Firewalls and Internet Security: Repelling the Wily Hacker / Edition 2

Paperback (Print)
Buy New
Buy New from BN.com
$34.37
Used and New from Other Sellers
Used and New from Other Sellers
from $8.61
Usually ships in 1-2 business days
(Save 85%)
Other sellers (Paperback)
  • All (12) from $8.61   
  • New (5) from $34.35   
  • Used (7) from $8.61   

Overview

The best-selling first edition of Firewalls and Internet Security became the bible of Internet security by showing a generation of Internet security experts how to think about threats and solutions. This completely updated and expanded second edition defines the security problems companies face in today's Internet, identifies the weaknesses in the most popular security technologies, and illustrates the ins and outs of deploying an effective firewall. Readers will learn how to plan and execute a security strategy that allows easy access to Internet services while defeating even the wiliest of hackers.

Firewalls and Internet Security, Second Edition, draws upon the authors' experiences as researchers in the forefront of their field since the beginning of the Internet explosion.

The book begins with an introduction to their philosophy of Internet security. It progresses quickly to a dissection of possible attacks on hosts and networks and describes the tools and techniques used to perpetrate--and prevent--such attacks. The focus then shifts to firewalls and virtual private networks (VPNs), providing a step-by-step guide to firewall deployment. Readers are immersed in the real-world practices of Internet security through a critical examination of problems and practices on today's intranets, as well as discussions of the deployment of a hacking-resistant host and of intrusion detection systems (IDS). The authors scrutinize secure communications over insecure networks and conclude with their predictions about the future of firewalls and Internet security.

The book's appendixes provide an introduction to cryptography and a list of resources (also posted to the book's Web site) that readers can rely on for tracking further security developments.

Armed with the authors' hard-won knowledge of how to fight off hackers, readers of Firewalls and Internet Security, Second Edition, can make security decisions that will make the Internet--and their computers--safer.

020163466XB01302003

These authors are both well-known senior researchers at AT&T Bell Labs, and this book is based on their actual experiences maintaining, improving, and redesigning AT&T's Internet gateway. They show why the most popular technologies for keeping intruders out are insufficient, while providing a step-by-step guide to their solution--building firewall gateways.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
The first generation of Internet security professionals cut its teeth on Firewalls and Internet Security, Repelling the Wily Hacker, by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin.

But much has happened since that book became an instant classic in 1994. Unfortunately, the "good guys" have been gradually losing the Internet arms race. "The hackers have developed and deployed tools for attacks we had been anticipating for years. IP spoofing and TCP hijacking are now quite common...ISPs report that attacks on the Internet's infrastructure are increasing."

Well, it's taken nine years, but the Second Edition has arrived -- and not a moment too soon.

Above all, this book teaches the right attitude about security. With the right frame of mind, you're far more likely to make reasonable security decisions when new challenges arise. To that end, the authors waste no time, presenting the no-nonsense principles of Internet security right up front.

Keep the level of all your defenses at about the same height. (You wouldn't fit a bank vault with a screen door on the back, yet many people do the same thing with Internet security.) An attacker doesn't go through security, but around it. They're looking for your weakest link.

Put your defenses in layers. Some of the layers will be physical, some conceptual, but together, they're far more effective than any of them would be alone. (This is, incidentally, how your immune system works.) Keep it simple. Complex systems are difficult to understand, audit, explain, and troubleshoot, and virtually impossible to perfect.

Also: Don't hand out more privileges than someone needs to do the job. Security should be integral to the original design, not bolted on later. Programs are insecure until proven secure. But: If you don't run a program, who cares if it's secure? Most folks have heard at least some of these, but few people take them sufficiently to heart. The rest of this book is about translating these common-sense security maxims into safer systems.

In Chapters 2 and 3, the authors move on to discussing key Internet protocols from the viewpoint of security. They start at the lowest levels, with IP packets, ARP, and TCP-based virtual circuits, then systematically review routing protocols like BGP; DNS and DHCP; network address translation, and more.

When you really understand how TCP opens a connection, you can see how SYN flood attacks attempt to flood a host with "half-open connections." When you understand how UDP works, you can see why it's so easy to spoof UDP packets -- and why you'd better be careful about using the source addresses they present.

Along the way, the authors utterly massacre WEP, the standard wireless security protocol for WiFi networks. (When you read what they have to say, you have to shake your head and wonder about how this protocol was designed.)

Oh, and speaking of wireless: "[J]ust because you cannot access your wireless network with a PCMCIA card from the parking lot, it does not mean that someone with an inexpensive high gain antenna cannot reach it from a mile (or twenty miles!) away. In fact, we have demonstrated that a standard access point inside a building is easily reachable from that distance." Ouch.

The definitive coverage of protocols represents only one-fourth of this outstanding book. It's equally strong on assessing today's diverse classes of attacks; implementing safer tools and services; and designing and deploying secure firewalls and VPNs. The authors show how to improve security by optimizing your network's layout; present intelligent overviews of intrusion detection and encryption; and finally, preview some emerging innovations in Internet security.

While we hope we won't have to wait nine years for the next edition, this one should hold us in good stead for a very long time. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

Read More Show Less

Product Details

  • ISBN-13: 9780201634662
  • Publisher: Addison-Wesley
  • Publication date: 2/25/2003
  • Series: Addison-Wesley Professional Computing Series
  • Edition description: Subsequent
  • Edition number: 2
  • Pages: 433
  • Sales rank: 907,396
  • Product dimensions: 7.20 (w) x 8.90 (h) x 1.10 (d)

Meet the Author

William R. Cheswick (http://cheswick.com) is Chief Scientist at Lumeta Corporation, which explores and maps clients' network infrastructures and finds perimeter leaks. Formerly he was a senior researcher at Lucent Bell Labs, where he did pioneering work in the areas of firewall design and implementation, PC viruses, mailers, and Internet munitions.

Steven M. Bellovin (http://stevebellovin.com) is a Fellow at AT&T Labs Research, where he works on networks, security, and, especially, why the two don't get along. He is a member of the National Academy of Engineering and is one of the Security Area directors of the Internet Engineering Task Force. Long ago he was one of the creators of NetNews.

Aviel D. Rubin (http://avirubin.com) is an Associate Professor in the Computer Science Department at Johns Hopkins University and serves as the Technical Director of their Information Security Institute. He was previously Principal Researcher in the Secure Systems Research Department at AT&T Laboratories and is the author of several books.

020163466XAB01302003

Read More Show Less

Read an Excerpt

But after a time, as Frodo did not show any sign of writing a book on the spot, the hobbits returned to their questions about doings in the Shire.

Lord of the Rings
—J.R.R. TOLKIEN

The first printing of the First Edition appeared at the Las Vegas Interop in May, 1994. At that same show appeared the first of many commercial firewall products. In many ways, the field has matured since then: You can buy a decent firewall off the shelf from many vendors.

The problem of deploying that firewall in a secure and useful manner remains. We have studied many Internet access arrangements in which the only secure component was the firewall itself—it was easily bypassed by attackers going after the “protected” inside machines. Before the trivestiture of AT&T/Lucent/NCR, there were over 300,000 hosts behind at least six firewalls, plus special access arrangements with some 200 business partners.

Our first edition did not discuss the massive sniffing attacks discovered in the spring of 1994. Sniffers had been running on important Internet Service Provider (ISP) machines for months—machines that had access to a major percentage of the ISP’s packet flow. By some estimates, these sniffers captured over a million host name/user name/password sets from passing telnet, ftp, and rlogin sessions. There were also reports of increased hacker activity on military sites. It’s obvious what must have happened: If you are a hacker with a million passwords in your pocket, you are going to look for the most interesting targets, and .mil certainly qualifies.

Since the First Edition, we have been slowly losing the Internet arms race. The hackers have developed and deployed tools for attacks we had been anticipating for years. IP spoofing Shimomura, 1996 and TCP hijacking are now quite common, according to the Computer Emergency Response Team (CERT). ISPs report that attacks on the Internet’s infrastructure are increasing.

There was one attack we chose not to include in the First Edition: the SYN-flooding denial-of- service attack that seemed to be unstoppable. Of course, the Bad Guys learned about the attack anyway, making us regret that we had deleted that paragraph in the first place. We still believe that it is better to disseminate this information, informing saints and sinners at the same time. The saints need all the help they can get, and the sinners have their own channels of communication.Crystal Ball or Bowling Ball?The first edition made a number of predictions, explicitly or implicitly. Was our foresight accurate?

Our biggest failure was neglecting to foresee how successful the Internet would become. We barely mentioned the Web and declined a suggestion to use some weird syntax when listing software resources. The syntax, of course, was the URL...

Concomitant with the growth of the Web, the patterns of Internet connectivity vastly increased. We assumed that a company would have only a few external connections—few enough that they’d be easy to keep track of, and to firewall. Today’s spaghetti topology was a surprise.

We didn’t realize that PCs would become Internet clients as soon as they did. We did, however, warn that as personal machines became more capable, they’d become more vulnerable. Experience has proved us very correct on that point.

We did anticipate high-speed home connections, though we spoke of ISDN, rather than cable modems or DSL. (We had high-speed connectivity even then, though it was slow by today’s standards.) We also warned of issues posed by home LANs, and we warned about the problems caused by roaming laptops.

We were overly optimistic about the deployment of IPv6 (which was called IPng back then, as the choice hadn’t been finalized). It still hasn’t been deployed, and its future is still somewhat uncertain.

We were correct, though, about the most fundamental point we made: Buggy host software is a major security issue. In fact, we called it the “fundamental theorem of firewalls”:

Most hosts cannot meet our requirements: they run too many programs that are too large. Therefore, the only solution is to isolate them behind a firewall if you wish to run any programs at all.

If anything, we were too conservative.Our ApproachThis book is nearly a complete rewrite of the first edition. The approach is different, and so are many of the technical details. Most people don’t build their own firewalls anymore. There are far more Internet users, and the economic stakes are higher. The Internet is a factor in warfare.

The field of study is also much larger—there is too much to cover in a single book. One reviewer suggested that Chapters 2 and 3 could be a six-volume set. (They were originally one mammoth chapter.) Our goal, as always, is to teach an approach to security. We took far too long to write this edition, but one of the reasons why the first edition survived as long as it did was that we concentrated on the concepts, rather than details specific to a particular product at a particular time. The right frame of mind goes a long way toward understanding security issues and making reasonable security decisions. We’ve tried to include anecdotes, stories, and comments to make our points.

Some complain that our approach is too academic, or too UNIX-centric, that we are too idealistic, and don’t describe many of the most common computing tools. We are trying to teach attitudes here more than specific bits and bytes. Most people have hideously poor computing habits and network hygiene. We try to use a safer world ourselves, and are trying to convey how we think it should be.

The chapter outline follows, but we want to emphasize the following:

It is OK to skip the hard parts.

If we dive into detail that is not useful to you, feel free to move on.

The introduction covers the overall philosophy of security, with a variety of time-tested maxims. As in the first edition, Chapter 2 discusses most of the important protocols, from a security point of view. We moved material about higher-layer protocols to Chapter 3. The Web merits a chapter of its own.

The next part discusses the threats we are dealing with: the kinds of attacks in Chapter 5, and some of the tools and techniques used to attack hosts and networks in Chapter 6. Part III covers some of the tools and techniques we can use to make our networking world safer. We cover authentication tools in Chapter 7, and safer network servicing software in Chapter 8.

Part IV covers firewalls and virtual private networks (VPNs). Chapter 9 introduces various types of firewalls and filtering techniques, and Chapter 10 summarizes some reasonable policies for filtering some of the more essential services discussed in Chapter 2. If you don’t find advice about filtering a service you like, we probably think it is too dangerous (refer to Chapter 2).

Chapter 11 covers a lot of the deep details of firewalls, including their configuration, administration, and design. It is certainly not a complete discussion of the subject, but should give readers a good start. VPN tunnels, including holes through firewalls, are covered in some detail in Chapter 12. There is more detail in Chapter 18.

In Part V, we apply these tools and lessons to organizations. Chapter 13 examines the problems and practices on modern intranets. See Chapter 15 for information about deploying a hacking-resistant host, which is useful in any part of an intranet. Though we don’t especially like intrusion detection systems (IDSs) very much, they do play a role in security, and are discussed in Chapter 15.

The last part offers a couple of stories and some further details. The Berferd chapter is largely unchanged, and we have added “The Taking of Clark,” a real-life story about a minor break-in that taught useful lessons.

Chapter 18 discusses secure communications over insecure networks, in quite some detail. For even further detail, Appendix A has a short introduction to cryptography.

The conclusion offers some predictions by the authors, with justifications. If the predictions are wrong, perhaps the justifications will be instructive. (We don’t have a great track record as prophets.) Appendix B provides a number of resources for keeping up in this rapidly changing field.Errata and UpdatesEveryone and every thing seems to have a Web site these days; this book is no exception. Our “official” Web site is http://www.wilyhacker.com. We’ll post an errata list there; we’ll also keep an up-to-date list of other useful Web resources. If you find any errors—we hope there aren’t many—please let us know via e-mail at firewall-book@wilyhacker.com.AcknowledgmentsFor many kindnesses, we’d like to thank Joe Bigler, Steve “Hollywood” Branigan, Hal Burch, Brian Clapper, David Crocker, Tom Dow, Phil Edwards and the Internet Public Library, Anja Feldmann, Karen Gettman, Brian Kernighan, David Korman, Tom Limoncelli, Norma Loquendi, Cat Okita, Robert Oliver, Vern Paxson, Marcus Ranum, Eric Rescorla, Guido van Rooij, Luann Rouff (a most excellent copy editor), Abba Rubin, Peter Salus, Glenn Sieb, Karl Siil (we’ll always have Boston), Irina Strizhevskaya, Rob Thomas, Win Treese, Dan Wallach, Avishai Wool, Karen Yannetta, and Michal Zalewski, among many others.

BILL CHESWICK
ches@cheswick.com

STEVE BELLOVIN
smb@stevebellovin.com

AVI RUBIN
avi@rubin.net

Read More Show Less

Table of Contents

Preface to the Second Edition.

Preface to the First Edition.

I. GETTING STARTED.

1. Introduction.

Security Truisms.

Picking a Security Policy.

Host-Based Security.

Perimeter Security.

Strategies for a Secure Network.

The Ethics of Computer Security.

WARNING.

2. A Security Review of Protocols: Lower Layers.

Basic Protocols.

Managing Addresses and Names.

IP Version 6.

Network Address Translators.

Wireless Security.

3. Security Review: The Upper Layers.

Messaging.

Internet Telephony.

RPC-Based Protocols.

File Transfer Protocols.

Remote Login.

Simple Network Management Protocol-SNMP.

The Network Time Protocol.

Information Services.

Proprietary protocols.

Peer-to-Peer Networking.

The X11 Window System.

The Small Services.

4. The Web: Threat or Menace?

The Web Protocols.

Risks to the Clients.

Risks to the Server.

Web Servers vs. Firewalls.

The Web and Databases.

Parting Thoughts.

II. THE THREATS.

5. Classes of Attacks.

Stealing Passwords.

Social Engineering.

Bugs and Backdoors.

Authentication Failures.

Protocol Failures.

Information Leakage.

Exponential Attacks-Viruses and Worms.

Denial-of-Service Attacks.

Botnets.

Active Attacks.

6. The Hacker's Workbench, and Other Munitions.

Introduction.

Hacking Goals.

Scanning a Network.

Breaking into the Host.

The Battle for the Host.

Covering Tracks.

Metastasis.

Hacking Tools.

Tiger Teams.

III. SAFER TOOLS AND SERVICES.

7. Authentication.

Remembering Passwords.

Time-Based One-Time Passwords.

Challenge/Response One-Time Passwords.

Lamport's One-Time Password Algorithm.

Smart Cards.

Biometrics.

RADIUS.

SASL: An Authentication Framework.

Host-to-Host Authentication.

PKI.

8. Using Some Tools and Services.

Inetd-Network Services.

Ssh-Terminal and File Access.

Syslog.

Network Administration Tools.

Chroot-Caging Suspect Software.

Jailing the Apache Web Server.

Aftpd-A Simple Anonymous FTP Daemon.

Mail Transfer Agents.

POP3 and IMAP.

Samba: An SMB Implementation.

Taming Named.

Adding SSL Support with sslwrap.

IV. FIREWALLS AND VPNS.

9. Kinds of Firewalls.

Packet Filters.

Application-Level Filtering.

Circuit-Level Gateways.

Dynamic Packet Filters.

Distributed Firewalls.

What Firewalls Cannot Do.

10. Filtering Services.

Reasonable Services to Filter.

Digging for Worms.

Services We Don't Like.

Other Services.

Something New.

11. Firewall Engineering.

Rulesets.

Proxies.

Building a Firewall from Scratch.

Firewall Problems.

Testing Firewalls.

12. Tunneling and VPNs.

Tunnels.

Virtual Private Networks (VPNs).

Software vs. Hardware.

V. PROTECTING AN ORGANIZATION.

13. Network Layout.

Intranet Explorations.

Intranet Routing Tricks.

In Host We Trust.

Belt and Suspenders.

Placement Classes.

14. Safe Hosts in a Hostile Environment.

What Do We Mean by “Secure”?

Properties of Secure Hosts.

Hardware Configuration.

Field Stripping a Host.

Loading New Software.

Administering a Secure Host.

Skinny-Dipping: Life Without a Firewall.

15. Intrusion Detection.

Where to Monitor.

Types of IDS.

Administering an IDS.

IDS Tools.

VI. LESSONS LEARNED.

16. Une Soirie avec Berferd.

Introduction.

Unfriendly Acts.

An Evening with Berferd.

The Day After.

The Jail.

Tracing Berferd.

Berferd Comes Home.

17. The Taking of Clark.

Prelude.

Clark.

Crude Forensics.

Examining Clark.

The Password File.

How Did They Get In?

Better Forensics.

Lessons Learned.

18. Secure Communications over Insecure Networks.

An Introduction to Cryptography.

The Kerberos Authentication System.

Link-Level Encryption.

Network-Level Encryption.

Application-Level Encryption.

19. Where Do We Go from Here?

IPv6.

DNSsec.

Internet Ubiquity.

Internet Security.

Conclusion.

A. An Introduction to Cryptography.

Introduction.

B. Keeping up.

Bibliography.

List of Bombs.

List of Acronyms.

Index. 020163466XT01082003

Read More Show Less

Preface

But after a time, as Frodo did not show any sign of writing a book on the spot, the hobbits returned to their questions about doings in the Shire.

Lord of the Rings
—J.R.R. TOLKIEN

The first printing of the First Edition appeared at the Las Vegas Interop in May, 1994. At that same show appeared the first of many commercial firewall products. In many ways, the field has matured since then: You can buy a decent firewall off the shelf from many vendors.

The problem of deploying that firewall in a secure and useful manner remains. We have studied many Internet access arrangements in which the only secure component was the firewall itself—it was easily bypassed by attackers going after the “protected” inside machines. Before the trivestiture of AT&T/Lucent/NCR, there were over 300,000 hosts behind at least six firewalls, plus special access arrangements with some 200 business partners.

Our first edition did not discuss the massive sniffing attacks discovered in the spring of 1994. Sniffers had been running on important Internet Service Provider (ISP) machines for months—machines that had access to a major percentage of the ISP’s packet flow. By some estimates, these sniffers captured over a million host name/user name/password sets from passing telnet, ftp, and rlogin sessions. There were also reports of increased hacker activity on military sites. It’s obvious what must have happened: If you are a hacker with a million passwords in your pocket, you are going to look for the most interesting targets, and .mil certainly qualifies.

Since the First Edition, we have been slowly losing the Internet arms race. The hackers have developed and deployed tools for attacks we had been anticipating for years. IP spoofing Shimomura, 1996 and TCP hijacking are now quite common, according to the Computer Emergency Response Team (CERT). ISPs report that attacks on the Internet’s infrastructure are increasing.

There was one attack we chose not to include in the First Edition: the SYN-flooding denial-of- service attack that seemed to be unstoppable. Of course, the Bad Guys learned about the attack anyway, making us regret that we had deleted that paragraph in the first place. We still believe that it is better to disseminate this information, informing saints and sinners at the same time. The saints need all the help they can get, and the sinners have their own channels of communication.

Crystal Ball or Bowling Ball?

The first edition made a number of predictions, explicitly or implicitly. Was our foresight accurate?

Our biggest failure was neglecting to foresee how successful the Internet would become. We barely mentioned the Web and declined a suggestion to use some weird syntax when listing software resources. The syntax, of course, was the URL...

Concomitant with the growth of the Web, the patterns of Internet connectivity vastly increased. We assumed that a company would have only a few external connections—few enough that they’d be easy to keep track of, and to firewall. Today’s spaghetti topology was a surprise.

We didn’t realize that PCs would become Internet clients as soon as they did. We did, however, warn that as personal machines became more capable, they’d become more vulnerable. Experience has proved us very correct on that point.

We did anticipate high-speed home connections, though we spoke of ISDN, rather than cable modems or DSL. (We had high-speed connectivity even then, though it was slow by today’s standards.) We also warned of issues posed by home LANs, and we warned about the problems caused by roaming laptops.

We were overly optimistic about the deployment of IPv6 (which was called IPng back then, as the choice hadn’t been finalized). It still hasn’t been deployed, and its future is still somewhat uncertain.

We were correct, though, about the most fundamental point we made: Buggy host software is a major security issue. In fact, we called it the “fundamental theorem of firewalls”:

Most hosts cannot meet our requirements: they run too many programs that are too large. Therefore, the only solution is to isolate them behind a firewall if you wish to run any programs at all.

If anything, we were too conservative.

Our Approach

This book is nearly a complete rewrite of the first edition. The approach is different, and so are many of the technical details. Most people don’t build their own firewalls anymore. There are far more Internet users, and the economic stakes are higher. The Internet is a factor in warfare.

The field of study is also much larger—there is too much to cover in a single book. One reviewer suggested that Chapters 2 and 3 could be a six-volume set. (They were originally one mammoth chapter.) Our goal, as always, is to teach an approach to security. We took far too long to write this edition, but one of the reasons why the first edition survived as long as it did was that we concentrated on the concepts, rather than details specific to a particular product at a particular time. The right frame of mind goes a long way toward understanding security issues and making reasonable security decisions. We’ve tried to include anecdotes, stories, and comments to make our points.

Some complain that our approach is too academic, or too UNIX-centric, that we are too idealistic, and don’t describe many of the most common computing tools. We are trying to teach attitudes here more than specific bits and bytes. Most people have hideously poor computing habits and network hygiene. We try to use a safer world ourselves, and are trying to convey how we think it should be.

The chapter outline follows, but we want to emphasize the following:

It is OK to skip the hard parts.

If we dive into detail that is not useful to you, feel free to move on.

The introduction covers the overall philosophy of security, with a variety of time-tested maxims. As in the first edition, Chapter 2 discusses most of the important protocols, from a security point of view. We moved material about higher-layer protocols to Chapter 3. The Web merits a chapter of its own.

The next part discusses the threats we are dealing with: the kinds of attacks in Chapter 5, and some of the tools and techniques used to attack hosts and networks in Chapter 6. Part III covers some of the tools and techniques we can use to make our networking world safer. We cover authentication tools in Chapter 7, and safer network servicing software in Chapter 8.

Part IV covers firewalls and virtual private networks (VPNs). Chapter 9 introduces various types of firewalls and filtering techniques, and Chapter 10 summarizes some reasonable policies for filtering some of the more essential services discussed in Chapter 2. If you don’t find advice about filtering a service you like, we probably think it is too dangerous (refer to Chapter 2).

Chapter 11 covers a lot of the deep details of firewalls, including their configuration, administration, and design. It is certainly not a complete discussion of the subject, but should give readers a good start. VPN tunnels, including holes through firewalls, are covered in some detail in Chapter 12. There is more detail in Chapter 18.

In Part V, we apply these tools and lessons to organizations. Chapter 13 examines the problems and practices on modern intranets. See Chapter 15 for information about deploying a hacking-resistant host, which is useful in any part of an intranet. Though we don’t especially like intrusion detection systems (IDSs) very much, they do play a role in security, and are discussed in Chapter 15.

The last part offers a couple of stories and some further details. The Berferd chapter is largely unchanged, and we have added “The Taking of Clark,” a real-life story about a minor break-in that taught useful lessons.

Chapter 18 discusses secure communications over insecure networks, in quite some detail. For even further detail, Appendix A has a short introduction to cryptography.

The conclusion offers some predictions by the authors, with justifications. If the predictions are wrong, perhaps the justifications will be instructive. (We don’t have a great track record as prophets.) Appendix B provides a number of resources for keeping up in this rapidly changing field.

Errata and Updates

Everyone and every thing seems to have a Web site these days; this book is no exception. Our “official” Web site is http://www.wilyhacker.com. We’ll post an errata list there; we’ll also keep an up-to-date list of other useful Web resources. If you find any errors—we hope there aren’t many—please let us know via e-mail at firewall-book@wilyhacker.com.

Acknowledgments

For many kindnesses, we’d like to thank Joe Bigler, Steve “Hollywood” Branigan, Hal Burch, Brian Clapper, David Crocker, Tom Dow, Phil Edwards and the Internet Public Library, Anja Feldmann, Karen Gettman, Brian Kernighan, David Korman, Tom Limoncelli, Norma Loquendi, Cat Okita, Robert Oliver, Vern Paxson, Marcus Ranum, Eric Rescorla, Guido van Rooij, Luann Rouff (a most excellent copy editor), Abba Rubin, Peter Salus, Glenn Sieb, Karl Siil (we’ll always have Boston), Irina Strizhevskaya, Rob Thomas, Win Treese, Dan Wallach, Avishai Wool, Karen Yannetta, and Michal Zalewski, among many others.

BILL CHESWICK
ches@cheswick.com

STEVE BELLOVIN
smb@stevebellovin.com

AVI RUBIN
avi@rubin.net

020163466XP01302003

Read More Show Less

Introduction

But after a time, as Frodo did not show any sign of writing a book on the spot, the
hobbits returned to their questions about doings in the Shire.

Lord of the Rings
--J.R.R. TOLKIEN

The first printing of the First Edition appeared at the Las Vegas Interop in May, 1994. At that same show appeared the first of many commercial firewall products. In many ways, the field has matured since then: You can buy a decent firewall off the shelf from many vendors.

The problem of deploying that firewall in a secure and useful manner remains. We have studied many Internet access arrangements in which the only secure component was the firewall itself--it was easily bypassed by attackers going after the "protected" inside machines. Before the trivestiture of AT&T/Lucent/NCR, there were over 300,000 hosts behind at least six firewalls, plus special access arrangements with some 200 business partners.

Our first edition did not discuss the massive sniffing attacks discovered in the spring of 1994. Sniffers had been running on important Internet Service Provider (ISP) machines for months--machines that had access to a major percentage of the ISP's packet flow. By some estimates, these sniffers captured over a million host name/user name/password sets from passing telnet, ftp, and rlogin sessions. There were also reports of increased hacker activity on military sites. It's obvious what must have happened: If you are a hacker with a million passwords in your pocket, you are going to look for the most interesting targets, and .mil certainly qualifies.

Since the First Edition, we have been slowly losing the Internet armsrace. The hackers have developed and deployed tools for attacks we had been anticipating for years. IP spoofing Shimomura, 1996 and TCP hijacking are now quite common, according to the Computer Emergency Response Team (CERT). ISPs report that attacks on the Internet's infrastructure are increasing.

There was one attack we chose not to include in the First Edition: the SYN-flooding denial-of- service attack that seemed to be unstoppable. Of course, the Bad Guys learned about the attack anyway, making us regret that we had deleted that paragraph in the first place. We still believe that it is better to disseminate this information, informing saints and sinners at the same time. The saints need all the help they can get, and the sinners have their own channels of communication.

Crystal Ball or Bowling Ball?

The first edition made a number of predictions, explicitly or implicitly. Was our foresight accurate?

Our biggest failure was neglecting to foresee how successful the Internet would become. We barely mentioned the Web and declined a suggestion to use some weird syntax when listing software resources. The syntax, of course, was the URL...

Concomitant with the growth of the Web, the patterns of Internet connectivity vastly increased. We assumed that a company would have only a few external connections--few enough that they'd be easy to keep track of, and to firewall. Today's spaghetti topology was a surprise.

We didn't realize that PCs would become Internet clients as soon as they did. We did, however, warn that as personal machines became more capable, they'd become more vulnerable. Experience has proved us very correct on that point.

We did anticipate high-speed home connections, though we spoke of ISDN, rather than cable modems or DSL. (We had high-speed connectivity even then, though it was slow by today's standards.) We also warned of issues posed by home LANs, and we warned about the problems caused by roaming laptops.

We were overly optimistic about the deployment of IPv6 (which was called IPng back then, as the choice hadn't been finalized). It still hasn't been deployed, and its future is still somewhat uncertain.

We were correct, though, about the most fundamental point we made: Buggy host software is a major security issue. In fact, we called it the "fundamental theorem of firewalls":

Most hosts cannot meet our requirements: they run too many programs that are too large. Therefore, the only solution is to isolate them behind a firewall if you wish to run any programs at all.

If anything, we were too conservative.

Our Approach

This book is nearly a complete rewrite of the first edition. The approach is different, and so are many of the technical details. Most people don't build their own firewalls anymore. There are far more Internet users, and the economic stakes are higher. The Internet is a factor in warfare.

The field of study is also much larger--there is too much to cover in a single book. One reviewer suggested that Chapters 2 and 3 could be a six-volume set. (They were originally one mammoth chapter.) Our goal, as always, is to teach an approach to security. We took far too long to write this edition, but one of the reasons why the first edition survived as long as it did was that we concentrated on the concepts, rather than details specific to a particular product at a particular time. The right frame of mind goes a long way toward understanding security issues and making reasonable security decisions. We've tried to include anecdotes, stories, and comments to make our points.

Some complain that our approach is too academic, or too UNIX-centric, that we are too idealistic, and don't describe many of the most common computing tools. We are trying to teach attitudes here more than specific bits and bytes. Most people have hideously poor computing habits and network hygiene. We try to use a safer world ourselves, and are trying to convey how we think it should be.

The chapter outline follows, but we want to emphasize the following:

     It is OK to skip the hard parts.

If we dive into detail that is not useful to you, feel free to move on.

The introduction covers the overall philosophy of security, with a variety of time-tested maxims. As in the first edition, Chapter 2 discusses most of the important protocols, from a security point of view. We moved material about higher-layer protocols to Chapter 3. The Web merits a chapter of its own.

The next part discusses the threats we are dealing with: the kinds of attacks in Chapter 5, and some of the tools and techniques used to attack hosts and networks in Chapter 6. Part III covers some of the tools and techniques we can use to make our networking world safer. We cover authentication tools in Chapter 7, and safer network servicing software in Chapter 8.

Part IV covers firewalls and virtual private networks (VPNs). Chapter 9 introduces various types of firewalls and filtering techniques, and Chapter 10 summarizes some reasonable policies for filtering some of the more essential services discussed in Chapter 2. If you don't find advice about filtering a service you like, we probably think it is too dangerous (refer to Chapter 2).

Chapter 11 covers a lot of the deep details of firewalls, including their configuration, administration, and design. It is certainly not a complete discussion of the subject, but should give readers a good start. VPN tunnels, including holes through firewalls, are covered in some detail in Chapter 12. There is more detail in Chapter 18.

In Part V, we apply these tools and lessons to organizations. Chapter 13 examines the problems and practices on modern intranets. See Chapter 15 for information about deploying a hacking-resistant host, which is useful in any part of an intranet. Though we don't especially like intrusion detection systems (IDSs) very much, they do play a role in security, and are discussed in Chapter 15.

The last part offers a couple of stories and some further details. The Berferd chapter is largely unchanged, and we have added "The Taking of Clark," a real-life story about a minor break-in that taught useful lessons.

Chapter 18 discusses secure communications over insecure networks, in quite some detail. For even further detail, Appendix A has a short introduction to cryptography.

The conclusion offers some predictions by the authors, with justifications. If the predictions are wrong, perhaps the justifications will be instructive. (We don't have a great track record as prophets.) Appendix B provides a number of resources for keeping up in this rapidly changing field.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)