Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Building Internet Firewalls / Edition 2

Building Internet Firewalls / Edition 2

5.0 1
by Elizabeth Zwicky D., Simon Cooper, Brent Chapman D.

See All Formats & Editions

ISBN-10: 1565928717

ISBN-13: 9781565928718

Pub. Date: 06/01/2000

Publisher: O'Reilly Media, Incorporated

In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks—and the need to protect both business and personal data—have


In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks—and the need to protect both business and personal data—have never been greater. We've updated Building Internet Firewalls to address these newer risks.

What kinds of security threats does the Internet pose? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. And others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, are in current headlines.

Firewalls, critical components of today's computer networks, effectively protect a system from most Internet security threats. They keep damage on one part of the network—such as eavesdropping, a worm program, or file damage—from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down.

Like the bestselling and highly respected first edition, Building Internet Firewalls, 2nd Edition, is a practical and detailed step-by-step guide to designing and installing firewalls and configuring Internet services to work with a firewall. Much expanded to include Linux and Windows coverage, the second edition describes:

    • Firewall technologies: packet filtering, proxying, network address translation, virtual private networks
    • Architectures such as screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, internal firewalls
    • Issues involved in a variety of new Internet services and protocols through a firewall
    • Email and News
    • Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo)
    • File transfer and sharing services such as NFS, Samba
    • Remote access services such as Telnet, the BSD "r" commands, SSH, BackOrifice 2000
    • Real-time conferencing services such as ICQ and talk
    • Naming and directory services (e.g., DNS, NetBT, the Windows Browser)
    • Authentication and auditing services (e.g., PAM, Kerberos, RADIUS);
    • Administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics)
    • Intermediary protocols (e.g., RPC, SMB, CORBA, IIOP)
    • Database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server)

    The book's complete list of resources includes the location of many publicly available firewall construction tools.

Product Details

O'Reilly Media, Incorporated
Publication date:
Edition description:
Second Edition
Product dimensions:
7.08(w) x 9.08(h) x 1.69(d)

