Building Internet Firewalls. 2nd Edition
- Autorzy:
- Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 896
- Dostępne formaty:
-
ePubMobi
Opis
książki
:
Building Internet Firewalls. 2nd Edition
In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks--and the need to protect both business and personal data--have never been greater. We've updated Building Internet Firewalls to address these newer risks.
What kinds of security threats does the Internet pose? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. And others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, are in current headlines.
Firewalls, critical components of today's computer networks, effectively protect a system from most Internet security threats. They keep damage on one part of the network--such as eavesdropping, a worm program, or file damage--from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down.
Like the bestselling and highly respected first edition, Building Internet Firewalls, 2nd Edition, is a practical and detailed step-by-step guide to designing and installing firewalls and configuring Internet services to work with a firewall. Much expanded to include Linux and Windows coverage, the second edition describes:
- Firewall technologies: packet filtering, proxying, network address translation, virtual private networks
- Architectures such as screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, internal firewalls
- Issues involved in a variety of new Internet services and protocols through a firewall
- Email and News
- Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo)
- File transfer and sharing services such as NFS, Samba
- Remote access services such as Telnet, the BSD "r" commands, SSH, BackOrifice 2000
- Real-time conferencing services such as ICQ and talk
- Naming and directory services (e.g., DNS, NetBT, the Windows Browser)
- Authentication and auditing services (e.g., PAM, Kerberos, RADIUS);
- Administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics)
- Intermediary protocols (e.g., RPC, SMB, CORBA, IIOP)
- Database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server)
The book's complete list of resources includes the location of many publicly available firewall construction tools.
Wybrane bestsellery
-
Promocja
Wirtualizacja serwerów pozwala lepiej wykorzystać posiadany sprzęt. Dzięki niej możliwe jest zwiększenie elastyczności systemu i usprawnienie zarządzania infrastrukturą IT. Spośród wielu platform wirtualizacyjnych dostępnych na rynku wyróżnia się VMware ESXi 8 - jeden z najbardziej zaawansowanych i wszechstronnych produktów, oferujący administratorom systemów kompleksowe rozwiązania. Wśród jego zaawansowanych funkcji znajdują się między innymi obsługa kontenerów, automatyzacja zarządzania, wsparcie dla najnowszych technologii sprzętowych, a także zintegrowane narzędzia do monitorowania i optymalizacji wydajności.- PDF + ePub + Mobi
- Druk 34 pkt
(32,90 zł najniższa cena z 30 dni)
34.50 zł
69.00 zł (-50%) -
Promocja
Oto drugie wydanie książki, którą specjaliści CISO uznali za przełomową. Dowiesz się z niej, jak kwantyfikować niepewność i jak za pomocą prostych metod i narzędzi poprawić ocenę ryzyka w nowoczesnych organizacjach. Znalazły się tu nowe techniki modelowania, pomiaru i szacowania, a także mnóstwo praktycznych wskazówek dotyczących wdrażania tych rozwiązań w formie spójnego programu. Nauczysz się też oceniać ryzyko, gdy masz dostęp do niewielu danych. Przekonasz się, że zamiast metod jakościowych dużo lepsze efekty w zarządzaniu ryzykiem cyberbezpieczeństwa osiąga się dzięki kwantyfikacji i zaplanowanym pomiarom.- PDF + ePub + Mobi
- Druk 43 pkt
(39,90 zł najniższa cena z 30 dni)
43.50 zł
87.00 zł (-50%) -
Promocja
Dzięki tej świetnie napisanej, miejscami przezabawnej książce dowiesz się, na czym naprawdę polega testowanie granic bezpieczeństwa fizycznego. To fascynująca relacja o sposobach wynajdywania niedoskonałości zabezpieczeń, stosowania socjotechnik i wykorzystywania słabych stron ludzkiej natury. Wyjaśniono tu, jak działają systemy bezpieczeństwa banków i innych tego typu obiektów, zarówno na poziomie cyfrowym, jak i fizycznym, a także jak się wyszukuje podatności takich systemów. Pokazano też sporo narzędzi i technik, które ułatwiają uzyskanie dostępu do najlepiej zabezpieczonych obiektów na świecie. Dzięki tej książce przekonasz się, że przełamanie systemu bezpieczeństwa wymaga ogromnej cierpliwości, kreatywności i podejmowania szybkich decyzji, ale też że czasami można się do niego włamać z przerażającą łatwością.- PDF + ePub + Mobi
- Druk 29 pkt
(27,90 zł najniższa cena z 30 dni)
29.49 zł
59.00 zł (-50%) -
Promocja
Oto przewodnik po inżynierii detekcji, przeznaczony dla inżynierów zabezpieczeń i analityków bezpieczeństwa. Zaprezentowano w nim praktyczną metodologię planowania, budowy i walidacji mechanizmów wykrywania zagrożeń. Opisano zasady pracy z frameworkami służącymi do testowania i uwierzytelniania programu inżynierii detekcji. Książka zawiera przykłady dotyczące zagadnień z całego cyklu, od utworzenia reguły detekcji po jej walidację, a omawianej tematyce towarzyszy bogaty zestaw samouczków, projektów i pytań sprawdzających. To doskonałe źródło wiedzy o zasadach pracy inżyniera detekcji i o ciągłym rozwoju tej dziedziny.- PDF + ePub + Mobi
- Druk 44 pkt
(39,90 zł najniższa cena z 30 dni)
44.50 zł
89.00 zł (-50%) -
Promocja
Postęp, wiążący się z przejściem do nowego, wyższego etapu w rozwoju ludzkości, przynosi pozytywne jak i negatywne następstwa w różnych dziedzinach działalności człowieka, a także społeczności zorganizowanej w państwo.Tak samo rzecz się ma z informacją, jej zastosowaniem dla dobra, ale i na szkodę innych ludzi. Dzięki łatwemu i powszechnemu dostępoBezpieczeństwo informacyjne. Aspekty prawno-administracyjne
Redakcja naukowa: Waldemar Kitler, Joanna Taczkowska-Olszewska
(29,90 zł najniższa cena z 30 dni)
39.64 zł
55.00 zł (-28%) -
"Twoje bezpieczeństwo w świecie cyber i sztucznej inteligencji Część III DZIECKO I TY" - niezbędnik każdego użytkownika internetu! W dobie wszechobecnych technologii i wszechwładnej sztucznej inteligencji, zarówno dorosłym, jak i najmłodszym użytkownikom sieci, przyda się solidny fundament wiedzy na temat bezpieczeństwa cyfrowego. Poradnik "Twoje b
-
Promocja
Ta książka jest przewodnikiem dla profesjonalistów do spraw cyberbezpieczeństwa. Przedstawia podstawowe zasady reagowania na incydenty bezpieczeństwa i szczegółowo, na przykładach, omawia proces tworzenia zdolności szybkiej i skutecznej reakcji na takie zdarzenia. Zaprezentowano tu techniki informatyki śledczej, od pozyskiwania dowodów i badania pamięci ulotnej po badanie dysku twardego i dowodów pochodzących z sieci. Szczególną uwagę poświęcono zagrożeniom atakami ransomware. Nie zabrakło omówienia roli analizy zagrożeń w procesie reagowania na incydenty, a także zasad sporządzania raportów dokumentujących reakcję na incydent i wyniki analizy. Pokazano również, w jaki sposób prowadzi się polowania na zagrożenia.- PDF + ePub + Mobi
- Druk 49 pkt
(39,90 zł najniższa cena z 30 dni)
49.50 zł
99.00 zł (-50%) -
Promocja
Ta książka zapewni Ci wiedzę, dzięki której z powodzeniem utworzysz blue team w swojej organizacji. Dowiesz się, z jakich defensywnych środków cyberbezpieczeństwa warto skorzystać i jakimi metodami ocenić skuteczność aktualnego stanu zabezpieczeń, dogłębnie zrozumiesz także sposoby działania cyberprzestępców. Lekturę rozpoczniesz od krótkiego przeglądu znaczenia, zadań i składu zespołu niebieskiego, poznasz też ważne techniki i najlepsze praktyki w defensywnej ochronie cyberbezpieczeństwa. Nauczysz się korzystać z metodologii NIST w celu utworzenia planów reagowania na incydenty i dowiesz się, jak je testować. Znajdziesz tutaj również wskazówki, dzięki którym dopasujesz swoje działania ściśle do potrzeb organizacji.- Druk 29 pkt
(27,90 zł najniższa cena z 30 dni)
29.49 zł
59.00 zł (-50%) -
Promocja
Dzięki tej książce nauczysz się gromadzić publicznie dostępne informacje, korzystać z wiedzy o cyklu życia wrażliwych danych i przekształcać je w informacje wywiadowcze przydatne dla zespołów zajmujących się bezpieczeństwem. Opanujesz proces gromadzenia i analizy danych, poznasz również strategie, które należy wdrożyć podczas poszukiwania informacji z publicznie dostępnych źródeł. Ugruntujesz wiedzę na temat bezpieczeństwa operacyjnego i uświadomisz sobie, w jaki sposób niektórzy używają publicznie dostępnych danych do nielegalnych celów. Książkę tę szczególnie docenią inżynierowie społeczni i specjaliści do spraw bezpieczeństwa, a także kadra kierownicza.- PDF + ePub + Mobi
- Druk 49 pkt
(39,90 zł najniższa cena z 30 dni)
49.50 zł
99.00 zł (-50%) -
Promocja
Rozwiązanie problemu znajdziesz w tej książce. Została ona napisana specjalnie z myślą o osobach, które administrują małymi sieciami, dysponują niewielkim budżetem i ograniczonym wsparciem profesjonalistów. Dzięki niej zrozumiesz podstawy zabezpieczania łączności sieciowej i poznasz sposoby zabezpieczania sieci przy niewielkim nakładzie pieniędzy i czasu. Opanujesz uznane techniki hartowania systemów, takie jak mapowanie sieci, śledzenie stanu urządzeń i rozpoznawanie nietypowej aktywności, która może sygnalizować atak. Zagłębisz się w sposoby eliminowania luk w zabezpieczeniach i zapobiegania dostępowi do urządzeń mobilnych i stacjonarnych, a nawet punktów końcowych IoT. Dowiesz się też, jak wdrażać własne strategie backupu, a także wykrywać i blokować złośliwe oprogramowanie i ransomware.- PDF + ePub + Mobi
- Druk 33 pkt
(32,90 zł najniższa cena z 30 dni)
33.50 zł
67.00 zł (-50%)
Ebooka "Building Internet Firewalls. 2nd Edition" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Building Internet Firewalls. 2nd Edition" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolonych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Building Internet Firewalls. 2nd Edition" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły książki
- ISBN Ebooka:
- 978-05-965-5188-9, 9780596551889
- Data wydania ebooka :
- 2000-06-26 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 2.6MB
- Rozmiar pliku Mobi:
- 8.1MB
Spis treści książki
- Building Internet Firewalls, 2nd Edition
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Preface
- Scope of This Book
- Audience
- Platforms
- Products
- Examples
- Conventions Used in This Book
- Comments and Questions
- Acknowledgments for the Second Edition
- Acknowledgments for the First Edition
- I. Network Security
- 1. Why Internet Firewalls?
