Book123

    Free register and download UseNet downloader, then you can FREE Download from UseNet.

    Download without Limit " Firewalls and Internet Security " from UseNet for FREE!

: Repelling the Wily Hacker (2nd Edition)

Author(s): William R. Cheswick,Steven M. Bellovin, Aviel D. Rubin

Publisher: Addison-Wesley Professional

Date : March 6, 2003

Pages : 457

Format : PDF

OCR : Y

Quality : EXCELLENT

Language : English

ISBN-10 : 020163466X

ISBN-13 : 9780201634662

Essential information for anyone wanting to protect Internet-connected computers from unauthorized access. Includes:

* thorough discussion of security-related aspects of TCP/IP;

* step-by-step plans for setting up firewalls;

* hacking and monitoring tools the authors have built to rigorously test and maintain firewalls;

* pointers to public domain security tools on the net;

* first-hand step-by-step accounts of battles with the "Berferd" hackers; and

* practical discussions of the legal aspects of security.

--This text refers to an out of print or unavailable edition of this title.

Review

: Repelling the Wily Hacker gives invaluable advice and practical tools for protecting our computers. You will learn how to plan and execute a security strategy that will thwart the most determined and sophisticated of hackers, while still allowing your company easy access to Internet services. In particular, the authors show step-by-step how to set up a "firewall" gateway - a dedicated computer equipped with safeguards that acts as a single, more easily defended, Internet connection. They even include a description of their most recent gateway, the tools they used to build it, and the hacker attacks they devised to test it. In addition, there is vital information on cryptography, a description of the tools used by hackers, and the legal implications of computer security. With , anyone will be well equipped to provide their organization with effective protection from the wily Internet hacker. -- Midwest Book Review --This text refers to an out of print or unavailable edition of this title.

Product Description

Written by the people responsible for designing and maintaining AT&T's Internet gateway, this book has become the definitive description and practical guide to protecting networks from hacker attacks through the Internet. The book shows how to set up a "firewall" gateway--a dedicated computer equipped with safeguards that acts as a single, more easily defended Internet connection.

From the Inside Flap

It is easy to run a secure computer system. You merely have to disconnect all dial-up connections and permit only direct-wired terminals, put the machine and its terminals in a shielded room, and post a guard at the door.- F.T. Grampp and R.H. Morris

For better or for worse, most computer systems are not run that way today. Security is, in general, a trade-off with convenience, and most people are not willing to forgo the convenience of remote access via networks to their computers. Inevitably, they suffer from some loss of security. It is our purpose here to discuss how to minimize the extent of that loss.

The situation is even worse for computers hooked up to some sort of network. Networks are risky for at least three major reasons. First, and most obvious, more points now exist from which an attack can be launched. Someone who cannot get to your computer cannot attack it; by adding more connection mechanisms for legitimate users, you are also adding more vulnerabilities.

A second reason is that you have extended the physical perimeter of your computer system. In a simple computer, everything is within one box. The CPU can fetch authentication data from memory, secure in the knowledge that no enemy can tamper with it or spy on it. Traditional mechanisms - mode bits, memory protection, and the like - can safeguard critical areas. This is not the case in a network. Messages received may be of uncertain provenance; messages sent are often exposed to all other systems on the net. Clearly, more caution is needed.

The third reason is more subtle, and deals with an essential distinction between an ordinary dial-up modem and a network. Modems, in general, offer one service, typically the ability to log in. When you connect, you're greeted with a login or Username prompt; the ability to do other things, such as sending mail, is mediated through this single choke point. There may be vulnerabilities in the login service, but it is a single service, and a comparatively simple one. Networked computers, on the other hand, offer many services: login, file transfer, disk access, remote execution, phone book, system status, etc. Thus, more points are in need of protection - points that are more complex and more difficult to protect. A networked file system, for example, cannot rely on a typed password for every transaction. Furthermore, many of these services were developed under the assumption that the extent of the network was comparatively limited. In an era of globe-spanning connectivity, that assumption has broken down, sometimes with severe consequences.

Networked computers have another peculiarity worth noting: they are generally not singular entities. That is, it is comparatively uncommon, in today's environment, to attach a computer to a network solely to talk to "strange" computers. More commonly, organizations own a number of computers, and these are connected to each other and to the outside world. This is both a bane and a blessing: a bane, because networked computers often need to trust their peers, to some extent, and a blessing, because the network may be configurable so that only one computer needs to talk to the outside world. Such dedicated computers, often called "firewall gateways," are at the heart of our suggested security strategy.

Our purpose here is twofold. First, we wish to show that this strategy is useful. That is, a firewall, if properly deployed against the expected threats, will provide an organization with greatly increased security. Second, we wish to show that such gateways are necessary, and that there is a real threat to be dealt with.

Audience

This book is written primarily for the network administrator who must protect an organization from unhindered exposure to the Internet. The typical reader should have a background in system administration and networking. Some portions necessarily get intensely technical. A number of chapters are of more general interest. Readers with a casual interest can safely skip the tough stuff and still enjoy the rest of the book.

We also hope that system and network designers will read the book. Many of the problems we discuss are the direct result of a lack of security-conscious design. We hope that newer protocols and systems will be inherently more secure.

Our examples and discussion unabashedly relate to Unix systems and programs. The majority of multiuser machines on the Internet run some version of the Unix operating system. Most application-level gateways are implemented in Unix. This is not to say that other operating systems are more secure; however, there are fewer of them on the Internet, and they are less popular as targets for that reason. But the principles and philosophy apply to network gateways built in other operating systems, or even to a run-time system like MS-DOS.

Our focus is on the TCP/IP protocol suite, especially as used on the Internet. Again, this is not because TCP/IP has more security problems than other protocol stacks - we doubt that very much - rather, it is a commentary on the success of TCP/IP. By far, it is the heterogeneous networking protocol of choice, not only on workstations, for which it is the native tongue, but on virtually all machines, ranging from desktop personal computers to the largest supercomputers. The Internet links most major universities in the United States (and many others around the world), research labs, many government agencies, and even a fair number of businesses. Our organization, AT&T Bell Laboratories, is on the Internet, and much of the advice we offer in this book is the result of our experiences with that connection. We believe that the lessons we have learned are applicable to any network with similar characteristics. We have read of serious attacks on computers attached to public X.25 data network

Code: Buy Book at Lowest Price on Amazon

Rating:
2.5 out of 5 by Book123