Building Internet Firewalls (2nd Edition) [Paperback]

Elizabeth D. Zwicky (Author), Simon Cooper (Author), D. Brent Chapman (Author)

Book Description

ISBN-10: 1565928717 | ISBN-13: 978-1565928718 | Publication Date: January 15, 2000 | Edition: Second Edition

In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks--and the need to protect both business and personal data--have never been greater. We've updated Building Internet Firewalls to address these newer risks.

What kinds of security threats does the Internet pose? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. And others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, are in current headlines.

Firewalls, critical components of today's computer networks, effectively protect a system from most Internet security threats. They keep damage on one part of the network--such as eavesdropping, a worm program, or file damage--from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down.

Like the bestselling and highly respected first edition, Building Internet Firewalls, 2nd Edition, is a practical and detailed step-by-step guide to designing and installing firewalls and configuring Internet services to work with a firewall. Much expanded to include Linux and Windows coverage, the second edition describes:

• Firewall technologies: packet filtering, proxying, network address translation, virtual private networks
• Architectures such as screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, internal firewalls
• Issues involved in a variety of new Internet services and protocols through a firewall
• Email and News
• Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo)
• File transfer and sharing services such as NFS, Samba
• Remote access services such as Telnet, the BSD "r" commands, SSH, BackOrifice 2000
• Real-time conferencing services such as ICQ and talk
• Naming and directory services (e.g., DNS, NetBT, the Windows Browser)
• Authentication and auditing services (e.g., PAM, Kerberos, RADIUS);
• Administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics)
• Intermediary protocols (e.g., RPC, SMB, CORBA, IIOP)
• Database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server)

The book's complete list of resources includes the location of many publicly available firewall construction tools.

Editorial Reviews

Amazon.com Review

In the vast and varied universe of computer books, only a few stand out as the best in their subject areas. Building Internet Firewalls is one of those. It's deep, yet carefully focused, so that almost anything you might want to know about firewall strategies for protecting networks is here. In addition, there's lots of information on the reasons that we build firewalls in the first place, which is to say the security risks that come with Internet connectivity. You'll learn a great deal about Internet services and the protocols that provide them as you follow this book's recommendations for stifling attacks.

If there's a shortcoming to this book, it's its lack of coverage of the turnkey firewall products that are becoming popular among home and small-office users. Emphasis here is on more complicated network defenses that require careful design and setup--both design and implementation are the order of the day here. The authors carefully enumerate the threats they see in various situations, go into some detail on how those threats manifest themselves, and explain what configuration changes you can make to your perimeter defenses to repulse those threats. Plenty of illustrations make points about good and bad security strategies (you want to put the routers here and here, not here or here). You'll learn a lot by reading this book from cover to cover, no matter how much experience you have. --David Wall

Topics covered: Means of protecting private networks from external security threats. The authors go into detail on attackers' means of exploiting security holes in common Internet services, and show how to plug those holes or at least limit the damage that can be done through them. With coverage of Unix, Linux, and Windows NT, the authors detail their philosophies of firewall design and general security policy.

From the Publisher

More than a million systems are now connected to the Internet, and something like 15 million people in 100 countries on all seven continents use Internet services. More than 100 million email messages are exchanged each day, along with countless files, documents, and audio and video images. Everyone is jumping on the Internet bandwagon. Once a haven for academicians and scientists, the Net is now reaching large and small businesses, government at all levels, school children, and senior citizens. The commercial world is rushing headlong into doing business on the Internet, barely pausing while technologies and policies catch up with their desire to go online. But, too few of the seekers after Internet wisdom and riches consider whether their businesses will be safe on the Net. What kinds of security risks are posed by the Internet? Some risks have been around since the early days of networking -- password attacks (guessing them or cracking them via password dictionaries and cracking programs), denial of service, and exploiting known security holes. Some risks are newer and even more dangerous -- packet sniffers, IP (Internet Protocol) forgery, and various types of hijacking attacks. Firewalls are a very effective way to protect your system from these Internet security threats. Firewalls in computer networks keep damage on one part of the network (e.g., eavesdropping, a worm program, file damage) from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down. What is a firewall? It's a hardware and/or software solution that restricts access from your internal network to the Internet -- and vice versa. A firewall may also be used to separate two or more parts of your local network (for example, protecting finance from R&D). The firewall is installed at the perimeter of the network, ordinarily where it connects to the Internet. You can think of a firewall as a checkpoint; all traffic, incoming and outgoing, is stopped at this point. Because it is, the firewall can make sure that it is acceptable. "Acceptable" means that whatever is passing through -- email, file transfers, remote logins, NFS mounts, etc. -- conforms to the security policy of the site. Building Internet Firewalls is a practical guide to building firewalls on the Internet. If your site is connected to the Internet, or if you're considering getting connected, you need this book. It describes a variety of firewall approaches and architectures and discusses how you can build packet filtering and proxying solutions at your site. It also contains a full discussion of how to configure Internet services (e.g., FTP, SMTP, Telnet) to work with a firewall. The book also includes a complete list of resources, including the location of many publicly available firewall construction tools. The book is divided into four parts: Part I discusses Internet threats, the benefits of firewalls, overall security strategies, and a summary of Internet services and their security risks. Part II describes possible firewall designs and general terms and concepts, how to protect the bastion host in your firewall configuration, how to build proxying and packet filtering firewalls, and how to configure Internet services to operate with a firewall. Part III describes how to maintain a firewall, develop a security policy, and respond to a security incident. Part IV contains appendices consisting of a resource summary, a directory of how to find firewall toolkits and other security-related tools, and a detailed summary providing TCP/IP background information. --This text refers to an out of print or unavailable edition of this title.