- 1.1. What Are You Trying to Protect?
- 1.1.1. Your Data
- 1.1.2. Your Resources
- 1.1.3. Your Reputation
- 1.2. What Are You Trying to Protect Against?
- 1.2.1. Types of Attacks
- 1.2.1.1. Intrusion
- 1.2.1.2. Denial of service
- 1.2.1.3. Information theft
- 1.2.2. Types of Attackers
- 1.2.2.1. Joyriders
- 1.2.2.2. Vandals
- 1.2.2.3. Scorekeepers
- 1.2.2.4. Spies (industrial and otherwise)
- 1.2.3. Stupidity and Accidents
- 1.2.4. Theoretical Attacks
- 1.2.1. Types of Attacks
- 1.3. Who Do You Trust?
- 1.4. How Can You Protect Your Site?
- 1.4.1. No Security
- 1.4.2. Security Through Obscurity
- 1.4.3. Host Security
- 1.4.4. Network Security
- 1.4.5. No Security Model Can Do It All
- 1.5. What Is an Internet Firewall?
- 1.5.1. What Can a Firewall Do?
- 1.5.1.1. A firewall is a focus for security decisions
- 1.5.1.2. A firewall can enforce a security policy
- 1.5.1.3. A firewall can log Internet activity efficiently
- 1.5.1.4. A firewall limits your exposure
- 1.5.2. What Cant a Firewall Do?
- 1.5.2.1. A firewall can't protect you against malicious insiders
- 1.5.2.2. A firewall can't protect you against connections that don't go through it
- 1.5.2.3. A firewall can't protect against completely new threats
- 1.5.2.4. A firewall can't fully protect against viruses
- 1.5.2.5. A firewall can't set itself up correctly
- 1.5.3. What's Wrong with Firewalls?
- 1.5.3.1. Firewalls interfere with the Internet
- 1.5.3.2. Firewalls don't deal with the real problem
- 1.5.1. What Can a Firewall Do?
- 1.6. Religious Arguments
- 1.6.1. Buying Versus Building
- 1.6.2. Unix Versus Windows NT
- 1.6.3. That's Not a Firewall!
- 1.1. What Are You Trying to Protect?
- 2. Internet Services
- 2.1. Secure Services and Safe Services
- 2.2. The World Wide Web
- 2.2.1. Web Client Security Issues
- 2.2.2. Web Server Security Issues
- 2.3. Electronic Mail and News
- 2.3.1. Electronic Mail
- 2.3.2. Usenet News
- 2.4. File Transfer, File Sharing, and Printing
- 2.4.1. File Transfer
- 2.4.2. File Sharing
- 2.4.3. Printing Systems
- 2.5. Remote Access
- 2.5.1. Remote Terminal Access and Command Execution
- 2.5.2. Remote Graphic Interfaces for Microsoft Operating Systems
- 2.5.3. Network Window Systems
- 2.6. Real-Time Conferencing Services
- 2.7. Naming and Directory Services
- 2.8. Authentication and Auditing Services
- 2.9. Administrative Services
- 2.9.1. System Management
- 2.9.2. Routing
- 2.9.3. Network Diagnostics
- 2.9.4. Time Service
- 2.10. Databases
- 2.11. Games
- 3. Security Strategies
- 3.1. Least Privilege
- 3.2. Defense in Depth
- 3.3. Choke Point
- 3.4. Weakest Link
- 3.5. Fail-Safe Stance
- 3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
- 3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
- 3.6. Universal Participation
- 3.7. Diversity of Defense
- 3.7.1. Inherent Weaknesses
- 3.7.2. Common Configuration
- 3.7.3. Common Heritage
- 3.7.4. Skin-Deep Differences
- 3.7.5. Conclusion
- 3.8. Simplicity
- 3.9. Security Through Obscurity
- 1. Why Internet Firewalls?
- II. Building Firewalls
- 4. Packets and Protocols
- 4.1. What Does a Packet Look Like?
- 4.1.1. TCP/IP/Ethernet Example
- 4.1.1.1. Ethernet layer
- 4.1.1.2. IP layer
- 4.1.1.3. TCP layer
- 4.1.1. TCP/IP/Ethernet Example
- 4.2. IP
- 4.2.1. IP Multicast and Broadcast
- 4.2.2. IP Options
- 4.2.3. IP Fragmentation
- 4.3. Protocols Above IP
- 4.3.1. TCP
- 4.3.1.1. TCP options
- 4.3.1.2. TCP sequence numbers
- 4.3.2. UDP
- 4.3.3. ICMP
- 4.3.4. IP over IP and GRE
- 4.3.1. TCP
- 4.4. Protocols Below IP
- 4.5. Application Layer Protocols
- 4.6. IP Version 6
- 4.7. Non-IP Protocols
- 4.8. Attacks Based on Low-Level Protocol Details
- 4.8.1. Port Scanning
- 4.8.2. Implementation Weaknesses
- 4.8.3. IP Spoofing
- 4.8.3.1. The attacker can intercept the reply
- 4.8.3.2. The attacker doesn't need to see the reply
- 4.8.3.3. The attacker doesn't want the reply
- 4.8.4. Packet Interception
- 4.1. What Does a Packet Look Like?
- 5. Firewall Technologies
- 5.1. Some Firewall Definitions
- 5.2. Packet Filtering
- 5.2.1. Advantages of Packet Filtering
- 5.2.1.1. One screening router can help protect an entire network
- 5.2.1.2. Simple packet filtering is extremely efficient
- 5.2.1.3. Packet filtering is widely available
- 5.2.2. Disadvantages of Packet Filtering
- 5.2.2.1. Current filtering tools are not perfect
- 5.2.2.2. Packet filtering reduces router performance
- 5.2.2.3. Some policies can't readily be enforced by normal packet filtering routers
- 5.2.1. Advantages of Packet Filtering
- 5.3. Proxy Services
- 5.3.1. Advantages of Proxying
- 5.3.1.1. Proxy services can be good at logging
- 5.3.1.2. Proxy services can provide caching
- 5.3.1.3. Proxy services can do intelligent filtering
- 5.3.1.4. Proxy systems can perform user-level authentication
- 5.3.1.5. Proxy systems automatically provide protection for weak or faulty IP implementations
- 5.3.2. Disadvantages of Proxying
- 5.3.2.1. Proxy services lag behind nonproxied services
- 5.3.2.2. Proxy services may require different servers for each service
- 5.3.2.3. Proxy services usually require modifications to clients, applications, or procedures
- 5.3.1. Advantages of Proxying
- 5.4. Network Address Translation
- 5.4.1. Advantages of Network Address Translation
- 5.4.1.1. Network address translation helps to enforce the firewall's control over outbound connections
- 5.4.1.2. Network address translation can help restrict incoming traffic
- 5.4.1.3. Network address translation helps to conceal the internal network's configuration
- 5.4.2. Disadvantages of Network Address Translation
- 5.4.2.1. Dynamic allocation requires state information that is not always available
- 5.4.2.2. Embedded IP addresses are a problem for network address translation
- 5.4.2.3. Network address translation interferes with some encryption and authentication systems
- 5.4.2.4. Dynamic allocation of addresses interferes with logging
- 5.4.2.5. Dynamic allocation of ports may interfere with packet filtering
- 5.4.1. Advantages of Network Address Translation
- 5.5. Virtual Private Networks
- 5.5.1. Where Do You Encrypt?
- 5.5.2. Key Distribution and Certificates
- 5.5.3. Advantages of Virtual Private Networks
- 5.5.3.1. Virtual private networks provide overall encryption
- 5.5.3.2. Virtual private networks allow you to remotely use protocols that are difficult to secure any other way
- 5.5.4. Disadvantages of Virtual Private Networks
- 5.5.4.1. Virtual private networks involve dangerous network connections
- 5.5.4.2. Virtual private networks extend the network you must protect
- 6. Firewall Architectures
- 6.1. Single-Box Architectures
- 6.1.1. Screening Router
- 6.1.1.1. Appropriate uses
- 6.1.2. Dual-Homed Host
- 6.1.2.1. Appropriate uses
- 6.1.3. Multiple-Purpose Boxes
- 6.1.3.1. Appropriate uses
- 6.1.1. Screening Router
- 6.2. Screened Host Architectures
- 6.2.1. Appropriate Uses
- 6.3. Screened Subnet Architectures
- 6.3.1. Perimeter Network
- 6.3.2. Bastion Host
- 6.3.3. Interior Router
- 6.3.4. Exterior Router
- 6.3.5. Appropriate Uses
- 6.4. Architectures with Multiple Screened Subnets
- 6.4.1. Split-Screened Subnet
- 6.4.1.1. Appropriate uses
- 6.4.2. Independent Screened Subnets
- 6.4.2.1. Appropriate uses
- 6.4.1. Split-Screened Subnet
- 6.5. Variations on Firewall Architectures
- 6.5.1. It's OK to Use Multiple Bastion Hosts
- 6.5.2. It's OK to Merge the Interior Router and the Exterior Router
- 6.5.3. It's OK to Merge the Bastion Host and the Exterior Router
- 6.5.4. It's Dangerous to Merge the Bastion Host and the Interior Router
- 6.5.5. It's Dangerous to Use Multiple Interior Routers
- 6.5.6. It's OK to Use Multiple Exterior Routers
- 6.5.7. It's Dangerous to Use Both Screened Subnets and Screened Hosts
- 6.6. Terminal Servers and Modem Pools
- 6.7. Internal Firewalls
- 6.7.1. Laboratory Networks
- 6.7.2. Insecure Networks
- 6.7.3. Extra-Secure Networks
- 6.7.4. Joint Venture Firewalls
- 6.7.5. A Shared Perimeter Network Allows an "Arms-Length"Relationship
- 6.7.6. An Internal Firewall May or May Not Need Bastion Hosts
- 6.1. Single-Box Architectures
- 7. Firewall Design
- 7.1. Define Your Needs
- 7.1.1. What Will the Firewall Actually Do?
- 7.1.1.1. What services do you need to offer?
- 7.1.1.2. How secure do you need to be?
- 7.1.1.3. How much usage will there be?
- 7.1.1.4. How much reliability do you need?
- 7.1.2. What Are Your Constraints?
- 7.1.2.1. What budget do you have available?
- 7.1.2.2. What personnel do you have available?
- 7.1.2.3. What is your environment like?
- 7.1.1. What Will the Firewall Actually Do?
- 7.2. Evaluate the Available Products
- 7.2.1. Scalability
- 7.2.2. Reliability and Redundancy
- 7.2.3. Auditability
- 7.2.4. Price
- 7.2.5. Management and Configuration
- 7.2.6. Adaptability
- 7.2.7. Appropriateness
- 7.3. Put Everything Together
- 7.3.1. Where will logs go, and how?
- 7.3.1.1. How will you back up the system?
- 7.3.1.2. What support services does the system require?
- 7.3.1.3. How will you access the machines?
- 7.3.1.4. Where will routine reports go, and how?
- 7.3.1.5. Where will alarms go, and how?
- 7.3.1. Where will logs go, and how?
- 7.1. Define Your Needs
- 8. Packet Filtering
- 8.1. What Can You Do with Packet Filtering?
- 8.1.1. Basic Packet Filtering
- 8.1.2. Stateful or Dynamic Packet Filtering
- 8.1.3. Protocol Checking
- 8.2. Configuring a Packet Filtering Router
- 8.2.1. Protocols Are Usually Bidirectional
- 8.2.2. Be Careful of "Inbound" Versus "Outbound" Semantics
- 8.2.3. Default Permit Versus Default Deny
- 8.3. What Does the Router Do with Packets?
- 8.3.1. Logging Actions
- 8.3.2. Returning Error Codes
- 8.3.3. Making Changes
- 8.4. Packet Filtering Tips and Tricks
- 8.4.1. Edit Your Filtering Rules Offline
- 8.4.2. Reload Rule Sets from Scratch Each Time
- 8.4.3. Replace Packet Filters Atomically
- 8.4.4. Always Use IP Addresses, Never Hostnames
- 8.4.5. Password Protect Your Packet Filters
- 8.4.6. If Possible, Use Named Access Lists
- 8.5. Conventions for Packet Filtering Rules
- 8.6. Filtering by Address
- 8.6.1. Risks of Filtering by Source Address
- 8.7. Filtering by Service
- 8.7.1. Outbound Telnet Service
- 8.7.2. Inbound Telnet Service
- 8.7.3. Telnet Summary
- 8.7.4. Risks of Filtering by Source Port
- 8.8. Choosing a Packet Filtering Router
- 8.8.1. It Should Have Good Enough Packet Filtering Performance for Your Needs
- 8.8.2. It Can Be a Single-Purpose Router or a General-Purpose Computer
- 8.8.3. It Should Allow Simple Specification of Rules
- 8.8.4. It Should Allow Rules Based on Any Header or Meta-Packet Criteria
- 8.8.5. It Should Apply Rules in the Order Specified
- 8.8.5.1. If the rules are applied in the order ABC
- 8.8.5.2. If the rules are applied in the order BAC
- 8.8.5.3. Rule B is actually not necessary
- 8.8.5.4. Packet filtering rules are tricky
- 8.8.6. It Should Apply Rules Separately to Incoming and Outgoing Packets, on a Per-Interface Basis
- 8.8.7. It Should Be Able to Log Accepted and Dropped Packets
- 8.8.8. It Should Have Good Testing and Validation Capabilities
- 8.9. Packet Filtering Implementations for General-Purpose Computers
- 8.9.1. Linux ipchains and Masquerading
- 8.9.1.1. ipchains
- 8.9.1.2. Testing ipchains rules
- 8.9.1.3. Masquerading
- 8.9.1.4. How masquerading works
- 8.9.1.5. Available specialized masquerading modules
- 8.9.1.6. Using ipchains (including masquerading)
- 8.9.2. ipfilter
- 8.9.3. Comparing ipfilter and ipchains
- 8.9.4. Linux netfilter
- 8.9.5. Windows NT Packet Filtering
- 8.9.1. Linux ipchains and Masquerading
- 8.10. Where to Do Packet Filtering
- 8.11. What Rules Should You Use?
- 8.12. Putting It All Together
- 8.1. What Can You Do with Packet Filtering?
- 9. Proxy Systems
- 9.1. Why Proxying?
- 9.2. How Proxying Works
- 9.2.1. Using Proxy-Aware Application Software for Proxying
- 9.2.2. Using Proxy-Aware Operating System Software
- 9.2.3. Using Proxy-Aware User Procedures for Proxying
- 9.2.4. Using a Proxy-Aware Router
- 9.3. Proxy Server Terminology
- 9.3.1. Application-Level Versus Circuit-Level Proxies
- 9.3.2. Generic Versus Dedicated Proxies
- 9.3.3. Intelligent Proxy Servers
- 9.4. Proxying Without a Proxy Server
- 9.5. Using SOCKS for Proxying
- 9.5.1. Versions of SOCKS
- 9.5.2. SOCKS Features
- 9.5.3. SOCKS Components
- 9.5.4. Converting Clients to Use SOCKS
- 9.6. Using the TIS Internet Firewall Toolkit for Proxying
- 9.6.1. FTP Proxying with TIS FWTK
- 9.6.2. Telnet and rlogin Proxying with TIS FWTK
- 9.6.3. Generic Proxying with TIS FWTK
- 9.6.4. Other TIS FWTK Proxies
- 9.7. Using Microsoft Proxy Server
- 9.7.1. Proxy Server and SOCKS
- 9.7.2. Proxy Server and WinSock
- 9.8. What If You Can't Proxy?
- 9.8.1. No Proxy Server Is Available
- 9.8.2. Proxying Won't Secure the Service
- 9.8.3. Can't Modify Client or Procedures
- 10. Bastion Hosts
- 10.1. General Principles
- 10.2. Special Kinds of Bastion Hosts
- 10.2.1. Nonrouting Dual-Homed Hosts
- 10.2.2. Victim Machines
- 10.2.3. Internal Bastion Hosts
- 10.2.4. External Service Hosts
- 10.2.5. One-Box Firewalls
- 10.3. Choosing a Machine
- 10.3.1. What Operating System?
- 10.3.2. How Fast a Machine?
- 10.3.3. What Hardware Configuration?
- 10.4. Choosing a Physical Location
- 10.5. Locating Bastion Hosts on the Network
- 10.6. Selecting Services Provided by a Bastion Host
- 10.6.1. Multiple Services or Multiple Hosts?
- 10.7. Disabling User Accounts on Bastion Hosts
- 10.8. Building a Bastion Host
- 10.9. Securing the Machine
- 10.9.1. Start with a Minimal Clean Operating System Installation
- 10.9.2. Fix All Known System Bugs
- 10.9.3. Use a Checklist
- 10.9.4. Safeguard the System Logs
- 10.9.4.1. System logs for convenience
- 10.9.4.2. System logs for catastrophes
- 10.9.4.3. Logging and time
- 10.9.4.4. Choosing what to log
- 10.10. Disabling Nonrequired Services
- 10.10.1. How to Disable Services
- 10.10.1.1. Next steps after disabling services
- 10.10.2. Running Services on Specific Networks
- 10.10.3. Turning Off Routing
- 10.10.4. Controlling Inbound Traffic
- 10.10.5. Installing and Modifying Services
- 10.10.6. Reconfiguring for Production
- 10.10.6.1. Finalize the operating system configuration
- 10.10.6.2. Mount filesystems as read-only
- 10.10.7. Running a Security Audit
- 10.10.7.1. Auditing packages
- 10.10.7.2. Use cryptographic checksums for auditing
- 10.10.8. Connecting the Machine
- 10.10.1. How to Disable Services
- 10.11. Operating the Bastion Host
- 10.11.1. Learn What the Normal Usage Profile Is
- 10.11.2. Consider Using Software to Automate Monitoring
- 10.12. Protecting the Machine and Backups
- 10.12.1. Watch Reboots Carefully
- 10.12.2. Do Secure Backups
- 10.12.3. Other Objects to Secure
- 11. Unix and Linux Bastion Hosts
- 11.1. Which Version of Unix?
- 11.2. Securing Unix
- 11.2.1. Setting Up System Logs on Unix
- 11.2.1.1. syslog Linux example
- 11.2.1.2. System logs for catastrophe
- 11.2.1. Setting Up System Logs on Unix
- 11.3. Disabling Nonrequired Services
- 11.3.1. How Are Services Managed Under Unix?
- 11.3.1.1. Services started by /etc/rc files or directories
- 11.3.1.2. Services started by inetd
- 11.3.2. Disabling Services Under Unix
- 11.3.3. Which Services Should You Leave Enabled?
