[access-uk] Re: Firewall/rulesets

  • From: "Justin R" <mypc128@xxxxxxxxxxxx>
  • To: <access-uk@xxxxxxxxxxxxx>
  • Date: Sun, 29 Aug 2004 20:29:06 +0100

Hi Andrew and Simon,

thanks to both for the explanation.  I understand better what rulesets are
about now.  Sounds very involved too but, i bet you get best security a
firewall can if you know what do with rulesets when creating them.

thanks again,

JUstin
----- Original Message ----- 
From: "Andrew Hodgson" <andrew@xxxxxxxxxxxxxxxxx>
To: <access-uk@xxxxxxxxxxxxx>
Sent: Sunday, August 29, 2004 6:08 PM
Subject: [access-uk] Re: Firewall/rulesets


> Justin,
>
> Rulesets are a combination of all you wrote really, but you can look at
> them like this:
>
> You have to start with an implicit rule, this can either be a block
> everything rule, or an allow everything in rule.  An event occurs, like
> an application wanting access, or someone accessing a TCP port, and the
> event criteria go down the list of rules, and if it meets a matching
> rule, it will be acted on.  If it gets to the bottom, then the implicit
> rule will take play - usually, to deny the connection.  On firewalls
> like Sygate, it is a bit different, since it is a slight mix between
> ruleset based filtering and application based filtering - i.e, there are
> options for both situation.  Kerio and Atguard were very good examples
> of software based ruleset firewalls, except for in these cases, there
> was another implicit rule, ask user, which is why users get the popups.
> This of course can be switched off.
>
> Rulesets usually are found on hardware firewalls like the Vigor and more
> expensive units, whereby specifying applications is not possible, so
> everything is done on TCP source/destination data, or the content of the
> TCP packets.  Software like Microsoft ISA firewall actually tries to do
> both, with the use of the firewall server for rule based detection, and
> the ISA client for application protection.
>
> The other thing with rulesets is that you can branch off to other
> rulesets if necessary.  For example, on the Vigor, there are multiple
> rulesets you can define, and you start off with two conditions: A
> ruleset for incoming/outgoing connections (set 1), and a ruleset for
> outgoing connections to stop the router from going online if you are not
> on a permant ADSL or ISDN connection (set 2).  If, say, you wanted to
> split up the rules into incoming/outgoing connections, but these relate
> to the router when online, you would create two separate branches off
> ruleset 1, set 3 and 4, which relate to incoming/outgoing connections.
> This way, you get a lot of rules in a very managable interface.  This
> takes a very long time to configure, especially given the fact that if
> you mess it up, you may have to wipe the settings and start over to get
> any sort of access back.  The default rulesets on the Vigor are
> sufficient for really most users, especially if they only have one
> static IP address (including me).
>
> Andrew.
>

** Going on holiday and want to halt messages? Send a message to:-
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** vacation ## d
** where ## is the number of days followed by d for days.
** For other things like digest mode, send a message, to 
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq

Other related posts: