Try going to the mountain and speaking with GOD. Markus Ranum has his security white papers located at www.v-one.com. I assume you know who Markus Ranum is, if not then you should take up some other major, like basket weaving or such. Actually, I am just kidding. As you probably know, Markus wrote FW Toolkit. He is now working at v-one and all of his stuff is there for reading. I also would suggest hitting the NCSA's website and getting ahold of some of the books they have for sale.. Lastly, a packet filter router, is a very good tool, and should be a part of any system that is being implimented. And, it possibly could manage to work for small to medium operations, but they are not a Firewall in hte truest sense of the word. Now there are some nice features that CISCO will try and sell you, but when it comes to proxy services, and configurability AND reporting, then true dual homed proxy firewalls are the only way to go Period! Packet filters are good as tools as p!
art of a bigger system, but that i
s all. Besides the lack of reporting on a router, I could kill your router with traffic and have free reign on your system while the router is rebooting itself. As far as speed goes, don't worry about it. Unless of sourse you have 2ooo node lan, all using http and sending a million messages an hour.
I am implementing a firewall as a Master's project and I need to decide
on rules for packet filtering. I have two questions to ask you folks:
(1) Can anyone suggest research papers/books/web documents on packet
(2) I was told that a packet filter should check for various combinations
Source Address, Destn Address, protocol, Source port, destn port
and then decide if a packet should be let thro.
Also, this decision making has to be real fast so as not to introduce a
considerable amount of overhead while routing the packet.
Does any one have any suggestions on how this can be done?
Thanks in advance
----------End of Original Message----------