- 11.3.4. Specific Unix Services to Disable
- 11.3.4.1. NFS and related services
- 11.3.4.2. Other RPC services
- 11.3.4.3. Booting services
- 11.3.4.4. BSD "r" command services
- 11.3.4.5. routed
- 11.3.4.6. fingerd
- 11.3.4.7. ftpd
- 11.3.4.8. Other services
- 11.3.5. Running Services on Specific Networks
- 11.3.6. Turning Off Routing
- 11.3.1. How Are Services Managed Under Unix?
- 11.4. Installing and Modifying Services
- 11.4.1. Using the TCP Wrapper Package to Protect Services
- 11.4.1.1. TCP Wrapper example
- 11.4.1.2. Using netacl to protect services
- 11.4.2. Evaluating and Configuring Unix Services
- 11.4.1. Using the TCP Wrapper Package to Protect Services
- 11.5. Reconfiguring for Production
- 11.5.1. Reconfigure and Rebuild the Kernel
- 11.5.2. Remove Nonessential Programs
- 11.5.3. Mount Filesystems as Read-Only
- 11.6. Running a Security Audit
- 12. Windows NT and Windows 2000 Bastion Hosts
- 12.1. Approaches to Building Windows NT Bastion Hosts
- 12.2. Which Version of Windows NT?
- 12.3. Securing Windows NT
- 12.3.1. Setting Up System Logs Under Windows NT
- 12.4. Disabling Nonrequired Services
- 12.4.1. How Are Services Managed Under Windows NT?
- 12.4.1.1. Registry keys
- 12.4.1.2. Other ways to start programs under Windows NT
- 12.4.2. How to Disable Services Under Windows NT
- 12.4.3. Next Steps After Disabling Services
- 12.4.4. Which Services Should You Leave Enabled?
- 12.4.5. Specific Windows NT Services to Disable
- 12.4.5.1. The Services control panel
- 12.4.6. Turning Off Routing
- 12.4.1. How Are Services Managed Under Windows NT?
- 12.5. Installing and Modifying Services
- 4. Packets and Protocols
- III. Internet Services
- 13. Internet Services and Firewalls
- 13.1. Attacks Against Internet Services
- 13.1.1. Command-Channel Attacks
- 13.1.2. Data-Driven Attacks
- 13.1.3. Third-Party Attacks
- 13.1.4. False Authentication of Clients
- 13.1.5. Hijacking
- 13.1.6. Packet Sniffing
- 13.1.7. Data Injection and Modification
- 13.1.8. Replay
- 13.1.9. Denial of Service
- 13.1.10. Protecting Services
- 13.2. Evaluating the Risks of a Service
- 13.2.1. What Operations Does the Protocol Allow?
- 13.2.1.1. What is it designed to do?
- 13.2.1.2. Is the level of authentication and authorization it uses appropriate for doing that?
- 13.2.1.3. Does it have any other commands in it?
- 13.2.2. What Data Does the Protocol Transfer?
- 13.2.3. How Well Is the Protocol Implemented?
- 13.2.3.1. Does it have any other commands in it?
- 13.2.4. What Else Can Come in If I Allow This Service?
- 13.2.1. What Operations Does the Protocol Allow?
- 13.3. Analyzing Other Protocols
- 13.4. What Makes a Good Firewalled Service?
- 13.4.1. TCP Versus Other Protocols
- 13.4.2. One Connection per Session
- 13.4.3. One Session per Connection
- 13.4.4. Assigned Ports
- 13.4.5. Protocol Security
- 13.5. Choosing Security-Critical Programs
- 13.5.1. My Product Is Secure Because . . .
- 13.5.1.1. It contains no publicly available code, so it's secret
- 13.5.1.2. It contains publicly available code, so it's been well reviewed
- 13.5.1.3. It is built entirely from scratch, so it didn't inherit any bugs from any other products
- 13.5.1.4. It is built on an old, well-tested code base
- 13.5.1.5. It doesn't run as root/Administrator/LocalSystem
- 13.5.1.6. It doesn't run under Unix, or it doesn't run on a Microsoft operating system
- 13.5.1.7. There are no known attacks against it
- 13.5.1.8. It uses public key cryptography (or some other secure-sounding technology)
- 13.5.2. Their Product Is Insecure Because . . .
- 13.5.2.1. It's been mentioned in a CERT-CC advisory or on a web site listing vulnerabilities
- 13.5.2.2. It's publicly available
- 13.5.2.3. It's been successfully attacked
- 13.5.3. Real Indicators of Security
- 13.5.3.1. Security was one of the design criteria
- 13.5.3.2. The supplier can discuss how major security problems were avoided
- 13.5.3.3. It is possible for you to review the code
- 13.5.3.4. Somebody you know and trust actually has reviewed the code
- 13.5.3.5. There is a security notification and update procedure
- 13.5.3.6. The server implements a recent (but accepted) version of the protocol
- 13.5.3.7. The program uses standard error-logging mechanisms
- 13.5.3.8. There is a secure software distribution mechanism
- 13.5.1. My Product Is Secure Because . . .
- 13.6. Controlling Unsafe Configurations
- 13.1. Attacks Against Internet Services
- 14. Intermediary Protocols
- 14.1. Remote Procedure Call (RPC)
- 14.1.1. Sun RPC Authentication
- 14.1.2. Microsoft RPC Authentication
- 14.1.3. Packet Filtering Characteristics of RPC
- 14.1.4. Proxying Characteristics of RPC
- 14.1.5. Network Address Translation Characteristics of RPC
- 14.1.6. Summary of Recommendations for RPC
- 14.2. Distributed Component Object Model (DCOM)
- 14.3. NetBIOS over TCP/IP (NetBT)
- 14.3.1. Packet Filtering Characteristics of NetBT
- 14.3.2. Proxying Characteristics of NetBT
- 14.3.3. Network Address Translation Characteristics of NetBT
- 14.3.4. Summary of Recommendations for NetBT
- 14.4. Common Internet File System (CIFS) and Server Message Block (SMB)
- 14.4.1. Authentication and SMB
- 14.4.1.1. Share-level authentication
- 14.4.1.2. User-level authentication
- 14.4.2. Packet Filtering Characteristics of SMB
- 14.4.3. Proxying Characteristics of SMB
- 14.4.4. Network Address Translation Characteristics of SMB
- 14.4.5. Summary of Recommendations for SMB
- 14.4.1. Authentication and SMB
- 14.5. Common Object Request Broker Architecture (CORBA) and Internet Inter-Orb Protocol (IIOP)
- 14.5.1. Packet Filtering Characteristics of CORBA and IIOP
- 14.5.2. Proxying Characteristics of CORBA and IIOP
- 14.5.3. Network Address Translation Characteristics of CORBA and IIOP
- 14.5.4. Summary of Recommendations for CORBA and IIOP
- 14.6. ToolTalk
- 14.6.1. Summary of Recommendations for ToolTalk
- 14.7. Transport Layer Security (TLS) and Secure Socket Layer (SSL)
- 14.7.1. The TLS and SSL Protocols
- 14.7.2. Cryptography in TLS and SSL
- 14.7.3. Use of TLS and SSL by Other Protocols
- 14.7.4. Packet Filtering Characteristics of TLS and SSL
- 14.7.5. Proxying Characteristics of TLS and SSL
- 14.7.6. Network Address Translation Characteristics of TLS and SSL
- 14.7.7. Summary of Recommendations for TLS and SSL
- 14.8. The Generic Security Services API (GSSAPI)
- 14.9. IPsec
- 14.9.1. Packet Filtering Characteristics of IPsec
- 14.9.2. Proxying Characteristics of IPsec
- 14.9.3. Network Address Translation Characteristics of IPsec
- 14.9.4. Summary of Recommendations for IPsec
- 14.10. Remote Access Service (RAS)
- 14.11. Point-to-Point Tunneling Protocol (PPTP)
- 14.11.1. Design Weaknesses in PPTP
- 14.11.2. Implementation Weaknesses in PPTP
- 14.11.3. Packet Filtering Characteristics of PPTP
- 14.11.4. Proxying Characteristics of PPTP
- 14.11.5. Network Address Translation Characteristics of PPTP
- 14.11.6. Summary of Recommendations for PPTP
- 14.12. Layer 2 Transport Protocol (L2TP)
- 14.12.1. Packet Filtering Characteristics of L2TP
- 14.12.2. Proxying Characteristics of L2TP
- 14.12.3. Network Address Translation Characteristics of L2TP
- 14.12.4. Summary of Recommendations for L2TP
- 14.1. Remote Procedure Call (RPC)
- 15. The World Wide Web
- 15.1. HTTP Server Security
- 15.1.1. HTTP Extensions
- 15.1.1.1. Tricking extensions
- 15.1.1.2. Running unexpected external programs
- 15.1.1. HTTP Extensions
- 15.2. HTTP Client Security
- 15.2.1. Inadvertent Release of Information
- 15.2.1.1. Cookies
- 15.2.2. External Viewers
- 15.2.3. Extension Systems
- 15.2.4. What Can You Do?
