January 20, 1999
3085 ENG II
12:00-1:00 p.m.
In attendance:
Steven Templeton (ST), Jim Hoagland (JH) and Chris Wee (CW)

Different Interests of Attendants
Chris Wee’s Firewall
    1. Different Interests of Attendants
      1. JH needs a separate copy of GrIDS running, so he can move LaSCO to GrIDS
      2. ST – Interested in anomaly detection until Roy Maxion’s research funding starts
      3. CW – Focused on firewalls, policy and rules
    2. Chris Wee’s Firewall
      1. Cannot get current on firewalls, because the technology is rapidly changing
      2. CW is willing to give a tutorial on firewalls that would include how to craft a brief network policy and filtering rules.
        1. Explain the architecture of firewall, issues and rules.
        2. Current state of filtering rule compilers – translate to filtering rule language
      3. ST – Problems
        1. CPU Dig – volume
        2. Privacy
        3. IP6 encryption
          1. CW – 90% of packets through the firewall are encrypted. Windows can’t synch up after SSH connection dies. Need to update SSH licenses, current ones for Windows.
        4. CW - Big problems with setting up a firewall
          1. Setting up policy and filtering rules
          2. Don’t have the tools or battery of tests (EMAP, TCP dump) to evaluate how the firewall is running. Need a methodical way of testing sites.
          3. Running production – disable firewall to get packets through – sometimes doesn’t work.
          4. Need two firewalls; one to test the site, the other to protect the subnet.
          5. Free BSD 2.28 is the current version. Version 3.0 was a waste of time – never got a stable platform. Firewall may have been breached while using 3.0. Kept a few logs, but need a separate log host – 1 ethernet interface.
            1. Use ethernet instead of serial connection – can’t log onto log host machine.
          6. Which ICMP message to let in – too many are let in currently
        5. CW set up a subdomain: (Seclab EXperiments). It’s not accessible.
          1. Enable NSF after 5 minutes of connections - disconnect
        6. CW – To-Do List
          1. Better understand Net Bios, Windows NT packets getting through
          2. Talking to Denali NT, outside machine tries to talk back. The firewall prevents it and the NT box continues to try until the server is rebooted – software problem. The logs are small until attempt to talk to network neighborhood
          3. Would like to bring Denali behind the firewall.
          4. Set up domain controller SAMBA 2.0 (SGI)
          5. Need a minimum of 5 machines and convince others to come behind the firewall
            1. CW has been able to SSH everything in/out, Tunnel everything else to do X-window, isun, Infindel
            2. ST willing to come behind firewall as a Windows 98 machine.