Great Circle Associates logo

Building Internet Firewalls Tutorial

A One-Day Tutorial taught by Brent Chapman

What is the threat?
What is a Firewall?
Who should attend
Topics covered
About the author
Scheduling, or for more information
Other tutorials

What is the Threat? 

There are many benefits to connecting your site to the Internet, but there are risks as well. Today's Internet security threats range from curious prowlers to well-organized, technically-knowledgeable intruders that could gain access to your site's private information or interfere with your (or your clients') use of your own systems. The number and sophistication of these threats grow each year, just like the Internet itself.

While it's a good idea to make your workstations, servers, and other systems as individually secure as possible, this is not sufficient to defend your site from attack. Without the ability to protect your entire network at its connection point, your defense is only as strong as its weakest link, and securing each and every system is a complex and cumbersome job with no guarantee of success, because of the variety of different operating systems, releases, vendor patches, and administrative domains.

However, by analyzing and defending against threats at your site's point of connection to the Internet (or a parent organization's WAN) you can take advantage of most Internet services, such as the World Wide Web, electronic mail, and anonymous FTP, while at the same time limiting your risk of intrusions.

What is a Firewall?  

An Internet firewall is a security mechanism that allows limited access to your site from the Internet, allowing approved traffic in and out according to a thought-out plan. This lets you select the services appropriate to your business needs, while barring others which may have significant security holes.

The tutorial covers firewall architectures and variations, as well as both theory and practice of packet filtering and proxy systems, and includes an in-depth look at a sample firewalls configuration.

If you are considering the purchase of a commercial firewall product, this tutorial will teach the concepts and mechanisms behind firewall products and help you make the best choice for your site.

Throughout the tutorial, the emphasis is on practical and useful material, including examples, case studies, and war stories. The Building Internet Firewalls Tutorial will provide information and insights valuable in any TCP/IP networked installation, ranging from single-system sites to large enterprise networks with thousands of nodes.

Each tutorial participant will receive a comprehensive package of materials, including a full copy of the tutorial presentation, reference information, and a copy of the O'Reilly & Associates book Building Internet Firewalls.

Who Should Attend 

The intended audience for this tutorial includes network managers, system administrators, information systems managers, and others who are considering implementing an Internet security firewall or are maintaining an existing firewall system. This includes persons at sites planning a firewall system between an organizational wide-area network and site networks with special security needs or sensitivity.

The tutorial materials assume that all attendees understand basic Internet networking principles including IP addressing and routing, differences between TCP and UDP, and packet encapsulation.

Topics Covered 

About the Author 

Brent Chapman is a consultant in the San Francisco Bay Area, specializing in the networking of UNIX systems. He has designed and built many Internet firewall systems for a wide variety of clients, using a range of techniques and technologies. He is the co-author of the book Building Internet Firewalls (O'Reilly & Associates; September 1995), and is founder of the Firewalls Internet mailing list. Before founding Great Circle Associates, he was operations manager for a financial services company, a world-renowned corporate research lab, a software engineering company, and a hardware engineering company. Brent holds a Bachelor of Science degree in Electrical Engineering and Computer Science from the University of California, Berkeley.


The price for a private presentation of any of our one-day tutorials is US$3000 plus travel and lodging costs (airfare, hotel, local transportation, meals, etc.) for up to 8 students. Additional students cost US$250 each.

For example, here is what a private presentation of a tutorial for 15 people would cost, assuming US$800 travel/lodging costs:

Item Quantity Each Total
Base Tutorial fee (8 people) 1 $3000 $3000
Additional students 7 $250 $1750
Travel and lodging 1 $800 $800
Total $5500

Educational institutions (accredited colleges, universities, etc.) are eligible for a 20% discount on the non-travel/lodging portion of the fee. The educational institution price for a private presentation of any of our one-day tutorials is US$2400 plus travel and lodging costs (airfare, hotel, local transportation, meals, etc.) for up to 8 students. Additional students are US$200 each.

For tutorials outside the USA and Canada, there is a US$5000 minimum (exclusive of travel/lodging costs), travel/lodging costs will be for business class accomodations, and customers should plan for an extra two days of accomodations for travel and jetlag.

Scheduling, or For More Information 

To schedule a tutorial, or for more information, please contact us.

Other Tutorials 

Great Circle Associates also offers several other tutorials, on topics such as Internet Essentials for UNIX System Administrators, Introduction to Internet Technology, and Creating a World Wide Web Site.
Great Circle Associates, Inc.
1250 West Dana Street
Mountain View, CA 94041 USA

Please report problems to Webmaster@GreatCircle.COM
Copyright © 2003 Great Circle Associates, Inc.
USA Toll Free: 877 GRT CRCL
(877 478 2725)
International: +1 650 962 0841
Fax: +1 650 962 0842