Table of Contents

Scope of This Book;
Conventions Used in This Book;
Comments and Questions;
Acknowledgments for the Second Edition;
Acknowledgments for the First Edition;
Part I: Network Security;
Chapter 1: Why Internet Firewalls?;
1.1 What Are You Trying to Protect?;
1.2 What Are You Trying to Protect Against?;
1.3 Who Do You Trust?;
1.4 How Can You Protect Your Site?;
1.5 What Is an Internet Firewall?;
1.6 Religious Arguments;
Chapter 2: Internet Services;
2.1 Secure Services and Safe Services;
2.2 The World Wide Web;
2.3 Electronic Mail and News;
2.4 File Transfer, File Sharing, and Printing;
2.5 Remote Access;
2.6 Real-Time Conferencing Services;
2.7 Naming and Directory Services;
2.8 Authentication and Auditing Services;
2.9 Administrative Services;
2.10 Databases;
2.11 Games;
Chapter 3: Security Strategies;
3.1 Least Privilege;
3.2 Defense in Depth;
3.3 Choke Point;
3.4 Weakest Link;
3.5 Fail-Safe Stance;
3.6 Universal Participation;
3.7 Diversity of Defense;
3.8 Simplicity;
3.9 Security Through Obscurity;
Part II: Building Firewalls;
Chapter 4: Packets and Protocols;
4.1 What Does a Packet Look Like?;
4.2 IP;
4.3 Protocols Above IP;
4.4 Protocols Below IP;
4.5 Application Layer Protocols;
4.6 IP Version 6;
4.7 Non-IP Protocols;
4.8 Attacks Based on Low-Level Protocol Details;
Chapter 5: Firewall Technologies;
5.1 Some Firewall Definitions;
5.2 Packet Filtering;
5.3 Proxy Services;
5.4 Network Address Translation;
5.5 Virtual Private Networks;
Chapter 6: Firewall Architectures;
6.1 Single-Box Architectures;
6.2 Screened Host Architectures;
6.3 Screened Subnet Architectures;
6.4 Architectures with Multiple Screened Subnets;
6.5 Variations on Firewall Architectures;
6.6 Terminal Servers and Modem Pools;
6.7 Internal Firewalls;
Chapter 7: Firewall Design;
7.1 Define Your Needs;
7.2 Evaluate the Available Products;
7.3 Put Everything Together;
Chapter 8: Packet Filtering;
8.1 What Can You Do with Packet Filtering?;
8.2 Configuring a Packet Filtering Router;
8.3 What Does the Router Do with Packets?;
8.4 Packet Filtering Tips and Tricks;
8.5 Conventions for Packet Filtering Rules;
8.6 Filtering by Address;
8.7 Filtering by Service;
8.8 Choosing a Packet Filtering Router;
8.9 Packet Filtering Implementations for General-Purpose Computers;
8.10 Where to Do Packet Filtering;
8.11 What Rules Should You Use?;
8.12 Putting It All Together;
Chapter 9: Proxy Systems;
9.1 Why Proxying?;
9.2 How Proxying Works;
9.3 Proxy Server Terminology;
9.4 Proxying Without a Proxy Server;
9.5 Using SOCKS for Proxying;
9.6 Using the TIS Internet Firewall Toolkit for Proxying;
9.7 Using Microsoft Proxy Server;
9.8 What If You Can't Proxy?;
Chapter 10: Bastion Hosts;
10.1 General Principles;
10.2 Special Kinds of Bastion Hosts;
10.3 Choosing a Machine;
10.4 Choosing a Physical Location;
10.5 Locating Bastion Hosts on the Network;
10.6 Selecting Services Provided by a Bastion Host;
10.7 Disabling User Accounts on Bastion Hosts;
10.8 Building a Bastion Host;
10.9 Securing the Machine;
10.10 Disabling Nonrequired Services;
10.11 Operating the Bastion Host;
10.12 Protecting the Machine and Backups;
Chapter 11: Unix and Linux Bastion Hosts;
11.1 Which Version of Unix?;
11.2 Securing Unix;
11.3 Disabling Nonrequired Services;
11.4 Installing and Modifying Services;
11.5 Reconfiguring for Production;
11.6 Running a Security Audit;
Chapter 12: Windows NT and Windows 2000 Bastion Hosts;
12.1 Approaches to Building Windows NT Bastion Hosts;
12.2 Which Version of Windows NT?;
12.3 Securing Windows NT;
12.4 Disabling Nonrequired Services;
12.5 Installing and Modifying Services;
Part III: Internet Services;
Chapter 13: Internet Services and Firewalls;
13.1 Attacks Against Internet Services;
13.2 Evaluating the Risks of a Service;
13.3 Analyzing Other Protocols;
13.4 What Makes a Good Firewalled Service?;
13.5 Choosing Security-Critical Programs;
13.6 Controlling Unsafe Configurations;
Chapter 14: Intermediary Protocols;
14.1 Remote Procedure Call (RPC);
14.2 Distributed Component Object Model (DCOM);
14.3 NetBIOS over TCP/IP (NetBT);
14.4 Common Internet File System (CIFS) and Server Message Block (SMB);
14.5 Common Object Request Broker Architecture (CORBA) and Internet Inter-Orb Protocol (IIOP);
14.6 ToolTalk;
14.7 Transport Layer Security (TLS) and Secure Socket Layer (SSL);
14.8 The Generic Security Services API (GSSAPI);
14.9 IPsec;
14.10 Remote Access Service (RAS);
14.11 Point-to-Point Tunneling Protocol (PPTP);
14.12 Layer 2 Transport Protocol (L2TP);
Chapter 15: The World Wide Web;
15.1 HTTP Server Security;
15.2 HTTP Client Security;
15.3 HTTP;
15.4 Mobile Code and Web-Related Languages;
15.5 Cache Communication Protocols;
15.6 Push Technologies;
