Title:
Practical firewalls
Personal Author:
Publication Information:
Indianapolis : QUE, 2000
ISBN:
9780789724168
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010053525 | QA76.9.A25 O35 2000 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
A firewall's purpose is to keep hackers out of networks. This book is aimed at network adminstrators charged with building and maintaining a firewall.
Author Notes
Terry Ogletree is a consultant. He has worked with computers since 1980. Terry has worked with UNIX and TCP/IP since 1985 and has been involved with Windows NT since it first appeared. He is the lead author for Upgrading and Repairing Networks, 2nd Edition (Que), and has contributed chapters to Special Edition Using UNIX, Third Edition (Que) and Windows NT Server Unleashed (SAMS).
Table of Contents
Introduction | p. 1 |
I Understanding Firewalls and Internet Security | p. 7 |
1 Firewall Basics | p. 9 |
Why You Need a Firewall | p. 10 |
What Is a Firewall? | p. 10 |
It's a Jungle Out There! | p. 12 |
Use Your Site's Security Policy to Design the Firewall | p. 12 |
New Security Threats to Consider | p. 13 |
Decide Which Services You Will Provide for Your Users | p. 14 |
Firewall Policy | p. 16 |
Firewall Technologies | p. 16 |
The First Firewalls: Packet Filtering | p. 17 |
Using Application Gateways | p. 17 |
Other Firewall Components | p. 18 |
Hardware or Software Firewalls? Build or Buy? | p. 18 |
Operating System Concerns | p. 19 |
What a Firewall Can Do | p. 21 |
What a Firewall Cannot Protect You From | p. 21 |
Maintaining a Firewall | p. 23 |
Summary | p. 24 |
2 Introduction to the TCP/IP Protocol Suite | p. 25 |
The OSI Networking Model | p. 26 |
Physical Layer | p. 28 |
Data Link Layer | p. 28 |
Network Layer | p. 28 |
Transport Layer | p. 29 |
Session Layer | p. 29 |
Presentation Layer | p. 30 |
Application Layer | p. 30 |
How Does TCP/IP Fit into the OSI Model? | p. 30 |
TCP/IP Protocols | p. 31 |
The Internet Protocol (IP) | p. 31 |
The Transmission Control Protocol (TCP) | p. 32 |
Other Related Protocols | p. 33 |
IP Addressing | p. 36 |
IP Address Classes | p. 36 |
Class A Addresses | p. 38 |
Class B Addresses | p. 39 |
Class C Addresses | p. 39 |
Broadcast and Multicast Addresses | p. 40 |
What Are Subnets? | p. 41 |
Examining the Contents of an IP Datagram | p. 45 |
Important Packet Header Information | p. 47 |
What Are TCP and UDP Ports? | p. 49 |
Well-Known Ports | p. 49 |
Registered Ports | p. 50 |
Common TCP/IP Services | p. 50 |
Telnet | p. 50 |
The File Transfer Protocol (FTP) | p. 51 |
The Trivial File Transfer Protocol (TFTP) | p. 52 |
The Domain Name Service (DNS) | p. 52 |
Primary, Secondary, and Caching-Only Name Servers | p. 54 |
The Simple Mail Transport Protocol (SMTP) | p. 60 |
The r Utilities | p. 60 |
Other Network Services | p. 62 |
Summary | p. 62 |
3 Security and the Internet | p. 63 |
LANS and WANS | p. 64 |
Security in the Local Area Network | p. 64 |
User Authentication | p. 64 |
Resource Protections | p. 66 |
Physical Safeguards | p. 67 |
Security in Wide Area Networks | p. 67 |
Network Protocol Backdoors and Holes | p. 68 |
What Is Source Routing and Why Is It Not a Good Idea? | p. 69 |
