home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
HaCKeRz KrOnIcKLeZ 3
/
HaCKeRz_KrOnIcKLeZ.iso
/
chibacity
/
firewall.txt
< prev
next >
Wrap
Text File
|
1996-04-23
|
11KB
|
260 lines
Building Internet Firewalls
===========================
by D. Brent Chapman and Elizabeth D. Zwicky
Published by O'Reilly & Associates
1st Edition September 1995
517 Pages
ISBN 1-56592-124-0
List price $29.95
10% discount from Great Circle Associates
=========================================
Overview
========
Everyone is jumping on the Internet bandwagon, despite the fact that the
security risks associated with connecting to the Internet have never been
greater. This book is a practical guide to building firewalls on the
Internet. It describes a variety of firewall approaches and architectures
and discusses how you can build packet filtering and proxying solutions at
your site. It also contains a full discussion of how to configure Internet
services (e.g., FTP, SMTP, Telnet) to work with a firewall, as well as a
complete list of resources, including the location of many publicly
available firewall construction tools.
Key Points
==========
The book is practical, not theoretical, unlike so many security books. It
shows clearly what you need to decide and what you need to do to select and
install a firewall.
The book is filled with diagrams that help make complex concepts easy to
follow.
Although this book is aimed primarily at system administrators, Parts I and
III of the book, which discuss Internet security risks, pros and cons of
firewalls, and the development of security policies and responses to
security incidents, are appropriate for managers and anyone who needs to
make a business decision about the risks of getting connected to the
Internet.
Description
===========
More than a million systems are now connected to the Internet, and something
like 15 million people in 100 countries on all seven continents use Internet
services. More than 100 million email messages are exchanged each day, along
with countless files, documents, and audio and video images.
Everyone is jumping on the Internet bandwagon. Once a haven for academicians
and scientists, the Net is now reaching large and small businesses,
government at all levels, school children, and senior citizens. The
commercial world is rushing headlong into doing business on the Internet,
barely pausing while technologies and policies catch up with their desire to
go online. But, too few of the seekers after Internet wisdom and riches
consider whether their businesses will be safe on the Internet.
What kinds of security risks are posed by the Internet? Some risks have been
around since the early days of networking -- password attacks (guessing them
or cracking them via password dictionaries and cracking programs), denial of
service, and exploiting known security holes. Some risks are newer and even
more dangerous -- password sniffers, IP (Internet Protocol) forgery, and
various types of hijacking attacks.
Firewalls are a very effective way to protect your system from these
Internet security threats. Firewalls in computer networks keep damage on one
part of the network (e.g., eavesdropping, a worm program, file damage) from
spreading to the rest of the network. Without firewalls, network security
problems can rage out of control, dragging more and more systems down.
What is a firewall? It's a hardware and/or software solution that restricts
access from your internal network to the Internet -- and vice versa. A
firewall may also be used to separate two or more parts of your local
network (for example, protecting finance from R&D). The firewall is
installed at the perimeter of the network, ordinarily where it connects to
the Internet. You can think of a firewall as a checkpoint; all traffic,
incoming and outgoing, is stopped at this point. Because it is, the firewall
can make sure that it is acceptable. "Acceptable" means that whatever is
passing through -- email, file transfers, remote logins, NFS mounts, etc. --
conforms to the security policy of the site.
Building Internet Firewalls is a practical guide to building firewalls on
the Internet. If your site is connected to the Internet, or if you're
considering getting connected, you need this book. It describes a variety of
firewall approaches and architectures and discusses how you can build packet
filtering and proxying solutions at your site. It also contains a full
discussion of how to configure Internet services (e.g., FTP, SMTP, Telnet)
to work with a firewall. The book also includes complete list of resources,
including the location of many publicly available firewall construction
tools. The book is divided into four parts:
Part I discusses Internet threats, the benefits of firewalls, overall
security strategies, and a summary of Internet services and their security
risks.
Part II describes possible firewall designs and general terms and concepts,
how to protect the bastion host in your firewall configuration, how to build
proxying and packet filtering firewalls, and how to configure Internet
services to operate with a firewall.
Part III describes how to maintain a firewall, develop a security policy,
and respond to a security incident.
Part IV contains appendices consisting of a resource summary, a directory of
how to find firewall toolkits and other security-related tools, and a
detailed summary providing TCP/IP background information.
