Contents
1 Administrativia
- 1.1 About the FAQ
- 1.2 For Whom Is the FAQ Written?
- 1.3 Before Sending Mail
- 1.4 Where Can I find the Current Version of the FAQ?
- 1.5 Where Can I Find Non-English Versions of the FAQ?
- 1.6 Contributors
- 1.7 Copyright and Usage
2 Background and Firewall Basics
- 2.1 What is a network firewall?
- 2.2 Why would I want a firewall?
- 2.3 What can a firewall protect against?
- 2.4 What can't a firewall protect against?
- 2.5 What about viruses?
- 2.6 Will IPSEC make firewalls obsolete?
- 2.7 What are good sources of print information on firewalls?
- 2.8 Where can I get more information on firewalls on the Internet?
3 Design and Implementation Issues
- 3.1 What are some of the basic design decisions in a firewall?
- 3.2 What are the basic types of firewalls?
  - 3.2.1 Network layer firewalls
  - 3.2.2 Application layer firewalls
- 3.3 What are proxy servers and how do they work?
- 3.4 What are some cheap packet screening tools?
- 3.5 What are some reasonable filtering rules for a kernel-based packet screen?
  - 3.5.1 Implementation
  - 3.5.2 Explanation
- 3.6 What are some reasonable filtering rules for a Cisco?
  - 3.6.1 Implementation
  - 3.6.2 Explanations
  - 3.6.3 Shortcomings
- 3.7 What are the critical resources in a firewall?
- 3.8 What is a DMZ, and why do I want one?
- 3.9 How might I increase the security and scalability of my DMZ?
- 3.10 What is a `single point of failure', and how do I avoid having one?
- 3.11 How can I block all of the bad stuff?
- 3.12 How can I restrict web access so users can't view sites unrelated to work?
4 Various Attacks
- 4.1 What is source routed traffic and why is it a threat?
- 4.2 What are ICMP redirects and redirect bombs?
- 4.3 What about denial of service?
- 4.4 What are some common attacks, and how can I protect my system against them?
  - 4.4.1 SMTP Server Hijacking (Unauthorized Relaying)
  - 4.4.2 Exploiting Bugs in Applications
  - 4.4.3 Bugs in Operating Systems
5 How Do I...
- 5.1 Do I really want to allow everything that my users ask for?
- 5.2 How do I make Web/HTTP work through my firewall?
- 5.3 How do I make SSL work through the firewall?
- 5.4 How do I make DNS work with a firewall?
- 5.5 How do I make FTP work through my firewall?
- 5.6 How do I make Telnet work through my firewall?
- 5.7 How do I make Finger and whois work through my firewall?
- 5.8 How do I make gopher, archie, and other services work through my firewall?
- 5.9 What are the issues about X11 through a firewall?
- 5.10 How do I make RealAudio work through my firewall?
- 5.11 How do I make my web server act as a front-end for a database that lives on my private network?
- 5.12 But my database has an integrated web server, and I want to use that. Can't I just poke a hole in the firewall and tunnel that port?
- 5.13 How Do I Make IP Multicast Work With My Firewall?
A Some Commercial Products and Vendors
B Glossary of Firewall-Related Terms
C TCP and UDP Ports
- C.1 What is a port?
- C.2 How do I know which application uses what port?
- C.3 What are LISTENING ports?
- C.4 How do I determine what service the port is for?
- C.5 What ports are safe to pass through a firewall?
- C.6 The behavior of FTP
- C.7 What software uses what FTP mode?
- C.8 Is my firewall trying to connect outside?
- C.9 The anatomy of a TCP connection
References

Vesaria
722 Dulaney Valley Road, Suite 192
Towson, MD 21204
443 - 501 - 4044

Firewall FAQ
Table of Contents

Next Section: Administrativia

Find out more about VESARiA Firewall Testing.