INTEL MEETING
January 20, 1999
3085 ENG II
12:00-1:00 p.m.
In attendance:
Steven Templeton (ST), Jim Hoagland (JH) and Chris Wee (CW)
TOPICS:
Different Interests of Attendants
Chris Wee’s Firewall
-
Different Interests of Attendants
-
JH needs a separate copy of GrIDS running, so he can move LaSCO to GrIDS
-
ST – Interested in anomaly detection until Roy Maxion’s research funding
starts
-
CW – Focused on firewalls, policy and rules
-
Chris Wee’s Firewall
-
Cannot get current on firewalls, because the technology is rapidly changing
-
CW is willing to give a tutorial on firewalls that would include how to
craft a brief network policy and filtering rules.
-
Explain the architecture of firewall, issues and rules.
-
Current state of filtering rule compilers – translate to filtering rule
language
-
ST – Problems
-
CPU Dig – volume
-
Privacy
-
IP6 encryption
-
CW – 90% of packets through the firewall are encrypted. Windows can’t synch
up after SSH connection dies. Need to update SSH licenses, current ones
for Windows.
-
CW - Big problems with setting up a firewall
-
Setting up policy and filtering rules
-
Don’t have the tools or battery of tests (EMAP, TCP dump) to evaluate how
the firewall is running. Need a methodical way of testing sites.
-
Running production – disable firewall to get packets through – sometimes
doesn’t work.
-
Need two firewalls; one to test the site, the other to protect the subnet.
-
Free BSD 2.28 is the current version. Version 3.0 was a waste of time –
never got a stable platform. Firewall may have been breached while using
3.0. Kept a few logs, but need a separate log host – 1 ethernet interface.
-
Use ethernet instead of serial connection – can’t log onto log host machine.
-
Which ICMP message to let in – too many are let in currently
-
CW set up a subdomain: sex.cs.ucdavis.edu (Seclab EXperiments). It’s not
accessible.
-
Enable NSF after 5 minutes of connections - disconnect
-
CW – To-Do List
-
Better understand Net Bios, Windows NT packets getting through
-
Talking to Denali NT, outside machine tries to talk back. The firewall
prevents it and the NT box continues to try until the server is rebooted
– software problem. The logs are small until attempt to talk to network
neighborhood
-
Would like to bring Denali behind the firewall.
-
Set up domain controller SAMBA 2.0 (SGI)
-
Need a minimum of 5 machines and convince others to come behind the firewall
-
CW has been able to SSH everything in/out, Tunnel everything else to do
X-window, isun, Infindel
-
ST willing to come behind firewall as a Windows 98 machine.