Cheswick W. Security is, in general, a tradeoff with convenience, and most people are not willing to forgo the convenience of remote access to their computers. Inevitably, they suffer from some loss of security. It is our purpose here to discuss how to minimize the extent of that loss.
|Published (Last):||13 January 2013|
|PDF File Size:||13.3 Mb|
|ePub File Size:||19.87 Mb|
|Price:||Free* [*Free Regsitration Required]|
You merely have to disconnect all dial-up connections and permit only direct-wired terminals, put the machine and its terminals in a shielded room, and post a guard at the door. Grampp and R. Morris For better or for worse, most computer systems are not run that way today.
Security is, in general, a trade-off with convenience, and most people are not willing to forgo the convenience of remote access via networks to their computers. Inevitably, they suffer from some loss of security. It is our purpose here to discuss how to minimize the extent of that loss. The situation is even worse for computers hooked up to some sort of network. Networks are risky for at least three major reasons.
First, and most obvious, more points now exist from which an attack can be launched. Someone who cannot get to your computer cannot attack it; by adding more connection mechanisms for legitimate users, you are also adding more vulnerabilities. A second reason is that you have extended the physical perimeter of your computer system. In a simple computer, everything is within one box. The CPU can fetch authentication data from memory, secure in the knowledge that no enemy can tamper with it or spy on it.
Traditional mechanisms - mode bits, memory protection, and the like - can safeguard critical areas. This is not the case in a network. Messages received may be of uncertain provenance; messages sent are often exposed to all other systems on the net. Clearly, more caution is needed. The third reason is more subtle, and deals with an essential distinction between an ordinary dial-up modem and a network.
Modems, in general, offer one service, typically the ability to log in. There may be vulnerabilities in the login service, but it is a single service, and a comparatively simple one.
Networked computers, on the other hand, offer many services: login, file transfer, disk access, remote execution, phone book, system status, etc. Thus, more points are in need of protection - points that are more complex and more difficult to protect. A networked file system, for example, cannot rely on a typed password for every transaction.
Furthermore, many of these services were developed under the assumption that the extent of the network was comparatively limited. In an era of globe-spanning connectivity, that assumption has broken down, sometimes with severe consequences. Networked computers have another peculiarity worth noting: they are generally not singular entities. More commonly, organizations own a number of computers, and these are connected to each other and to the outside world.
This is both a bane and a blessing: a bane, because networked computers often need to trust their peers, to some extent, and a blessing, because the network may be configurable so that only one computer needs to talk to the outside world. Such dedicated computers, often called "firewall gateways," are at the heart of our suggested security strategy.
Our purpose here is twofold. First, we wish to show that this strategy is useful. That is, a firewall, if properly deployed against the expected threats, will provide an organization with greatly increased security. Second, we wish to show that such gateways are necessary, and that there is a real threat to be dealt with.
Audience This book is written primarily for the network administrator who must protect an organization from unhindered exposure to the Internet. The typical reader should have a background in system administration and networking. Some portions necessarily get intensely technical.
A number of chapters are of more general interest. Readers with a casual interest can safely skip the tough stuff and still enjoy the rest of the book. We also hope that system and network designers will read the book. Many of the problems we discuss are the direct result of a lack of security-conscious design.
We hope that newer protocols and systems will be inherently more secure. Our examples and discussion unabashedly relate to Unix systems and programs. The majority of multiuser machines on the Internet run some version of the Unix operating system. Most application-level gateways are implemented in Unix. This is not to say that other operating systems are more secure; however, there are fewer of them on the Internet, and they are less popular as targets for that reason.
But the principles and philosophy apply to network gateways built in other operating systems, or even to a run-time system like MS-DOS. By far, it is the heterogeneous networking protocol of choice, not only on workstations, for which it is the native tongue, but on virtually all machines, ranging from desktop personal computers to the largest supercomputers.
The Internet links most major universities in the United States and many others around the world , research labs, many government agencies, and even a fair number of businesses. We believe that the lessons we have learned are applicable to any network with similar characteristics. We have read of serious attacks on computers attached to public X.
Firewalls are useful there, too, although naturally they would differ in detail. This is not a book on how to administer a system in a secure fashion, although we do make some suggestions along those lines. Numerous books on that topic already exist, such as Farrow, , Garfinkel and Spafford, , and Curry, Nor is this a cookbook to tell you how to administer various packaged firewall gateways.
