|

Addison-Wesley / Prentice Hall

Computer Science

My Instructor Resource Center :  Log in or request access

Firewalls and Internet Security: Repelling the Wily Hacker, 2/E
William R. Cheswick
Steven M. Bellovin
Aviel D. RubinJohns Hopkins University

ISBN-10: 020163466X
ISBN-13:  9780201634662

Publisher:  Addison-Wesley Professional
Copyright:  2003
Format:  Paper; 464 pp
Published:  02/24/2003
Status: Instock


Customers outside the U.S., click here.


The best-selling first edition of Firewalls and Internet Security became the bible of Internet security by showing readers how to think about threats and solutions. The completely updated and expanded second edition defines the security problems students face in today's Internet, identifies the weaknesses of the most popular security technologies, and illustrates the ins and outs of deploying an effective firewall. Students learn how to plan and execute a security strategy that allows easy access to Internet services while defeating even the wiliest of hackers. Written by well-known senior researchers at AT&T Bell Labs, Lumeta, and Johns Hopkins University the students will benefit from the actual, real-world experiences of the authors maintaining, improving, and redesigning AT&T's Internet gateway.

The classic, single best resource for understanding Internet security is back.

° This book is the bible of Internet security. Whatever else is in the market, this one is at the very top of the list. Notable for its engaging style, technical depth, and the clear real-world experiences of the authors.

° Nearly a complete rewrite of the first edition; reviewers say it's even better.

° First edition has sold more than 68,000 copies! (1/e was Y; 2/e is X.



Preface to the Second Edition.


Preface to the First Edition.

I. GETTING STARTED.

1. Introduction.

Security Truisms.

Picking a Security Policy.

Host-Based Security.

Perimeter Security.

Strategies for a Secure Network.

The Ethics of Computer Security.

WARNING.

2. A Security Review of Protocols: Lower Layers.

Basic Protocols.

Managing Addresses and Names.

IP Version 6.

Network Address Translators.

Wireless Security.

3. Security Review: The Upper Layers.

Messaging.

Internet Telephony.

RPC-Based Protocols.

File Transfer Protocols.

Remote Login.

Simple Network Management Protocol-SNMP.

The Network Time Protocol.

Information Services.

Proprietary protocols.

Peer-to-Peer Networking.

The X11 Window System.

The Small Services.

4. The Web: Threat or Menace?

The Web Protocols.

Risks to the Clients.

Risks to the Server.

Web Servers vs. Firewalls.

The Web and Databases.

Parting Thoughts.

II. THE THREATS.

5. Classes of Attacks.

Stealing Passwords.

Social Engineering.

Bugs and Backdoors.

Authentication Failures.

Protocol Failures.

Information Leakage.

Exponential Attacks-Viruses and Worms.

Denial-of-Service Attacks.

Botnets.

Active Attacks.

6. The Hacker's Workbench, and Other Munitions.

Introduction.

Hacking Goals.

Scanning a Network.

Breaking into the Host.

The Battle for the Host.

Covering Tracks.

Metastasis.

Hacking Tools.

Tiger Teams.

III. SAFER TOOLS AND SERVICES.

7. Authentication.

Remembering Passwords.

Time-Based One-Time Passwords.

Challenge/Response One-Time Passwords.

Lamport's One-Time Password Algorithm.

Smart Cards.

Biometrics.

RADIUS.

SASL: An Authentication Framework.

Host-to-Host Authentication.

PKI.

8. Using Some Tools and Services.

Inetd-Network Services.

Ssh-Terminal and File Access.

Syslog.

Network Administration Tools.

Chroot-Caging Suspect Software.

Jailing the Apache Web Server.

Aftpd-A Simple Anonymous FTP Daemon.

Mail Transfer Agents.

POP3 and IMAP.

Samba: An SMB Implementation.

Taming Named.

Adding SSL Support with sslwrap.

IV. FIREWALLS AND VPNS.

9. Kinds of Firewalls.

Packet Filters.

Application-Level Filtering.

Circuit-Level Gateways.

Dynamic Packet Filters.

Distributed Firewalls.

What Firewalls Cannot Do.

10. Filtering Services.

Reasonable Services to Filter.

Digging for Worms.

Services We Don't Like.

Other Services.

Something New.

11. Firewall Engineering.

Rulesets.

Proxies.

Building a Firewall from Scratch.

Firewall Problems.

Testing Firewalls.

12. Tunneling and VPNs.

Tunnels.

