Firewalls and Internet Security: Repelling the Wily HackerGetting started; why security?; picking a security policy; strategies for a secure network; the ethics of computer security; warning; an overview of TCP/IP; the different layers; routers and routing protocols; the domain name system; standard services; RPC-based protocols; file transfer protocols; the "r" commands; information services; the X11 system; patterns of trust; building your own firewall; firewall gateways; firewall philosophy; situating firewalls; packet-filtering gateways; applicatio-level gateways; circuit-level gateways; supporting inbound services; tunnels good and bad; joint ventures; what firewalls can't do; how to build and application-level gateway; policy; hardware configuration options; initial installation; gateway tools; installing services; protecting the protectors; gateway administration; safety analysis-why our setup is secure and fail-safe; performance; the TIS firewall toolkit; evaluating firewalls; living without a firewalls; authentication; user authentication; host-to-host authentication; gateway tools; proxylib; syslog; watching the network: tcpdump and friends; adding logging to standard daemons; traps, lures, and honey pots; what to log; dummy accounts; tracing the connection; the hacker's workbench; introduction; discovery; probing hosts; connection tools; routing games; network monitors; metastasis; tiger teams; further reading;; a look back; classes of attacks; stealing passwords; social engineering; bugs and backdoors; authentication failures; information leakage; denial-of-service; an evening with berferd; the day after; the jail; tracing berferd; berferd comes home; where the wild things are: a look at the logs; a year of hacking; proxy use; attack sources; noise on the line; odds and ends; legal considerations; computer crime statutes; log files as evidence; is monitoring legal?; tort liability considerations; secure communications over insecure networks; an introduction to cryptography; the kerberos authentication system; link-level encryption; network-and transport-level encryption; application-level encryption; where do we go from here?; useful free stuff; building firewalls; network management and monitoring tools; auditing packages; cryptographic software; information sources; TCP and UDP ports; fixed ports; mbone usage; recommendations to vendors; everyone; hosts; routers; protocols; firewalls; bibliography; index. |
From inside the book
Results 1-3 of 62
Page 92
... implement standard and probably harmless network services . The last line supports the SMTP service with the upas daemon / v / lib / upas / smtpd , which runs under account uucp . The program need only read and write to standard input ...
... implement standard and probably harmless network services . The last line supports the SMTP service with the upas daemon / v / lib / upas / smtpd , which runs under account uucp . The program need only read and write to standard input ...
Page 120
... implement one - time password schemes . The best known involve the use of some sort of hand - held authenticator , also known as a dongle or a token . One common form of authenticator contains an internal clock , a secret key of some ...
... implement one - time password schemes . The best known involve the use of some sort of hand - held authenticator , also known as a dongle or a token . One common form of authenticator contains an internal clock , a secret key of some ...
Page 126
... implement . Some of the services can be implemented at the gateway . For example , our users can telnet to our gateway and then give a command to telnet to an external destination . The Digital and TIS gateway packages contain similar ...
... implement . Some of the services can be implemented at the gateway . For example , our users can telnet to our gateway and then give a command to telnet to an external destination . The Digital and TIS gateway packages contain similar ...
Contents
Introduction | 4 |
An Overview of TCPIP | 19 |
Firewall Gateways | 52 |
Copyright | |
18 other sections not shown
Common terms and phrases
allow anonymous FTP application application-level gateway attack Attempt to login authentication Bellovin Berferd bits block bytes chroot Cited client command configuration connection cryptographic cryptosystems daemon destination disk echo embezzle.Stanford.EDU encryption etc/passwd etc/passwd file example external Figure file system finger firewall ftpd gateway machine hackers header host name ICMP implement incoming inet inetd input inside machine install internal Internet IP address Kerberos MBone mechanism messages mode monitoring multicast operating system output package packet filters password file Path permit port number portmapper probes problem protection protocol proxy relay requests root router routing security holes sendmail sequence number session key shell script SMTP smtpd SNMP someone standard syslog system administrator TCP wrapper tcpdump telnet TFTP traceroute trust UNIX system user's uucp