Denial-of-Service Attacks | p. 69 |
SYN Flooding | p. 70 |
ICMP Redirects and Other ICMP Problems | p. 72 |
Ping of Death | p. 74 |
Distributed Denial-of-Service Attacks | p. 74 |
Packet Fragmentation | p. 76 |
Viruses and Trojan Horses | p. 78 |
Forged Email | p. 78 |
Break-Ins | p. 79 |
Password Theft | p. 80 |
Friendly Customer Service (Social Engineering) | p. 80 |
Backdoors | p. 81 |
Snooping: Monitoring Network Traffic | p. 81 |
IP Spoofing and Impersonation | p. 82 |
Summary | p. 83 |
4 Firewall Security Policy and Firewall Design Strategies | p. 85 |
The Design Comes Before the Firewall | p. 86 |
Your Company's Security Policy | p. 86 |
The Firewall Policy | p. 91 |
Firewall Strategies | p. 93 |
Using a Packet Filter | p. 94 |
Using an Application Proxy Gateway | p. 96 |
Combinations | p. 97 |
Using a Screened Subnet to Create a Demilitarized Zone (DMZ) | p. 101 |
Using Bastion Hosts and Sacrificial Hosts | p. 104 |
Incident Reporting and Response | p. 105 |
Keeping Up-to-date on Security Advisories | p. 106 |
Summary | p. 107 |
5 Packet Filtering | p. 109 |
The First Line of Defense | p. 110 |
Where to Use Packet Filters | p. 110 |
Creating Packet Filtering Rules | p. 113 |
Dangerous Services | p. 115 |
IP Header Information That Can Be Used to Filter Packets | p. 116 |
TCP and UDP Header Information | p. 117 |
Ports and Sockets | p. 120 |
The SYN Bit | p. 123 |
The ACK Bit | p. 123 |
ICMP Packets | p. 124 |
Stateless Operation Versus Stateful Inspection | p. 125 |
Hardware and Software Packet Filters | p. 126 |
Using a Router to Restrict Access | p. 126 |
Using a Dual-Homed Host to Restrict Access | p. 127 |
Advantages and Disadvantages of Packet Filters | p. 128 |
Summary | p. 129 |
6 Using a Bastion Host | p. 131 |
Configuring a Bastion Host | p. 132 |
Installing a Secure Operating System from Scratch | p. 133 |
Eliminating Unnecessary Services and Applications | p. 134 |
UNIX | p. 135 |
Other UNIX Network Files to Review | p. 138 |
Windows NT | p. 139 |
Removing Unnecessary Applications and Files | p. 141 |
Resource Protections and Access Control | p. 142 |
UNIX Resource Permissions | p. 142 |
Windows NT | p. 147 |
Configuring Auditing and Logging | p. 152 |
Running Proxy Software on the Bastion Host | p. 153 |
When the Bastion Host Is Compromised | p. 154 |
Summary | p. 155 |
7 Application Gateways and Proxy Servers | p. 157 |
Disable Routing on the Proxy Server | p. 160 |
Advantages and Disadvantages of Proxy Servers | p. 161 |
Classical and Transparent Proxies | p. 162 |
Classical Proxies | p. 162 |
Transparent Proxies | p. 163 |
Classical Proxies Can Hide DNS Information About Your Network | p. 165 |
Creating a Custom Proxy Application | p. 166 |
Network Address Translators (NATs) | p. 166 |
Basic NAT | p. 167 |
Network Address Port Translation (NAPT) | p. 168 |
Using NAT to Hide Information About the LAN | p. 169 |
Using NAT to Increase the LAN Address Space | p. 170 |
What Is Address Vectoring? | p. 170 |
Content Screening and Blocking | p. 171 |
Logging and Alerting Facilities | p. 173 |
Client Considerations | p. 174 |
Summary | p. 175 |
8 Operating System Monitoring and Auditing Techniques | p. 177 |
