Firewalls and Internet Security

Repelling the Wily Hacker

Steven M. Bellovin, William R. Cheswick

Publisher: Addison-Wesley, 1994, 306 pages

ISBN: 0-201-63357-4

Keywords: IT Security, Networks

Last modified: July 30, 2021, 10:23 a.m.

Synopsis

As a user of user of Internet, you are fortunate to be tied into the world's greatest communication and information exchange — but not without a price. As a result of this connection, your computer, your organization's network, and everywhere that network reaches are all vulnerable to potentially disastrous infiltration by hackers.

Written by the AT&T Bell Labs researchers who tracked the infamous "Berferd" hacker and also built the firewall gateway at Bell Labs, Firewalls and Internet Security gives you invaluable advice and practical tools for protecting your organization's computers from the very real threat of a hacker attack through the Internet. You will learn how to plan and execute a security strategy that will thwart the most determined and sophisticated of hackers — while still allowing you easy access to Internet services.

In particular, the authors show you a step-by-step plan for setting up a "firewall" gateway — a dedicated computer equipped with safeguards that acts as a single, more easily defended, Internet connection. They even include a description of their most recent gateway, the tools they used to build it, and the hacker attacks they devised to test it.

You will be fascinated by their first-hand account of one of the first documented hacker attacks, the "Berferd" case, in which Internet hackers created havoc for computer networks worldwide. In addition, you will find vital information on cryptography, a description of the tools used by hackers, and the legal implications of computer security.

With this book in hand, you will be well equipped to provide your organization with effective protection from the wily Internet hacker.

Table of Contents

  1. Getting Started
    1. Introduction
      1. Why Security?
      2. Picking a Security Policy
      3. Strategies for a Secure Network
      4. The Ethics of Computer Security
      5. WARNING
    2. An Overview of TCP/IP
      1. The Different Layers
      2. Routers and Routing protocols
      3. The Domain Name System
      4. Standard Services
      5. RPC-based Protocols
      6. File Transfer Protocols
      7. The "r" Commands
      8. Information Services
      9. The X11 System
      10. Patterns of Trust
  2. Building Your Own Firewall
    1. Firewall Gateways
      1. Firewall Philosophy
      2. Situating Firewalls
      3. Packet-Filtering Gateways
      4. Application-Level Gateways
      5. Circuit-Level Gateways
      6. Supporting Inbound Services
      7. Tunnels Good and Bad
      8. Joint Ventures
      9. What Firewalls Can't Do
    2. How to Build an Application-Level Gateway
      1. Policy
      2. Hardware Configuration Options
      3. Initial Installation
      4. Gateway Tools
      5. Installing Services
      6. Protecting the Protectors
      7. Gateway Administration
      8. Safety Analysis — Why Our Setup Is Secure and Fail-Safe
      9. Performance
      10. The TIS Firewall Toolkit
      11. Evaluating Firewalls
      12. Living Without a Firewall
    3. Authentication
      1. User Authentication
      2. Host-to-Host Authentication
    4. Gateway Tools
      1. Proxylib
      2. Syslog
      3. Watching the Network: Tcpdump and Friends
      4. Adding Logging to Standard Daemons
    5. Traps, Lures, and Honey Pots
      1. What to Log
      2. Dummy Accounts
      3. Tracing the Connection
    6. The Hacker's Workbench
      1. Introduction
      2. Discovery
      3. Probing Hosts
      4. Connection Tools
      5. Routing Games
      6. Network Monitors
      7. Metastasis
      8. Tiger Teams
      9. Further Reading
  3. A Look Back
    1. Classes of Attacks
      1. Stealing Passwords
      2. Social Engineering
      3. Bugs and Backdoors
      4. Authentication Failures
      5. Protocol Failures
      6. Information Leakage
      7. Denial-of-Service
    2. An Evening with Berferd
      1. Introduction
      2. Unfriendly Acts
      3. An Evening with Berferd
      4. The Day After
      5. The Jail
      6. Tracing Berferd
      7. Berferd Comes Home
    3. Where the Wild Things Are: A Look at the Logs
      1. A Year of Hacking
      2. Proxy Use
      3. Attack Sources
      4. Noise on the Line
  4. Odds and Ends
    1. Legal Considerations
      1. Computer Crime Statutes
      2. Log Files as Evidence
      3. Is Monitoring Legal?
      4. Tort Liability Considerations
    2. Secure Communications over Insecure Networks
      1. An Introduction to Cryptography
      2. The Kerberos Authentication System
      3. Link-Level Encryption
      4. Network- and Transport-Level Encryption
      5. Application-Level Encryption
    3. Where Do We Go from Here?
    1. Useful Free Stuff
      1. Building Firewalls
      2. Network Management and Monitoring Tools
      3. Auditing Packages
      4. Cryptographic Software
      5. Information Sources
    2. TCP and UDP Ports
      1. Fixed Ports
      2. MBone Usage
    3. Recommendations to Vendors
      1. Everyone
      2. Hosts
      3. Routers
      4. Protocols
      5. Firewalls

Reviews

Firewalls and Internet Security

Reviewed by Roland Buresund

OK ***** (5 out of 10)

Last modified: Nov. 15, 2008, 2:23 a.m.

Opinion

The classical text about firewalls.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required