Building Internet Firewalls,9781565928718

Building Internet Firewalls

by ; ;
Edition: 2nd
ISBN13: 9781565928718
ISBN10: 1565928717
Format: Paperback
Pub. Date: 2000-09-01
Publisher(s): Oreilly & Associates Inc
List Price: $59.99

Buy New

Usually Ships in 5-7 Business Days
$59.93
Add to Cart

Rent Textbook

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$57.59
*To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.
$57.59*
Add to Cart

Used Textbook

We're Sorry
Sold Out

Buy from our Marketplace starting at $5.50

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologi

Author Biography

Simon Cooper is a computer professional currently working in Silicon Valley. He has worked in different computer-related fields ranging from hardware through operating systems and device drivers to application software and systems support in both commercial and educational environments. He has an interest in the activities of the Internet Engineering Task Force (IETF) and USENIX, is a member of the British Computer Conservation Society, and is a founding member of the Computer Museum History Center. Simon has released a small number of his own open source programs and has contributed time and code to the XFree86 project. In his spare time, Simon likes to play ice hockey, solve puzzles of a mathematical nature, and tinker with Linux.

Table of Contents

Preface xiii
I. Network Security 1(72)
Why Internet Firewalls?
3(30)
What Are You Trying to Protect?
4(3)
What Are You Trying to Protect Against?
7(9)
Who Do You Trust?
16(1)
How Can You Protect Your Site?
17(4)
What Is an Internet Firewall?
21(7)
Religious Arguments
28(5)
Internet Services
33(26)
Secure Services and Safe Services
35(1)
The World Wide Web
35(5)
Electronic Mail and News
40(3)
File Transfer, File Sharing, and Printing
43(5)
Remote Access
48(3)
Real-Time Conferencing Services
51(1)
Naming and Directory Services
52(2)
Authentication and Auditing Services
54(1)
Administrative Services
55(3)
Databases
58(1)
Games
58(1)
Security Strategies
59(14)
Least Privilege
59(2)
Defense in Depth
61(1)
Choke Point
62(1)
Weakest Link
63(1)
Fail-Safe Stance
64(3)
Universal Participation
67(1)
Diversity of Defense
68(2)
Simplicity
70(1)
Security Through Obscurity
71(2)
II. Building Firewalls 73(242)
Packets and Protocols
75(27)
What Does a Packet Look Like?
75(4)
IP
79(6)
Protocols Above IP
85(8)
Protocols Below IP
93(1)
Application Layer Protocols
94(1)
IP Version 6
94(2)
Non-IP Protocols
96(1)
Attacks Based on Low-Level Protocol Details
97(5)
Firewall Technologies
102(20)
Some Firewall Definitions
102(2)
Packet Filtering
104(6)
Proxy Services
110(4)
Network Address Translation
114(5)
Virtual Private Networks
119(3)
Firewall Architectures
122(35)
Single-Box Architectures
122(4)
Screened Host Architectures
126(2)
Screened Subnet Architectures
128(5)
Architectures with Multiple Screened Subnets
133(4)
Variations on Firewall Architectures
137(11)
Terminal Servers and Modem Pools
148(1)
Internal Firewalls
149(8)
Firewall Design
157(8)
Define Your Needs
157(2)
Evaluate the Available Products
159(3)
Put Everything Together
162(3)
Packet Filtering
165(59)
What Can You Do with Packet Filtering?
166(5)
Configuring a Packet Filtering Router
171(2)
What Does the Router Do with Packets?
173(5)
Packet Filtering Tips and Tricks
178(2)
Conventions for Packet Filtering Rules
180(3)
Filtering by Address
183(2)
Filtering by Service
185(5)
Choosing a Packet Filtering Router
190(13)
Packet Filtering Implementations for General-Purpose Computers
203(11)
Where to Do Packet Filtering
214(2)
What Rules Should You Use?
216(1)
Putting It All Together
216(8)
Proxy Systems
224(17)
Why Proxying?
225(1)
How Proxying Works
226(5)
Proxy Server Terminology
231(1)
Proxying Without a Proxy Server
232(1)
Using Socks for Proxying
233(4)
Using the TIS Internet Firewall Toolkit for Proxying
237(1)
Using Microsoft Proxy Server
238(1)
What If You Can't Proxy?
239(2)
Bastion Hosts
241(32)
General Principles
242(1)
Special Kinds of Bastion Hosts
243(1)
Choosing a Machine
244(4)
Choosing a Physical Location
248(1)
Locating Bastion Hosts on the Network
249(1)
Selecting Services Provided by a Bastion Host
250(3)
Disabling User Accounts on Bastion Hosts
253(2)
Building a Bastion Host
255(1)
Securing the Machine
256(3)
Disabling Nonrequired Services
259(10)
Operating the Bastion Host
269(1)
Protecting the Machine and Backups
270(3)
Unix and Linux Bastion Hosts
273(24)
Which Version of Unix?