Virtual Private Networks (VPNs).

Software vs. Hardware.

V. PROTECTING AN ORGANIZATION.

13. Network Layout.

Intranet Explorations.

Intranet Routing Tricks.

In Host We Trust.

Belt and Suspenders.

Placement Classes.

14. Safe Hosts in a Hostile Environment.

What Do We Mean by “Secure”?

Properties of Secure Hosts.

Hardware Configuration.

Field Stripping a Host.

Loading New Software.

Administering a Secure Host.

Skinny-Dipping: Life Without a Firewall.

15. Intrusion Detection.

Where to Monitor.

Types of IDS.

Administering an IDS.

IDS Tools.

VI. LESSONS LEARNED.

16. Une Soirie avec Berferd.

Introduction.

Unfriendly Acts.

An Evening with Berferd.

The Day After.

The Jail.

Tracing Berferd.

Berferd Comes Home.

17. The Taking of Clark.

Prelude.

Clark.

Crude Forensics.

Examining Clark.

The Password File.

How Did They Get In?

Better Forensics.

Lessons Learned.

18. Secure Communications over Insecure Networks.

An Introduction to Cryptography.

The Kerberos Authentication System.

Link-Level Encryption.

Network-Level Encryption.

Application-Level Encryption.

19. Where Do We Go from Here?

IPv6.

DNSsec.

Internet Ubiquity.

Internet Security.

Conclusion.

A. An Introduction to Cryptography.

Introduction.

B. Keeping up.

Bibliography.

List of Bombs.

List of Acronyms.

Index. 020163466XT01082003

View a Sample Chapter PDF:/samplechapter/020163466X.pdf

William R. Cheswick (http://cheswick.com) is Chief Scientist at Lumeta Corporation, which explores and maps clients' network infrastructures and finds perimeter leaks. Formerly he was a senior researcher at Lucent Bell Labs, where he did pioneering work in the areas of firewall design and implementation, PC viruses, mailers, and Internet munitions.

Steven M. Bellovin (http://stevebellovin.com) is a Fellow at AT&T Labs Research, where he works on networks, security, and, especially, why the two don't get along. He is a member of the National Academy of Engineering and is one of the Security Area directors of the Internet Engineering Task Force. Long ago he was one of the creators of NetNews.

Aviel D. Rubin (http://avirubin.com) is an Associate Professor in the Computer Science Department at Johns Hopkins University and serves as the Technical Director of their Information Security Institute. He was previously Principal Researcher in the Secure Systems Research Department at AT&T Laboratories and is the author of several books.



020163466XAB01302003

The best-selling first edition of Firewalls and Internet Security became the bible of Internet security by showing a generation of Internet security experts how to think about threats and solutions. This completely updated and expanded second edition defines the security problems companies face in today's Internet, identifies the weaknesses in the most popular security technologies, and illustrates the ins and outs of deploying an effective firewall. Readers will learn how to plan and execute a security strategy that allows easy access to Internet services while defeating even the wiliest of hackers.

Firewalls and Internet Security, Second Edition, draws upon the authors' experiences as researchers in the forefront of their field since the beginning of the Internet explosion.

The book begins with an introduction to their philosophy of Internet security. It progresses quickly to a dissection of possible attacks on hosts and networks and describes the tools and techniques used to perpetrate--and prevent--such attacks. The focus then shifts to firewalls and virtual private networks (VPNs), providing a step-by-step guide to firewall deployment. Readers are immersed in the real-world practices of Internet security through a critical examination of problems and practices on today's intranets, as well as discussions of the deployment of a hacking-resistant host and of intrusion detection systems (IDS). The authors scrutinize secure communications over insecure networks and conclude with their predictions about the future of firewalls and Internet security.

The book's appendixes provide an introduction to cryptography and a list of resources (also posted to the book's Web site) that readers can rely on for tracking further security developments.

Armed with the authors' hard-won knowledge of how to fight off hackers, readers of Firewalls and Internet Security, Second Edition, can make security decisions that will make the Internet--and their computers--safer.



020163466XB01302003


This product is a member of the following series. Click on the series name to see the full list of products in the series.

Log in to the Instructor Resource Center

Login name: 

  Password: 

Forgot login/password?  |  Need to redeem an access code?

         

Instructor Resource Center File Download

This work is protected by local and international copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from this site should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials.

Cancel                       I accept, proceed with download

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.

Copyright © Pearson Education, All rights reserved. Legal Notice | Privacy Policy | Permissions