Building Internet Firewalls

By D. Brent Chapman, Elizabeth D. Zwicky
January 1900
Pages: 544
ISBN 10: 1-56592-124-0 | ISBN 13: 9781565921245
(Average of 0 Customer Reviews)

This book has been updated—the edition you're requesting is OUT OF PRINT. Please visit the catalog page of the latest edition.

The latest edition is also available on Safari Books Online.

Book description

Everyone is jumping on the Internet bandwagon, despite the fact that the security risks associated with connecting to the Net have never been greater. This book is a practical guide to building firewalls on the Internet. It describes a variety of firewall approaches and architectures and discusses how you can build packet filtering and proxying solutions at your site. It also contains a full discussion of how to configure Internet services (e.g., FTP, SMTP, Telnet) to work with a firewall, as well as a complete list of resources, including the location of many publicly available firewall construction tools.
Full Description

More than a million systems are now connected to the Internet, and something like 15 million people in 100 countries on all seven continents use Internet services. More than 100 million email messages are exchanged each day, along with countless files, documents, and audio and video images. Everyone is jumping on the Internet bandwagon. Once a haven for academicians and scientists, the Net is now reaching large and small businesses, government at all levels, school children, and senior citizens. The commercial world is rushing headlong into doing business on the Internet, barely pausing while technologies and policies catch up with their desire to go online. But, too few of the seekers after Internet wisdom and riches consider whether their businesses will be safe on the Net. What kinds of security risks are posed by the Internet? Some risks have been around since the early days of networking -- password attacks (guessing them or cracking them via password dictionaries and cracking programs), denial of service, and exploiting known security holes. Some risks are newer and even more dangerous -- packet sniffers, IP (Internet Protocol) forgery, and various types of hijacking attacks. Firewalls are a very effective way to protect your system from these Internet security threats. Firewalls in computer networks keep damage on one part of the network (e.g., eavesdropping, a worm program, file damage) from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down. What is a firewall? It's a hardware and/or software solution that restricts access from your internal network to the Internet -- and vice versa. A firewall may also be used to separate two or more parts of your local network (for example, protecting finance from R&D). The firewall is installed at the perimeter of the network, ordinarily where it connects to the Internet. You can think of a firewall as a checkpoint; all traffic, incoming and outgoing, is stopped at this point. Because it is, the firewall can make sure that it is acceptable. "Acceptable" means that whatever is passing through -- email, file transfers, remote logins, NFS mounts, etc. -- conforms to the security policy of the site. Building Internet Firewalls is a practical guide to building firewalls on the Internet. If your site is connected to the Internet, or if you're considering getting connected, you need this book. It describes a variety of firewall approaches and architectures and discusses how you can build packet filtering and proxying solutions at your site. It also contains a full discussion of how to configure Internet services (e.g., FTP, SMTP, Telnet) to work with a firewall. The book also includes a complete list of resources, including the location of many publicly available firewall construction tools. The book is divided into four parts: Part I discusses Internet threats, the benefits of firewalls, overall security strategies, and a summary of Internet services and their security risks. Part II describes possible firewall designs and general terms and concepts, how to protect the bastion host in your firewall configuration, how to build proxying and packet filtering firewalls, and how to configure Internet services to operate with a firewall. Part III describes how to maintain a firewall, develop a security policy, and respond to a security incident. Part IV contains appendices consisting of a resource summary, a directory of how to find firewall toolkits and other security-related tools, and a detailed summary providing TCP/IP background information.

Post-purchase benefits:

Browse within this book

Cover | Table of Contents | Index | Sample Chapter | Colophon

Book details

First Edition: January 1900
ISBN: 1-56592-124-0
Pages: 544
Average Customer Reviews: (Based on 0 Reviews)

Featured customer reviews

Building Internet Firewalls Review, September 08 1999
Submitted by Jonathan Provencher [Respond | View]

This book is a must.

Read all reviews

Media reviews

"Attacks against Internet-connected systems continue to grow in volume, seriousness and complexity. For this reason, firewalls have become a common focal point for a site's Internet security plan. As the popularity of these devices grows, so does the number of commercial products on the market, and the complexity of their configurations. Building Internet Firewalls addresses some of these complicated issues and offers a practical guide to the implementation of a strong firewall.

"Chapman and Zwicky provide step-by-step explanations on how to design and install various firewall configurations. They do not evaluate or endorse any particular commercial products. In a very readable style, they describe how to configure the numerous Internet services such as E- mail, File Transfer Protocol (ftp), and the World Wide Web (www). Provided with these steps are setup examples and the authors' suggestions for rules and resources based on their experience in the field. The text is complemented by sufficient descriptive diagrams and figures for visual interpretation.

"D. Brent Chapman is a US consultant specializing in Internet firewalls. His experience is based on his design of firewall systems for a wide range of clients, in which he used a variety of techniques and technologies. He is perhaps best known as the moderator/manager of the Firewalls Internet mailing list and newsgroup comp.security.firewalls. Elizabeth D. Zwicky is a senior system administrator at Silicon Graphics and the president of the System Administrators Guild (SAGE). She has been doing large-scale UNIX system administration for 10 years. Both have contributed their wealth of experience and insight to make this book a very useful document for both the experienced system administrator and the Internet novice. This book is aimed at those who need to implement firewall solutions, but it is also an excellent source of information for anyone concerned about Internet security.

"For the most part, the book is platform independent, i.e., because most of the information provided consists of general principles, it will be applicable regardless of what equipment, software or networking is in place or planned for. The most platform-specific issue is a discussion of what type of system to use as a bastion host. There is a strong UNIX orientation to the specific examples in the book, due partly to the TCP/IP-based technology involved and partly to the authors' experience base.

"The book is divided into four parts, each building on the other. Part I reviews the global problems of Internet security and focuses on the theory of firewalls as a component of an effective strategy to solve some of the problems. This part will be especially useful for managers of sites or systems that are considering Internet connections. Part II describes how to build firewalls and configure services to run with them. Part III gives advice on how to establish site security policy, maintain firewalls and handle security problems. This will be especially useful for security administrators who are having difficulty getting management and users to accept the policy. Part IV consists of three appendixes with additional useful information, such as resources and a summary of the best freely available firewall tools and how to get them. Appendix C, which contains excellent background information on TCP/IP, a requirement for anyone setting up a firewall, is perhaps the most detailed part of the book.

"SEIT recommends this book as a primer on firewalls. The authors have undoubtedly produced an in-depth examination of Internet security issues, and this book will serve to raise the awareness levels of many system managers. Given its level of detail and relevancy, it may well serve as the definitive work on the subject of firewalls for years to come."

--Review by David Black, Information Technology Security Bulletin, RCMP IT Security Section, http://www.rcmp-grc.gc.ca/html/bull41-e.htm

Hide extended reviews

Got a Question?