Cover image for Building Internet Firewalls, 2nd Edition

Book description

In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks--and the need to protect both business and personal data--have never been greater. We've updated Building Internet Firewalls to address these newer risks. What kinds of security threats does the Internet pose? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. And others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, are in current headlines. Firewalls, critical components of today's computer networks, effectively protect a system from most Internet security threats. They keep damage on one part of the network--such as eavesdropping, a worm program, or file damage--from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down. Like the bestselling and highly respected first edition, Building Internet Firewalls, 2nd Edition, is a practical and detailed step-by-step guide to designing and installing firewalls and configuring Internet services to work with a firewall. Much expanded to include Linux and Windows coverage, the second edition describes:

  • Firewall technologies: packet filtering, proxying, network address translation, virtual private networks

  • Architectures such as screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, internal firewalls

  • Issues involved in a variety of new Internet services and protocols through a firewall

  • Email and News

  • Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo)

  • File transfer and sharing services such as NFS, Samba

  • Remote access services such as Telnet, the BSD "r" commands, SSH, BackOrifice 2000

  • Real-time conferencing services such as ICQ and talk

  • Naming and directory services (e.g., DNS, NetBT, the Windows Browser)

  • Authentication and auditing services (e.g., PAM, Kerberos, RADIUS);

  • Administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics)

  • Intermediary protocols (e.g., RPC, SMB, CORBA, IIOP)

  • Database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server)

The book's complete list of resources includes the location of many publicly available firewall construction tools.

