Practical Firewalls enables you to get a thorough understanding of all of the basic concepts involved in creating and maintaining a firewall. Aimed at beginning to intermediate network administrators, this book presents information in a manner so that you do not need a large background in the networking field. It provides "real world" methods, problems and solutions of value to you as a user. After reading this book, you will go away with a good understanding of firewall security policies, firewall design strategies, hardware specifications/requirements/variations, software/firewall tools, VPN and Tunneling, monitoring and auditing techniques, and IP chains.
- Paperback | 504 pages
- 187.96 x 228.6 x 48.26mm | 907.18g
- 12 Jun 2000
- Pearson Education (US)
- Que Corporation,U.S.
- United States
- w. figs.
Table of contents
Introduction. I. UNDERSTANDING FIREWALLS AND INTERNET SECURITY. 1. Firewall Basics. Why You Need a Firewall. Use Your Site's Security Policy to Design the Firewall. Firewall Technologies. Hardware or Software Firewalls? Build or Buy? What a Firewall Can Do. What a Firewall Cannot Protect You From. Summary.2. Introduction to the TCP/IP Protocol Suite. The OSI Networking Model. TCP/IP Protocols. IP Addressing. Examining the Contents of an IP Datagram. What Are TCP and UDP Ports? Well-Known Ports. Common TCP/IP Services. Other Network Services. Summary.3. Security and the Internet. LANS and WANS. Security in the Local Area Network. Security in Wide Area Networks. Summary.4. Firewall Security Policy and Firewall Design Strategies The Design Comes Before the Firewall. Firewall Strategies. Incident Reporting and Response. Keeping Up-to-date on Security Advisories. Summary.5. Packet Filtering. The First Line of Defense. IP Header Information That Can Be Used to Filter Packets. TCP and UDP Header Information. The SYN Bit. ICMP Packets. Stateless Operation Versus Stateful Inspection. Hardware and Software Packet Filters. Advantages and Disadvantages of Packet Filters. Summary.6. Using a Bastion Host. Configuring a Bastion Host. Installing a Secure Operating System from Scratch. Eliminating Unnecessary Services and Applications. Removing Unnecessary Applications and Files. Resource Protections and Access Control. Configuring Auditing and Logging. Running Proxy Software on the Bastion Host. When the Bastion Host Is Compromised. Summary.7. Application Gateways and Proxy Servers. Classical and Transparent Proxies. Network Address Translators (NATs). Content Screening and Blocking. Logging and Alerting Facilities. Client Considerations. Summary.8. Operating System Monitoring and Auditing Techniques. UNIX. Windows NT. Application-Specific Log Files. Other Considerations. Summary.II. ENCRYPTION AND SECURE COMMUNICATIONS ON THE INTERNET. 9. Encryption Technology. Protecting Sensitive Information. What Is Encryption? Practical Applications for Cryptography on the Internet. Summary.10. Virtual Private Networks (VPNs) and Tunneling. Secure Communications on the Internet. The IPSec Protocol Suite. The Point-to-Point Tunneling Protocol (PPTP). Summary.11. Using Pretty Good Privacy (PGP) for Encryption. Securing Information Transfers on the Internet. Installing PGP. Summary.III. FIREWALL INSTALLATION AND CONFIGURATION. 12. Firewall Tools Available on the Internet. Using Freeware and Shareware Products. TCP Wrappers. The TIS Firewall Toolkit. SOCKS. SQUID. Drawbridge. SATAN. Other Handy Security Software. Summary.13. Using TCP Wrappers. Introduction to TCP Wrappers. Obtaining TCP Wrappers. Configuring TCP Wrappers. Limitations of TCP Wrappers. Summary.14. Using the TIS Firewall Toolkit (FWTK). Building a Firewall Using the Toolkit. FWTK Components. Configuring Proxy Services. Installing the Toolkit on a Bastion Host. Summary.15. SOCKS. SOCKS V4 and SOCKS V5. SOCKSified Applications. SocksCap. How to Get SOCKS. SOCKS Support. Summary.16. SQUID. What Is SQUID? Where to Get SQUID. Installing and Configuring SQUID. Managing SQUID. Configuring Clients to Use SQUID Summary.17. Using ipfwadm and ipchains on Linux. What Are ipfwadm and ipchains? Installing and Configuring ipfwadm. Obtaining ipfwadm. Installing and Configuring ipchains. Summary.18. Microsoft Proxy Server. Overview of Microsoft Proxy Server. Installing and Configuring Microsoft Proxy Server 2.0. Client Software Configuration Issues. Summary.19. The Elron CammandView Firewall. Overview. Installing CommandView Firewall. The CommandView Firewall Manager Application. Managing User Services. Where to Go from Here. Summary.20. Firewall Appliances. What Is a Firewall Appliance? Pricing a Firewall Appliance. Summary.21. Firewalls and Beyond. New Functionality. Home Computers. Virtual Private Network Clients. IPv6: The Next Generation IP Protocol. The IPv6 Header. Summary.IV. APPENDIXES. Appendix A. TCP and UDP Common Ports. Appendix B. Other Security Tools You Can Use. Appendix C. Additional Resources.
About Scott Mueller
Terry Ogletree is a consultant. He has worked with computers since 1980. Terry has worked with UNIX and TCP/IP since 1985 and has been involved with Windows NT since it first appeared. He is the lead author for Upgrading and Repairing Networks, 2nd Edition (Que), and has contributed chapters to Special Edition Using UNIX, Third Edition (Que) and Windows NT Server Unleashed (SAMS).