15.7 RealAudio and RealVideo;
15.8 Gopher and WAIS;
Chapter 16: Electronic Mail and News;
16.1 Electronic Mail;
16.2 Simple Mail Transfer Protocol (SMTP);
16.3 Other Mail Transfer Protocols;
16.4 Microsoft Exchange;
16.5 Lotus Notes and Domino;
16.6 Post Office Protocol (POP);
16.7 Internet Message Access Protocol (IMAP);
16.8 Microsoft Messaging API (MAPI);
16.9 Network News Transfer Protocol (NNTP);
Chapter 17: File Transfer, File Sharing, and Printing;
17.1 File Transfer Protocol (FTP);
17.2 Trivial File Transfer Protocol (TFTP);
17.3 Network File System (NFS);
17.4 File Sharing for Microsoft Networks;
17.5 Summary of Recommendations for File Sharing;
17.6 Printing Protocols;
17.7 Related Protocols;
Chapter 18: Remote Access to Hosts;
18.1 Terminal Access (Telnet);
18.2 Remote Command Execution;
18.3 Remote Graphical Interfaces;
Chapter 19: Real-Time Conferencing Services;
19.1 Internet Relay Chat (IRC);
19.2 ICQ;
19.3 talk;
19.4 Multimedia Protocols;
19.5 NetMeeting;
19.6 Multicast and the Multicast Backbone (MBONE);
Chapter 20: Naming and Directory Services;
20.1 Domain Name System (DNS);
20.2 Network Information Service (NIS);
20.3 NetBIOS for TCP/IP Name Service and Windows Internet Name Service;
20.4 The Windows Browser;
20.5 Lightweight Directory Access Protocol (LDAP);
20.6 Active Directory;
20.7 Information Lookup Services;
Chapter 21: Authentication and Auditing Services;
21.1 What Is Authentication?;
21.2 Passwords;
21.3 Authentication Mechanisms;
21.4 Modular Authentication for Unix;
21.5 Kerberos;
21.6 NTLM Domains;
21.7 Remote Authentication Dial-in User Service (RADIUS);
21.8 TACACS and Friends;
21.9 Auth and identd;
Chapter 22: Administrative Services;
22.1 System Management Protocols;
22.2 Routing Protocols;
22.3 Protocols for Booting and Boot-Time Configuration;
22.4 ICMP and Network Diagnostics;
22.5 Network Time Protocol (NTP);
22.6 File Synchronization;
22.7 Mostly Harmless Protocols;
Chapter 23: Databases and Games;
23.1 Databases;
23.2 Games;
Chapter 24: Two Sample Firewalls;
24.1 Screened Subnet Architecture;
24.2 Merged Routers and Bastion Host Using General-Purpose Hardware;
Part IV: Keeping Your Site Secure;
Chapter 25: Security Policies;
25.1 Your Security Policy;
25.2 Putting Together a Security Policy;
25.3 Getting Strategic and Policy Decisions Made;
25.4 What If You Can't Get a Security Policy?;
Chapter 26: Maintaining Firewalls;
26.1 Housekeeping;
26.2 Monitoring Your System;
26.3 Keeping up to Date;
26.4 How Long Does It Take?;
26.5 When Should You Start Over?;
Chapter 27: Responding to Security Incidents;
27.1 Responding to an Incident;
27.2 What to Do After an Incident;
27.3 Pursuing and Capturing the Intruder;
27.4 Planning Your Response;
27.5 Being Prepared;
Part V: Appendixes;
Appendix A: Resources;
A.1 Web Pages;
A.2 FTP Sites;
A.3 Mailing Lists;
A.4 Newsgroups;
A.5 Response Teams;
A.6 Other Organizations;
A.7 Conferences;
A.8 Papers;
A.9 Books;
Appendix B: Tools;
B.1 Authentication Tools;
B.2 Analysis Tools;
B.3 Packet Filtering Tools;
B.4 Proxy Systems Tools;
B.5 Daemons;
B.6 Utilities;
Appendix C: Cryptography;
C.1 What Are You Protecting and Why?;
C.2 Key Components of Cryptographic Systems;
C.3 Combined Cryptography;
C.4 What Makes a Protocol Secure?;
C.5 Information About Algorithms;

Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews

Building Internet Firewalls 5 out of 5 based on 0 ratings. 1 reviews.
Guest More than 1 year ago
In this day and age, attacks by so-called 'hackers' against companies' internal networks are always a threat and virtually any business, government or educational institution needs to protect itself against this threat. Firewalls (while not 100% safe) offer an excellent protection against such attacks. These attacks as the books can come in many forms, such as 'denial of service' attacks. This updated second edition offers a lot of information about setting up and maintaining a firewall. It describes different types of firewalls, the tools (both software & hardware) you can use to set up your firewall, which Internet services (World Wide Web, electronic mail and netnews, FTP, telnet, teleconferencing, etc) you can decide to put through a firewall, and maintaining it once the firewall has been set up. There's a lot of good common-sense information in here too, when it talks about how you go about deciding what should and shouldn't be protected, who will have access to which services, what kind of security policies to set up, and what to do when you do have any type of 'break-in.' I learned quite a bit about firewalls from this book and anyone who needs to learn about firewalls should get a copy of this book if they already haven't.