Firewall Wizards mailing list archives
Teaching Firewalls (was: Firewall for Pedagogical Purposes)
From: chuck+fwwiz () snew com
Date: Mon, 12 Jan 1998 11:59:05 -0500 (EST)
Okay, a new thread. Comments? Never used Juno. Remember that the TIS FWTK is a toolkit - not a firewall, but a set of proxies that go onto a secure machine. Adding it to an unsecure machine means you have an unsecure machine running (secure) proxies. For teaching, I'd think it far more important to teach (just an off the cuff list): - TCP/IP and how it works - Filtering techniques (and why); - Various (common) protocols and their weaknesses and strengths. - Monitoring techniques (with IP security issues in mind) ==> answering "Why can't I use this UDP application through the FW?" ==> answering "Why do I need a machine inside to handle my mail users?" ==> answering "What risks does running MS Exchange through the firewall to my sales people pose?" ==> answering "How can I tell if I've been broken into?" ==> answering "Am I being attacked or is there just a broken server out there?" Then, perhaps, teach the OS of choice and how to shut services down, how to monitor the machine (securely), how to build/configure kernels, etc. I offer this because I have cleaned up firewalls set up by "trained" people who shouldn't pass a CNE test, who shouldn't be an SA. To design/run a firewall, using current technology and techniques, one must understand the protocols used, the applications (and what protocols they use and how they are vulnerable), proxies and filtering philosophies, and secure programming. If they can BUILD a firewall, then they can buy (a good) one and configure/run it. If they can't build one, and don't understand the issues, then they tend to not know why allowing "nfs" through the FW is bad - let alone argue against it to management. chuck chuck () snew com It is claimed, but unverified, that neil d. quiogue wrote: [...]
I'm not sure if this has been asked before. But does anyone know of a _good_ firewall for teaching purposes? It should be cost-effective since it's worthless to buy an expensive firewall for that purpose (or is it?). The Juniper fwtk, for example, has a license that is free for teaching purposes. I forgot about the TIS fwtk license but I believe it has the same line of thought.
Current thread:
- Firewall for Pedagogical Purposes neil d. quiogue (Jan 11)
- Teaching Firewalls (was: Firewall for Pedagogical Purposes) chuck+fwwiz (Jan 12)
- Re: Teaching Firewalls (was: Firewall for Pedagogical Purposes) neil d. quiogue (Jan 13)
- Message not available
- Re: Teaching Firewalls (was: Firewall for Pedagogical Purposes) Marcus J. Ranum (Jan 13)
- Teaching Firewalls (was: Firewall for Pedagogical Purposes) chuck+fwwiz (Jan 12)