Table of Contents

  1. Building Internet Firewalls, 2nd Edition
  2. Preface
    1. Scope of This Book
    2. Audience
    3. Platforms
    4. Products
    5. Examples
    6. Conventions Used in This Book
    7. Comments and Questions
    8. Acknowledgments for the Second Edition
    9. Acknowledgments for the First Edition
  3. I. Network Security
    1. 1. Why Internet Firewalls?
      1. 1.1. What Are You Trying to Protect?
        1. 1.1.1. Your Data
        2. 1.1.2. Your Resources
        3. 1.1.3. Your Reputation
      2. 1.2. What Are You Trying to Protect Against?
        1. 1.2.1. Types of Attacks
          1. 1.2.1.1. Intrusion
          2. 1.2.1.2. Denial of service
          3. 1.2.1.3. Information theft
        2. 1.2.2. Types of Attackers
          1. 1.2.2.1. Joyriders
          2. 1.2.2.2. Vandals
          3. 1.2.2.3. Scorekeepers
          4. 1.2.2.4. Spies (industrial and otherwise)
        3. 1.2.3. Stupidity and Accidents
        4. 1.2.4. Theoretical Attacks
      3. 1.3. Who Do You Trust?
      4. 1.4. How Can You Protect Your Site?
        1. 1.4.1. No Security
        2. 1.4.2. Security Through Obscurity
        3. 1.4.3. Host Security
        4. 1.4.4. Network Security
        5. 1.4.5. No Security Model Can Do It All
      5. 1.5. What Is an Internet Firewall?
        1. 1.5.1. What Can a Firewall Do?
          1. 1.5.1.1. A firewall is a focus for security decisions
          2. 1.5.1.2. A firewall can enforce a security policy
          3. 1.5.1.3. A firewall can log Internet activity efficiently
          4. 1.5.1.4. A firewall limits your exposure
        2. 1.5.2. What Can't a Firewall Do?
          1. 1.5.2.1. A firewall can't protect you against malicious insiders
          2. 1.5.2.2. A firewall can't protect you against connections that don't go through it
          3. 1.5.2.3. A firewall can't protect against completely new threats
          4. 1.5.2.4. A firewall can't fully protect against viruses
          5. 1.5.2.5. A firewall can't set itself up correctly
        3. 1.5.3. What's Wrong with Firewalls?
          1. 1.5.3.1. Firewalls interfere with the Internet
          2. 1.5.3.2. Firewalls don't deal with the real problem
      6. 1.6. Religious Arguments
        1. 1.6.1. Buying Versus Building
        2. 1.6.2. Unix Versus Windows NT
        3. 1.6.3. That's Not a Firewall!
    2. 2. Internet Services
      1. 2.1. Secure Services and Safe Services
      2. 2.2. The World Wide Web
        1. 2.2.1. Web Client Security Issues
        2. 2.2.2. Web Server Security Issues
      3. 2.3. Electronic Mail and News
        1. 2.3.1. Electronic Mail
        2. 2.3.2. Usenet News
      4. 2.4. File Transfer, File Sharing, and Printing
        1. 2.4.1. File Transfer
        2. 2.4.2. File Sharing
        3. 2.4.3. Printing Systems
      5. 2.5. Remote Access
        1. 2.5.1. Remote Terminal Access and Command Execution
        2. 2.5.2. Remote Graphic Interfaces for Microsoft Operating Systems
        3. 2.5.3. Network Window Systems
      6. 2.6. Real-Time Conferencing Services
      7. 2.7. Naming and Directory Services
      8. 2.8. Authentication and Auditing Services
      9. 2.9. Administrative Services
        1. 2.9.1. System Management
        2. 2.9.2. Routing
        3. 2.9.3. Network Diagnostics
        4. 2.9.4. Time Service
      10. 2.10. Databases
      11. 2.11. Games
    3. 3. Security Strategies
      1. 3.1. Least Privilege
      2. 3.2. Defense in Depth
      3. 3.3. Choke Point
      4. 3.4. Weakest Link
      5. 3.5. Fail-Safe Stance
        1. 3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
        2. 3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
      6. 3.6. Universal Participation
      7. 3.7. Diversity of Defense
        1. 3.7.1. Inherent Weaknesses
        2. 3.7.2. Common Configuration
        3. 3.7.3. Common Heritage
        4. 3.7.4. Skin-Deep Differences
        5. 3.7.5. Conclusion
      8. 3.8. Simplicity
      9. 3.9. Security Through Obscurity
  4. II. Building Firewalls
    1. 4. Packets and Protocols
      1. 4.1. What Does a Packet Look Like?
        1. 4.1.1. TCP/IP/Ethernet Example
          1. 4.1.1.1. Ethernet layer
          2. 4.1.1.2. IP layer
          3. 4.1.1.3. TCP layer
      2. 4.2. IP
        1. 4.2.1. IP Multicast and Broadcast
        2. 4.2.2. IP Options
        3. 4.2.3. IP Fragmentation
      3. 4.3. Protocols Above IP
        1. 4.3.1. TCP
          1. 4.3.1.1. TCP options
          2. 4.3.1.2. TCP sequence numbers
        2. 4.3.2. UDP
        3. 4.3.3. ICMP
        4. 4.3.4. IP over IP and GRE
      4. 4.4. Protocols Below IP
      5. 4.5. Application Layer Protocols
      6. 4.6. IP Version 6
      7. 4.7. Non-IP Protocols
      8. 4.8. Attacks Based on Low-Level Protocol Details
        1. 4.8.1. Port Scanning
        2. 4.8.2. Implementation Weaknesses
        3. 4.8.3. IP Spoofing
          1. 4.8.3.1. The attacker can intercept the reply
          2. 4.8.3.2. The attacker doesn't need to see the reply
          3. 4.8.3.3. The attacker doesn't want the reply
        4. 4.8.4. Packet Interception
    2. 5. Firewall Technologies
      1. 5.1. Some Firewall Definitions
      2. 5.2. Packet Filtering
        1. 5.2.1. Advantages of Packet Filtering
          1. 5.2.1.1. One screening router can help protect an entire network
          2. 5.2.1.2. Simple packet filtering is extremely efficient
          3. 5.2.1.3. Packet filtering is widely available
        2. 5.2.2. Disadvantages of Packet Filtering
          1. 5.2.2.1. Current filtering tools are not perfect
          2. 5.2.2.2. Packet filtering reduces router performance
          3. 5.2.2.3. Some policies can't readily be enforced by normal packet filtering routers
      3. 5.3. Proxy Services
        1. 5.3.1. Advantages of Proxying
          1. 5.3.1.1. Proxy services can be good at logging
          2. 5.3.1.2. Proxy services can provide caching
          3. 5.3.1.3. Proxy services can do intelligent filtering
          4. 5.3.1.4. Proxy systems can perform user-level authentication
          5. 5.3.1.5. Proxy systems automatically provide protection for weak or faulty IP implementations
        2. 5.3.2. Disadvantages of Proxying
          1. 5.3.2.1. Proxy services lag behind nonproxied services
          2. 5.3.2.2. Proxy services may require different servers for each service
          3. 5.3.2.3. Proxy services usually require modifications to clients, applications, or procedures
      4. 5.4. Network Address Translation
        1. 5.4.1. Advantages of Network Address Translation
          1. 5.4.1.1. Network address translation helps to enforce the firewall's control over outbound connections
          2. 5.4.1.2. Network address translation can help restrict incoming traffic
          3. 5.4.1.3. Network address translation helps to conceal the internal network's configuration
        2. 5.4.2. Disadvantages of Network Address Translation
          1. 5.4.2.1. Dynamic allocation requires state information that is not always available
          2. 5.4.2.2. Embedded IP addresses are a problem for network address translation
          3. 5.4.2.3. Network address translation interferes with some encryption and authentication systems
          4. 5.4.2.4. Dynamic allocation of addresses interferes with logging
          5. 5.4.2.5. Dynamic allocation of ports may interfere with packet filtering
      5. 5.5. Virtual Private Networks
        1. 5.5.1. Where Do You Encrypt?
        2. 5.5.2. Key Distribution and Certificates
        3. 5.5.3. Advantages of Virtual Private Networks
          1. 5.5.3.1. Virtual private networks provide overall encryption
          2. 5.5.3.2. Virtual private networks allow you to remotely use protocols that are difficult to secure any other way
        4. 5.5.4. Disadvantages of Virtual Private Networks
          1. 5.5.4.1. Virtual private networks involve dangerous network connections
          2. 5.5.4.2. Virtual private networks extend the network you must protect
    3. 6. Firewall Architectures
      1. 6.1. Single-Box Architectures
        1. 6.1.1. Screening Router
          1. 6.1.1.1. Appropriate uses
        2. 6.1.2. Dual-Homed Host
          1. 6.1.2.1. Appropriate uses
        3. 6.1.3. Multiple-Purpose Boxes
          1. 6.1.3.1. Appropriate uses
      2. 6.2. Screened Host Architectures
        1. 6.2.1. Appropriate Uses
      3. 6.3. Screened Subnet Architectures
        1. 6.3.1. Perimeter Network
        2. 6.3.2. Bastion Host
        3. 6.3.3. Interior Router
        4. 6.3.4. Exterior Router
        5. 6.3.5. Appropriate Uses
      4. 6.4. Architectures with Multiple Screened Subnets
        1. 6.4.1. Split-Screened Subnet
          1. 6.4.1.1. Appropriate uses
        2. 6.4.2. Independent Screened Subnets
          1. 6.4.2.1. Appropriate uses
      5. 6.5. Variations on Firewall Architectures
        1. 6.5.1. It's OK to Use Multiple Bastion Hosts
        2. 6.5.2. It's OK to Merge the Interior Router and the Exterior Router
        3. 6.5.3. It's OK to Merge the Bastion Host and the Exterior Router
        4. 6.5.4. It's Dangerous to Merge the Bastion Host and the Interior Router
        5. 6.5.5. It's Dangerous to Use Multiple Interior Routers
        6. 6.5.6. It's OK to Use Multiple Exterior Routers
        7. 6.5.7. It's Dangerous to Use Both Screened Subnets and Screened Hosts
      6. 6.6. Terminal Servers and Modem Pools
      7. 6.7. Internal Firewalls
        1. 6.7.1. Laboratory Networks
        2. 6.7.2. Insecure Networks
        3. 6.7.3. Extra-Secure Networks
        4. 6.7.4. Joint Venture Firewalls
        5. 6.7.5. A Shared Perimeter Network Allows an "Arms-Length"Relationship
        6. 6.7.6. An Internal Firewall May or May Not Need Bastion Hosts
    4. 7. Firewall Design
      1. 7.1. Define Your Needs
        1. 7.1.1. What Will the Firewall Actually Do?
          1. 7.1.1.1. What services do you need to offer?
          2. 7.1.1.2. How secure do you need to be?
          3. 7.1.1.3. How much usage will there be?
          4. 7.1.1.4. How much reliability do you need?
        2. 7.1.2. What Are Your Constraints?
          1. 7.1.2.1. What budget do you have available?
          2. 7.1.2.2. What personnel do you have available?
          3. 7.1.2.3. What is your environment like?
      2. 7.2. Evaluate the Available Products
        1. 7.2.1. Scalability
        2. 7.2.2. Reliability and Redundancy
        3. 7.2.3. Auditability
        4. 7.2.4. Price
        5. 7.2.5. Management and Configuration
        6. 7.2.6. Adaptability
        7. 7.2.7. Appropriateness
      3. 7.3. Put Everything Together
        1. 7.3.1. Where will logs go, and how?
          1. 7.3.1.1. How will you back up the system?
          2. 7.3.1.2. What support services does the system require?
          3. 7.3.1.3. How will you access the machines?
          4. 7.3.1.4. Where will routine reports go, and how?
          5. 7.3.1.5. Where will alarms go, and how?
    5. 8. Packet Filtering
      1. 8.1. What Can You Do with Packet Filtering?
        1. 8.1.1. Basic Packet Filtering
        2. 8.1.2. Stateful or Dynamic Packet Filtering
        3. 8.1.3. Protocol Checking
      2. 8.2. Configuring a Packet Filtering Router
        1. 8.2.1. Protocols Are Usually Bidirectional
        2. 8.2.2. Be Careful of "Inbound" Versus "Outbound" Semantics
        3. 8.2.3. Default Permit Versus Default Deny
      3. 8.3. What Does the Router Do with Packets?
        1. 8.3.1. Logging Actions
        2. 8.3.2. Returning Error Codes
        3. 8.3.3. Making Changes
      4. 8.4. Packet Filtering Tips and Tricks
        1. 8.4.1. Edit Your Filtering Rules Offline
        2. 8.4.2. Reload Rule Sets from Scratch Each Time
        3. 8.4.3. Replace Packet Filters Atomically
        4. 8.4.4. Always Use IP Addresses, Never Hostnames
        5. 8.4.5. Password Protect Your Packet Filters
        6. 8.4.6. If Possible, Use Named Access Lists
      5. 8.5. Conventions for Packet Filtering Rules
      6. 8.6. Filtering by Address
        1. 8.6.1. Risks of Filtering by Source Address
      7. 8.7. Filtering by Service
        1. 8.7.1. Outbound Telnet Service
        2. 8.7.2. Inbound Telnet Service
        3. 8.7.3. Telnet Summary
        4. 8.7.4. Risks of Filtering by Source Port
      8. 8.8. Choosing a Packet Filtering Router
        1. 8.8.1. It Should Have Good Enough Packet Filtering Performance for Your Needs
        2. 8.8.2. It Can Be a Single-Purpose Router or a General-Purpose Computer
        3. 8.8.3. It Should Allow Simple Specification of Rules
        4. 8.8.4. It Should Allow Rules Based on Any Header or Meta-Packet Criteria
        5. 8.8.5. It Should Apply Rules in the Order Specified
          1. 8.8.5.1. If the rules are applied in the order ABC
          2. 8.8.5.2. If the rules are applied in the order BAC
          3. 8.8.5.3. Rule B is actually not necessary
          4. 8.8.5.4. Packet filtering rules are tricky
        6. 8.8.6. It Should Apply Rules Separately to Incoming and Outgoing Packets, on a Per-Interface Basis
        7. 8.8.7. It Should Be Able to Log Accepted and Dropped Packets
        8. 8.8.8. It Should Have Good Testing and Validation Capabilities
      9. 8.9. Packet Filtering Implementations for General-Purpose Computers
        1. 8.9.1. Linux ipchains and Masquerading
          1. 8.9.1.1. ipchains
          2. 8.9.1.2. Testing ipchains rules
          3. 8.9.1.3. Masquerading
          4. 8.9.1.4. How masquerading works
          5. 8.9.1.5. Available specialized masquerading modules
          6. 8.9.1.6. Using ipchains (including masquerading)
        2. 8.9.2. ipfilter
        3. 8.9.3. Comparing ipfilter and ipchains
        4. 8.9.4. Linux netfilter
        5. 8.9.5. Windows NT Packet Filtering
      10. 8.10. Where to Do Packet Filtering
      11. 8.11. What Rules Should You Use?
      12. 8.12. Putting It All Together
    6. 9. Proxy Systems
      1. 9.1. Why Proxying?
      2. 9.2. How Proxying Works
        1. 9.2.1. Using Proxy-Aware Application Software for Proxying
        2. 9.2.2. Using Proxy-Aware Operating System Software
        3. 9.2.3. Using Proxy-Aware User Procedures for Proxying
        4. 9.2.4. Using a Proxy-Aware Router
      3. 9.3. Proxy Server Terminology
        1. 9.3.1. Application-Level Versus Circuit-Level Proxies
        2. 9.3.2. Generic Versus Dedicated Proxies
        3. 9.3.3. Intelligent Proxy Servers
      4. 9.4. Proxying Without a Proxy Server
      5. 9.5. Using SOCKS for Proxying
        1. 9.5.1. Versions of SOCKS
        2. 9.5.2. SOCKS Features
        3. 9.5.3. SOCKS Components
        4. 9.5.4. Converting Clients to Use SOCKS
      6. 9.6. Using the TIS Internet Firewall Toolkit for Proxying
        1. 9.6.1. FTP Proxying with TIS FWTK
        2. 9.6.2. Telnet and rlogin Proxying with TIS FWTK
        3. 9.6.3. Generic Proxying with TIS FWTK
        4. 9.6.4. Other TIS FWTK Proxies
      7. 9.7. Using Microsoft Proxy Server
        1. 9.7.1. Proxy Server and SOCKS
        2. 9.7.2. Proxy Server and WinSock
      8. 9.8. What If You Can't Proxy?
        1. 9.8.1. No Proxy Server Is Available
        2. 9.8.2. Proxying Won't Secure the Service
        3. 9.8.3. Can't Modify Client or Procedures
    7. 10. Bastion Hosts
      1. 10.1. General Principles
      2. 10.2. Special Kinds of Bastion Hosts
        1. 10.2.1. Nonrouting Dual-Homed Hosts
        2. 10.2.2. Victim Machines
        3. 10.2.3. Internal Bastion Hosts
        4. 10.2.4. External Service Hosts
        5. 10.2.5. One-Box Firewalls
      3. 10.3. Choosing a Machine
        1. 10.3.1. What Operating System?
        2. 10.3.2. How Fast a Machine?
        3. 10.3.3. What Hardware Configuration?
      4. 10.4. Choosing a Physical Location
      5. 10.5. Locating Bastion Hosts on the Network
      6. 10.6. Selecting Services Provided by a Bastion Host
        1. 10.6.1. Multiple Services or Multiple Hosts?
      7. 10.7. Disabling User Accounts on Bastion Hosts
      8. 10.8. Building a Bastion Host
      9. 10.9. Securing the Machine
        1. 10.9.1. Start with a Minimal Clean Operating System Installation
        2. 10.9.2. Fix All Known System Bugs
        3. 10.9.3. Use a Checklist
        4. 10.9.4. Safeguard the System Logs
          1. 10.9.4.1. System logs for convenience
          2. 10.9.4.2. System logs for catastrophes
          3. 10.9.4.3. Logging and time
          4. 10.9.4.4. Choosing what to log
      10. 10.10. Disabling Nonrequired Services
        1. 10.10.1. How to Disable Services
          1. 10.10.1.1. Next steps after disabling services
        2. 10.10.2. Running Services on Specific Networks
        3. 10.10.3. Turning Off Routing
        4. 10.10.4. Controlling Inbound Traffic
        5. 10.10.5. Installing and Modifying Services
        6. 10.10.6. Reconfiguring for Production
          1. 10.10.6.1. Finalize the operating system configuration
          2. 10.10.6.2. Mount filesystems as read-only
        7. 10.10.7. Running a Security Audit
          1. 10.10.7.1. Auditing packages
          2. 10.10.7.2. Use cryptographic checksums for auditing
        8. 10.10.8. Connecting the Machine
      11. 10.11. Operating the Bastion Host
        1. 10.11.1. Learn What the Normal Usage Profile Is
        2. 10.11.2. Consider Using Software to Automate Monitoring
      12. 10.12. Protecting the Machine and Backups
        1. 10.12.1. Watch Reboots Carefully
        2. 10.12.2. Do Secure Backups
        3. 10.12.3. Other Objects to Secure
    8. 11. Unix and Linux Bastion Hosts
      1. 11.1. Which Version of Unix?
      2. 11.2. Securing Unix
        1. 11.2.1. Setting Up System Logs on Unix
          1. 11.2.1.1. syslog Linux example
          2. 11.2.1.2. System logs for catastrophe
      3. 11.3. Disabling Nonrequired Services
        1. 11.3.1. How Are Services Managed Under Unix?
          1. 11.3.1.1. Services started by /etc/rc files or directories
          2. 11.3.1.2. Services started by inetd
        2. 11.3.2. Disabling Services Under Unix
        3. 11.3.3. Which Services Should You Leave Enabled?
        4. 11.3.4. Specific Unix Services to Disable
          1. 11.3.4.1. NFS and related services
          2. 11.3.4.2. Other RPC services
          3. 11.3.4.3. Booting services
          4. 11.3.4.4. BSD "r" command services
          5. 11.3.4.5. routed
          6. 11.3.4.6. fingerd
          7. 11.3.4.7. ftpd
          8. 11.3.4.8. Other services
        5. 11.3.5. Running Services on Specific Networks
        6. 11.3.6. Turning Off Routing
      4. 11.4. Installing and Modifying Services
        1. 11.4.1. Using the TCP Wrapper Package to Protect Services
          1. 11.4.1.1. TCP Wrapper example
          2. 11.4.1.2. Using netacl to protect services
        2. 11.4.2. Evaluating and Configuring Unix Services
      5. 11.5. Reconfiguring for Production
        1. 11.5.1. Reconfigure and Rebuild the Kernel
        2. 11.5.2. Remove Nonessential Programs
        3. 11.5.3. Mount Filesystems as Read-Only
      6. 11.6. Running a Security Audit
    9. 12. Windows NT and Windows 2000 Bastion Hosts
      1. 12.1. Approaches to Building Windows NT Bastion Hosts
      2. 12.2. Which Version of Windows NT?
      3. 12.3. Securing Windows NT
        1. 12.3.1. Setting Up System Logs Under Windows NT
      4. 12.4. Disabling Nonrequired Services
        1. 12.4.1. How Are Services Managed Under Windows NT?
          1. 12.4.1.1. Registry keys
          2. 12.4.1.2. Other ways to start programs under Windows NT
        2. 12.4.2. How to Disable Services Under Windows NT
        3. 12.4.3. Next Steps After Disabling Services
        4. 12.4.4. Which Services Should You Leave Enabled?
        5. 12.4.5. Specific Windows NT Services to Disable
          1. 12.4.5.1. The Services control panel
        6. 12.4.6. Turning Off Routing
      5. 12.5. Installing and Modifying Services
  5. III. Internet Services
    1. 13. Internet Services and Firewalls
      1. 13.1. Attacks Against Internet Services
        1. 13.1.1. Command-Channel Attacks
        2. 13.1.2. Data-Driven Attacks
        3. 13.1.3. Third-Party Attacks
        4. 13.1.4. False Authentication of Clients
        5. 13.1.5. Hijacking
        6. 13.1.6. Packet Sniffing
        7. 13.1.7. Data Injection and Modification
        8. 13.1.8. Replay
        9. 13.1.9. Denial of Service
        10. 13.1.10. Protecting Services
      2. 13.2. Evaluating the Risks of a Service
        1. 13.2.1. What Operations Does the Protocol Allow?
          1. 13.2.1.1. What is it designed to do?
          2. 13.2.1.2. Is the level of authentication and authorization it uses appropriate for doing that?
          3. 13.2.1.3. Does it have any other commands in it?
        2. 13.2.2. What Data Does the Protocol Transfer?
        3. 13.2.3. How Well Is the Protocol Implemented?
          1. 13.2.3.1. Does it have any other commands in it?
        4. 13.2.4. What Else Can Come in If I Allow This Service?
      3. 13.3. Analyzing Other Protocols
      4. 13.4. What Makes a Good Firewalled Service?
        1. 13.4.1. TCP Versus Other Protocols
        2. 13.4.2. One Connection per Session
        3. 13.4.3. One Session per Connection
        4. 13.4.4. Assigned Ports
        5. 13.4.5. Protocol Security
      5. 13.5. Choosing Security-Critical Programs
        1. 13.5.1. My Product Is Secure Because . . .
          1. 13.5.1.1. It contains no publicly available code, so it's secret
          2. 13.5.1.2. It contains publicly available code, so it's been well reviewed
          3. 13.5.1.3. It is built entirely from scratch, so it didn't inherit any bugs from any other products
          4. 13.5.1.4. It is built on an old, well-tested code base
          5. 13.5.1.5. It doesn't run as root/Administrator/LocalSystem
          6. 13.5.1.6. It doesn't run under Unix, or it doesn't run on a Microsoft operating system
          7. 13.5.1.7. There are no known attacks against it
          8. 13.5.1.8. It uses public key cryptography (or some other secure-sounding technology)
        2. 13.5.2. Their Product Is Insecure Because . . .
          1. 13.5.2.1. It's been mentioned in a CERT-CC advisory or on a web site listing vulnerabilities
          2. 13.5.2.2. It's publicly available
          3. 13.5.2.3. It's been successfully attacked
        3. 13.5.3. Real Indicators of Security
          1. 13.5.3.1. Security was one of the design criteria
          2. 13.5.3.2. The supplier can discuss how major security problems were avoided
          3. 13.5.3.3. It is possible for you to review the code
          4. 13.5.3.4. Somebody you know and trust actually has reviewed the code
          5. 13.5.3.5. There is a security notification and update procedure
          6. 13.5.3.6. The server implements a recent (but accepted) version of the protocol
          7. 13.5.3.7. The program uses standard error-logging mechanisms
          8. 13.5.3.8. There is a secure software distribution mechanism
      6. 13.6. Controlling Unsafe Configurations
    2. 14. Intermediary Protocols
      1. 14.1. Remote Procedure Call (RPC)
        1. 14.1.1. Sun RPC Authentication
        2. 14.1.2. Microsoft RPC Authentication
        3. 14.1.3. Packet Filtering Characteristics of RPC
        4. 14.1.4. Proxying Characteristics of RPC
        5. 14.1.5. Network Address Translation Characteristics of RPC
        6. 14.1.6. Summary of Recommendations for RPC
      2. 14.2. Distributed Component Object Model (DCOM)
      3. 14.3. NetBIOS over TCP/IP (NetBT)
        1. 14.3.1. Packet Filtering Characteristics of NetBT
        2. 14.3.2. Proxying Characteristics of NetBT
        3. 14.3.3. Network Address Translation Characteristics of NetBT
        4. 14.3.4. Summary of Recommendations for NetBT
      4. 14.4. Common Internet File System (CIFS) and Server Message Block (SMB)
        1. 14.4.1. Authentication and SMB
          1. 14.4.1.1. Share-level authentication
          2. 14.4.1.2. User-level authentication
        2. 14.4.2. Packet Filtering Characteristics of SMB
        3. 14.4.3. Proxying Characteristics of SMB
        4. 14.4.4. Network Address Translation Characteristics of SMB
        5. 14.4.5. Summary of Recommendations for SMB
      5. 14.5. Common Object Request Broker Architecture (CORBA) and Internet Inter-Orb Protocol (IIOP)
        1. 14.5.1. Packet Filtering Characteristics of CORBA and IIOP
        2. 14.5.2. Proxying Characteristics of CORBA and IIOP
        3. 14.5.3. Network Address Translation Characteristics of CORBA and IIOP
        4. 14.5.4. Summary of Recommendations for CORBA and IIOP
      6. 14.6. ToolTalk
        1. 14.6.1. Summary of Recommendations for ToolTalk
      7. 14.7. Transport Layer Security (TLS) and Secure Socket Layer (SSL)
        1. 14.7.1. The TLS and SSL Protocols
        2. 14.7.2. Cryptography in TLS and SSL
        3. 14.7.3. Use of TLS and SSL by Other Protocols
        4. 14.7.4. Packet Filtering Characteristics of TLS and SSL
        5. 14.7.5. Proxying Characteristics of TLS and SSL
        6. 14.7.6. Network Address Translation Characteristics of TLS and SSL
        7. 14.7.7. Summary of Recommendations for TLS and SSL
      8. 14.8. The Generic Security Services API (GSSAPI)
      9. 14.9. IPsec
        1. 14.9.1. Packet Filtering Characteristics of IPsec
        2. 14.9.2. Proxying Characteristics of IPsec
        3. 14.9.3. Network Address Translation Characteristics of IPsec
        4. 14.9.4. Summary of Recommendations for IPsec
      10. 14.10. Remote Access Service (RAS)
      11. 14.11. Point-to-Point Tunneling Protocol (PPTP)
        1. 14.11.1. Design Weaknesses in PPTP
        2. 14.11.2. Implementation Weaknesses in PPTP
        3. 14.11.3. Packet Filtering Characteristics of PPTP
        4. 14.11.4. Proxying Characteristics of PPTP
        5. 14.11.5. Network Address Translation Characteristics of PPTP
        6. 14.11.6. Summary of Recommendations for PPTP
      12. 14.12. Layer 2 Transport Protocol (L2TP)
        1. 14.12.1. Packet Filtering Characteristics of L2TP
        2. 14.12.2. Proxying Characteristics of L2TP
        3. 14.12.3. Network Address Translation Characteristics of L2TP
        4. 14.12.4. Summary of Recommendations for L2TP
    3. 15. The World Wide Web
      1. 15.1. HTTP Server Security
        1. 15.1.1. HTTP Extensions
          1. 15.1.1.1. Tricking extensions
          2. 15.1.1.2. Running unexpected external programs
      2. 15.2. HTTP Client Security
        1. 15.2.1. Inadvertent Release of Information
          1. 15.2.1.1. Cookies
        2. 15.2.2. External Viewers
        3. 15.2.3. Extension Systems
        4. 15.2.4. What Can You Do?
        5. 15.2.5. Internet Explorer and Security Zones
      3. 15.3. HTTP
        1. 15.3.1. HTTP Tunneling
        2. 15.3.2. Special HTTP Servers
        3. 15.3.3. Packet Filtering Characteristics of HTTP
        4. 15.3.4. Proxying Characteristics of HTTP
        5. 15.3.5. Network Address Translation Characteristics of HTTP
        6. 15.3.6. Securing HTTP
          1. 15.3.6.1. Packet filtering characteristics of HTTPS and Secure HTTP
          2. 15.3.6.2. Proxying characteristics of HTTPS and Secure HTTP
          3. 15.3.6.3. Network address translation characteristics of HTTPS and Secure HTTP
        7. 15.3.7. Summary of Recommendations for HTTP
      4. 15.4. Mobile Code and Web-Related Languages
        1. 15.4.1. JavaScript
        2. 15.4.2. VBScript
        3. 15.4.3. Java
        4. 15.4.4. ActiveX
      5. 15.5. Cache Communication Protocols
        1. 15.5.1. Internet Cache Protocol (ICP)
          1. 15.5.1.1. Packet filtering characteristics of ICP
          2. 15.5.1.2. Proxying characteristics of ICP
          3. 15.5.1.3. Network address translation characteristics of ICP
        2. 15.5.2. Cache Array Routing Protocol (CARP)
        3. 15.5.3. Web Cache Coordination Protocol (WCCP)
          1. 15.5.3.1. Packet filtering characteristics of WCCP
          2. 15.5.3.2. Proxying characteristics of WCCP
          3. 15.5.3.3. Network address translation characteristics of WCCP
        4. 15.5.4. Summary of Recommendations for Cache Communication Protocols
      6. 15.6. Push Technologies
        1. 15.6.1. Summary of Recommendations for Push Technologies
      7. 15.7. RealAudio and RealVideo
        1. 15.7.1. Risks of RealServer
        2. 15.7.2. Risks of RealAudio and RealVideo Clients
        3. 15.7.3. Packet Filtering Characteristics of RealAudio and RealVideo
        4. 15.7.4. Proxying Characteristics of RealAudio and RealVideo
        5. 15.7.5. Network Address Translation Characteristics of RealAudio and RealVideo
        6. 15.7.6. Summary Recommendations for RealAudio and RealVideo
      8. 15.8. Gopher and WAIS
        1. 15.8.1. Packet Filtering Characteristics of Gopher and WAIS
        2. 15.8.2. Proxying Characteristics of Gopher and WAIS
        3. 15.8.3. Network Address Translation Characteristics of Gopher and WAIS
        4. 15.8.4. Summary of Recommendations for Gopher and WAIS
    4. 16. Electronic Mail and News
      1. 16.1. Electronic Mail
        1. 16.1.1. Keeping Mail Secret
        2. 16.1.2. Undesirable Mail
          1. 16.1.2.1. Junk mail
          2. 16.1.2.2. Viruses and other hostilities
        3. 16.1.3. Multimedia Internet Mail Extensions (MIME)
        4. 16.1.4. S/MIME and OpenPGP
      2. 16.2. Simple Mail Transfer Protocol (SMTP)
        1. 16.2.1. Extended SMTP (ESMTP)
        2. 16.2.2. TLS/SSL, SSMTP, and STARTTLS
        3. 16.2.3. Packet Filtering Characteristics of SMTP
        4. 16.2.4. Proxying Characteristics of SMTP
        5. 16.2.5. Network Address Translation Characteristics of SMTP
        6. 16.2.6. Configuring SMTP to Work with a Firewall
        7. 16.2.7. Sendmail
        8. 16.2.8. Other Freely Available SMTP Servers for Unix
          1. 16.2.8.1. smail
          2. 16.2.8.2. Postfix
          3. 16.2.8.3. Qmail
        9. 16.2.9. Commercial SMTP Servers for Unix
        10. 16.2.10. Improving SMTP Security with smap and smapd
        11. 16.2.11. biff
        12. 16.2.12. SMTP Support in Non-SMTP Mail Systems
        13. 16.2.13. SMTP Servers for Windows NT
        14. 16.2.14. Summary of Recommendations for SMTP
      3. 16.3. Other Mail Transfer Protocols
      4. 16.4. Microsoft Exchange
        1. 16.4.1. Summary of Recommendations for Microsoft Exchange
      5. 16.5. Lotus Notes and Domino
        1. 16.5.1. Packet Filtering Characteristics of Lotus Notes
        2. 16.5.2. Proxying Characteristics of Lotus Notes
        3. 16.5.3. Network Address Translation Characteristics of Lotus Notes
        4. 16.5.4. Summary of Recommendations for Lotus Notes
      6. 16.6. Post Office Protocol (POP)
        1. 16.6.1. Packet Filtering Characteristics of POP
        2. 16.6.2. Proxying Characteristics of POP
        3. 16.6.3. Network Address Translation Characteristics of POP
        4. 16.6.4. Summary of Recommendations for POP
      7. 16.7. Internet Message Access Protocol (IMAP)
        1. 16.7.1. Packet Filtering Characteristics of IMAP
        2. 16.7.2. Proxying Characteristics of IMAP
        3. 16.7.3. Network Address Translation Characteristics of IMAP
        4. 16.7.4. Summary of Recommendations for IMAP
      8. 16.8. Microsoft Messaging API (MAPI)
      9. 16.9. Network News Transfer Protocol (NNTP)
        1. 16.9.1. Packet Filtering Characteristics of NNTP
        2. 16.9.2. Proxying Characteristics of NNTP
        3. 16.9.3. Network Address Translation Characteristics of NNTP
        4. 16.9.4. Summary of Recommendations for NNTP
    5. 17. File Transfer, File Sharing, and Printing
      1. 17.1. File Transfer Protocol (FTP)
        1. 17.1.1. Packet Filtering Characteristics of FTP
        2. 17.1.2. Proxying Characteristics of FTP
        3. 17.1.3. Network Address Translation Characteristics of FTP
        4. 17.1.4. Providing Anonymous FTP Service
          1. 17.1.4.1. Limiting access to information
          2. 17.1.4.2. Preventing people from using your server to distribute their data
            1. 17.1.4.2.1. Making your incoming directory write-only
            2. 17.1.4.2.2. Making anonymous read and anonymous write exclusive
            3. 17.1.4.2.3. Disabling the creation of directories and certain files
            4. 17.1.4.2.4. Uploading by prearrangement
            5. 17.1.4.2.5. Removing the files
          3. 17.1.4.3. Preventing people from using your server to attack other machines
          4. 17.1.4.4. Using the wuarchive FTP daemon
        5. 17.1.5. Summary of Recommendations for FTP
      2. 17.2. Trivial File Transfer Protocol (TFTP)
        1. 17.2.1. Packet Filtering Characteristics of TFTP
        2. 17.2.2. Proxying Characteristics of TFTP
        3. 17.2.3. Network Address Translation Characteristics of TFTP
        4. 17.2.4. Summary of Recommendations for TFTP
      3. 17.3. Network File System (NFS)
        1. 17.3.1. NFS Authentication
        2. 17.3.2. NFS and root
        3. 17.3.3. NFS Client Vulnerabilities
        4. 17.3.4. File Locking with NFS
        5. 17.3.5. Automounting
        6. 17.3.6. Packet Filtering Characteristics of NFS
        7. 17.3.7. Proxying Characteristics of NFS
        8. 17.3.8. Network Address Translation Characteristics of NFS
      4. 17.4. File Sharing for Microsoft Networks
        1. 17.4.1. Samba
        2. 17.4.2. Distributed File System (Dfs)
        3. 17.4.3. Packet Filtering, Proxying, and Network Address Translation Characteristics of Microsoft File Sharing
      5. 17.5. Summary of Recommendations for File Sharing
      6. 17.6. Printing Protocols
        1. 17.6.1. lpr and lp
          1. 17.6.1.1. LPRng
          2. 17.6.1.2. Packet filtering characteristics of lpr
          3. 17.6.1.3. Proxying characteristics of lpr
          4. 17.6.1.4. Network address translation characteristics of lpr
          5. 17.6.1.5. Packet filtering and proxying characteristics of lp
        2. 17.6.2. Windows-based Printing
        3. 17.6.3. Other Printing Systems
        4. 17.6.4. Summary of Recommendations for Printing Protocols
      7. 17.7. Related Protocols
    6. 18. Remote Access to Hosts
      1. 18.1. Terminal Access (Telnet)
        1. 18.1.1. Windows 2000 Telnet
        2. 18.1.2. Packet Filtering Characteristics of Telnet
        3. 18.1.3. Proxying Characteristics of Telnet
        4. 18.1.4. Network Address Translation Characteristics of Telnet
        5. 18.1.5. Summary of Recommendations for Telnet
      2. 18.2. Remote Command Execution
        1. 18.2.1. BSD "r" Commands
          1. 18.2.1.1. BSD "r" commands under Windows NT
          2. 18.2.1.2. Packet filtering characteristics of the BSD "r" commands
          3. 18.2.1.3. Proxying characteristics of the BSD "r" commands
          4. 18.2.1.4. Network address translation characteristics of the BSD "r"commands
          5. 18.2.1.5. Summary of recommendations for the BSD "r" command
        2. 18.2.2. rexec
          1. 18.2.2.1. Packet filtering characteristics of rexec
          2. 18.2.2.2. Proxying characteristics of rexec
          3. 18.2.2.3. Network address translation characteristics of rexec
          4. 18.2.2.4. Summary of recommendations for rexec
        3. 18.2.3. rex
          1. 18.2.3.1. Summary of recommendations for rex
        4. 18.2.4. Windows NT Remote Commands
          1. 18.2.4.1. Summary of recommendations for remote commands
        5. 18.2.5. Secure Shell (SSH)
          1. 18.2.5.1. What makes SSH secure?
          2. 18.2.5.2. SSH server authentication
          3. 18.2.5.3. SSH client authentication
          4. 18.2.5.4. Additional SSH options for client control
          5. 18.2.5.5. SSH session hijacking protection
          6. 18.2.5.6. Port forwarding
          7. 18.2.5.7. Remote X11 Window System support
          8. 18.2.5.8. Packet filtering characteristics of SSH
          9. 18.2.5.9. Proxying characteristics of SSH
          10. 18.2.5.10. Network address translation characteristics of SSH
          11. 18.2.5.11. Summary of recommendations for SSH
      3. 18.3. Remote Graphical Interfaces
        1. 18.3.1. X11 Window System
          1. 18.3.1.1. Additional servers
          2. 18.3.1.2. Packet filtering characteristics of X11
          3. 18.3.1.3. Proxying characteristics of X11
          4. 18.3.1.4. Network address translation characteristics of X11
          5. 18.3.1.5. Summary of recommendations for XII
        2. 18.3.2. Remote Graphic Interfaces for Microsoft Operating Systems
        3. 18.3.3. Independent Computing Architecture (ICA)
          1. 18.3.3.1. Packet filtering characteristics of ICA
          2. 18.3.3.2. Proxying characteristics of ICA
          3. 18.3.3.3. Network address translation characteristics of ICA
        4. 18.3.4. Microsoft Terminal Server and Terminal Services
          1. 18.3.4.1. Packet filtering characteristics of RDP
          2. 18.3.4.2. Proxying characteristics of RDP
          3. 18.3.4.3. Network address translation characteristics of RDP
        5. 18.3.5. BO2K
          1. 18.3.5.1. Packet filtering characteristics of BO2K
          2. 18.3.5.2. Proxying characteristics of BO2K
          3. 18.3.5.3. Network address translation characteristics of BO2K
        6. 18.3.6. Summary of Recommendations for Windows Remote Access
    7. 19. Real-Time Conferencing Services
      1. 19.1. Internet Relay Chat (IRC)
        1. 19.1.1. Packet Filtering Characteristics of IRC
        2. 19.1.2. Proxying Characteristics of IRC
        3. 19.1.3. Network Address Translation Characteristics of IRC
        4. 19.1.4. Summary of Recommendations for IRC
      2. 19.2. ICQ
        1. 19.2.1. Packet Filtering Characteristics of ICQ
        2. 19.2.2. Proxying Characteristics of ICQ
        3. 19.2.3. Network Address Translation Characteristics of ICQ
        4. 19.2.4. Summary of Recommendations for ICQ
      3. 19.3. talk
        1. 19.3.1. Packet Filtering Characteristics of talk
        2. 19.3.2. Proxying Characteristics of talk
        3. 19.3.3. Network Address Translation Characteristics of talk
        4. 19.3.4. Summary of Recommendations for talk
      4. 19.4. Multimedia Protocols
        1. 19.4.1. T.120 and H.323
          1. 19.4.1.1. Packet filtering characteristics of T.120
          2. 19.4.1.2. Proxying characteristics of T.120
          3. 19.4.1.3. Network address translation characteristics of T.120
          4. 19.4.1.4. Packet filtering characteristics of H.323
          5. 19.4.1.5. Proxying characteristics of H.323
          6. 19.4.1.6. Network address translation characteristics of H.323
          7. 19.4.1.7. Summary of recommendations for T.120 and H.323
        2. 19.4.2. The Real-Time Transport Protocol (RTP) and the RTP Control Protocol (RTCP)
          1. 19.4.2.1. Packet filtering characteristics of RTP and RTCP
          2. 19.4.2.2. Proxying characteristics of RTP and RTCP
          3. 19.4.2.3. Network address translation of RTP and RTCP
          4. 19.4.2.4. Summary of recommendations for RTP and RTCP
      5. 19.5. NetMeeting
        1. 19.5.1. Packet Filtering Characteristics of NetMeeting
        2. 19.5.2. Proxying Characteristics of NetMeeting
        3. 19.5.3. Network Address Translation Characteristics of NetMeeting
        4. 19.5.4. Summary of Recommendations for NetMeeting
      6. 19.6. Multicast and the Multicast Backbone (MBONE)
        1. 19.6.1. Summary of Recommendations for Multicast
    8. 20. Naming and Directory Services
      1. 20.1. Domain Name System (DNS)
        1. 20.1.1. Packet Filtering Characteristics of DNS
        2. 20.1.2. Proxying Characteristics of DNS
        3. 20.1.3. DNS Data
        4. 20.1.4. DNS Security Problems