What Is Auditing? | p. 178 |
Reviewing Those Log Files! | p. 178 |
The Front End of Auditing: Resource Protections | p. 181 |
UNIX | p. 181 |
Using the syslog Utility | p. 181 |
Miscellaneous UNIX Log Files | p. 185 |
Windows NT | p. 188 |
Setting Up Auditing Events | p. 189 |
Using the Event Viewer to Review Log Files | p. 193 |
Managing Event Log Files | p. 195 |
Application-Specific Log Files | p. 196 |
Other Considerations | p. 196 |
Summary | p. 196 |
II Encryption and Secure Communications on the Internet | p. 197 |
9 Encryption Technology | p. 199 |
Protecting Sensitive Information | p. 200 |
What Is Encryption? | p. 201 |
Single Key Encryption | p. 201 |
Public Key Encryption | p. 202 |
Hybrids | p. 203 |
Practical Applications for Cryptography on the Internet | p. 204 |
What Are Digital Signatures? | p. 204 |
Digital Certificates | p. 206 |
The Secure Sockets Layer (SSL) Protocol | p. 207 |
Is That Web Page Using Encryption? | p. 209 |
Summary | p. 210 |
10 Virtual Private Networks (VPNs) and Tunneling | p. 211 |
Secure Communications on the Internet | p. 212 |
What Is a Virtual Private Network (VPN)? | p. 212 |
What Can a VPN Do? | p. 214 |
Disadvantages of VPNs | p. 215 |
The IPSec Protocol Suite | p. 216 |
Internet Key Exchange (IKE) | p. 217 |
The Authentication Header (AH) | p. 219 |
Encapsulation Security Payload (ESP) | p. 221 |
AH and ESP | p. 221 |
The Point-to-Point Tunneling Protocol (PPTP) | p. 222 |
The PPTP Control Connection | p. 223 |
Data Transmission Using PPTP Tunnel | p. 224 |
Layer Two Tunneling Protocol (L2TP) | p. 225 |
Summary | p. 225 |
11 Using Pretty Good Privacy (PGP) for Encryption | p. 227 |
Securing Information Transfers on the Internet | p. 228 |
Installing PGP | p. 229 |
Installing PGP on UNIX Systems | p. 229 |
Installing PGP on Windows NT | p. 233 |
Summary | p. 238 |
III Firewall Installation and Configuration | p. 239 |
12 Firewall Tools Available on the Internet | p. 241 |
Using Freeware and Shareware Products | p. 242 |
TCP Wrappers | p. 242 |
The TIS Firewall Toolkit | p. 244 |
SOCKS | p. 246 |
SQUID | p. 247 |
Drawbridge | p. 248 |
SATAN | p. 250 |
Other Handy Security Software | p. 252 |
Summary | p. 252 |
13 Using TCP Wrappers | p. 253 |
Introduction to TCP Wrappers | p. 254 |
How TCP Wrappers Works | p. 255 |
Logging via syslogd | p. 255 |
Obtaining TCP Wrappers | p. 256 |
Configuring TCP Wrappers | p. 256 |
Configuring the inetd.conf File | p. 257 |
The hosts.allow and hosts.deny Files | p. 258 |
Limitations of TCP Wrappers | p. 261 |
Summary | p. 262 |
14 Using the TIS Firewall Toolkit (FWTK) | p. 263 |
Building a Firewall Using the Toolkit | p. 264 |
A Short History of the Toolkit | p. 264 |
Obtaining FWTK | p. 264 |
How Does Gauntlet Firewall Differ from FWTK? | p. 265 |
FWTK Components | p. 266 |
netacl | p. 267 |
The Configuration File: /usr/local/etc/netperm-table | p. 272 |
Configuring Proxy Services | p. 275 |
FTP: ftp-gw | p. 275 |
Remote Logins and Telnet: tn-gw and rlogin-gw | p. 279 |
SMTP: smap | p. 282 |
Configuring Other Services: plug-gw | p. 285 |
Other FWTK Components | p. 289 |
Installing the Toolkit on a Bastion Host | p. 289 |
Summary | p. 290 |