- 15.2.5. Internet Explorer and Security Zones
- 15.2.1. Inadvertent Release of Information
- 15.3. HTTP
- 15.3.1. HTTP Tunneling
- 15.3.2. Special HTTP Servers
- 15.3.3. Packet Filtering Characteristics of HTTP
- 15.3.4. Proxying Characteristics of HTTP
- 15.3.5. Network Address Translation Characteristics of HTTP
- 15.3.6. Securing HTTP
- 15.3.6.1. Packet filtering characteristics of HTTPS and Secure HTTP
- 15.3.6.2. Proxying characteristics of HTTPS and Secure HTTP
- 15.3.6.3. Network address translation characteristics of HTTPS and Secure HTTP
- 15.3.7. Summary of Recommendations for HTTP
- 15.4. Mobile Code and Web-Related Languages
- 15.4.1. JavaScript
- 15.4.2. VBScript
- 15.4.3. Java
- 15.4.4. ActiveX
- 15.5. Cache Communication Protocols
- 15.5.1. Internet Cache Protocol (ICP)
- 15.5.1.1. Packet filtering characteristics of ICP
- 15.5.1.2. Proxying characteristics of ICP
- 15.5.1.3. Network address translation characteristics of ICP
- 15.5.2. Cache Array Routing Protocol (CARP)
- 15.5.3. Web Cache Coordination Protocol (WCCP)
- 15.5.3.1. Packet filtering characteristics of WCCP
- 15.5.3.2. Proxying characteristics of WCCP
- 15.5.3.3. Network address translation characteristics of WCCP
- 15.5.4. Summary of Recommendations for Cache Communication Protocols
- 15.5.1. Internet Cache Protocol (ICP)
- 15.6. Push Technologies
- 15.6.1. Summary of Recommendations for Push Technologies
- 15.7. RealAudio and RealVideo
- 15.7.1. Risks of RealServer
- 15.7.2. Risks of RealAudio and RealVideo Clients
- 15.7.3. Packet Filtering Characteristics of RealAudio and RealVideo
- 15.7.4. Proxying Characteristics of RealAudio and RealVideo
- 15.7.5. Network Address Translation Characteristics of RealAudio and RealVideo
- 15.7.6. Summary Recommendations for RealAudio and RealVideo
- 15.8. Gopher and WAIS
- 15.8.1. Packet Filtering Characteristics of Gopher and WAIS
- 15.8.2. Proxying Characteristics of Gopher and WAIS
- 15.8.3. Network Address Translation Characteristics of Gopher and WAIS
- 15.8.4. Summary of Recommendations for Gopher and WAIS
- 15.1. HTTP Server Security
- 16. Electronic Mail and News
- 16.1. Electronic Mail
- 16.1.1. Keeping Mail Secret
- 16.1.2. Undesirable Mail
- 16.1.2.1. Junk mail
- 16.1.2.2. Viruses and other hostilities
- 16.1.3. Multimedia Internet Mail Extensions (MIME)
- 16.1.4. S/MIME and OpenPGP
- 16.2. Simple Mail Transfer Protocol (SMTP)
- 16.2.1. Extended SMTP (ESMTP)
- 16.2.2. TLS/SSL, SSMTP, and STARTTLS
- 16.2.3. Packet Filtering Characteristics of SMTP
- 16.2.4. Proxying Characteristics of SMTP
- 16.2.5. Network Address Translation Characteristics of SMTP
- 16.2.6. Configuring SMTP to Work with a Firewall
- 16.2.7. Sendmail
- 16.2.8. Other Freely Available SMTP Servers for Unix
- 16.2.8.1. smail
- 16.2.8.2. Postfix
- 16.2.8.3. Qmail
- 16.2.9. Commercial SMTP Servers for Unix
- 16.2.10. Improving SMTP Security with smap and smapd
- 16.2.11. biff
- 16.2.12. SMTP Support in Non-SMTP Mail Systems
- 16.2.13. SMTP Servers for Windows NT
- 16.2.14. Summary of Recommendations for SMTP
- 16.3. Other Mail Transfer Protocols
- 16.4. Microsoft Exchange
- 16.4.1. Summary of Recommendations for Microsoft Exchange
- 16.5. Lotus Notes and Domino
- 16.5.1. Packet Filtering Characteristics of Lotus Notes
- 16.5.2. Proxying Characteristics of Lotus Notes
- 16.5.3. Network Address Translation Characteristics of Lotus Notes
- 16.5.4. Summary of Recommendations for Lotus Notes
- 16.6. Post Office Protocol (POP)
- 16.6.1. Packet Filtering Characteristics of POP
- 16.6.2. Proxying Characteristics of POP
- 16.6.3. Network Address Translation Characteristics of POP
- 16.6.4. Summary of Recommendations for POP
- 16.7. Internet Message Access Protocol (IMAP)
- 16.7.1. Packet Filtering Characteristics of IMAP
- 16.7.2. Proxying Characteristics of IMAP
- 16.7.3. Network Address Translation Characteristics of IMAP
- 16.7.4. Summary of Recommendations for IMAP
- 16.8. Microsoft Messaging API (MAPI)
- 16.9. Network News Transfer Protocol (NNTP)
- 16.9.1. Packet Filtering Characteristics of NNTP
- 16.9.2. Proxying Characteristics of NNTP
- 16.9.3. Network Address Translation Characteristics of NNTP
- 16.9.4. Summary of Recommendations for NNTP
- 16.1. Electronic Mail
- 17. File Transfer, File Sharing, and Printing
- 17.1. File Transfer Protocol (FTP)
- 17.1.1. Packet Filtering Characteristics of FTP
- 17.1.2. Proxying Characteristics of FTP
- 17.1.3. Network Address Translation Characteristics of FTP
- 17.1.4. Providing Anonymous FTP Service
- 17.1.4.1. Limiting access to information
- 17.1.4.2. Preventing people from using your server to distribute their data
- 17.1.4.2.1. Making your incoming directory write-only
- 17.1.4.2.2. Making anonymous read and anonymous write exclusive
- 17.1.4.2.3. Disabling the creation of directories and certain files
- 17.1.4.2.4. Uploading by prearrangement
- 17.1.4.2.5. Removing the files
- 17.1.4.3. Preventing people from using your server to attack other machines
- 17.1.4.4. Using the wuarchive FTP daemon
- 17.1.5. Summary of Recommendations for FTP
- 17.2. Trivial File Transfer Protocol (TFTP)
- 17.2.1. Packet Filtering Characteristics of TFTP
- 17.2.2. Proxying Characteristics of TFTP
- 17.2.3. Network Address Translation Characteristics of TFTP
- 17.2.4. Summary of Recommendations for TFTP
- 17.3. Network File System (NFS)
- 17.3.1. NFS Authentication
- 17.3.2. NFS and root
- 17.3.3. NFS Client Vulnerabilities
- 17.3.4. File Locking with NFS
- 17.3.5. Automounting
- 17.3.6. Packet Filtering Characteristics of NFS
- 17.3.7. Proxying Characteristics of NFS
- 17.3.8. Network Address Translation Characteristics of NFS
- 17.4. File Sharing for Microsoft Networks
- 17.4.1. Samba
- 17.4.2. Distributed File System (Dfs)
- 17.4.3. Packet Filtering, Proxying, and Network Address Translation Characteristics of Microsoft File Sharing
- 17.5. Summary of Recommendations for File Sharing
- 17.6. Printing Protocols
- 17.6.1. lpr and lp
- 17.6.1.1. LPRng
- 17.6.1.2. Packet filtering characteristics of lpr
- 17.6.1.3. Proxying characteristics of lpr
- 17.6.1.4. Network address translation characteristics of lpr
- 17.6.1.5. Packet filtering and proxying characteristics of lp
- 17.6.2. Windows-based Printing
- 17.6.3. Other Printing Systems
- 17.6.4. Summary of Recommendations for Printing Protocols
- 17.6.1. lpr and lp
- 17.7. Related Protocols
- 17.1. File Transfer Protocol (FTP)
- 18. Remote Access to Hosts
- 18.1. Terminal Access (Telnet)
- 18.1.1. Windows 2000 Telnet
- 18.1.2. Packet Filtering Characteristics of Telnet
- 18.1.3. Proxying Characteristics of Telnet
- 18.1.4. Network Address Translation Characteristics of Telnet
- 18.1.5. Summary of Recommendations for Telnet
- 18.2. Remote Command Execution
- 18.2.1. BSD "r" Commands
- 18.2.1.1. BSD "r" commands under Windows NT
- 18.2.1.2. Packet filtering characteristics of the BSD "r" commands
- 18.2.1.3. Proxying characteristics of the BSD "r" commands
- 18.2.1.4. Network address translation characteristics of the BSD "r"commands
- 18.2.1.5. Summary of recommendations for the BSD "r" command
- 18.2.2. rexec
- 18.2.2.1. Packet filtering characteristics of rexec
- 18.2.2.2. Proxying characteristics of rexec
- 18.2.2.3. Network address translation characteristics of rexec
- 18.2.2.4. Summary of recommendations for rexec
- 18.2.3. rex
- 18.2.3.1. Summary of recommendations for rex
- 18.2.4. Windows NT Remote Commands
- 18.2.4.1. Summary of recommendations for remote commands
- 18.2.5. Secure Shell (SSH)
- 18.2.5.1. What makes SSH secure?
