message to the intended recipient, please be aware that any 
dissemination or copying of this communication is strictly prohibited. If you have 
received this communication in error, please immediately notify us by replying to the 
message and deleting it from your computer.

Thank you,
Standard & Poor's

RE: firewalls

[Antti Hakulinen]

Well, for better understanding you can for example read the Firewall
piercing found in www.linuxdoc.org or something like that. I'm not pointing
you out to some stupid hacker sites, they are usually full of crap.
(Maybe this guy is testing he's network??) ;)
Theres plenty of keys around those. Learn all about routers n firewalls etc
etc, and think and check about currently used network configuration about
how everything is connected between themselfes and what type of equipment is
being used. These things always depends on so many other things. ;)

Regards:Antti.

-Original Message-
From: Meritt James [mailto:[EMAIL PROTECTED]]
Sent: 2. tammikuuta 2002 22:32
To: Michael Watson
Cc: [EMAIL PROTECTED]
Subject: Re: firewalls


That sort of would defeat the purpose, wouldn't it?

Michael Watson wrote:
> 
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> happy new year everyone!
> 
> i was wondering if anyone could direct me to some detailed
> information on bypassing firewalls. thanks.
> 
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBPC9uba1t3nvSFCbREQJgygCggsnJdmXXsMDa18vWwxnxZrHgDRIAoKgQ
> mFpEn5eHc6gEECqR/LECnIUL
> =a6bh
> -END PGP SIGNATURE-

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
###

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.

RE: firewalls

[Robert Clark]

Why do you want to bypass a firewall? It's there for your
protectionand to keep you out of trouble.

> -Original Message-
> From: Michael Watson [mailto:[EMAIL PROTECTED]] 
> Sent: Sunday, December 30, 2001 1:44 PM
> To: [EMAIL PROTECTED]
> Subject: firewalls
> 
> 
>  
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> happy new year everyone!
> 
> i was wondering if anyone could direct me to some detailed 
> information on bypassing firewalls. thanks.
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
> 
> iQA/AwUBPC9uba1t3nvSFCbREQJgygCggsnJdmXXsMDa18vWwxnxZrHgDRIAoKgQ
> mFpEn5eHc6gEECqR/LECnIUL
> =a6bh
> -END PGP SIGNATURE-
> 
> 
> 

Re: firewalls

[Meritt James]

That sort of would defeat the purpose, wouldn't it?

Michael Watson wrote:
> 
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> happy new year everyone!
> 
> i was wondering if anyone could direct me to some detailed
> information on bypassing firewalls. thanks.
> 
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
> 
> iQA/AwUBPC9uba1t3nvSFCbREQJgygCggsnJdmXXsMDa18vWwxnxZrHgDRIAoKgQ
> mFpEn5eHc6gEECqR/LECnIUL
> =a6bh
> -END PGP SIGNATURE-

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

RE: Firewalls

[Pradeep Kumar]

HAs anyone test driven this ? I went to the site and found it very
proffessionally presented.
-P

-Original Message-
From: Rick Bestany [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 15, 2001 2:07 PM
To: Joe Heaton; [EMAIL PROTECTED]
Subject: RE: Firewalls


http://www.smoothwall.org/gpl/about/

> -Original Message-
> From: Joe Heaton [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 15, 2001 2:27 PM
> To: [EMAIL PROTECTED]
> Subject: Firewalls
>
>
> My company is looking to replace our current firewall, and I have
> been given
> the dubious task of finding and recommending a product.  I am personally
> looking at either Checkpoin FW-1, and Raptor, which is now Symantec
> Enterprise Firewall.  I would greatly appreciate any input regarding these
> two products, and, if you have any knowledge, the startup cost.  I already
> have the hardware, I just need the software.  I currently have
> approximately
> 100 nodes, if that helps at all.
>
> Thanks in advance,
>
> Joseph L. Heaton, MCSE
> NT Administrator
> FDI Consulting, Inc.
>
>