Building Internet Firewalls

Front Cover
"O'Reilly Media, Inc.", Jun 26, 2000 - Computers - 896 pages
7 Reviews

In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks--and the need to protect both business and personal data--have never been greater. We've updated Building Internet Firewalls to address these newer risks.

What kinds of security threats does the Internet pose? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. And others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, are in current headlines.

Firewalls, critical components of today's computer networks, effectively protect a system from most Internet security threats. They keep damage on one part of the network--such as eavesdropping, a worm program, or file damage--from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down.

Like the bestselling and highly respected first edition, Building Internet Firewalls, 2nd Edition, is a practical and detailed step-by-step guide to designing and installing firewalls and configuring Internet services to work with a firewall. Much expanded to include Linux and Windows coverage, the second edition describes:

    • Firewall technologies: packet filtering, proxying, network address translation, virtual private networks
    • Architectures such as screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, internal firewalls
    • Issues involved in a variety of new Internet services and protocols through a firewall
    • Email and News
    • Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo)
    • File transfer and sharing services such as NFS, Samba
    • Remote access services such as Telnet, the BSD "r" commands, SSH, BackOrifice 2000
    • Real-time conferencing services such as ICQ and talk
    • Naming and directory services (e.g., DNS, NetBT, the Windows Browser)
    • Authentication and auditing services (e.g., PAM, Kerberos, RADIUS);
    • Administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics)
    • Intermediary protocols (e.g., RPC, SMB, CORBA, IIOP)
    • Database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server)

    The book's complete list of resources includes the location of many publicly available firewall construction tools.

 

What people are saying - Write a review

User ratings

5 stars
3
4 stars
1
3 stars
3
2 stars
0
1 star
0

User Review - Flag as inappropriate

Sir i need the powerpoint presentation for all the chapters of this book. Can you please send me. mail id: ksandhia@gmail.com

Review: Building Internet Firewalls

User Review  - Justin Andrusk - Goodreads

Conceptually valid with some transcendent security principles, but practically obsolete due to how rapid technology changes. Read full review

Contents

II
4
III
5
IV
8
V
17
VI
18
VII
22
VIII
29
IX
34
CV
335
CVI
337
CVII
340
CVIII
348
CIX
350
CX
359
CXI
360
CXII
362

X
36
XII
41
XIII
44
XIV
49
XV
52
XVI
53
XVII
55
XVIII
56
XIX
59
XXI
60
XXIII
62
XXIV
63
XXV
64
XXVI
65
XXVII
68
XXVIII
69
XXIX
71
XXX
72
XXXI
76
XXXII
80
XXXIII
86
XXXIV
94
XXXV
95
XXXVI
97
XXXVII
98
XXXVIII
103
XXXIX
105
XL
111
XLI
115
XLII
120
XLIII
123
XLIV
127
XLV
129
XLVI
134
XLVII
138
XLVIII
149
XLIX
150
L
158
LII
160
LIII
163
LIV
166
LV
167
LVI
172
LVII
174
LVIII
179
LIX
181
LX
184
LXI
186
LXII
191
LXIII
204
LXIV
215
LXV
217
LXVII
225
LXVIII
226
LXIX
227
LXX
232
LXXI
233
LXXII
234
LXXIII
238
LXXIV
239
LXXV
240
LXXVI
242
LXXVII
243
LXXVIII
244
LXXIX
245
LXXX
249
LXXXI
250
LXXXII
251
LXXXIII
254
LXXXIV
256
LXXXV
257
LXXXVI
260
LXXXVII
270
LXXXVIII
271
LXXXIX
274
XCI
276
XCII
279
XCIII
289
XCIV
292
XCV
296
XCVI
298
XCVIII
299
XCIX
300
C
302
CI
314
CII
318
CIII
320
CIV
328
CXIII
366
CXIV
368
CXV
369
CXVI
374
CXVIII
378
CXIX
379
CXX
382
CXXI
385
CXXII
386
CXXIII
391
CXXIV
398
CXXV
407
CXXVI
413
CXXVII
416
CXXVIII
418
CXXIX
420
CXXX
424
CXXXII
431
CXXXIII
442
CXXXIV
443
CXXXV
444
CXXXVI
446
CXXXVII
449
CXXXVIII
451
CXXXIX
455
CXL
456
CXLI
469
CXLII
471
CXLIII
480
CXLIV
483
CXLV
484
CXLVI
488
CXLVII
489
CXLVIII
492
CXLIX
508
CL
521
CLII
524
CLIII
526
CLIV
529
CLV
534
CLVI
536
CLVII
540
CLIX
564
CLX
566
CLXI
577
CLXII
584
CLXIII
586
CLXIV
587
CLXV
592
CLXVI
593
CLXVII
597
CLXVIII
601
CLXIX
605
CLXX
610
CLXXI
616
CLXXII
623
CLXXIII
626
CLXXIV
628
CLXXV
631
CLXXVI
638
CLXXVII
645
CLXXVIII
648
CLXXIX
655
CLXXX
659
CLXXXI
662
CLXXXII
665
CLXXXIII
679
CLXXXIV
682
CLXXXVI
705
CLXXXVII
724
CLXXXVIII
725
CLXXXIX
732
CXC
735
CXCI
742
CXCII
743
CXCIII
747
CXCIV
759
CXCV
763
CXCVI
765
CXCVIII
775
CXCIX
776
CC
779
CCI
788
CCII
798
CCIII
814
CCIV
824
CCV
850
Copyright

Common terms and phrases

Popular passages

Page 36 - He is also the associate director for virtual environments at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign.

References to this book

All Book Search results »

About the author (2000)

Zwicky is a director of Counterpane Internet Security, a managed security services company. She has been doing large-scale Unix system administration and related work for 15 years, and was a founding board member of both the System Administrators Guild (SAGE) and BayLISA (the San Francisco Bay Area system administrator group), as well as a nonvoting member of the first board of the Australian system administration group, SAGE-AU. She has been involuntarily involved in Internet security since before the 1988 Morris Internest worm. In her lighter moments, she is one of the few people who makes significant use of the rand function in PostScript, producing PostScript documents that are different every time they're printed.

Chapman is a networking professional in Silicon Valley. He has designed and built Internet firewall systems for a wide range of organizations, using a variety of techniques and technologies. He is the founder of the Firewalls Internet mailing list, and creator of the Majordomo mailing list management package. He is the founder, principal, and technical lead of Great Circle Associates, Inc., a highly regarded strategic consulting and training firm specializing in Internet networking and security. Over the last 15 years, he has worked in a variety of consulting, engineering, and management roles in information technology, operations, and technology marketing for a wide range of employers and clients, including the Xerox Palo Alto Research Center (PARe, Silicon Graphics, Inc. (SGI), and Covad Communiction

Bibliographic information