- 18.2.5.2. SSH server authentication
- 18.2.5.3. SSH client authentication
- 18.2.5.4. Additional SSH options for client control
- 18.2.5.5. SSH session hijacking protection
- 18.2.5.6. Port forwarding
- 18.2.5.7. Remote X11 Window System support
- 18.2.5.8. Packet filtering characteristics of SSH
- 18.2.5.9. Proxying characteristics of SSH
- 18.2.5.10. Network address translation characteristics of SSH
- 18.2.5.11. Summary of recommendations for SSH
- 18.2.1. BSD "r" Commands
- 18.3. Remote Graphical Interfaces
- 18.3.1. X11 Window System
- 18.3.1.1. Additional servers
- 18.3.1.2. Packet filtering characteristics of X11
- 18.3.1.3. Proxying characteristics of X11
- 18.3.1.4. Network address translation characteristics of X11
- 18.3.1.5. Summary of recommendations for XII
- 18.3.2. Remote Graphic Interfaces for Microsoft Operating Systems
- 18.3.3. Independent Computing Architecture (ICA)
- 18.3.3.1. Packet filtering characteristics of ICA
- 18.3.3.2. Proxying characteristics of ICA
- 18.3.3.3. Network address translation characteristics of ICA
- 18.3.4. Microsoft Terminal Server and Terminal Services
- 18.3.4.1. Packet filtering characteristics of RDP
- 18.3.4.2. Proxying characteristics of RDP
- 18.3.4.3. Network address translation characteristics of RDP
- 18.3.5. BO2K
- 18.3.5.1. Packet filtering characteristics of BO2K
- 18.3.5.2. Proxying characteristics of BO2K
- 18.3.5.3. Network address translation characteristics of BO2K
- 18.3.6. Summary of Recommendations for Windows Remote Access
- 18.3.1. X11 Window System
- 18.1. Terminal Access (Telnet)
- 19. Real-Time Conferencing Services
- 19.1. Internet Relay Chat (IRC)
- 19.1.1. Packet Filtering Characteristics of IRC
- 19.1.2. Proxying Characteristics of IRC
- 19.1.3. Network Address Translation Characteristics of IRC
- 19.1.4. Summary of Recommendations for IRC
- 19.2. ICQ
- 19.2.1. Packet Filtering Characteristics of ICQ
- 19.2.2. Proxying Characteristics of ICQ
- 19.2.3. Network Address Translation Characteristics of ICQ
- 19.2.4. Summary of Recommendations for ICQ
- 19.3. talk
- 19.3.1. Packet Filtering Characteristics of talk
- 19.3.2. Proxying Characteristics of talk
- 19.3.3. Network Address Translation Characteristics of talk
- 19.3.4. Summary of Recommendations for talk
- 19.4. Multimedia Protocols
- 19.4.1. T.120 and H.323
- 19.4.1.1. Packet filtering characteristics of T.120
- 19.4.1.2. Proxying characteristics of T.120
- 19.4.1.3. Network address translation characteristics of T.120
- 19.4.1.4. Packet filtering characteristics of H.323
- 19.4.1.5. Proxying characteristics of H.323
- 19.4.1.6. Network address translation characteristics of H.323
- 19.4.1.7. Summary of recommendations for T.120 and H.323
- 19.4.2. The Real-Time Transport Protocol (RTP) and the RTP Control Protocol (RTCP)
- 19.4.2.1. Packet filtering characteristics of RTP and RTCP
- 19.4.2.2. Proxying characteristics of RTP and RTCP
- 19.4.2.3. Network address translation of RTP and RTCP
- 19.4.2.4. Summary of recommendations for RTP and RTCP
- 19.4.1. T.120 and H.323
- 19.5. NetMeeting
- 19.5.1. Packet Filtering Characteristics of NetMeeting
- 19.5.2. Proxying Characteristics of NetMeeting
- 19.5.3. Network Address Translation Characteristics of NetMeeting
- 19.5.4. Summary of Recommendations for NetMeeting
- 19.6. Multicast and the Multicast Backbone (MBONE)
- 19.6.1. Summary of Recommendations for Multicast
- 19.1. Internet Relay Chat (IRC)
- 20. Naming and Directory Services
- 20.1. Domain Name System (DNS)
- 20.1.1. Packet Filtering Characteristics of DNS
- 20.1.2. Proxying Characteristics of DNS
- 20.1.3. DNS Data
- 20.1.4. DNS Security Problems
- 20.1.4.1. Bogus answers to DNS queries
- 20.1.4.2. Malicious DNS queries
- 20.1.4.3. Mismatched data between the hostname and IP address DNS trees
- 20.1.4.4. Dynamic update
- 20.1.4.5. Revealing too much information to attackers
- 20.1.5. Setting Up DNS to Hide Information, Without Subdomains
- 20.1.5.1. Set up a "fake" DNS server on the bastion host for the outside world to use
- 20.1.5.2. Set up a real DNS server on an internal system for internal hosts to use
- 20.1.5.3. Internal DNS clients query the internal server
- 20.1.5.4. Bastion DNS clients also query the internal server
- 20.1.5.5. What your packet filtering system needs to allow
- 20.1.6. Setting Up DNS to Hide Information, with Subdomains
- 20.1.7. Setting Up DNS Without Hiding Information
- 20.1.8. Windows 2000 and DNS
- 20.1.9. Network Address Translation Characteristics of DNS
- 20.1.10. Summary of Recommendations for DNS
- 20.2. Network Information Service (NIS)
- 20.2.1. Summary of Recommendations for NIS
- 20.3. NetBIOS for TCP/IP Name Service and Windows Internet Name Service
- 20.3.1. Name Resolution Under Windows
- 20.3.2. NetBIOS Names
- 20.3.3. NetBT Name Service Operations
- 20.3.3.1. General principles of NetBT operations
- 20.3.3.2. Name registration
- 20.3.3.3. Name refresh
- 20.3.3.4. Name resolution
- 20.3.3.5. Name release
- 20.3.3.6. Conflict management
- 20.3.4. WINS Server-Server Communication
- 20.3.5. The WINS Manager
- 20.3.6. Security Implications of NetBT Name Service and WINS
- 20.3.7. Packet Filtering Characteristics of NetBT Name Service
- 20.3.8. Proxying Characteristics of NetBT Name Service and WINS
- 20.3.9. Network Address Translation Characteristics of NetBT Name Service and WINS
- 20.3.10. Summary of Recommendations for NetBT Name Service and WINS
- 20.4. The Windows Browser
- 20.4.1. Domains and Workgroups
- 20.4.2. Windows Browser Roles
- 20.4.2.1. Domain master browser
- 20.4.2.2. Master browser
- 20.4.2.3. Backup browsers
- 20.4.2.4. Potential browsers
- 20.4.2.5. Browseable server
- 20.4.2.6. Browser client
- 20.4.3. Browser Elections
- 20.4.4. Security Implications of the Windows Browser
- 20.4.5. Packet Filtering Characteristics of the Windows Browser
- 20.4.6. Proxying Characteristics of the Windows Browser
- 20.4.7. Network Address Translation Characteristics of the Windows Browser
- 20.4.8. Summary of Recommendations for the Windows Browser
- 20.5. Lightweight Directory Access Protocol (LDAP)
- 20.5.1. LDAPS
- 20.5.2. Packet Filtering Characteristics of LDAP
- 20.5.3. Proxying Characteristics of LDAP
- 20.5.4. Network Address Translation Characteristics of LDAP
- 20.5.5. Summary of Recommendations for LDAP
- 20.6. Active Directory
- 20.7. Information Lookup Services
- 20.7.1. finger
- 20.7.1.1. Packet filtering characteristics of finger
- 20.7.1.2. Proxying characteristics of finger
- 20.7.1.3. Network address translation characteristics of finger
- 20.7.1.4. Summary of recommendations for finger
- 20.7.2. whois
- 20.7.2.1. Packet filtering characteristics of whois
- 20.7.2.2. Proxying characteristics of whois
- 20.7.2.3. Network address translation characteristics of whois
- 20.7.2.4. Summary of recommendations for whois
- 20.7.1. finger
- 20.1. Domain Name System (DNS)
- 21. Authentication and Auditing Services
- 21.1. What Is Authentication?
- 21.1.1. Something You Are
- 21.1.2. Something You Know
- 21.1.3. Something You Have
- 21.2. Passwords
- 21.3. Authentication Mechanisms
- 21.3.1. One-Time Password Software
- 21.3.2. One-Time Password Hardware
- 21.4. Modular Authentication for Unix
- 21.4.1. The TIS FWTK Authentication Server
- 21.4.1.1. Problems with the authentication server
- 21.4.2. Pluggable Authentication Modules (PAM)
- 21.4.1. The TIS FWTK Authentication Server
- 21.5. Kerberos
- 21.5.1. How It Works
- 21.5.2. Extending Trust
- 21.5.3. Packet Filtering Characteristics of Kerberos
- 21.5.4. Proxying and Network Address Translation Characteristics of Kerberos
- 21.5.5. Summary of Recommendations for Kerberos
- 21.6. NTLM Domains
- 21.6.1. Finding a Domain Controller
- 21.6.2. The Logon Process
- 21.6.3. Secure Channel Setup
- 21.6.4. SMB Authentication
- 21.6.5. Accessing Other Computers
- 21.6.6. Alternate Authentication Methods
- 21.6.7. Controller-to-Controller Communication
- 21.6.8. The User Manager
- 21.6.9. Packet Filtering, Proxying, and Network Address Translation Characteristics of NTLM Domain Authentication
- 21.6.10. Summary of Recommendations for NTLM Domain Authentication
- 21.7. Remote Authentication Dial-in User Service (RADIUS)
- 21.7.1. Packet Filtering Characteristics of RADIUS
- 21.7.2. Proxying Characteristics of RADIUS
- 21.7.3. Network Address Translation Characteristics of RADIUS
- 21.7.4. Summary of Recommendations for RADIUS
- 21.8. TACACS and Friends
- 21.8.1. Packet Filtering Characteristics of TACACS and Friends
- 21.8.2. Proxying Characteristics of TACACS and Friends
- 21.8.3. Network Address Translation Characteristics of TACACS and Friends
- 21.8.4. Summary of Recommendations for TACACS and Friends
- 21.9. Auth and identd
- 21.9.1. Packet Filtering Characteristics of Auth
- 21.9.2. Proxying Characteristics of Auth
- 21.9.3. Network Address Translation Characteristics of Auth
- 21.9.4. Summary of Recommendations for Auth
- 21.1. What Is Authentication?
- 22. Administrative Services
- 22.1. System Management Protocols
- 22.1.1. syslog
- 22.1.1.1. Packet filtering characteristics of syslog
- 22.1.1.2. Proxying characteristics of syslog
- 22.1.1.3. Network address translation and syslog
- 22.1.1.4. Summary of recommendations for syslog
- 22.1.2. Simple Network Management Protocol (SNMP)
- 22.1.2.1. SNMP version 3
- 22.1.2.2. Packet filtering characteristics of SNMP
- 22.1.2.3. Proxying characteristics of SNMP
- 22.1.2.4. Network address translation and SNMP
- 22.1.3. System Management Server (SMS)
- 22.1.4. Performance Monitor and Network Monitor
- 22.1.5. Summary Recommendations for System Management
- 22.1.1. syslog
- 22.2. Routing Protocols
- 22.2.1. Routing Information Protocol (RIP)
- 22.2.1.1. Packet filtering characteristics of RIP
- 22.2.2. Open Shortest Path First (OSPF)
- 22.2.2.1. Packet filtering characteristics of OSPF
- 22.2.3. Internet Group Management Protocol (IGMP)
- 22.2.3.1. Packet filtering characteristics of IGMP
- 22.2.4. Router Discovery/ICMP Router Discovery Protocol (IRDP)
- 22.2.4.1. Packet filtering characteristics of router discovery
- 22.2.5. Proxying Characteristics of Routing Protocols
- 22.2.6. Network Address Translation Characteristics of Routing Protocols
- 22.2.7. Summary of Recommendations for Routing Protocols
- 22.2.1. Routing Information Protocol (RIP)
- 22.3. Protocols for Booting and Boot-Time Configuration
- 22.3.1. bootp
- 22.3.2. Dynamic Host Configuration Protocol (DHCP)
- 22.3.3. Packet Filtering Characteristics of DHCP and bootp
- 22.3.4. Proxying Characteristics of bootp and DHCP
- 22.3.5. Network Address Translation Characteristics of Booting and Boot-Time Configuration
- 22.3.6. Summary of Recommendations for Booting and Boot-Time Configuration
- 22.4. ICMP and Network Diagnostics
- 22.4.1. ping
- 22.4.1.1. Packet filtering characteristics of ping
- 22.4.1.2. Proxying characteristics of ping
- 22.4.1.3. Network address translation and ping
- 22.4.2. traceroute
- 22.4.2.1. Packet filtering characteristics of traceroute
- 22.4.2.2. Proxying characteristics of traceroute
- 22.4.2.3. Network address translation and traceroute
- 22.4.3. Other ICMP Packets
- 22.4.3.1. Packet filtering characteristics of ICMP
- 22.4.4. Summary of Recommendations for ICMP
- 22.4.1. ping
- 22.5. Network Time Protocol (NTP)
- 22.5.1. Packet Filtering Characteristics of NTP
- 22.5.2. Proxying Characteristics of NTP
- 22.5.3. Network Address Translation Characteristics of NTP
- 22.5.4. Configuring NTP to Work with a Firewall
- 22.5.5. Summary of Recommendations for NTP
- 22.6. File Synchronization
- 22.6.1. rdist
- 22.6.2. rsync
- 22.6.2.1. Packet filtering characteristics of rsync
- 22.6.2.2. Proxying characteristics of rsync
- 22.6.2.3. Network address translation characteristics of rsync
- 22.6.3. Windows NT Directory Replication
- 22.6.4. Windows 2000 File Replication Service (FRS)
- 22.6.5. Summary of Recommendations for File Synchronization
- 22.7. Mostly Harmless Protocols
- 22.7.1. Packet Filtering Characteristics of Mostly Harmless Protocols
- 22.7.2. Proxying Characteristics of Mostly Harmless Protocols
- 22.7.3. Network Address Translation Characteristics of Mostly Harmless Protocols
- 22.7.4. Summary Recommendations for Mostly Harmless Protocols
- 22.1. System Management Protocols
- 23. Databases and Games
- 23.1. Databases
- 23.1.1. Locating Database Servers
- 23.1.1.1. Putting both the web server and the database on the perimeter network
- 23.1.1.2. Putting both the web server and the database on the internal network
- 23.1.1.3. Using the database's protocols to connect to a perimeter web server
- 23.1.1.4. Using a custom protocol to connect to a perimeter web server
- 23.1.2. Open Database Connectivity (ODBC) and Java Database Connectivity ( JDBC)
- 23.1.3. Oracle SQL*Net and Net8
- 23.1.3.1. Security implications of SQL*Net and Net8
- 23.1.3.2. Packet filtering characteristics of SQL*Net and Net8
- 23.1.3.3. Proxying characteristics of SQL*Net and Net8
- 23.1.3.4. Network address translation characteristics of SQL*Net and Net8
- 23.1.3.5. Summary of recommendations for SQL*Net and Net8
- 23.1.4. Tabular Data Stream (TDS)
- 23.1.5. Sybase
- 23.1.5.1. Packet filtering characteristics of Sybase
- 23.1.5.2. Proxying characteristics of Sybase
- 23.1.5.3. Network address translation characteristics of Sybase
- 23.1.5.4. Summary of recommendations for Sybase
- 23.1.6. Microsoft SQL Server
- 23.1.6.1. Packet filtering characteristics of Microsoft SQL Server
- 23.1.6.2. Proxying characteristics of Microsoft SQL Server
- 23.1.6.3. Network address translation and Microsoft SQL Server
- 23.1.6.4. Summary of recommendations for Microsoft SQL Server
- 23.1.1. Locating Database Servers
- 23.2. Games
- 23.2.1. Quake
- 23.2.2. Summary of Recommendations for Games
- 23.1. Databases
- 24. Two Sample Firewalls
- 24.1. Screened Subnet Architecture
- 24.1.1. Service Configuration
- 24.1.1.1. HTTP and HTTPS
- 24.1.1.2. SMTP
- 24.1.1.3. Telnet
- 24.1.1.4. SSH
- 24.1.1.5. FTP
- 24.1.1.6. NNTP
- 24.1.1.7. DNS
- 24.1.2. Packet Filtering Rules
- 24.1.2.1. Interior router
- 24.1.2.2. Exterior router
- 24.1.3. Other Configuration Work
- 24.1.4. Analysis
- 24.1.4.1. Least privilege
- 24.1.4.2. Defense in depth
- 24.1.4.3. Choke point
- 24.1.4.4. Weakest link
- 24.1.4.5. Fail-safe stance
- 24.1.4.6. Universal participation
- 24.1.4.7. Diversity of defense
- 24.1.4.8. Simplicity
- 24.1.5. Conclusions
- 24.1.1. Service Configuration
- 24.2. Merged Routers and Bastion Host Using General-Purpose Hardware
- 24.2.1. Service Configuration
- 24.2.1.1. HTTP and HTTPS
- 24.2.1.2. SMTP
- 24.2.1.3. Telnet
- 24.2.1.4. SSH
- 24.2.1.5. FTP
- 24.2.1.6. NNTP
- 24.2.1.7. DNS
- 24.2.2. Packet Filtering Rules
- 24.2.3. Other Configuration Work
- 24.2.4. Analysis
- 24.2.4.1. Least privilege
- 24.2.4.2. Defense in depth
- 24.2.4.3. Choke point
- 24.2.4.4. Weakest link
- 24.2.4.5. Fail-safe stance
- 24.2.4.6. Universal participation
- 24.2.4.7. Diversity of defense
- 24.2.4.8. Simplicity
- 24.2.5. Conclusions
- 24.2.1. Service Configuration
- 24.1. Screened Subnet Architecture
- 13. Internet Services and Firewalls
- IV. Keeping Your Site Secure
- 25. Security Policies
- 25.1. Your Security Policy
- 25.1.1. What Should a Security Policy Contain?
- 25.1.1.1. Explanations
- 25.1.1.2. Everybody's responsibilities
- 25.1.1.3. Regular language
- 25.1.1.4. Enforcement authority
- 25.1.1.5. Provision for exceptions
- 25.1.1.6. Provision for reviews
- 25.1.1.7. Discussion of specific security issues
- 25.1.2. What Should a Security Policy Not Contain?
- 25.1.2.1. Technical details
- 25.1.2.2. Somebody else's problems
- 25.1.2.3. Problems that aren't computer security problems
- 25.1.1. What Should a Security Policy Contain?
- 25.2. Putting Together a Security Policy
- 25.2.1. What Is Your Security Policy?
- 25.2.2. What Is Your Site's Security Policy?
- 25.2.3. External Factors That Influence Security Policies
- 25.3. Getting Strategic and Policy Decisions Made
- 25.3.1. Enlist Allies
- 25.3.2. Involve Everybody Who's Affected
- 25.3.3. Accept "Wrong" Decisions
- 25.3.4. Present Risks and Benefits in Different Ways for Different People
- 25.3.5. Avoid Surprises
- 25.3.6. Condense to Important Decisions, with Implications
- 25.3.7. Justify Everything Else in Terms of Those Decisions
- 25.3.8. Emphasize that Many Issues Are Management and Personnel Issues, not Technical Issues
- 25.3.9. Don't Assume That Anything Is Obvious
- 25.4. What If You Can't Get a Security Policy?
- 25.1. Your Security Policy
- 26. Maintaining Firewalls
- 26.1. Housekeeping
- 26.1.1. Backing Up Your Firewall
- 26.1.2. Managing Your Accounts
- 26.1.3. Managing Your Disk Space
- 26.2. Monitoring Your System
- 26.2.1. Special-Purpose Monitoring Devices
- 26.2.2. Intrusion Detection Systems
- 26.2.3. What Should You Watch For?
- 26.2.4. The Good, the Bad, and the Ugly
- 26.2.5. Responding to Probes
- 26.2.6. Responding to Attacks
- 26.3. Keeping up to Date
- 26.3.1. Keeping Yourself up to Date
- 26.3.1.1. Mailing lists
- 26.3.1.2. Newsgroups
- 26.3.1.3. Web sites
- 26.3.1.4. Professional forums
- 26.3.2. Keeping Your Systems up to Date
- 26.3.1. Keeping Yourself up to Date
- 26.4. How Long Does It Take?
- 26.5. When Should You Start Over?
