Purpose of the Group
The purposes for the Firewalls Group within COAST are:
- To gain direct experience in the installation, evaluation, configuration and usage of different firewall systems.
- To investigate new technologies for network perimeter defenses, including next-generation networks such as ATM.
- To investigate the integration of host- and network-based security mechanisms with network perimeter defenses
It's a Dangerous World Out There
With the explosive growth of the Internet and computer networks in the last few years, and the large number of security problems associated with them, firewalls have had increasing popularity as a way of protecting systems from unauthorized access, either from the Internet or from other unrelated networks within the organization.
Unfortunately, a large number of firewall systems, both commercial and public domain, have entered the market, and little objective information exists regarding their different characteristics, capabilities and limitations. Many customers, hearing the word "firewall," wrongly picture a magic solution to all the security problems they may have. In reality a firewall has to be part of an overall security policy: it can only be effective if implemented according to that policy, and if its characteristics and configuration match what is expected of it.
Near-Term Goals
Our group has a number of different near-term goals for this project, including:
- Finding an appropriate list of objective criteria for evaluation of firewall systems' characteristics and capabilities.
- Developing a set of mechanisms and tools for making the evaluation process as straightforward and automated as possible, while maintaining its objectivity and thoroughness.
- Evaluating different commercial and public-domain firewall systems, to make the information useful to people intending to install a firewall, or to people that already have firewalls installed and who want to improve their performance and effectiveness.
Related Information
Current status
The group started its activities recently, and has currently achieved the following:
- Completion of the first draft of the COAST Firewall Evaluation Criteria.
- Application of the criteria to an evaluation of Cisco's PIX firewall. The results of the evaluation are being made available to the appropriate sponsoring organizations.
Sponsors
- COAST Sponsors
- Cisco Systems
- NEC
- Schlumberger, Limited
Members of the Group
The Firewalls Group is composed of the following COAST students and faculty:
- Gene Spafford, Director
- Tim Korb, Associated Staff
- Christoph Schuba, Graduate Student
- Karyl Stein, Undergraduate Student
- Keith Watson, Undergraduate Student
- Diego Zamboni, Graduate Student
COAST Firewalls Project Group