Thank You all who responded.
Boy, this a popular issue!
I had about 30 requests for a summary of what I received.
The summary is broken up into two parts.
The question was:
> We are looking to set up a firewall on a Sun Network
> which may have a connection to the Internet in the near
> future. I am in search of some white papers or written material
> which will help me decide the best way to accomplish this task.
>
> John
---------------------------------------------------------------------
From:
<jvncnet!ag.auburn.edu!rrussell>
Ron Russell
Network Manager
College of Agriculture/Alabama Agricultural Experiment Station
Auburn University
firewalls-request@GreatCircle.Com
also
tcp-wrapper program
It allows you to wrapper any tcp request and
thus decide if a routing-match-table allows for the access either based on
hostname or IP number. The UDP side of this is a bit dodgy-ier but such
things do exist.
---------------------------------------------------------------------
FROM:
Phil Male, Technical Director, Information Systems
/ /_ '/ Computer Newspaper Services, The Bishops Manor, Howden, DN14 7BL
/ / /// Tel: +44 430 432 480 Fax: +44 430 432 459
ftp.GreatCircle.com:/pub/firewalls/papers (and also the firewalls mailing
list firewalls@GreatCircle.com).
---------------------------------------------------------------------
FROM:
INTERNET: tkevans@fallst.es.dupont.com
UUCP: {rutgers|ames|uunet}!mimsy!wb3ffv!fallst!tkevans
Tim Evans 2201 Brookhaven Ct, Fallston, MD 21047
ftp to ftp.delmarva.com and pick up the documents describing the
Raptor Systems Eagle.
---------------------------------------------------------------------
FROM:
Brent Chapman Great Circle Associates
Brent@GreatCircle.COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041
FTP.GreatCircle.COM, directory pub/firewalls/papers
research.att.com, dist/internet_security
---------------------------------------------------------------------
FROM:
jvncnet!vest.sdata.no!Birger.Wathne (Birger A. Wathne)
also
<jvncnet!ait.nrl.navy.mil!rtaylor>
Randy Taylor sent something along the same lines.
Look at the AnswerBook docs on ASET
Another possibility (that we use) is to use a Cisco router
as the 'firewall' with filtering per port and per protocol.
With our setup, only certain hosts on the internet can telnet in.
But anyone on the inside can freely telnet/ftp out.
---------------------------------------------------------------------
FROM:
Ian Camm e-mail:i.camm@fmlrnd.co.uk
Systems Administrator Tel:+44 61 230 6262
Computer Services Group Fax:+44 61 230 6276
Fujitsu Microelectronics Limited
Manchester, England
Try the following book.
| Stock Title | Author | ISBN |
| | | |
|Practical UNIX | Garfinkel| 0 937175 72 2|
|Security | | |
---------------------------------------------------------------------
FROM:
<jvncnet!ggr.co.uk!gml4410>
Frank Henderson <jvncnet!tech.duc.auburn.edu!hendefd> sent something
Todd Gamble <jvncnet!wiltel.com!todd_gamble>
subscribe firewalls-digest
>in the body of a message to "Majordomo@GreatCircle.COM". If you want
> to subscribe something other than the account the mail is coming from,
> such as a local redistribution list, then append that address to the
> "subscribe" command; for example, to subscribe "local-firewalls":
> Compressed back issues are available for anonymous FTP from
> FTP.GreatCircle.COM, in pub/firewalls/digest/vNN.nMMM.Z (where "NN"
> is the volume number, and "MMM" is the issue number).
---------------------------------------------------------------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:11 CDT