- 26.1. Housekeeping
- 27. Responding to Security Incidents
- 27.1. Responding to an Incident
- 27.1.1. Evaluate the Situation
- 27.1.2. Start Documenting
- 27.1.3. Disconnect or Shut Down, as Appropriate
- 27.1.4. Analyze and Respond
- 27.1.5. Make "Incident in Progress" Notifications
- 27.1.5.1. Your own organization
- 27.1.5.2. CERT-CC or other incident response teams
- 27.1.5.3. Vendors and service providers
- 27.1.5.4. Other sites
- 27.1.6. Snapshot the System
- 27.1.7. Restore and Recover
- 27.1.8. Document the Incident
- 27.2. What to Do After an Incident
- 27.3. Pursuing and Capturing the Intruder
- 27.4. Planning Your Response
- 27.4.1. Planning for Detection
- 27.4.2. Planning for Evaluation of the Incident
- 27.4.3. Planning for Disconnecting or Shutting Down Machines
- 27.4.4. Planning for Notification of People Who Need to Know
- 27.4.4.1. Your own organization
- 27.4.4.2. CERT-CC and other incident response teams
- 27.4.4.3. Vendors and service providers
- 27.4.4.4. Other sites
- 27.4.5. Planning for Snapshots
- 27.4.6. Planning for Restoration and Recovery
- 27.4.7. Planning for Documentation
- 27.4.8. Periodic Review of Plans
- 27.5. Being Prepared
- 27.5.1. Backing Up Your Filesystems
- 27.5.2. Labeling and Diagramming Your System
- 27.5.3. Keeping Secured Checksums
- 27.5.4. Keeping Activity Logs
- 27.5.5. Keeping a Cache of Tools and Supplies
- 27.5.6. Testing the Reload of the Operating System
- 27.5.7. Doing Drills
- 27.1. Responding to an Incident
- 25. Security Policies
- V. Appendixes
- A. Resources
- A.1. Web Pages
- A.1.1. Telstra
- A.1.2. CERIAS
- A.1.3. The Linux Documentation Project
- A.1.4. The Linux Router Project
- A.2. FTP Sites
- A.2.1. cerias.purdue.edu
- A.2.2. info.cert.org
- A.3. Mailing Lists
- A.3.1. Firewalls
- A.3.2. Firewall Wizards
- A.3.3. FWTK-USERS
- A.3.4. BugTraq
- A.3.5. NTBugTraq
- A.3.6. CERT-Advisory
- A.3.7. RISKS
- A.4. Newsgroups
- A.5. Response Teams
- A.5.1. CERT-CC
- A.5.2. FIRST
- A.5.3. NIST CSRC
- A.6. Other Organizations
- A.6.1. Internet Engineering Task Force (IETF)
- A.6.2. World Wide Web Consortium (W3C)
- A.6.3. USENIX Association
- A.6.4. System Administrators Guild (SAGE)
- A.6.5. System Administration, Networking, and Security (SANS) Institute
- A.7. Conferences
- A.7.1. USENIX Association Conferences
- A.7.1.1. USENIX Unix Security Symposium
- A.7.1.2. USENIX System Administration (LISA) Conference
- A.7.1.3. USENIX Large Installation System Administration of Windows NT (LISA-NT) Conference
- A.7.1.4. USENIX Technical Conferences
- A.7.2. Unix System Administration, Networking, and Security (SANS) Conference
- A.7.3. Internet Society Symposium on Network and Distributed System Security (SNDSS)
- A.7.1. USENIX Association Conferences
- A.8. Papers
- A.9. Books
- A.1. Web Pages
- B. Tools
- B.1. Authentication Tools
- B.1.1. TIS Internet Firewall Toolkit (FWTK)
- B.1.2. Kerberos
- B.2. Analysis Tools
- B.2.1. COPS
- B.2.2. Tiger
- B.2.3. Tripwire
- B.2.4. SATAN
- B.2.5. SAINT
- B.3. Packet Filtering Tools
- B.3.1. ipfilter
- B.4. Proxy Systems Tools
- B.4.1. TIS Internet Firewall Toolkit (FWTK)
- B.4.2. SOCKS
- B.4.3. UDP Packet Relayer
- B.4.4. tircproxy
- B.5. Daemons
- B.5.1. wuarchive ftpd
- B.5.2. GateD
- B.5.3. Zebra
- B.5.4. Postfix
- B.5.5. qmail
- B.5.6. smail
- B.5.7. portmap
- B.5.8. Andrew File System (AFS)
- B.5.9. rsync
- B.5.10. Samba
- B.5.11. ssh
- B.5.12. BO2K
- B.5.13. mIRC
- B.6. Utilities
- B.6.1. TIS Internet Firewall Toolkit (FWTK)
- B.6.2. TCP Wrapper
- B.6.3. chrootuid
- B.6.4. inzider
- B.6.5. MRTG
- B.6.6. NOCOL
- B.6.7. NetCat
- B.6.8. NetSaint
- B.6.9. PGP
- B.6.10. trimlog
- B.6.11. AntiSniff
- B.6.12. tcpdump
- B.1. Authentication Tools
- C. Cryptography
- C.1. What Are You Protecting and Why?
- C.2. Key Components of Cryptographic Systems
- C.2.1. Encryption
- C.2.1.1. Kinds of encryption algorithms
- C.2.1.2. Encryption algorithms and key length
- C.2.2. Cryptographic Hashes, Checksums, and Message Digests
- C.2.3. Integrity Protection
- C.2.4. Random Numbers
- C.2.1. Encryption
- C.3. Combined Cryptography
- C.3.1. Digital Signatures
- C.3.2. Certificates
- C.3.3. Certificate Trust Models
- C.3.4. Key Distribution and Exchange
- C.4. What Makes a Protocol Secure?
- C.4.1. Selecting an Algorithm
- C.4.2. Mutual Authentication
- C.4.3. Sharing a Secret
- C.4.4. Identifying Altered Messages
- C.4.5. Destroying the Shared Secret
- C.5. Information About Algorithms
- C.5.1. Encryption Algorithms
- C.5.2. Digital Signature Algorithms
- C.5.3. Cryptographic Hashes and Message Digests
- C.5.4. Key Exchange
- C.5.5. Key Sizes and Strength
- C.5.6. Evaluating Other Algorithms
- A. Resources
- Index
- About the Authors
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly
O'Reilly Media - inne książki
-
Nowość Promocja
Business decisions in any context—operational, tactical, or strategic—can have considerable consequences. Whether the outcome is positive and rewarding or negative and damaging to the business, its employees, and stakeholders is unknown when action is approved. These decisions are usually made under the proverbial cloud of uncertainty.With this pra- ePub + Mobi 194 pkt
(186,15 zł najniższa cena z 30 dni)
194.65 zł
228.99 zł (-15%) -
Nowość Promocja
If you're a developer looking to build a distributed, resilient, scalable, high-performance application, you may be evaluating distributed SQL and NoSQL solutions. Perhaps you're considering the Aerospike database.This practical book shows developers, architects, and engineers how to get the highly scalable and extremely low-latency Aerospike datab- ePub + Mobi 254 pkt
Aerospike: Up and Running. Developing on a Modern Operational Database for Globally Distributed Apps
(228,65 zł najniższa cena z 30 dni)
254.15 zł
299.00 zł (-15%) -
Nowość Promocja
Reinforcement learning (RL) has led to several breakthroughs in AI. The use of the Q-learning (DQL) algorithm alone has helped people develop agents that play arcade games and board games at a superhuman level. More recently, RL, DQL, and similar methods have gained popularity in publications related to financial research.This book is among the fir- ePub + Mobi 228 pkt
(220,15 zł najniższa cena z 30 dni)
228.65 zł
269.00 zł (-15%) -
Nowość Promocja
Learn how to use Go's strengths to develop services that are scalable and resilient even in an unpredictable environment. With this book's expanded second edition, Go developers will explore the composition and construction of cloud native applications, from lower-level Go features and mid-level patterns to high-level architectural considerations.E- ePub + Mobi 228 pkt
(220,15 zł najniższa cena z 30 dni)
228.65 zł
269.00 zł (-15%) -
Promocja
To ensure that applications are reliable and always available, more businesses today are moving applications to AWS. But many companies still struggle to design and build these cloud applications effectively, thinking that because the cloud is resilient, their applications will be too. With this practical guide, software, DevOps, and cloud engineer- ePub + Mobi 228 pkt
(220,15 zł najniższa cena z 30 dni)
228.65 zł
269.00 zł (-15%) -
Promocja
Performance tuning is an experimental science, but that doesn't mean engineers should resort to guesswork and folklore to get the job done. Yet that's often the case. With this practical book, intermediate to advanced Java technologists working with complex platforms will learn how to tune Java cloud applications for performance using a quantitativ- ePub + Mobi 228 pkt
(220,15 zł najniższa cena z 30 dni)
228.65 zł
269.00 zł (-15%) -
Promocja
Today, investment in financial technology and digital transformation is reshaping the financial landscape and generating many opportunities. Too often, however, engineers and professionals in financial institutions lack a practical and comprehensive understanding of the concepts, problems, techniques, and technologies necessary to build a modern, r- ePub + Mobi 228 pkt
(220,15 zł najniższa cena z 30 dni)
228.65 zł
269.00 zł (-15%) -
Promocja
Until recently, infrastructure was the backbone of organizations operating software they developed in-house. But now that cloud vendors run the computers, companies can finally bring the benefits of agile custom-centricity to their own developers. Adding product management to infrastructure organizations is now all the rage.But how's that possible- ePub + Mobi 194 pkt
(186,15 zł najniższa cena z 30 dni)
194.65 zł
228.99 zł (-15%) -
Promocja
Cloud services and SaaS software permeate every company's IT landscape, requiring a shift from manually provisioned services to a more structured approach, with codification at its core. Terraform provides tools to manage the lifecycle of your IT landscape across thousands of different cloud providers and SaaS platforms.By defining your infrastruct- ePub + Mobi 211 pkt
(194,65 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł (-15%) -
Promocja
Using machine learning for products, services, and critical business processes is quite different from using ML in an academic or research setting—especially for recent ML graduates and those moving from research to a commercial environment. Whether you currently work to create products and services that use ML, or would like to in the future, this- ePub + Mobi 254 pkt
(245,65 zł najniższa cena z 30 dni)
254.15 zł
299.00 zł (-15%)
Dzięki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep@ebookpoint.pl
Książka drukowana
Oceny i opinie klientów: Building Internet Firewalls. 2nd Edition Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman (0) Weryfikacja opinii następuje na podstawie historii zamowień na koncie Użytkownika umiejszczającego opinię.