Firewalls and VPNs: Introduction and Best Practices

Fred Avolio

This course presents detailed information about defending your IP networks from attack. Firewalls have been a "must have" since before the Internet came into common use. VPNs have been around almost as long, but only recently have been given serious consideration (as in "actively deployed") by organizations.

In this course we concentrate on using Internet firewalls and virtual private networks (VPNs). Any poorly configured server or desktop may be vulnerable to attack, any application server can have bugs that permit unauthorized access, and every communications path is vulnerable to eavedropping. We will discuss these vulnerabilities, and show how firewalls can be configured to protect against many of them. Different types of firewall technology will be defined and discussed, giving an overview of their strengths and weaknesses. Representative products will be compared and contrasted.

We will also discuss VPNs, by laying the cryptographic foundation and discussing the types of VPNs in use and where they are deployed. We will discuss deployment considerations and infrastructures needed (or not needed) and how to develop a rollout plan.

Attendees are encouraged to bring examples of firewall and VPN deployment considerations for class analysis and discussion.

Course Outline:

       Introduction to Internet Firewalls
        Different Types of Firewalls
                Simple Packet Filter overview
                Stateful Packet Filter overview
                Application Gateway overview
                Hybrid overview
                Firewall Appliances
                Firewall Multiservers
                Personal Firewalls
        Weaknesses: Known and Imagined
        Criteria - how to pick a firewall
        Configuring and managing Firewalls
                Simple Packet Filter
                Stateful Packet Filter
                Application Gateway
        Additions to Firewalls
                Strong User Authentication
                Content Screens
                Intrusion Detection
                Honey pots and traps
        Questions to ask Firewall Vendors
        10 Ways to Decrease a Firewall's Security
        Cryptography for VPNs
        The technologies and types of VPNs
                Gateway to Gateway
                Mobile User to Gateway
                IP Layer
                Circuit Layer
                Application Layer
        Deployment Considerations and Rollout Requirements
                Firewalls and VPNs
                "To PKI or not to PKI"
        Questions to ask VPN Vendors
Assessing your network security

You will learn:

You will leave with: