Building Internet Firewalls Internet and Web Security

Name: Building Internet Firewalls Internet and Web Security
Availability: InStock
ISBN: 9781565928718

ISBN-10: 1565928717

ISBN-13: 9781565928718

Edition: 2nd 2000

Authors: Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman, Deborah Russell

List price: $59.99

This item qualifies for FREE shipping.

30 day, 100% satisfaction guarantee!

Buy used: $8.10

Buy new: $41.98

Marketplace

4 new & used from $6.35

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks--and the need to protect both business and personal data--have never been greater. We've updated "Building Internet Firewalls to address these newer risks. What kinds of security threats does the Internet pose? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. And others, like the distributed denial of service attacks that…

Book details

List price: $59.99
Edition: 2nd
Copyright year: 2000
Publisher: O'Reilly Media, Incorporated
Publication date: 7/18/2000
Binding: Paperback
Pages: 896
Size: 7.01" wide x 9.21" long x 1.93" tall
Weight: 2.794
Language: English



Preface



Network Security



Why Internet Firewalls?


What Are You Trying to Protect?


What Are You Trying to Protect Against?


Who Do You Trust?


How Can You Protect Your Site?


What Is an Internet Firewall?


Religious Arguments



Internet Services


Secure Services and Safe Services


The World Wide Web


Electronic Mail and News


File Transfer, File Sharing, and Printing


Remote Access


Real-Time Conferencing Services


Naming and Directory Services


Authentication and Auditing Services


Administrative Services


Databases


Games



Security Strategies


Least Privilege


Defense in Depth


Choke Point


Weakest Link


Fail-Safe Stance


Universal Participation


Diversity of Defense


Simplicity


Security Through Obscurity



Building Firewalls



Packets and Protocols


What Does a Packet Look Like?


IP


Protocols Above IP


Protocols Below IP


Application Layer Protocols


IP Version 6


Non-IP Protocols


Attacks Based on Low-Level Protocol Details



Firewall Technologies


Some Firewall Definitions


Packet Filtering


Proxy Services


Network Address Translation


Virtual Private Networks



Firewall Architectures


Single-Box Architectures


Screened Host Architectures


Screened Subnet Architectures


Architectures with Multiple Screened Subnets


Variations on Firewall Architectures


Terminal Servers and Modem Pools


Internal Firewalls



Firewall Design


Define Your Needs


Evaluate the Available Products


Put Everything Together



Packet Filtering


What Can You Do with Packet Filtering?


Configuring a Packet Filtering Router


What Does the Router Do with Packets?


Packet Filtering Tips and Tricks


Conventions for Packet Filtering Rules


Filtering by Address


Filtering by Service


Choosing a Packet Filtering Router


Packet Filtering Implementations for General-Purpose Computers


Where to Do Packet Filtering


What Rules Should You Use?


Putting It All Together



Proxy Systems


Why Proxying?


How Proxying Works


Proxy Server Terminology


Proxying Without a Proxy Server


Using SOCKS for Proxying


Using the TIS Internet Firewall Toolkit for Proxying


Using Microsoft Proxy Server


What If You Can't Proxy?



Bastion Hosts


General Principles


Special Kinds of Bastion Hosts


Choosing a Machine


Choosing a Physical Location


Locating Bastion Hosts on the Network


Selecting Services Provided by a Bastion Host


Disabling User Accounts on Bastion Hosts


Building a Bastion Host


Securing the Machine


Disabling Nonrequired Services


Operating the Bastion Host


Protecting the Machine and Backups



Unix and Linux Bastion Hosts


Which Version of Unix?


Securing Unix


Disabling Nonrequired Services


Installing and Modifying Services


Reconfiguring for Production


Running a Security Audit



Windows NT and Windows 2000 Bastion Hosts


Approaches to Building Windows NT Bastion Hosts


Which Version of Windows NT?


Securing Windows NT


Disabling Nonrequired Services


Installing and Modifying Services



Internet Services



Internet Services and Firewalls


Attacks Against Internet Services


Evaluating the Risks of a Service


Analyzing Other Protocols


What Makes a Good Firewalled Service?


Choosing Security-Critical Programs


Controlling Unsafe Configurations



Intermediary Protocols


Remote Procedure Call (RPC)


Distributed Component Object Model (DCOM)


NetBIOS over TCP/IP (NetBT)


Common Internet File System (CIFS) and Server Message Block (SMB)


Common Object Request Broker Architecture (CORBA) and Internet Inter-Orb Protocol (IIOP)


ToolTalk


Transport Layer Security (TLS) and Secure Socket Layer (SSL)


The Generic Security Services API (GSSAPI)


IPsec


Remote Access Service (RAS)


Point-to-Point Tunneling Protocol (PPTP)


Layer 2 Transport Protocol (L2TP)



The World Wide Web


HTTP Server Security


HTTP Client Security


HTTP


Mobile Code and Web-Related Languages


Cache Communication Protocols


Push Technologies


RealAudio and RealVideo


Gopher and WAIS



Electronic Mail and News


Electronic Mail


Simple Mail Transfer Protocol (SMTP)


Other Mail Transfer Protocols


Microsoft Exchange


Lotus Notes and Domino


Post Office Protocol (POP)


Internet Message Access Protocol (IMAP)


Microsoft Messaging API (MAPI)


Network News Transfer Protocol (NNTP)



File Transfer, File Sharing, and Printing


File Transfer Protocol (FTP)


Trivial File Transfer Protocol (TFTP)


Network File System (NFS)


File Sharing for Microsoft Networks


Summary of Recommendations for File Sharing


Printing Protocols


Related Protocols



Remote Access to Hosts


Terminal Access (Telnet)


Remote Command Execution


Remote Graphical Interfaces



Real-Time Conferencing Services


Internet Relay Chat (IRC)


ICQ


Talk


Multimedia Protocols


NetMeeting


Multicast and the Multicast Backbone (MBONE)



Naming and Directory Services


Domain Name System (DNS)


Network Information Service (NIS)


NetBIOS for TCP/IP Name Service and Windows Internet Name Service


The Windows Browser


Lightweight Directory Access Protocol (LDAP)


Active Directory


Information Lookup Services



Authentication and Auditing Services


What Is Authentication?


Passwords


Authentication Mechanisms


Modular Authentication for Unix


Kerberos


NTLM Domains


Remote Authentication Dial-in User Service (RADIUS)


TACACS and Friends


Auth and identd



Administrative Services


System Management Protocols


Routing Protocols


Protocols for Booting and Boot-Time Configuration


ICMP and Network Diagnostics


Network Time Protocol (NTP)


File Synchronization


Mostly Harmless Protocols



Databases and Games


Databases


Games



Two Sample Firewalls


Screened Subnet Architecture


Merged Routers and Bastion Host Using General-Purpose Hardware



Keeping Your Site Secure



Security Policies


Your Security Policy


Putting Together a Security Policy


Getting Strategic and Policy Decisions Made


What If You Can't Get a Security Policy?



Maintaining Firewalls


Housekeeping


Monitoring Your System


Keeping up to Date


How Long Does It Take?


When Should You Start Over?



Responding to Security Incidents


Responding to an Incident


What to Do After an Incident


Pursuing and Capturing the Intruder


Planning Your Response


Being Prepared



Appendixes



Resources



Tools



Cryptography


Index