|
|
Sponsored Content
Special Forums
Cybersecurity
Firewall Implimentation - Recomendations
Post 302090065 by pathological on Friday 22nd of September 2006 09:17:28 AM
09-22-2006
Actually, ya... we, the current IT Team, inherited this mess from another guy. We used to have ONLY a soft firewall, MS Internet security or some such crap like that. Oh ya this network was a huge mess. At least NOW we have a hardware firewall in place.
But yes, it does go from Internet > Modem > Firewall (Hardware) > *.*.2.* Network. we have 2 outs form the firewall, the other one goes into another 2 network switch. (Replication).
You can see why it is we need some better security in this place.
What i want is to have an inclusive system. Sort of a redundant soft backup, what ever gets through the exclusive Hardware firewall, can be stopped one it hits the Unix Firewall in the way. That is the plan anyway. I am hoping with the tips and tricks people like yourself offer, this company can tight up security something fierce. We get blasted with viruses like nobodies business, well we are BETTER now that we have some new firewall policies in place. we went form like 10K in a week to 20 even.
Security is a nightmare in this place. they have been so used to being open that the idea of closing them off is a threat to them for some reason. So we have to do things slowly, bit by bit we have cleaned things up nicely. Things are running a LOT smoother now than they used to be, that is for DAMN sure.
so OpenBSD you say? Hmmm. And i agree no flam warring, facts only, opinions are important, but statics are more important, that is what my Bosses care about when they sign off on buying this stuff
I look forward to more replies, and i will give those links a look see.
thanks.
But yes, it does go from Internet > Modem > Firewall (Hardware) > *.*.2.* Network. we have 2 outs form the firewall, the other one goes into another 2 network switch. (Replication).
You can see why it is we need some better security in this place.
What i want is to have an inclusive system. Sort of a redundant soft backup, what ever gets through the exclusive Hardware firewall, can be stopped one it hits the Unix Firewall in the way. That is the plan anyway. I am hoping with the tips and tricks people like yourself offer, this company can tight up security something fierce. We get blasted with viruses like nobodies business, well we are BETTER now that we have some new firewall policies in place. we went form like 10K in a week to 20 even.
Security is a nightmare in this place. they have been so used to being open that the idea of closing them off is a threat to them for some reason. So we have to do things slowly, bit by bit we have cleaned things up nicely. Things are running a LOT smoother now than they used to be, that is for DAMN sure.
so OpenBSD you say? Hmmm. And i agree no flam warring, facts only, opinions are important, but statics are more important, that is what my Bosses care about when they sign off on buying this stuff
I look forward to more replies, and i will give those links a look see.
thanks.
|
|
9 More Discussions You Might Find Interesting
1. Cybersecurity
Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall.
Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW?
I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies
2. Cybersecurity
Would it be possible to restrict access to internet pages in the following way?
A machine:
IP = 128.1.17.123
Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable.
B machine:
IP = 128.1.17.146
Regardless of the domain... (4 Replies)
Discussion started by: mntamago
4 Replies
3. UNIX for Dummies Questions & Answers
I am a novice to linux and unix and command line, I am willing to jump in head first. I have a couple older computers, one is a dell XPS with a P2 Proccessor and th other is a old old sony VIAO. I have a small home network 3 computers...i have my DSL modem then thats connected to my wireless... (2 Replies)
Discussion started by: Tabryan07
2 Replies
4. Shell Programming and Scripting
I wanted to enable one shell script in the cronetab,how to do crone tabe enabling pl help me:(
regards,
ramesh (1 Reply)
Discussion started by: Ramesh Vellanki
1 Replies
5. Cybersecurity
hi everyone
I am a newbee to firewall scripting. cannot understand how to write rules per host. in ip6tables.
anyone plz:( (2 Replies)
Discussion started by: xecutioner
2 Replies
6. AIX
:b:Hi,,
How do configure firewall in aix.. similar to linux iptable.
Rgards,
k.sumathi. (3 Replies)
Discussion started by: sumathi.k
3 Replies
7. SuSE
Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies
8. Linux
Dear All
I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step?
Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies
9. Cybersecurity
Hey Guys,
I am looking for a good firewall software to implement in medium/large office, with at least 150 users.
I was hopping you guys could help me on this one.
Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies
LEARN ABOUT DEBIAN
fwb_ipf
fwb_ipf(1) Firewall Builder fwb_ipf(1) NAME
fwb_ipf - Policy compiler for ipfilter SYNOPSIS
fwb_ipf [-vVx] [-d wdir] [-o output.fw] [-i] -f data_file.xml object_name DESCRIPTION
fwb_ipf is a firewall policy compiler component of Firewall Builder (see fwbuilder(1)). This compiler generates code for ipfilter. Compiler reads objects definitions and firewall description from the data file specified with "-f" option and generates ipfilter configuration files and firewall activation script. All generated files have names that start with the name of the firewall object. Firewall activation script has extension ".fw" and is sim- ple shell script that flushes current policy, loads new filter and nat rules and then activates ipfilter. IPFilter configuration file name starts with the name of the firewall object, plus "-ipf.conf". NAT configuration file name also starts with the name of the firewall object, plus "-nat.conf". For example, if firewall object has name "myfirewall", then compiler will create three files: "myfirewall.fw", "myfirewall-pf.conf", "myfirewall-nat.conf". The data file and the name of the firewall objects must be specified on the command line. Other command line parameters are optional. OPTIONS
-f FILE Specify the name of the data file to be processed. -o output.fw Specify output file name -d wdir Specify working directory. Compiler creates firewall activation script and ipfilter configuration files in this directory. If this parameter is missing, then all files will be placed in the current working directory. -v Be verbose: compiler prints diagnostic messages when it works. -V Print version number and quit. -i When this option is present, the last argument on the command line is supposed to be firewall object ID rather than its name -x Generate debugging information while working. This option is intended for debugging only and may produce lots of cryptic messages. NOTES
Support for ipf returned in version 1.0.1 of Firewall Builder Supported features: o both ipf.conf and nat.conf files are generated o negation in policy rules o stateful inspection in individual rule can be turned off in rule options dialog. By default compiler adds "keep state" or "modulate state" to each rule with action 'pass' o rule options dialog provides a choice of icmp or tcp rst replies for rules with action "Reject" o compiler adds flag "allow-opts" if match on ip options is needed o compiler can generate rules matching on TCP flags o compiler can generate script adding ip aliases for NAT rules using addresses that do not belong to any interface of the firewall o compiler always adds rule "block quick all" at the very bottom of the script to ensure "block all by default" policy even if the policy is empty. o Address ranges in both policy and NAT Features that are not supported (yet) o negation in NAT o custom services Features that won't be supported (at least not anytime soon) o policy routing URL
Firewall Builder home page is located at the following URL: http://www.fwbuilder.org/ BUGS
Please report bugs using bug tracking system on SourceForge: http://sourceforge.net/tracker/?group_id=5314&atid=105314 SEE ALSO
fwbuilder(1), fwb_ipt(1), fwb_pf(1) FWB
fwb_ipf(1)