See all Editorial Reviews

Product Details

• Paperback: 869 pages
• Publisher: O'Reilly Media; Second Edition edition (January 15, 2000)
• Language: English
• ISBN-10: 1565928717
• ISBN-13: 978-1565928718
• Product Dimensions: 9.1 x 7.1 x 1.7 inches
• Shipping Weight: 3.1 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (39 customer reviews)
• Amazon Best Sellers Rank: #204,176 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

47 of 49 people found the following review helpful:

5.0 out of 5 stars good book even for absolute beginner, July 6, 2000

By 

bookmark (usa) - See all my reviews

This review is from: Building Internet Firewalls (2nd Edition) (Paperback)

I have acquired a lot of web development tools e.g. ASP, JSP, javascript and so on, but I know nothing on how internet actually connects or how to secure a web page. Firewall has always come to my mind when i think about internet security, but I have no idea what it exactly is. Then, I find "Building Internet Firewalls" in a local bookstore one day.

O'Reilly books always gives me bad impression that they are hard to understand and won't teach you from the basics. However, this book changes my mind totally.

This book doesn't assume you have any experience on system Administration or knowledge on internet security. It starts out by explaining what firewall is. Then, it presents firewall technologies, architectures and design. After all the basics, it connects the concepts of firewall to Internet and how to configure it on UNIX and Window NT. In the last few chapters, it teaches how to maintain a firewall.

I can't tell whether this book is good for system administration or someone already has some knowledge on firewall before. but for me, as an absolute beginner, it makes me understands firewall and I am confident that I can make my own firewall.

28 of 28 people found the following review helpful:

5.0 out of 5 stars Informative Reference, August 23, 2000

By 

Todd Hawley (San Francisco CA) - See all my reviews
(REAL NAME)   

This review is from: Building Internet Firewalls (2nd Edition) (Paperback)

This second edition goes into great detail on how to build and maintain a firewall. It briefly discusses the attacks earlier this year on various well-known web sites and notes that one effective way of (if not toally stopping) slowing down these types of attacks is by use of a firewall.

In the first section, it talks about the reasons for having a firewall and security strategies. The second section (Building Firewalls) consists of several chapters and describes topics like packet filtering, firewall architectures and design, proxy systems and bastion hosts. I gleaned a lot of good information from this section alone.

The next section contains chapters describeing how to protect against attackers invading any Internet services (World Wide Web, email & netnews, FTP, IRC, DNS, games, etc). The last section describes methods to keep your network secure, such as settinp up security policies, how to maintain your firewall once it's up and running, and how to deal with a "break-in." There's also three appendices containing various information about firewall tools, mailing lists and newsgroups.

All in all, an excellent book on building and maintaining a firewall.

27 of 27 people found the following review helpful:

5.0 out of 5 stars True, this book is now classic, December 28, 1999

By 

horio shoichi <horio@pointer-software.com... (Chiba, Japan) - See all my reviews

This review is from: Building Internet Firewalls (Paperback)

Since there was no such thing as CIDR when it was written, we now have a few reserves to directly apply the book's conclusions. Because private IPs were rather new then, the authors did not take advantage of their security aspects. It was written at the time passive mode ftp was rather rare. Because there was no IP masquerades nor NAT, authors' choices for outbound connections were limited to few proxies and impractical packet filtering. PC unix-likes, which are the major player in building firewalls nowadays, were infantile, it they existed. There were very few choices on packet filters, the most important firewall component. Dialup connections were yet negligible, so the book did not discuss personal securities when connected to internet.

In spite of all these and other changes, the book solidly laid out firewall network structures. We don't see any significant variations of them, as yet. Its in depth discussions on impacts of various tcp/udp/icmp protocols upon firewalls are now the criteria we use to judge safeties of newly proposed ones. Despite new security softwares, and new exploits I must add, arrive daily, the book has established true home ground we start from. On the other hand, I am certainly interested in what authors would say looking at changes we have encountered.