The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Publications of SPCL
|T. Hoefler, C. Burkert, M. Telzer:|
|A Comparative Firewall Study|
(Oct. 2004, Studienarbeit )
AbstractSince many years, firewalls are used to protect internal networks of government offices, companies and other institutions against potential attackers from the Internet. In most cases the firewall acts as a central hub for all connections from and to the outer world. Therefore it is located at the ultimatest part of the internal network - open for all kinds of attacks. Security, functionality, assurance of proper operation and performance are the primary aims to achieve by operating a firewall system. In the last years, the fast and dynamic open source movement and the intimately connected open source software products became a remarkable alternative to often slow developed and lethal closed source products. But it holds a lot of alternative products often strongly related to different open source operating systems like BSD or Linux. If an administrator has to make a decision without proper previous knowledge, it is very hard for him, to find the best opportunity to solve the problem. Some of this very important strategic decisions are even taken by a good feel of the person in charge. The fact that there is no real objective and comparative paper available about open source based firewalls led to this effort. Indeed, there are some papers of the BSI (Firewall Studie 1997/2001). Unfortunatly, these papers are mostly obsolete (older than three years) and examine only closed source and very expensive firewall systems.