Firewalls are a staple component of a secure network in today's Internet. This book provides network administrators who are more focused on the core network services and end users an opportunity to learn about modern firewall capabilities. This book is not an exhaustive reference on all possible firewalls nor is it a complete text on the firewalls that are mentioned in this book. Instead, this book provides a solid foundation of fundamental knowledge upon which readers can build their knowledge and skills in firewall administration and implementation (and security in general). Motivation The intent for this book is to provide information about the basic workings of firewalls, with a predominant slant toward the smaller appliance firewall, such as the Linksys and Cisco PIX 501E, as well as the personal firewall such as the Windows Firewall. Although vendors' firewall products vary greatly, fundamental underlying principles do not vary because of the nature of the technology. The hope is that this book provides readers with an understanding of these fundamental principles. Goals and Objectives The goal of this book is to provide a ready reference for the reader on firewall technology, especially where it pertains to the personal and desktop firewall. Readers will come away with enough knowledge that they will then be able to approach some of the references provided at the end of this book to learn more and expand their knowledge of this important class of devices in network security. Target Audience The target audience for this book is novice network administrators, home users, and corporate employees who are telecommuting but want to use a firewall to protect their network. This book does not aim to be a thorough reference on firewalls and all of their capabilities. Instead, the focus is predominantly on smaller firewalls such as the Cisco PIX 501E, Linksys, and personal firewalls such as Windows Firewall and Trend Micro's Firewall. The reader of this book is expected to have some knowledge of the basics of networking and of computer operating systems. How This Book Is Organized This book provides a building-block approach to the material. The initial focus is on the basics of firewalls and a review of TCP/IP. Although the book is intended to be read cover to cover, it can also provide point references for various products and concepts. Chapters 1 through 3 provide the necessary background to firewalls and TCP/IP concepts as they relate to firewalls. The core content lies in Part II and Part III, where the focus shifts to how various firewall products are implemented and how to manage firewalls. A quick overview of the contents for the various chapters follows: Chapter 1, "Introduction to Firewalls" This chapter introduces what a firewall is and discusses what a firewall can be reasonably expected to do. The focus is on what a firewall is, what security threats exist, what the firewall security policy is, and how you can use the firewall to protect against threats. Chapter 2, "Firewall Basics" This chapter covers the basics of various firewall technologies. The focus is on explaining software firewalls, integrated firewalls, and appliance firewalls. These are further broken down into the various modes of operation such as personal, network, NAT, proxy, circuit, and transparent firewalls as well as how they work. Chapter 3, "TCP/IP for Firewalls" This chapter is a primer on TCP/IP and how TCP/IP functions from the perspective of firewall administration. The various protocols, applications, and services in the TCP/IP world are reviewed, with a particular focus on IP, TCP, UDP, and ICMP (for an understanding of how a firewall can be configured to control them). Chapter 4, "Personal and Desktop Firewalls" This chapter covers personal firewalls that can be found or installed on laptop and desktop systems. The two example systems provided in this chapter are Windows Firewall (found in Windows XP Service Pack 2 and Windows 2003 Server systems) and Trend Micro's Firewall (which is part of the Internet Security Suite). Chapter 5, "Broadband Routers and Firewalls" This chapter looks at what a broadband router/firewall is, how it works, and how and where it should be implemented. The focus of the chapter is on the Linksys broadband routers, and a discussion of the basic features and functionality necessary to perform the initial configuration is provided. Chapter 6, "Cisco PIX Firewall and ASA Security Appliance" This chapter looks at the Cisco lower-end firewalls: the PIX 501E and the PIX 506E. These devices are marketed to the end-user/small-office and remote-office markets. A quick overview of some of the PIX capabilities as well as how to configure the system initially is provided. Chapter 7, "Linux-Based Firewalls" This chapter covers the evolution of Linux-based firewalls, from ipfwadm to ipchains to the latest incarnation, NetFilter. In addition, an overview of configuring Linux-based firewalls is provided. Chapter 8, "Application Proxy Firewalls" This chapter looks at what an application proxy is, how it works, and how and where it should be implemented. The focus of the chapter is on the Microsoft ISA Server 2004 firewall, and a discussion of the basic features and functionality necessary to perform a basic configuration is provided. Chapter 9, "Where Firewalls Fit in a Network" This chapter focuses on architecting and designing firewall deployments. The chapter discusses different types of firewall design architectures, including dual firewall and different types of DMZ implementations. This chapter also explores the different types of firewalls and where each type of firewall best fits in the network. Chapter 10, "Firewall Security Policies" All firewalls function by virtue of how the firewall security policies are configured. This chapter covers the different types of firewall security policies and rulesets that exist with a focus on ingress and egress filters as well as how to provide for secure management access. Chapter 11, "Managing Firewalls" The management of firewalls is a crucial issue. As firewalls become more and more complicated, the configuration of them and the management of them becomes harder and harder for the average user and for the novice administrator. This chapter covers some of the management tools used to manage personal and small firewalls. Chapter 12, "What Is My Firewall Telling Me?" Some of the most valuable information a firewall can provide is from its log files. This chapter looks at the types of logging supported by most firewalls and the kind of information that can be gleaned from that information. This chapter explains how to read the information provided by the logs and how that information can be used for forensics analysis. This chapter also identifies the top 10 things to look for in log files. Chapter 13, "Troubleshooting Firewalls" Regardless of how well you implement, sooner or later you are going to need to troubleshoot something regarding your firewall. This chapter examines how to build a troubleshooting checklist that you can use to troubleshoot traffic flow through the firewall (as well as through the firewall itself). Chapter 14, "Going Beyond Basic Firewall Features" This chapter explores many of the advanced features that firewalls can provide, while at the same time illustrating the limitations of firewalls in providing these advanced features. Appendix A, "Firewall and Security Tools" This appendix lists firewall and security tools and briefly discusses usage and situations in which each tool is appropriate. Appendix B, "Firewall and Security Resources" This appendix lists online and traditionally published resources for additional learning. These resources provide a solid next step of more detailed and technical information to build on the fundamentals you have gained from this book.
|