273(2)
Securing Unix
275(3)
Disabling Nonrequired Services
278(10)
Installing and Modifying Services
288(3)
Reconfiguring for Production
291(4)
Running a Security Audit
295(2)
Windows NT and Windows 2000 Bastion Hosts
297(18)
Approaches to Building Windows NT Bastion Hosts
297(1)
Which Version of Windows NT?
298(1)
Securing Windows NT
299(2)
Disabling Nonrequired Services
301(12)
Installing and Modifying Services
313(2)
III. Internet Services 315(406)
Internet Services and Firewalls
317(32)
Attacks Against Internet Services
319(8)
Evaluating the Risks of a Service
327(7)
Analyzing Other Protocols
334(2)
What Makes a Good Firewalled Service?
336(3)
Choosing Security-Critical Programs
339(8)
Controlling Unsafe Configurations
347(2)
Intermediary Protcols
349(35)
Remote Procedure Call (RPC)
349(9)
Distributed Component Object Model (DCOM)
358(1)
NetBIOS over TCP/IP (NetBT)
359(2)
Common Internet File System (CIFS) and Server Message Block (SMB)
361(4)
Common Object Request Broker Architecture (CORBA) and Internet Inter-Orb Protocol (IIOP)
365(2)
ToolTalk
367(1)
Transport Layer Security (TLS) and Secure Socket Layer (SSL)
368(5)
The Generic Security Services API (GSSAPI)
373(1)
IPsec
373(4)
Remote Access Service (RAS)
377(1)
Point-to-Point Tunneling Protocol (PPTP)
378(3)
Layer 2 Transport Protocol (L2TP)
381(3)
The World Wide Web
384(39)
HTTP Server Security
385(5)
HTTP Client Security
390(7)
HTTP
397(9)
Mobile Code and Web-Related Languages
406(6)
Cache Communication Protocols
412(3)
Push Technologies
415(2)
RealAudio and RealVideo
417(2)
Gopher and WAIS
419(4)
Electronic Mail and News
423(31)
Electronic Mail
423(7)
Simple Mail Transfer Protocol (SMTP)
430(11)
Other Mail Transfer Protocols
441(1)
Microsoft Exchange
442(1)
Lotus Notes and Domino
443(2)
Post Office Protocol (POP)
445(3)
Internet Message Access Protocol (IMAP)
448(2)
Microsoft Messaging API (MAPI)
450(1)
Network News Transfer Protocol (NNTP)
450(4)
File Transfer, File Sharing, and Printing
454(34)
File Transfer Protocol (FTP)
455(13)
Trivial File Transfer Protocol (TFTP)
468(2)
Network File System (NFS)
470(9)
File Sharing for Microsoft Networks
479(3)
Summary of Recommendations for File Sharing
482(1)
Printing Protocols
483(4)
Related Protocols
487(1)
Remote Access to Hosts
488(32)
Terminal Access (Telnet)
488(3)
Remote Command Execution
491(16)
Remote Graphical Interfaces
507(13)
Real-Time Conferencing Services
520(19)
Internet Relay Chat (IRC)
520(3)
ICQ
523(2)
talk
525(3)
Multimedia Protocols
528(5)
NetMeeting
533(2)
Multicast and the Multicast Backbone (MBONE)
535(4)
Naming and Directory Services
539(52)
Domain Name System (DNS)
539(24)
Network Information Service (NIS)
563(2)
NetBIOS for TCP/IP Name Service and Windows Internet Name Service
565(11)
The Windows Browser
576(7)
Lightweight Directory Access Protocol (LDAP)
583(2)
Active Directory
585(1)
Information Lookup Services
586(5)
Authentication and Auditing Services
591(39)
What Is Authentication?
592(4)
Passwords
596(4)
Authentication Mechanisms
600(4)
Modular Authentication for Unix
604(5)
Kerberos
609(6)
NTLM Domains
615(7)
Remote Authentication Dial-in User Service (Radius)
622(3)
TACACS and Friends
625(2)
Auth and identd
627(3)
Administrative Services
630(34)
System Management Protocols
630(7)
Routing Protocols
637(7)
Protocols for Booting and Boot-Time Configuration
644(3)
ICMP and Network Diagnostics
647(7)
Network Time Protocol (NTP)
654(4)
File Synchronization
658(3)
Mostly Harmless Protocols
661(3)
Databases and Games
664(17)
Databases
664(14)
Games
678(3)
Two Sample Firewalls
681(40)
Screened Subnet Architecture
681(23)
Merged Routers and Bastion Host Using General-Purpose Hardware
704(17)
IV. Keeping Your Site Secure 721(74)
Security Policies
723(19)
Your Security Policy
724(7)
Putting Together a Security Policy
731(3)
Getting Strategic and Policy Decisions Made
734(7)
What If You Can't Get a Security Policy?
741(1)
Maintaining Firewalls
742(22)
Housekeeping
742(4)
Monitoring Your System
746(12)
Keeping up to Date
758(4)
How Long Does It Take?
762(1)
When Should You Start Over?
762(2)
Responding to Security Incidents
764(31)
Responding to an Incident
764(10)
What to Do After an Incident
774(1)
Pursuing and Capturing the Intruder
775(3)
Planning Your Response
778(9)
Being Prepared
787(8)
V. Appendixes 795(54)
A. Resources
797(16)
B. Tools
813(10)
C. Cryptography
823(26)
Index 849

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.