HostedDB - Dedicated UNIX Servers

Firewalls Complete - Beta Version
Backward Forward

Preface

The Internet is an all pervasive entity in today’s world of computing. To cope with the "wild" Internet, several security mechanisms were developed, among them access controls, authentication schemes and firewalls, as one of the most secure methods.

However, firewall means different things for different people. Consider the fable from India about the blind men and the elephant. Each blind man touched a different part of the elephant and came up with a totally different description. The blind man who touched the elephant’s legs described it as being similar to a tree. Another blind man touched the tail and decided an elephant was like a twig. Yet another grabbed the trunk and concluded an elephant was like a snake. To some computer professionals, even to some of those in charge of Internet security, firewalls are just "walls of fire" blocking hackers outside of it. To some others, it is only a form of authentication mechanism. Some other folks consider firewalls to be synonymous with routers. Obviously, a firewall is much more than any of these individually.

The problem is only compounded by the fact that for a lot of computer and security professionals, firewalls was touched upon only fleetingly in their academic career, worse, they bumped into it at the computer room. Also, a lot of the important parts and features of firewall are recent innovations, and thus were never covered in an academic career or most of the 1995-1996 firewall books at all, which further aggravates the problem as of right now there is no one single book these professionals can turn to. Their only resource is to peruse a wide array of literature including textbooks, web pages, computer magazines, white papers, etc.

This book, the Complete Firewall Handbook, aims to become your companion book, the one you will always want to carry with you, as it does claim to be complete! I can assure you, there may be some similar books on the market, but none is complete as this one, none provides a reference guide as this one. The other titles I know are either discussing a specific technology and strategy or a product.

Although you can compare this book to those, as it also covers the firewall technologies, strategies and all the main firewall products on the market, this one goes beyond the scope of the other ones. In addition, it provides a complete reference guide of the various protocols, including the upcoming ones (IPV6, for example) and how firewalling fits into it.

In fact, this book adds a next level to your expertise by discussing all the components that makes the Internet, and any other network for that matter, unsecured: it discuss and describes in details all the protocols, standards and APIs used on internetworking, as well as the security mechanisms, from cryptograph to firewalls. Later on the book there is a "reference" section with a complete review of the major firewall products available on the market to date, a selection of tools, applications and many firewall demos and evaluations, which were all bundled together on the CD the accompanies this book.

This book is aimed primarily to network administrators, including Web, systems, LAN and WAN Administrators. But it is also target to the new breed of professionals, the so called Internet Managers, as well as to anyone in need of a complete reference book in firewalls. As you read this book you will notice that what separates it from others is that this one is comprehensive, and gives the technical information necessary to understand, choose, install, maintain e foresee future needs involving firewalls and security at a very informal level. It has a conversational style with practical information, tips and cautions, to help the Internet, network and security administrator to cope, and "survive," their tasks and responsibilities.

As important as implementing firewalls at your site, it must be preceded of a security policy that takes in consideration services to be blocked and allowed. It should also consider implementation of authentication and encryption devices and the level of risks you are willing to undertake in order to be connected to the Internet. This book will discuss all of these topics and the issues it brings up when dealing with site security and administration. It will go over all the services, such as TELNET, FTP, Web, e-mail, news, etc.

How is this book organized

This book is organized in three parts:

Part I, "Introducing TCP/IP and the Need for Security: Firewalls" is a reference part covering all the rationale for having security at a site, the Internet threats, the security concepts and firewall fundaments.

Chapter 1, "Internetworking Protocols and Standards: An Overview," covers all the major used on the Internet. It discusses TCP/IP, ICMP, IGMP, routing, bridging, gateways, IPv6, BGP-4, BOOTP, NTP/SNTP, DHCP, WINS, DNS and more.

Chapter 2, "Basic Connectivity," discuss the protocols and standards that enables Internet connectivity such as TTYs, UUCP, SLIP, PPP, Rlogin, Telnet, RAS and more.

Chapter 3, "Cryptography: Is it Enough?," is a natural result of what is discussed on chapter 1 and 2 in light of the insecurity of these protocols and standards. It provides and introduction on one of the most efficient techniques to enhance security on the Internet: cryptography. It provides an introduction to the subject, as well as covering symmetric encryption techniques, such as DES, IDEA, CAST, Skipjack and RC2/RC4. It also discusses asymmetric key encryption and public key encryption schemes such as RSA, PKCS, DSS and much more.

Chapter 4, "Firewalling Challenges: The Basic Web," marks the beginning of the discussion of how the insecurity and weakness of the IP technologies discussed above and the many attempts to increase its security affects services provided on the Internet. This chapter concentrates specifically on issues related to the basic Web technologies, such as HTML, URL/URI, HTTP, CGI and more.

Chapter 5, "Firewalling Challenges: The Advanced Web," digs much further into the issues discussed on chapter 4, which directly affects the Web and its level of security. This chapter discuss the concepts and security of advanced technologies behind the Web, such as ISAPI, NSAPI, Servlets, plug-ins, ActiveX, JavaScript, Shockwave and more.