Table of Contents
=================
Foreword
Preface
Part I: Network Security
Chapter 1: Why Internet Firewalls
Chapter 2: Internet Services
Chapter 3: Security Strategies
Part II: Building Firewalls
Chapter 4: Firewall Design
Chapter 5: Bastion Hosts
Chapter 6: Packet Filtering
Chapter 7: Proxy Systems
Chapter 8: Configuring Internet Services
Chapter 9: Two Sample Firewalls
Chapter 10: Authentication and Inbound Services
Part III: Keeping Your Site Secure
Chapter 11: Security Policies
Chapter 12: Maintaining Firewalls
Chapter 13: Responding to Security Incidents
Part IV: Appendices
Appendix A: Resources
Appendix B: Tools
Appendix C: TCP/IP Fundamentals
Audience
========
Primarily system administrators, although managers who are concerned about
securing their systems or deciding whether to connect to the Internet will
get a lot of general information from Parts I and III of this book.
Reviews
=======
In these dangerous times, firewalls should be at the very center
of your security plans. . . Chapman and Zwicky have written a
book that will raise consciousness of, and competence in, Internet
security to a new level.
-- Ed DeHart, Technical Advisor at the Computer Emergency Response
Team Coordination Center (CERT-CC)
By focusing on firewalls and how they provide network-wide
protection from the outside world, this must-have book stands out
from the crowd. . . If you are building, buying, managing, or
just considering a firewall, this is the book you want.
-- Steve Simmons, president of Inland Sea, former president of the
System Administrators Guild (SAGE)
About the Authors
=================
D. Brent Chapman <Brent@GreatCircle.COM> is a consultant in the
San Francisco Bay Area, specializing in Internet firewalls. He has
designed and built Internet firewall systems for a wide range of
clients, using a variety of techniques and technologies. Before
founding Great Circle Associates, he was operations manager for a
financial services company, a world-renowned corporate research
lab, a software engineering company, and a hardware engineering
company. He holds a bachelor of science degree in electrical
engineering and computer science from the University of California,
Berkeley. He is the manager of the Firewalls Internet mailing list.
In his spare time, Brent is a volunteer search and rescue pilot,
disaster relief pilot, and mission coordinator for the California
Wing of the Civil Air Patrol (the civilian auxiliary of the United
States Air Force).
Elizabeth D. Zwicky <zwicky@corp.sgi.com> is a senior system
administrator at Silicon Graphics and the president of SAGE (the
System Administrators Guild). She has been doing large-scale UNIX
system administration for 10 years and was a founding board member
of both SAGE and BayLISA (the San Francisco Bay Area system
administrators' group), as well as a non-voting member of the first
board of the Australian system administration group, SAGE-AU. She
has been involuntarily involved in Internet security since before
the Internet worm. In her lighter moments, she is one of the few
people who makes significant use of the "rand" function in PostScript,
producing PostScript documents that are different every time they're
printed.
10% discount for Internet orders
================================
Please print this page, fill in the blanks, and fax or mail it back to us
along with your payment. Sorry, but we aren't yet willing to ask our
customers to send their credit card numbers over the Internet!
Quantity Description Price Each Total
-------- ----------- ---------- -----
________ Building Internet Firewalls $29.95 ea ________
10% Internet order discount -$3.00 ea ________
SUBTOTAL ========
Sales Tax (California addresses only) _______ % ________
7.75% Santa Clara County
7.25% All other California counties
0.0% Outside California
Shipping & Handling -- $2 + $2 per book (USA only) ________
(1 book = $4, 2 books = $6, 3 books = $8, etc.)
International buyers please contact
Great Circle Associates for shipping
TOTAL ========
[ ] Payment Enclosed.
Make checks payable in U.S. dollars to Great Circle Associates.
[ ] Charge to: [ ] Visa [ ] MasterCard [ ] American Express
Account Number _________________________________ Expires ______________________
Cardholder's Name ______________________ Signature ____________________________
Shipping Information
====================
Name ___________________________________________________________________________
Company/Institution ____________________________________________________________
Mailing Address ________________________________________________________________
City, State ZIP ________________________________________________________________
Telephone ( ) _______________________ Fax ( ) _______________________
E-mail _________________________________________________________________________
Please send completed order form and payment to:
================================================
Great Circle Associates
1057 West Dana Street
Mountain View, CA 94041
If paying by credit card, you can fax your order to +1 415 962 0842
For further information, please call Great Circle Associates at
1-800-270-2562 or +1 415 962 0841, or email book-orders@GreatCircle.COM