|
|
| Previous | Table of Contents | Next |
Every day, people use insurance to protect their valuables from fire or theft. Businesses protect themselves from intellectual theft through patents and trademarks. Because the use of global networking has increased the information flow and dependence upon our computing technology, Information System managers have realized the need to protect their computing systems, networks, and information from damage and theft. A firewall gateway is one tool that can help enforce an organization’s network security policy.
When considering construction and building architecture, the “fire wall” is used to protect the building structure from damage should a fire erupt within the structure. The concept applies in a similar fashion to computer technology, except that often we are attempting to protect ourselves from the fire that exists outside our “wall.” A firewall, per se, consists of a machine or machines, that are separated from both the external network, such as the Internet, and the internal network by a collection of software that forms the “bricks” within the firewall.
According to William Cheswick and Steven Beilovin in Firewalls and Internet Security, (Addison Wesley, 1994), a firewall can be defined as a collection of components that is placed between two networks. Collectively, the following properties exist:
This chapter examines the Trusted Information Systems (TIS) Firewall Toolkit, that is provided as a construction set for building a firewall. The chapter discusses how to get it, compile it, and configure the major building blocks in the package.
The Firewall Toolkit produced by Trusted Information Systems (TIS) is not a single integrated package, but a set of tools that are used to build a firewall. For this reason, it is not for everyone who intends to construct and operate a firewall. Consequently, it is difficult to produce documentation that can be used in all situations.
Remember that a firewall is intended to enforce the security policy your organization has chosen to develop and support. In this chapter, you will examine how to compile the TIS Firewall Toolkit and configure the various components that make up the kit. By the end of the chapter, you will know the techniques and issues concerned with the construction of a firewall using this Toolkit.
The TIS Firewall Toolkit is a collection of applications that, when properly assembled with a security policy, forms the basis of a firewall. This Toolkit is available as freeware to the Internet user community. As such, the Toolkit has gained a wide following, and is in use worldwide.
The Toolkit is not a single integrated package like most commercial packages. Rather, it is a set of tools for building a number of different types of firewalls. Because of its inherent flexibility, a wide variety of combinations are possible regarding the installation and configuration of the TIS Toolkit. As such, this chapter explains what the Toolkit is and how the underlying technology works. With this knowledge in hand, and a copy of the Toolkit in another, you will be able to configure the Toolkit for your protection.
Instructions for registering and downloading the TIS Firewall Toolkit are available from the TIS web site at http://www.tis.com/docs/products/fwtk/readme.html. After reading and agreeing to the terms and conditions of the software license, send an e-mail message with “accepted” in the body of the message to fwtkrequest@tis.com. You should receive a reply to your message that reveals the current location of the TIS Firewall Toolkit source code and documentation.
After you retrieve the file, it must be uncompressed and extracted from the tar archive. While you’re visiting the TIS anonymous FTP site, you may want to examine its collection of firewall documentation and information. After uncompressing and extracting the archive, the directory structure illustrated in figure 6.1 is created.
)
Figure 6.1 The TIS Firewall Toolkit directory structure.
When the files are extracted from the tar archive, the next task is to compile them. Before compiling, any site specific changes should be made to firewall.h and the Makefile.config files. Major issues that you need to consider are the installation location of the Toolkit—defaults to /usr/local/etc—and how the library and compiler are to be configured.
Note: Most users may experience difficulties compiling the X-gw proxy. The reason for this is this program’s dependencies on the X Window System Athena Widget set. If you do not have this widget set, you will experience problems in getting this application to compile.
There should be little difficulty in compiling the TIS Toolkit under the SunOS 4.1.3 and 4.1.4 operating systems. After the archive is extracted, a successful compile can be achieved even without modifying the Toolkit configuration.
No significant surprises occur when you compile the Toolkit under BSD/OS Version 2.0 from BSD, Inc. A few changes do need to be made to ensure the compile is successful, however. First, the Makefiles are not in the correct format for the make command. In TIS, the Makefiles use the syntax:
include Makefile.config
This syntax is not understood by the make command that is shipped with BSD/OS. To resolve the problem you can edit each of the Makefiles by hand, or use the program fixmake. The include statement also requires a small change. The required format looks like this:
.include <Makefile.config>
If you edit the Makefiles by hand, this is what the change looks like. However, you can also use the fixmake command to correct the syntax of the Makefile by removing the include statement and including all of the required instructions in one Makefile.
While you are tweaking, it is a good idea to make the following additional changes. No other changes are necessary.
CC= gcc COPT= -g -traditional -DBSDI
| Previous | Table of Contents | Next |