SUMMARY: Firewalls

From: Garrett, Thom (
Date: Wed Jan 03 1996 - 03:29:54 CST

Here's some info gathered from my post (enclosed below) on Firewalls
(sorry for the delay):

There are three basic types or categories of Firewalls:

   Packet Filtering (Network Level) - Manipulating packets, dropping
                                 packets based on their source or
                                 destination address or ports.
   Application-Level (Proxy) - hosts running proxy servers, which
                                 do not permit direct traffic between
   Circuit-Level - gateway which relays TCP connections. Creates a
                     ciruit between the client and server without
                     interpreting the application protocol.

(A brief description does not give the explaination of Firewalls any
justice. To understand more, I suggest reading a few books on Internet

The type of Firewall you pick will depend on your particular configuration
and the level of protection you desire. There are Firewall products which
just use one type and then there are others which integrate the various
types. There are s/w only Firewalls and there are combination h/w -
s/w Firewalls (bastion hosts for example). The costs of Firewalls
(excluding Public Domain Firewall Toolkits, etc) range form #197# 5K to 100K.

Some Firewalls which received good comments were:

 BlackHole by Milkyway Netowrks
 BorderWare Firewall Server by Border Network Tech.
 Firewall-1 by Checkpoint S/W Tech.
 Gauntlet by Trusted Info Sys
 Secure Connect by Morning Star

A new Firewall product is due out soon from PDC Services, Inc.
I've sent for some more info on their product, but have not received
anything yet.

There are various Public Domain options:

 Drawbridge -
 fwtk -

And you can always create your own 'home-brew' Firewall.

Running something like 'SATAN' against your Firewall is a good
suggestion for finding possible security holes.

Other places to check for info:

 Firewall FAQ:

 Firewall Mailing List:
                         subscribe firewalls

 Firewall FTP sites: pub/firewalls
Other info Sites:

Also, SunWorld Online Magazine has a monthly column on Internet Security
(as well as, other things including JAVA). It can be found at:

January's issue should have an article on various Firewall solutions.

Some Books on Firewalls:

        Building Internet Firewalls - O'Reilly & Associates
        Firewalls and Internet Security - by Cheswick & Bellovin
        The Design of a Secure Ineternet Gateway - by Cheswick
        Thinking about Firewalls - by Marcus Ranum
        Practical Unix Security - O'Reilly & Associates

Firewall Products List:
Abstract from Vendor List (more detail about the products are included
in the actual file):
-----------------------begin abstract----------------------------

     * BlackHole
     * BorderWare from Border Network Technologies.
     * Brimstone SOS Corporation
     * CENTRI Secure Internet Gateway.
     * CONNECT:Firewall Sterling Software.
     * Cyberguard - Harris Computer Systems Firewall.
     * Digital's Firewall Service
     * DPF by NSC
     * Eagle from Raptor Systems.
     * ExFilter V1.1.2 for SunOS 4.1.x
     * Firewall-1 (by Checkpoint Software Technologies)
     * Firewall/Plus(tm) by Network-1
     * Gauntlet by TIS
     * GFX-94 Internet Firewall
     * HSC GateKeeper by Herve Schauer Consultants
     * Integralis
     * Interceptor by Technologic
     * Inter-Ceptor by Network Security International
     * ANS InterLock Service from ANS CO+RE Systems, Inc.
     * Internet Secure Router by Atlantic Systems Group
     * TurnStyle Firewall System by Atlantic Systems Group
     * IRX Router - Livingston Firewall Router
     * IWare - Internetware
     * iWay-One Serverware Group plc
     * KarlBridge/KarlBrouter by KarlNet Inc in the US
     * Mazama
     * MIDnet's SecurIt firewall
     * NetCS
     * NetGate
     * Netpartners (hardware + software)
     * Netra Server by Sun (SMCC)
     * NetSeer and NetSeer Light from Telos.
     * NetSP - IBM.
     * Network-1 Software and Technology, Inc.
     * Novix by FireFox (Novell only)
     * Private Internet Exchange by Network Translation Inc.
     * PORTUS by LSLI (Livermore SW Labs).
     * Quiotix
     * SecurityGate by DEC
     * SecureConnect by Morning Star Technologies
     * Sidewinder by Secure Computing.
     * Site Patrol by BBN Planet Corp.
     * SmartWall by V-ONE.
     * SunScreen SPF-100 by Sun MicroSystems.

     * AlterNet
     * Atlantic Computing Technology Corporation
     * ARTICON Information Systems GmbH
     * Bell Atlantic Network Integration
     * Cisco Routers
     * Cohesive Systems
     * Collage Communications, Inc.
     * Conjungi Corporation
     * Cypress Systems Corporation
     * Data General Corp.
     * Decision-Science Applications, Inc.
     * E92 PLUS LTD
     * Enterprise System Solutions, Inc.
     * E.S.N - Servico e Comercio de Informatica Ltda.
     * FSA Corporation
     * Herve Schauer Consultants
     * IConNet
     * Igateway by Sun Consulting.
     * Ingress Consulting Group, LTD
     * INTERNET GmbH
     * media communications eur ab
     * Mergent International, Inc.
     * Momentum Pty Ltd
     * NetPartners
     * Network Translation Services
     * PENTA
     * PRC
     * Racal-Airtech Ltd
     * RealTech Systems
     * Sea Change Corporation
     * Security Dynamics Technologies
     * Softway Pty Ltd
     * Stalker by Haystack Labs
     * Stonesoft Corporation
     * Trident Data Systems
     * Tripcom Systems Inc.
     * Trusted Network Solutions (Pty) Ltd.
     * X + Open Systems Pty Ltd.
     * Zeuros Limited

     * Drawbridge
     * Freestone by SOS Corporation
     * fwtk - TIS firewall toolkit
     * ISS
     * SOCKS
-----------------------end abstract----------------------------------

Original Post:

>OS: Solaris 2.4
>I am currently researching various Firewall products and
>configurations for my upcoming Internet GW. I am interested
>in s/w solutions, as well as, combination h/w & s/w solution.
>I am interested in the products available, their approx. cost,
>and their apparent success.
>Can anyone recommend and Mag articles or other resources for my
>research. I have purchased a few books including "Firewalls and
>Internet Security" by Cheswick and Bellovin.

Hope this helps in your Firewall search!

Thom Garrett
DSR, Computer Services

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:50 CDT