Firewall Wizards mailing list archives
Teaching Firewalls (was: Firewall for Pedagogical Purposes)
From: chuck+fwwiz () snew com
Date: Mon, 12 Jan 1998 11:59:05 -0500 (EST)
Okay, a new thread. Comments?
Never used Juno. Remember that the TIS FWTK is a toolkit - not a
firewall, but a set of proxies that go onto a secure machine.
Adding it to an unsecure machine means you have an unsecure machine
running (secure) proxies.
For teaching, I'd think it far more important to teach (just an
off the cuff list):
- TCP/IP and how it works
- Filtering techniques (and why);
- Various (common) protocols and their weaknesses and strengths.
- Monitoring techniques (with IP security issues in mind)
==> answering "Why can't I use this UDP application through the FW?"
==> answering "Why do I need a machine inside to handle my mail users?"
==> answering "What risks does running MS Exchange through the
firewall to my sales people pose?"
==> answering "How can I tell if I've been broken into?"
==> answering "Am I being attacked or is there just a broken server
out there?"
Then, perhaps, teach the OS of choice and how to shut services down,
how to monitor the machine (securely), how to build/configure
kernels, etc.
I offer this because I have cleaned up firewalls set up by "trained"
people who shouldn't pass a CNE test, who shouldn't be an SA. To
design/run a firewall, using current technology and techniques, one
must understand the protocols used, the applications (and what
protocols they use and how they are vulnerable), proxies and
filtering philosophies, and secure programming.
If they can BUILD a firewall, then they can buy (a good) one and
configure/run it. If they can't build one, and don't understand the
issues, then they tend to not know why allowing "nfs" through the FW
is bad - let alone argue against it to management.
chuck
chuck () snew com
It is claimed, but unverified, that neil d. quiogue wrote:
[...]
I'm not sure if this has been asked before. But does anyone know of a _good_ firewall for teaching purposes? It should be cost-effective since it's worthless to buy an expensive firewall for that purpose (or is it?). The Juniper fwtk, for example, has a license that is free for teaching purposes. I forgot about the TIS fwtk license but I believe it has the same line of thought.
Current thread:
- Firewall for Pedagogical Purposes neil d. quiogue (Jan 11)
- Teaching Firewalls (was: Firewall for Pedagogical Purposes) chuck+fwwiz (Jan 12)
- Re: Teaching Firewalls (was: Firewall for Pedagogical Purposes) neil d. quiogue (Jan 13)
- Message not available
- Re: Teaching Firewalls (was: Firewall for Pedagogical Purposes) Marcus J. Ranum (Jan 13)
- Teaching Firewalls (was: Firewall for Pedagogical Purposes) chuck+fwwiz (Jan 12)