Here's some info gathered from my post (enclosed below) on Firewalls
(sorry for the delay):
There are three basic types or categories of Firewalls:
Packet Filtering (Network Level) - Manipulating packets, dropping
packets based on their source or
destination address or ports.
Application-Level (Proxy) - hosts running proxy servers, which
do not permit direct traffic between
networks.
Circuit-Level - gateway which relays TCP connections. Creates a
ciruit between the client and server without
interpreting the application protocol.
(A brief description does not give the explaination of Firewalls any
justice. To understand more, I suggest reading a few books on Internet
Security).
The type of Firewall you pick will depend on your particular configuration
and the level of protection you desire. There are Firewall products which
just use one type and then there are others which integrate the various
types. There are s/w only Firewalls and there are combination h/w -
s/w Firewalls (bastion hosts for example). The costs of Firewalls
(excluding Public Domain Firewall Toolkits, etc) range form #197# 5K to 100K.
Some Firewalls which received good comments were:
BlackHole by Milkyway Netowrks www.milkway.com
BorderWare Firewall Server by Border Network Tech. www.border.com
Firewall-1 by Checkpoint S/W Tech. www.checkpoint.com
Gauntlet by Trusted Info Sys www.tis.com
Secure Connect by Morning Star www.morningstar.com
A new Firewall product is due out soon from PDC Services, Inc.
I've sent for some more info on their product, but have not received
anything yet.
There are various Public Domain options:
Drawbridge - net.tamu.edu
fwtk - ftp.tis.com
And you can always create your own 'home-brew' Firewall.
Running something like 'SATAN' against your Firewall is a good
suggestion for finding possible security holes.
Other places to check for info:
Firewall FAQ: http://www.iwi.com/pubs/faq.html
Firewall Mailing List: majordomo@greatcircle.com
subscribe firewalls
Firewall FTP sites: ftp.tis.com pub/firewalls
research.att.com dist/internet_security
ftp.greatcircle.com pub/firewalls/archive
iwi.com
Other info Sites:
www.greatcircle.com
www.checkpoint.com
Also, SunWorld Online Magazine has a monthly column on Internet Security
(as well as, other things including JAVA). It can be found at:
http://www.sun.com/sunworldonline
January's issue should have an article on various Firewall solutions.
Some Books on Firewalls:
Building Internet Firewalls - O'Reilly & Associates
Firewalls and Internet Security - by Cheswick & Bellovin
The Design of a Secure Ineternet Gateway - by Cheswick
Thinking about Firewalls - by Marcus Ranum
Practical Unix Security - O'Reilly & Associates
Firewall Products List:
http://www.access.digex.net/~bdboyle/firewall.vendor.html
Abstract from Vendor List (more detail about the products are included
in the actual file):
-----------------------begin abstract----------------------------
COMMERCIAL FIREWALLS
* BlackHole
* BorderWare from Border Network Technologies.
* Brimstone SOS Corporation
* CENTRI Secure Internet Gateway.
* CONNECT:Firewall Sterling Software.
* Cyberguard - Harris Computer Systems Firewall.
* Digital's Firewall Service
* DPF by NSC
* Eagle from Raptor Systems.
* ExFilter V1.1.2 for SunOS 4.1.x
* Firewall-1 (by Checkpoint Software Technologies)
* Firewall/Plus(tm) by Network-1
* Gauntlet by TIS
* GFX-94 Internet Firewall
* HSC GateKeeper by Herve Schauer Consultants
* Integralis
* Interceptor by Technologic
* Inter-Ceptor by Network Security International
* ANS InterLock Service from ANS CO+RE Systems, Inc.
* Internet Secure Router by Atlantic Systems Group
* TurnStyle Firewall System by Atlantic Systems Group
* IRX Router - Livingston Firewall Router
* IWare - Internetware
* iWay-One Serverware Group plc
* KarlBridge/KarlBrouter by KarlNet Inc in the US
* Mazama
* MIDnet's SecurIt firewall
* NetCS
* NetGate
* Netpartners (hardware + software)
* Netra Server by Sun (SMCC)
* NetSeer and NetSeer Light from Telos.
* NetSP - IBM.
* Network-1 Software and Technology, Inc.
* Novix by FireFox (Novell only)
* Private Internet Exchange by Network Translation Inc.
* PORTUS by LSLI (Livermore SW Labs).
* Quiotix
* SecurityGate by DEC
* SecureConnect by Morning Star Technologies
* Sidewinder by Secure Computing.
* Site Patrol by BBN Planet Corp.
* SmartWall by V-ONE.
* SunScreen SPF-100 by Sun MicroSystems.
_________________________________________________________________
RESELLERS & OTHER FW-RELATED SERVICES/PRODUCTS
* AlterNet
* Atlantic Computing Technology Corporation
* ARTICON Information Systems GmbH
* Bell Atlantic Network Integration
* Cisco Routers
* Cohesive Systems
* Collage Communications, Inc.
* Conjungi Corporation
* Cypress Systems Corporation
* Data General Corp.
* Decision-Science Applications, Inc.
* E92 PLUS LTD
* Enterprise System Solutions, Inc.
* E.S.N - Servico e Comercio de Informatica Ltda.
* FSA Corporation
* Herve Schauer Consultants
* IConNet
* Igateway by Sun Consulting.
* Ingress Consulting Group, LTD
* INTERNET GmbH
* media communications eur ab
* Mergent International, Inc.
* Momentum Pty Ltd
* NetPartners
* Network Translation Services
* PENTA
* PRC
* Racal-Airtech Ltd
* RealTech Systems
* Sea Change Corporation
* Security Dynamics Technologies
* Softway Pty Ltd
* Stalker by Haystack Labs
* Stonesoft Corporation
* Trident Data Systems
* Tripcom Systems Inc.
* Trusted Network Solutions (Pty) Ltd.
* X + Open Systems Pty Ltd.
* Zeuros Limited
PUBLIC DOMAIN, SHAREWARE, ETC.
* Drawbridge
* Freestone by SOS Corporation
* fwtk - TIS firewall toolkit
* ISS
* SOCKS
-----------------------end abstract----------------------------------
Original Post:
>Hello,
>
>OS: Solaris 2.4
>
>I am currently researching various Firewall products and
>configurations for my upcoming Internet GW. I am interested
>in s/w solutions, as well as, combination h/w & s/w solution.
>I am interested in the products available, their approx. cost,
>and their apparent success.
>
>Can anyone recommend and Mag articles or other resources for my
>research. I have purchased a few books including "Firewalls and
>Internet Security" by Cheswick and Bellovin.
Hope this helps in your Firewall search!
Cheers,
Thom Garrett
DSR, Computer Services
tgarrett@dsrnet.com
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:50 CDT