Firewall Wizards mailing list archives
RE: Teaching Firewalls (was: Firewall for Pedagogical Purposes)
From: John McDermott <jjm () jkintl com>
Date: Tue, 13 Jan 98 09:12:14
Chuck and Neil, I wrote and teach a firewalls class for a large worldwide training company. I follow Chuck's suggestions farily closely with some minor changes: --- On Mon, 12 Jan 1998 11:59:05 -0500 (EST) chuck+fwwiz () snew com wrote:
Okay, a new thread. Comments? Never used Juno. Remember that the TIS FWTK is a toolkit - not a firewall, but a set of proxies that go onto a secure machine. Adding it to an unsecure machine means you have an unsecure machine running (secure) proxies.
If you use the FWTK you'd probably have to require the attendees to know some programming. It is, as Chuck says, a toolkit. I've looked a Juniper and that may be the way to go, depending on your audience, I have friends who use it as the basis for a commercial product and like it very much. We chose to use Gauntlet for NT because 1) it runs on NT and the marketplace seems to like NT (for some reason :-), and 2) it is a popular commerical product, and it uses proxies.
For teaching, I'd think it far more important to teach (just an off the cuff list): - TCP/IP and how it works
We require this as background as our course is only four days. We do review some TCP and UDP essentials.
- Filtering techniques (and why);
This is very important. Our attendees write filters for Cisco routers.
- Various (common) protocols and their weaknesses and strengths.
This is very important, too. I will be adding more protocols in the next revision of the course, with more discussion of why a business wants each and what the dangers might be.
- Monitoring techniques (with IP security issues in mind) ==> answering "Why can't I use this UDP application through the FW?" ==> answering "Why do I need a machine inside to handle my mail users?" ==> answering "What risks does running MS Exchange through the firewall to my sales people pose?" ==> answering "How can I tell if I've been broken into?" ==> answering "Am I being attacked or is there just a broken server out there?"
These are also all good. answering "What do I do if I've been broken into (or think I have)?" is also important.
Then, perhaps, teach the OS of choice and how to shut services down, how to monitor the machine (securely), how to build/configure kernels, etc.
Time constrains us to doing just auditing, probing and some basic configuration. The limitation is largely because we do some UN*X and some NT in the same course. In fact, attendees choose their OS for most of the hands-on exericses. The company offers separate classes in Web, UNIX and NT security to do the OS specific stuff.
I offer this because I have cleaned up firewalls set up by "trained" people who shouldn't pass a CNE test, who shouldn't be an SA. To design/run a firewall, using current technology and techniques, one must understand the protocols used, the applications (and what protocols they use and how they are vulnerable), proxies and filtering philosophies, and secure programming.
I agree 100%. Just being able to use the GUI of xxx firewall is not enough. One should understand the different types of firewall architectures (e.g. how stateful filters and proxies differ) and what they do.
If they can BUILD a firewall, then they can buy (a good) one and configure/run it. If they can't build one, and don't understand the issues, then they tend to not know why allowing "nfs" through the FW is bad - let alone argue against it to management.
This is soooo true.
chuck chuck () snew com
--john
It is claimed, but unverified, that neil d. quiogue wrote: [...]I'm not sure if this has been asked before. But does anyone know of a _good_ firewall for teaching purposes? It should be cost-effective
since
it's worthless to buy an expensive firewall for that purpose (or is
it?).
The Juniper fwtk, for example, has a license that is free for teaching purposes. I forgot about the TIS fwtk license but I believe it has the same line of thought.
-----------------End of Original Message----------------- ------------------------------------- Name: John McDermott VOICE: 505/377-6293 FAX 505/377-6313 E-mail: John McDermott <jjm () jkintl com> Writer and Computer Consultant Author of Learning Tree International courses on Security and Firewalls -------------------------------------
Current thread:
- RE: Teaching Firewalls (was: Firewall for Pedagogical Purposes) John McDermott (Jan 13)
- <Possible follow-ups>
- Re: Teaching Firewalls (was: Firewall for Pedagogical Purposes) chuck yerkes (Jan 13)