[Page 621] 20.1 Firewall Design Principles | Firewall Characteristics Types of Firewalls Firewall Configurations | 20.2 Trusted Systems | Data Access Control The Concept of Trusted Systems Trojan Horse Defense | 20.3 Common Criteria for Information Technology Security Evaluation | Requirements Profiles and Targets | 20.4 Recommended Reading and Web Sites | 20.5 Key Terms, Review Questions, and Problems | Key Terms Review Questions Problems |
[Page 622]The function of a strong position is to make the forces holding it practically unassailable. On War, Carl Von Clausewitz On the day that you take up your command, block the frontier passes, destroy the official tallies, and stop the passage of all emissaries. The Art of War, Sun Tzu Key Points A firewall forms a barrier through which the traffic going in each direction must pass. A firewall security policy dictates which traffic is authorized to pass in each direction. A firewall may be designed to operate as a filter at the level of IP packets, or may operate at a higher protocol layer. A trusted system is a computer and operating system that can be verified to implement a given security policy. Typically, the focus of a trusted system is access control. A policy is implemented that dictates what objects may be accessed by what subjects. The common criteria for information technology security is an international standards initiative to define a common set of security requirements and a systematic means of evaluating products against those requirements.
|
Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world via wide area networks and the Internet. We begin this chapter with an overview of the functionality and design principles of firewalls. Next, we address the issue of the security of the firewall itself and, in particular, the concept of a trusted system, or secure operating system. |