Connecting your private, internal network to an outside, untrusted network can be both an asset and a liability. It is an asset because you can exchange computerized information with a variety of organizations. It can be a liability because you may be exposing your network resources to unwanted probing and spying. The Gauntlet firewall is an important component in a well-designed network security structure to combat these threats.
This introduction gives some overview information and also discusses “How to Get Latest Security Patches”.
This guide is intended for firewall administrators. It assumes that you are familiar with IRIX system and networking administration and with basic firewall concepts. System administrators should be familiar with TCP/IP, domain name service, sendmail, and router configuration. Consult your local library, bookstore, network resources, and IRIX administrator for additional references.
This guide consists of six parts:
Part I, “Introducing the Gauntlet Firewall,” presents the initial information about the firewall and firewall administration.
Part II, “Managing the Gauntlet Firewall,” describes how to manage the components of the network.
Part III, “Configuring and Using Proxy Services,” describes how to configure the various proxies.
Part IV, “Managing the Firewall Environment,” describes how to manage those services within the firewall environment.
Part V, “Managing Additional Firewall Services,” describes the various services that the Gauntlet firewall provides.
Part VI, “Appendices, Glossary, and Index,”provides supplementary information.
These type conventions and symbols are used in this guide:
Bold—keywords and command line options.
Italics—executable names, filenames, IRIX commands, manual/book titles, new terms, utilities, variable command-line arguments, and variables to be supplied by the user in examples, code, and syntax statements.
Fixed-width type—Code examples, prompts, and onscreen text.
Bold fixed-width type—User input, including keyboard keys, printing and nonprinting (see also <>).
Refer to the following documentation for additional information about the Gauntlet Firewall product:
Check the release notes for the most recent information and software and hardware requirements.
Gauntlet Netperm Table Reference Guide (part number 007-3822-003) describes how to edit the netperm table using the command-line interface.
The collection of resources in this section is presented for your information only. It is not an endorsement of any of the products or organizations.
Building Internet Firewalls. Chapman, D. Brent & Zwicky, Elizabeth. O'Reilly & Associates, Inc. ISBN 1-56592-124-0.
Firewalls and Internet Security: Repelling the Wily Hacker. Cheswick, Steven M. & Bellovin, William R. Addison Wesley. ISBN 0-201-63357-4.
The Firewalls mailing list is for discussions of Internet firewall security systems and related issues. Relevant topics include the design, construction, operation, maintenance, and philosophy of Internet firewall security systems.
To subscribe to the regular mailing list, send the following command in the body of an e-mail message (not on the “Subject:” line!) to majordomo@greatcircle.com:
subscribe firewalls |
To subscribe to the digest version of the mailing list, send the following command in the body of an email message (not on the “Subject:” line!) to majordomo@greatcircle.com:
subscribe firewalls-digest |
The Internet Firewalls Frequently Asked Questions list is maintained by Marcus J. Ranum and located at:
http://www.clark.net/pub/mjr/pubs/fwfaq/index.html |
Application Gateways and Stateful Packet Filters
http://www.nai.com/products/security/prodserv/gauntlet/firewallcomp.asp |
Firewalls Are Not Enough
http://www.nai.com/products/security/prodserv/gauntlet/FirewallsNotEnough.asp |
Thinking About Firewalls
http://www.nai.com/products/security/prodserv/gauntlet/fwovervw/index.asp |
The CD-ROM containing the Gauntlet firewall software contains necessary security patches (if any) at the time of product release, so be sure to install those patches. Stay in touch with the WWW site for SGI Security Headquarters at http://www.sgi.com/Support/Secur/security.html for new security patches and security advisories. Be sure to install any security patches that replace patches found on your CD-ROM.