| Building Internet Firewalls, Second Edition By Elizabeth D. Zwicky, Simon Cooper, & D. Brent Chapman |
June 2000, O'Reilly & Associates, Inc.
894 pages, $44.95
n the second edition of Building Internet Firewalls
, Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman again join forces to create a resource providing the theoretical underpinnings of Internet firewalls. While not drilling into the specifics of hardware and software selection, they provide enough information for the audience to make optimal purchasing, architecture, and configuration decisions.
Their backgrounds are impressive: Zwicky's experience predates the 1988 Morris Internet worm, Cooper is actively involved in open source programs, and Chapman is the founder of a Silicon Valley Internet security consulting firm. While the writers claim the book targets systems administrators, IT managers, and users, ordinary users may find the material too heavy.
The book focuses on firewalls built on UNIX and Linux. The authors are less experienced on Windows platforms but make a good effort to include information on Windows NT/2000, where appropriate.
The book is organized into five parts: Network Security; Building Firewalls; Internet Services; Keeping Your Site Secure; and Appendixes. Part I: Network Security
Part I begins by answering questions such as the following: What are you trying to protect on the Internet? What are you trying to protect against? How can you protect your site? What are Internet firewalls, and what can and can't they do?
The section explains the types of services users have come to expect on the Internet (such as e-mail). With its simple explanations, Part I is appropriate for both managers and technical readers.
Managers should pay close attention to Chapter 3, "Security Strategies," where the authors detail the concepts behind creating a secure Internet presence. These basic ideas will serve as a conceptual foundation in building secure systems. They include:
Part II: Building Firewalls
- Least privilege (assigning only the smallest amount of access to resources necessary for any person or program to complete a task)
- Defense in depth (contemporaneously employing an array of security measures)
- Choke point (using one small port between your internal network and the Internet)
- Weakest link (recognizing that your security is only as powerful as its weakest point)
- Fail-safe stance (the concept of determining which services you will allow your users to perform and excluding everything else)
- Universal participation (creating an atmosphere of urgency toward security among your users)
- Diversity of defense (varying the techniques employed to address any given security issue)
- Simplicity (keeping the system you are trying to protect as simple as possible)
- Obscurity (hiding resources from dangerous individuals)
The book then provides an overview of firewall architecture, beginning with an explanation of the underlying technologies of packets and protocols. The authors demonstrate how filtering routers accept and reject decisions and how hackers do their spoofing. This section explores the layers of the TCP/IP stack and defines basic vocabulary. Part II delves into routing and fragmentation and introduces proxy servers. The authors then focus on architecture, including single-box and screened subnet.
The remainder of Part II teaches readers how to construct a security solution. Crafting a solution revolves around the three primary solutions: packet filtering, proxy systems, and bastion hosts. The authors describe the theory behind each approach and provide some generic instructions on how to start building solutions. Part III: Internet Services
Beginning with an overview of the risks inherent in providing Internet services, Part III discusses nearly 100 services and explains how to configure them on a firewall. Services are broken down into 10 categories:
- Intermediary protocols (such as RPC and IIOP)
- The World Wide Web (such as HTTP and RealAudio)
- E-mail and news (such as SMTP and POP)
- File transfer, file sharing, and printing (such as FTP and NFS)
- Remote access to hosts (such as Telnet and SSH)
- Real-time conferencing services (such as IRC and NetMeeting)
- Naming and directory services (such as DNS and LDAP)
- Authentication and auditing services (such as Kerberos and RADIUS)
- Administrative services (such as NTP and SNMP)
- Databases and games (such as SQL*Net and Quake)
First, the authors offer an overview of each service and discuss any thorny security issues. Second, they describe the packet-filtering characteristics of the service. Then, they focus on the service's proxying and network address translation characteristics, followed by a summary of recommendations for enhancing security. Part IV: Keeping Your Site Secure
This section begins with a discussion about creating a security policy while considering affordability, functionality, cultural compatibility, and legality. It provides guidelines for writing and enforcing such a document. The discussion then turns to firewall maintenance and also details how to respond to security incidents. Part V: Appendixes
The first appendix provides starting points for further research; and the second provides a list of free tools available, complete with URLs for downloading them. The final appendix provides a cryptography discussion notable for its breadth, but not depth. Technical readers probably will want additional information. Applied Cryptography: Protocols, Algorithms and Source Code in C
by Bruce Schneier may be a good place to start. Pros and cons
Zwicky, Cooper, and Chapman created a book that will be useful to not only systems administrators, but also the people who manage them. Any organization should benefit from having one resource as a starting point, regardless of technical experience. The book also could be used in academic settings.
An effective security plan is never hatched in a vacuum, and it hardly can rely on one technology. The authors should be applauded for never wearing the evangelist's hat. They are forthcoming about the limitations of firewalls. Where firewalls are inadequate, the authors discuss security aspects that must coexist with bastion hosts, proxy servers, and packet-filtering routers.
Many believe the onus of protecting networked computers falls on hardware and software. They are wrong. People protect networks. The security specialist who writes packet-filtering rules for a router is just as important as the programmer who refrains from attaching an unauthorized modem to her workstation. It's refreshing to see the authors offer advice not only on technical issues, but also on the social aspects of security.
The authors are thorough, including information at times that may be obvious to seasoned developers and administrators. This is both a benefit and a drawback. Security is an exacting business, full of minutia. It's all too common to overlook one small step--with disastrous results. At 869 pages, however, not too many people will read the entire text.
A more fundamental shortcoming is that this information is not best presented in book format. Building Internet Firewalls
should be rewritten in hypertext. Basic information could be presented in just enough detail for managers, while the technically inclined could drill down to information such as port use and filtering rules. While Deborah Russell has done an admirable job of editing this book, one hopes the third edition will include a CD with all text in a hierarchical format. // David Fisco is an Internet media consultant and developer. He can be reached at firstname.lastname@example.org.