The technology is too new, and any such work would be obsolete before it was even published. Rather, it is a set of guidelines that, we hope, both defines the problem space and roughly sketches the boundaries of possible solution spaces.
We also describe how we constructed our latest gateway, and why we made the decisions we did. Our design decisions are directly attributable to our experience in detecting and defending against attackers. On occasion, we speak of "reports" that something has happened. We make apologies for the obscurity. Though we have made every effort to document our sources, some of our information comes from confidential discussions with other security administrators who do not want to be identified.
Network security breaches can be very embarrassing, especially when they happen to organizations that should have known better. Terminology Before we proceed further, it is worthwhile making one comment on terminology. We have chosen to call the attackers "hackers. That is quite true. Nevertheless, the language has changed.
Bruce Sterling expressed it very well Sterling, , pages The term "hacking" is used routinely today by almost all law enforcement officials with any professional interest in computer fraud and abuse. American police describe almost any crime committed with, by, through, or against a computer as hacking.
Most important, "hacker" is what computer intruders choose to call themselves. Nobody who hacks into systems willingly describes himself rarely, herself as a "computer intruder," "computer trespasser," "cracker," "wormer," "dark-side hacker," or "high- tech street gangster.
But few people actually use these terms. The second part of this book describes firewall construction in detail. We describe the several sorts of firewall gateways Chapter 3 that have been built. Next, we present a comprehensive description of the construction of our third and newest gateway Chapter 4 , the variety of authentication strategies to choose from Chapter 5 , the other tools we used Chapter 6 , and the sorts of monitors we have installed Chapter 7.
All of the information in this part is detailed enough to permit you to duplicate our work or to do it differently if your needs or priorities differ. Chapter 9 is an attempt at a taxonomy of hacking, an analysis of different categories of attacks. Chapter 10 is quite concrete: we describe the single most determined known?
The next chapter summarizes the log data we and others have collected over the years. In Chapter 12, we discuss the legal implications of computer security. In Chapter 13, we show how encryption can be used in high-threat environments. Chapter 14 has some parting thoughts.
Acknowledgments There are many people who deserve our thanks for helping with this book. Acting on all of the comments we received was painful, but has made this a better book. Of course, we bear the blame for any errors, not these intrepid readers. Bill Cheswick.
Firewalls and Internet Security: Repelling the Wily Hacker
You merely have to disconnect all dial-up connections and permit only direct-wired terminals, put the machine and its terminals in a shielded room, and post a guard at the door. Grampp and R. Morris For better or for worse, most computer systems are not run that way today. Security is, in general, a trade-off with convenience, and most people are not willing to forgo the convenience of remote access via networks to their computers. Inevitably, they suffer from some loss of security.
Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edition
Author: William R. Cheswick and Steven M. Cheswick and Bellovin have written the first book that deals specifically with the security of whole networks rather than of individual hosts. The core of the book is a detailed look at how to set up and run a firewall. This begins by covering the mechanics of setting up a packet filter, application and circuit gateways, the uses and abuses of tunneling and the general limitations of firewalls. Also contains a brief discussion of user authentication and a description of useful tools such as connection libraries, network monitors and logging programs.
Firewalls and Internet Security
William R. Cheswick, Steven M. Though rewritten almost completely, this second edition retains much of the flavour and focus of the first, which is both a strength and a weakness. It is idiosyncratic and somewhat scattered, trying to cover everything while still providing unique material.
Firewalls and Internet Security - Repelling the Wily Hacker (Book)
About this title The best-selling first edition of Firewalls and Internet Security became the bible of Internet security by showing readers how to think about threats and solutions. Students learn how to plan and execute a security strategy that allows easy access to Internet services while defeating even the wiliest of hackers. Review: Essential information for anyone wanting to protect Internet-connected computers from unauthorized access. From the Back Cover: The best-selling first edition of Firewalls and Internet Security became the bible of Internet security by showing a generation of Internet security experts how to think about threats and solutions. Readers will learn how to plan and execute a security strategy that allows easy access to Internet services while defeating even the wiliest of hackers. The book begins with an introduction to their philosophy of Internet security. It progresses quickly to a dissection of possible attacks on hosts and networks and describes the tools and techniques used to perpetrate--and prevent--such attacks.