Building Internet Firewalls

Everyone's jumping on the Internet bandwagon today, but with the explosive growth of the Internet has come a corresponding explosion in attacks on connected computer systems. These range from familiar attacks (e.g., cracking passwords and exploiting security holes in operating systems) to newer and more technically sophisticated ones (e.g., forging IP source addresses, packet sniffing, and hijacking terminal or login sessions). How can you protect your site from these threats? How can you help your users get what they need from the World Wide Web and other Internet Services, while protecting your systems and networks from compromise? Internet firewalls are currently the most effective defense.

Building Internet Firewalls is a practical guide to designing, building, and maintaining firewalls. It isn't a theoretical tome on security concepts; it's a down-to-earth, highly detailed handbook for real-life system administrators and managers — and for anyone who wants to learn what firewalls can (and cannot) do to make a site secure. If you're planning to build your own firewall, this book will tell you how to do it. If you're planning to buy one, this book will give you the background information you need to understand the protocols, technologies, and features of the products you'll be considering. It contains:

• Detailed descriptions of how to build packet filtering and proxying firewalls, and how to configure Internet services (e.g., electronic mail, FTP, DNS, Telnet, WWW, and many more) to work with firewalls.
• Chapters on overall Internet threats, firewall architectures, security policies and strategies, types of user authentication, firewall maintenance, and how to respond to break-ins.
• Summaries of information resources and publicly available tools to help you build an effective and affordable firewall.

• Part I: Network Security
1. Why Internet Firewalls?
• What Are You Trying to Protect?
• What Are You Trying To Protect Against?
• How Can You Protect Your Site?
• What Is an Internet Firewall?
2. Internet Services
• Electronic Mail
• File Transfer
• Remote Terminal Access and Command Execution
• Usenet News
• The World Wide Web
• Other Information Services
• Information About People
• Real-Time Conferencing Services
• Name Service
• Network Management Services
• Time Service
• Network File Systems
• Window Systems
• Printing Systems
3. Security Strategies
• Least Privilege
• Defense in Depth
• Choke Point
• Weakest Link
• Fail-Safe Stance
• Universal Participation
• Diversity of Defense
• Simplicity
• Part II: Building Firewalls
4. Firewall Design
• Some Firewall Definitions
• Firewall Architectures
• Variations on Firewall Architectures
• Internal Firewalls
• What the Future Holds
5. Bastion Hosts
• General Principles
• Special Kinds of Bastion Hosts
• Choosing a Machine
• Choosing a Physical Location
• Locating the Bastion Host on the Network
• Selecting Services Provided by the Bastion Host
• Don't Allow User Accounts on the Bastion Host
• Building a Bastion Host
• Operating the Bastion Host
• Protecting the Machine and Backups
6. Packet Filtering
• Why Packet Filtering?
• Configuring a Packet Filtering Router
• What Does a Packet Look Like?
• What Does the Router Do with Packets?
• Conventions for Packet Filtering Rules
• Filtering by Address
• Filtering by Service
• Choosing a Packet Filtering Router
• Where to Do Packet Filtering
• Putting It All Together
7. Proxy Systems
• Why Proxying?
• How Proxying Works
• Proxy Server Terminology
• Using Proxying with Internet Services
• Proxying Without a Proxy Server
• Using SOCKS for Proxying
• Using the TIS Internet Firewall Toolkit for Proxying
• What If You Can't Proxy?
8. Configuring Internet Services
• Electronic Mail
• Simple Mail Transfer Protocol (SMTP)
• Post Office Protocol (POP)
• Multimedia Internet Mail Extensions (MIME)
• File Transfer
• File Transfer Protocol (FTP)
• Trivial File Transfer Protocol )TFTP)
• File Service Protocol (FSP)
• UNIX-to-UNIX Copy Protocol (UUCP)
• Terminal Access (Telnet)
• Packet Filtering Characteristics of Telnet
• Proxying Characteristics of Telnet
• Summary of Telnet Recommendations
• Remote Command Execution
• BSD 'r' Commands
• rexec
• rex
• Network News Transfer Protocol (NNTP)
• Packet Filtering Characteristics of NNTP
• Proxying Characteristics of NNTP
• Dangerous Ways to Set up NNTP in a Firewall Environment
• Good Ways to Set up NNTP in a Firewall Environment
• Using Packet Filtering with NNTP
• Summary of NNTP Recommendations
• World Wide Web (WWW) and HTTP
• Packet Filtering Characteristics of HTTP
• Proxying Characteristics of HTTP
• HTTP Security Concerns
• Secure HTTP
• Summary of WWW Recommendations
• Other Information Services
• Gopher
• Wide Area Information Servers (WAIS)
• Archie
• Information Lookup Services
• finger
• whois
• Real-Time Conferencing Services
• talk
• Internet Relay Chat (IRC)
• The Multicast Backbone (MBONE)
• Domain Name System (DNS)
• Packet Filtering Characteristics of DNS
• Proxying Characteristics of DNS
• DNS Data
• DNS Security Problems
• Setting Up DNS to Hide Information
• Setting up DNS Without Hiding Information
• Summary of DNS Recommendations
• syslog
• Packet Filtering Characteristics of syslog
• Proxying Characteristics of syslog
• Summary of syslog Recommendations
• Network Management Services
• Simple Network Management Protocol (SNMP)
• Routing Information Protocol (RIP)
• ping
• traceroute
• Other ICMP Packets
• Summary of Netwrok Management Recommendations
• Network Time Protocol (NTP)
• Packet Filtering Characteristics of NTP
• Proxying Characteristics of NTP
• Configuring NTP to Work with a Firewall
• Summary of NTP Recommendations
• Network File System (NFS)
• Packet Filtering Characteristics of NFS
• Proxying Characteristics of NFS
• Summary of NFS Recommendations
• Network Information Service/Yellow Pages (NIS/YP)
• Packet Filtering Characteristics of NIS/YP
• Proxying Characteristics of NIS/YP
• Summary of NIS/YP Recommendations
• X11 Window System
• Packet Filtering Characteristics of X11
• Summary of X11 Recommendations
• Printing Protocols (lpr and lp)
• Packet Filtering Characteristics of lpr
• Proxying Characteristics of lpr
• Packet Filtering Characteristics and Proxying Characteristics of lp
• Summary Recommendations for Printing Protocols
• Analyzing Other Protocols
9. Two Sample Firewalls
• Screened Subnet Architecture
• Screened Host Architecture
10. Authentication and Inbound Services
• Risks of Using Inbound Services
• What Is Authentication?
• Authentication Mechanisms
• Complete Authentication Systems
• Network-Level Encryption
• Terminal Servers and Modem Pools
• Part III: Keeping Your Site Secure
11. Security Policies
• Your Security Policy
• Putting Together a Security Policy
• Getting Strategic and Policy Decisions Made
• What If You Can't Get a Security Policy?
12. Maintaining Firewalls
• Housekeeping
• Monitoring Your System
• Keeping Up to Date
• How Long Does It Take?
• When Should You Start Over?
13. Responding to Security Incidents
• Responding to an Incident
• What To Do After an Incident
• Pursuing and Capturing the Intruder
• Planning Your Response
• Being Prepared
• Part IV: Apendixes
1. Resources
• WWW Pages
• FTP Sites
• Mailing Lists
• Newsgroups
• Response Teams and Other Organizations
• Conferences
• Papers
• Books
2. Tools
• Authentication Tools
• Analysis Tools
• Packet Filtering Tools
• Proxy Systems Tools
• Daemons
• Utilities
3. TCP/IP Fundamental
• Introduction to TCP/IP
• A Data Communications Model
• TCP/IP Protocol Architecture
• Network Access Layer
• Internet Layer
• Transport Layer
• Application Layer
• Addressing, Routing, and Multiplexing
• The IP Address
• Internet Routing Architecture
• The Routing Table
• Protocols, Ports, and Sockets

A good introduction to the subject. There exists a second edition as well.