Chapter 6, "The APIs Security Holes and Its Firewall Interactions," discuss the influence of APIs on network environment connecting to the Internet and its effect due to lack of security. It covers sockets, Java APIs, Perl modules, W3C www-lib and more.

Part II, "Firewall Implementations and Limitations" is a more practical one covering all aspects involving firewall implementations considering the security limitations and advantages of plugging in security as discussed on part I in light of the multitude of protocols and standards. It discusses how to use the various types of firewall for the many different environments, and what to use where and how, etc.

Chapter 7, "What is an Internet/Intranet Firewall After All?" discusses the basic components and technology behind firewalls, extending the discussion to the advantages and disadvantages of using firewalls, security policy and types of firewalls.

Chapter 8, "How Vulnerable Are Internet Services?" lists all the major Internet services weaknesses and what can be done to minimize the risks it generates for users and corporations attached to the Internet. The chapter discusses how to protect and configure electronic mail, SMTP, POP, MIME, FTP, TFTP, FSP, UUCP, News, and much more.

Chapter 9, "Setting Up a Firewall Security Policy," peels another layer of this Internet security onion by discussing how to setup a firewall policy, what to look for and when enough security is really enough!

Chapter 10, "Putting It Together: Firewall design and Implementation," begins to put everything discussed so far into action. It discusses how to implement a firewall, from planning, chosen the right firewall according to your environment and needs, to implementing it.

Chapter 11, "Proxy Servers," is vital for the success of a firewall implementation discussed on the previous chapter. It brings security a step further by showing how proxy server can significantly enhance the level of security offered by a firewall. This chapter defines a proxy, shows how to implement it and introduces the concept of SOCKS and how to implement it with your proxy server.

Chapter 12, "Firewall Maintenance," adds naturally to the other two previous chapters. Once you setup your firewall and add a proxy server onto it you know will need to get ready for maintaining your firewall. This chapter will help you to keep your firewall in tune, monitor your systems and perform preventive and curative maintenance on your firewall.

Chapter 13, "Firewall Toolkits And Case Studies," complements this section of the book by providing you with supplementary information and study of cases on the subject.

Part III, "Firewall Resource Guide," expands the information contained on chapter 13 by providing an extensive resource guide on firewalls. It discusses the major firewall technologies and brands, their advantages and disadvantages, what to watch for, what to avoid, as well as what to look for in a firewall product.

Chapter 14, "Types of Firewalls," This section provides you with a technical overview of the main firewall products available on the market as of Summer of 1997. It’s an extensive selection of all the major vendors and they firewall technology, so you can have a chance to evaluate each one of them before deciding which firewall best suite your needs.

.

Part IV, "Appendixes," provides you with specifications of the best firewalls out there, list of vendors, security companies, products and other resource utilities on firewalls, as well as a glossary of terms.

Appendix A, "List of Firewall Vendors and Products," provides you with a list of firewall vendors and their products descriptions. Most of them have a demo or evaluation copy included in the CD that accompanies this book.

Appendix B, "List of Firewall Utilities," provides a list of utilities and an overview of each one of them.

Appendix C, "Bibliography on Firewall," provides you with a list of complementary reading materials such as books, white papers, articles, etc.

Appendix D, "Webliography on Firewalls," provides you with a list of URL links of sites offering white papers, general and more technical information of firewall and proxy servers.

Appendix E, "Glossary of Terms," provide you with a comprehensive list of words and terms generally used in the firewall/Internet environment.

Who should read this book?

The professionals most likely to take advantage of this book are:

About the author

Marcus Goncalves, MS in CIS, has several years of internetworking and security consulting in the IS&T arena. He lives in Southborough-MA, with his wife and kids, a bonsai tree and few tropical fishes. He’s a Systems Manager for Process Software Corp., one of the leaders in Web Server technologies and TCP/IP solutions, involved with management and system analysis of Windows NT networks and Web servers.

He has thought several workshops and seminars on IS and Internet security in U.S. and internationally. He’s a member of the National Computer Security Association (NCSA), the Internet Society, the Association for Information Systems (AIS) and the New York Academy of Sciences (NYAS).

He was one of the co-authors of "Web Site Administrator’s Survival Guide" (Sams.Net), the author of "Protecting Your Web Site With Firewall" (PRT), the author of "Internet Privacy Kit" (Que), the co-author of "Windows NT Server 4.0: Management and Control" (PTR), and the author of "Web Security with Firewalls" (Axcel Books). Also he is a regular contributor for BackOffice Magazine, WEBster Magazine, WebWeek and Developer’s Magazine.

If you’re interested in his articles, check the URL http://members.aol.com/goncalvesv/private/writer.htm. For a complete background information, check the URL http://members.aol.com/goncalvesv.

If contacting the author, please send e-mail to goncalves@process.com or goncalvesv@aol.com.

A Division of the McGraw-Hill Companies