15 SOCKS | p. 291 |
SOCKS V4 and SOCKS V5 | p. 292 |
Version 4 | p. 292 |
Version 5 | p. 296 |
SOCKSified Applications | p. 298 |
SocksCap | p. 298 |
How to Get SOCKS | p. 299 |
SOCKS Support | p. 299 |
Summary | p. 300 |
16 SQUID | p. 301 |
What Is SQUID? | p. 302 |
Where to Get SQUID | p. 303 |
Installing and Configuring SQUID | p. 303 |
Choosing a SQUID Server | p. 303 |
Installing the Software | p. 304 |
Managing SQUID | p. 305 |
The squid.conf file | p. 305 |
The squid Command | p. 306 |
SQUID Log Files | p. 308 |
What Is the SQUID Cache Hierarchy? | p. 309 |
Configuring Clients to Use SQUID | p. 310 |
Summary | p. 311 |
17 Using ipfwadm and ipchains on Linux | p. 313 |
What Are ipfwadm and ipchains? | p. 314 |
Installing and Configuring ipfwadm | p. 315 |
Obtaining ipfwadm | p. 315 |
Installing ipfwadm | p. 316 |
Using ipfwadm Commands | p. 316 |
Place ipfwadm Rules in a Startup File | p. 321 |
Installing and Configuring ipchains | p. 321 |
Obtaining ipchains | p. 322 |
How ipchains Differs from ipfwadm | p. 322 |
Creating and Deleting Chains | p. 323 |
Summary | p. 331 |
18 Microsoft Proxy Server | p. 333 |
Overview of Microsoft Proxy Server | p. 334 |
Installing and Configuring Microsoft Proxy Server 2.0 | p. 335 |
Running Setup | p. 336 |
Using the Internet Service Manager | p. 340 |
Packet Filter Properties | p. 341 |
Web Proxy Service Properties | p. 343 |
Configuration Management on the | |
Service Property Page | p. 346 |
Managing Permissions For the Web Proxy Services | p. 346 |
Managing the Caching Properties of the Service | p. 347 |
Routing Within Proxy Arrays | p. 350 |
Using the Publishing Property | p. 350 |
Setting Real Time Alerts and Logging Options | p. 351 |
Client Software Configuration Issues | p. 353 |
Summary | p. 355 |
19 The Elron CammandView Firewall | p. 357 |
Overview | p. 358 |
Installing CommandView Firewall | p. 358 |
Running the Setup Program | p. 360 |
The Command View Firewall Manager Application | p. 364 |
File Menu and View Menu | p. 365 |
Firewall Menu Options | p. 367 |
Logs Menu Options | p. 368 |
Managing User Services | p. 368 |
Where to Go from Here | p. 369 |
Summary | p. 370 |
20 Firewall Appliances | p. 371 |
What Is a Firewall Appliance? | p. 372 |
Quick, Easy Installation | p. 373 |
Simple Management Interface | p. 373 |
Self-Contained Device | p. 374 |
Multiple Network Interfaces | p. 374 |
Default Security Policies | p. 375 |
Packet Filtering and Application Proxies | p. 376 |
Network Address Translation (NAT) | p. 376 |
Reporting and Alerting | p. 377 |
Virtual Private Networking (VPN) | p. 378 |
Pricing a Firewall Appliance | p. 378 |
Summary | p. 379 |
21 Firewalls and Beyond | p. 381 |
New Functionality | p. 382 |
Firewall Integration | p. 383 |
Firewall Testing | p. 384 |
Home Computers | p. 384 |
Virtual Private Network Clients | p. 385 |
IPv6: The Next Generation IP Protocol | p. 386 |
The IPv6 Header | p. 386 |
Extension Headers | p. 389 |
IPv6 Addressing | p. 391 |
The Transition to IPv6 | p. 391 |
Summary | p. 392 |
IV Appendixes | p. 393 |
A TCP and UDP Common Ports | p. 395 |
B Other Security Tools You Can Use | p. 445 |
C Additional Resources | p. 455 |