Firewalls

"A hard, crunchy outside with soft chewy center." [RFC 1636]
Types
1. Bastion hosts
2. Application level proxies
  - Specific to applications
3. IP Layer filters
  - Router filters - Specific rules
  - "TCP Wrapper" style access controls
Problems and vulnerabilities
- Higher perimeter security can cause lax host-level security
- Mis-configuration can leave gates wide open
- Modems and alternate routes through perimeter
- Trojan Horses with permitted protocols
  - IE heap overflow bug
  - IE/Netscape JavaScript bugs
  - Sendmail
- Illicit rendezvous
- Packet reassembly errors

Dave Dittrich <dittrich@cac.washington.edu>

Last modified: Mon Mar 2 10:43:16 1998