A firewall is a process that filters all traffic between a protected or “inside” network and a less trustworthy or “outside” network. Firewalls implement a security policy. A firewall is a gateway which all traffic passes through to and from a protected network.
The term firewall is used rather loosely...three different things are known as firewalls: screening routers, proxy gateways/servers, and guards.
Screening routers tend to implement a simplistic security policy. Proxy gateways have a richer set of choices for security policy. A guard is a sophisticated proxy firewall: the guard decides what services to perform on a users behalf.
Firewall architectures can operate at the application layer, transport layer or network layer of the OSI model. Firewalls are not complete solutions to all computer security problems; they protect the perimeter of the environment against attacks.
If one inside host connects to an outside address by a modem, the entire inside net is vulnerable through the modem and its host. Firewalls do not protect data outside the perimeter; data that has passed through the firewall is just as exposed as if there was no firewall. Firewalls are the most visible part of an installation to the outside and they are the most attractive target for attack
Firewalls are targets for penetrators. Firewalls should be kept small and simple, running only the required software so that if a penetrator does get through, the firewall does not have further tools such as compilers, linkers or loaders to continue the attack. Firewalls exercise only minor control over the content admitted to the inside; inaccurate data or malicious code must be controlled inside the perimeter.
Firewalls are very important tools in protecting an environment connected to a network. The environment must be viewed as a whole -- all possible exposures must be considered. Firewalls must fit into a larger comprehensive security strategy; they alone cannot secure an environment.
Firewalls can protect against common attacks, such as denial of service, security breaches or configuration changes. They can provide alerts via e-mail, pager, or network management alarms. Firewalls also provide extensive logging and audit trails.
FireWall Downloads:
BlackIce: http://www.networkice.com/
Product Review: Network ICE has learned of a dangerous new exploit: Multibyte Backticking. They have just released a signature definition to detect and hinder this vulnerability. This vulnerability allows intruders unwarranted access into large numbers of Microsoft IIS 4.0 and 5.0 servers. The update is free to all customers with current maintenance agreements and available on the above URL.
DrawBridge: http://drawbridge.tamu.edu/
Product Review: Drawbridge is a firewall package that was developed at Texas A&M University and was designed with a large academic environment in mind. It is a copyrighted, but freely distributable, bridging IP packet filter with a powerful filter language and good performance. It's greatest strength is the ability to perform high speed packet filtering while allowing custom filters for a large number of individual hosts within an intranetwork. It uses a constant-time table lookup algorithm so it can provide the same level of packet throughput regardless of the number of filters defined. Drawbridge is composed of three components: the Drawbridge filter code, the Drawbridge Manager, and the Drawbridge Filter Compiler. These three components run on a FreeBSD system where the filter code is compiled into the kernel and the manager and compiler are user level applications.
Mason: http://mason.stearns.org/
If you have not checked out Mason, I highly recommend it. Mason is a Linux based firewall, but none like you've ever used. In short, you put Mason into learning mode and run the services to the Internet you wish to support. Mason will then take these log entries and turn them into a set of packet filtering rules. Pretty cool eh? No ACK compliment rules to worry about, no "what was that service port again?" decisions to worry about, simply plug it in, let it learn and off you go."
WinProxy: http://www.winproxy.net/
Review:WinProxy is the world-first proxy server and a firewall with integrated mail server for Windows 95/98/NT
WinProxy allows you to connect your entire local network to the Internet, through one (dynamic) IP address
WinProxy supports HTTP, FTP, GOPHER, Telnet, NNTP, SMTP, POP3, RealAudio and more protocols
WinProxy also features shared cache, dial-on-demand, user/group management, URL restricting, logging, and more
WinProxy supports also proxy cascading and configuration through www browser
Signal9: http://www.signal9.com/
These web-based on-line order forms use secure sockets (SSL) to encrypt your ConSeal order information as it is sent to us for processing. This method of ordering ConSeal is very safe, and is the fastest way for end users to get their registration key. Once your payment has been processed, an electronic registration code will be sent to you via email which unlocks the 15-day evaluation version. Most popular web browsers, including Netscape Navigator and Microsoft Internet Explorer, support Secure Ordering (SSL).