          1. 20.1.4.1. Bogus answers to DNS queries
          2. 20.1.4.2. Malicious DNS queries
          3. 20.1.4.3. Mismatched data between the hostname and IP address DNS trees
          4. 20.1.4.4. Dynamic update
          5. 20.1.4.5. Revealing too much information to attackers
        5. 20.1.5. Setting Up DNS to Hide Information, Without Subdomains
          1. 20.1.5.1. Set up a "fake" DNS server on the bastion host for the outside world to use
          2. 20.1.5.2. Set up a real DNS server on an internal system for internal hosts to use
          3. 20.1.5.3. Internal DNS clients query the internal server
          4. 20.1.5.4. Bastion DNS clients also query the internal server
          5. 20.1.5.5. What your packet filtering system needs to allow
        6. 20.1.6. Setting Up DNS to Hide Information, with Subdomains
        7. 20.1.7. Setting Up DNS Without Hiding Information
        8. 20.1.8. Windows 2000 and DNS
        9. 20.1.9. Network Address Translation Characteristics of DNS
        10. 20.1.10. Summary of Recommendations for DNS
      2. 20.2. Network Information Service (NIS)
        1. 20.2.1. Summary of Recommendations for NIS
      3. 20.3. NetBIOS for TCP/IP Name Service and Windows Internet Name Service
        1. 20.3.1. Name Resolution Under Windows
        2. 20.3.2. NetBIOS Names
        3. 20.3.3. NetBT Name Service Operations
          1. 20.3.3.1. General principles of NetBT operations
          2. 20.3.3.2. Name registration
          3. 20.3.3.3. Name refresh
          4. 20.3.3.4. Name resolution
          5. 20.3.3.5. Name release
          6. 20.3.3.6. Conflict management
        4. 20.3.4. WINS Server-Server Communication
        5. 20.3.5. The WINS Manager
        6. 20.3.6. Security Implications of NetBT Name Service and WINS
        7. 20.3.7. Packet Filtering Characteristics of NetBT Name Service
        8. 20.3.8. Proxying Characteristics of NetBT Name Service and WINS
        9. 20.3.9. Network Address Translation Characteristics of NetBT Name Service and WINS
        10. 20.3.10. Summary of Recommendations for NetBT Name Service and WINS
      4. 20.4. The Windows Browser
        1. 20.4.1. Domains and Workgroups
        2. 20.4.2. Windows Browser Roles
          1. 20.4.2.1. Domain master browser
          2. 20.4.2.2. Master browser
          3. 20.4.2.3. Backup browsers
          4. 20.4.2.4. Potential browsers
          5. 20.4.2.5. Browseable server
          6. 20.4.2.6. Browser client
        3. 20.4.3. Browser Elections
        4. 20.4.4. Security Implications of the Windows Browser
        5. 20.4.5. Packet Filtering Characteristics of the Windows Browser
        6. 20.4.6. Proxying Characteristics of the Windows Browser
        7. 20.4.7. Network Address Translation Characteristics of the Windows Browser
        8. 20.4.8. Summary of Recommendations for the Windows Browser
      5. 20.5. Lightweight Directory Access Protocol (LDAP)
        1. 20.5.1. LDAPS
        2. 20.5.2. Packet Filtering Characteristics of LDAP
        3. 20.5.3. Proxying Characteristics of LDAP
        4. 20.5.4. Network Address Translation Characteristics of LDAP
        5. 20.5.5. Summary of Recommendations for LDAP
      6. 20.6. Active Directory
      7. 20.7. Information Lookup Services
        1. 20.7.1. finger
          1. 20.7.1.1. Packet filtering characteristics of finger
          2. 20.7.1.2. Proxying characteristics of finger
          3. 20.7.1.3. Network address translation characteristics of finger
          4. 20.7.1.4. Summary of recommendations for finger
        2. 20.7.2. whois
          1. 20.7.2.1. Packet filtering characteristics of whois
          2. 20.7.2.2. Proxying characteristics of whois
          3. 20.7.2.3. Network address translation characteristics of whois
          4. 20.7.2.4. Summary of recommendations for whois
    9. 21. Authentication and Auditing Services
      1. 21.1. What Is Authentication?
        1. 21.1.1. Something You Are
        2. 21.1.2. Something You Know
        3. 21.1.3. Something You Have
      2. 21.2. Passwords
      3. 21.3. Authentication Mechanisms
        1. 21.3.1. One-Time Password Software
        2. 21.3.2. One-Time Password Hardware
      4. 21.4. Modular Authentication for Unix
        1. 21.4.1. The TIS FWTK Authentication Server
          1. 21.4.1.1. Problems with the authentication server
        2. 21.4.2. Pluggable Authentication Modules (PAM)
      5. 21.5. Kerberos
        1. 21.5.1. How It Works
        2. 21.5.2. Extending Trust
        3. 21.5.3. Packet Filtering Characteristics of Kerberos
        4. 21.5.4. Proxying and Network Address Translation Characteristics of Kerberos
        5. 21.5.5. Summary of Recommendations for Kerberos
      6. 21.6. NTLM Domains
        1. 21.6.1. Finding a Domain Controller
        2. 21.6.2. The Logon Process
        3. 21.6.3. Secure Channel Setup
        4. 21.6.4. SMB Authentication
        5. 21.6.5. Accessing Other Computers
        6. 21.6.6. Alternate Authentication Methods
        7. 21.6.7. Controller-to-Controller Communication
        8. 21.6.8. The User Manager
        9. 21.6.9. Packet Filtering, Proxying, and Network Address Translation Characteristics of NTLM Domain Authentication
        10. 21.6.10. Summary of Recommendations for NTLM Domain Authentication
      7. 21.7. Remote Authentication Dial-in User Service (RADIUS)
        1. 21.7.1. Packet Filtering Characteristics of RADIUS
        2. 21.7.2. Proxying Characteristics of RADIUS
        3. 21.7.3. Network Address Translation Characteristics of RADIUS
        4. 21.7.4. Summary of Recommendations for RADIUS
      8. 21.8. TACACS and Friends
        1. 21.8.1. Packet Filtering Characteristics of TACACS and Friends
        2. 21.8.2. Proxying Characteristics of TACACS and Friends
        3. 21.8.3. Network Address Translation Characteristics of TACACS and Friends
        4. 21.8.4. Summary of Recommendations for TACACS and Friends
      9. 21.9. Auth and identd
        1. 21.9.1. Packet Filtering Characteristics of Auth
        2. 21.9.2. Proxying Characteristics of Auth
        3. 21.9.3. Network Address Translation Characteristics of Auth
        4. 21.9.4. Summary of Recommendations for Auth
    10. 22. Administrative Services
      1. 22.1. System Management Protocols
        1. 22.1.1. syslog
          1. 22.1.1.1. Packet filtering characteristics of syslog
          2. 22.1.1.2. Proxying characteristics of syslog
          3. 22.1.1.3. Network address translation and syslog
          4. 22.1.1.4. Summary of recommendations for syslog
        2. 22.1.2. Simple Network Management Protocol (SNMP)
          1. 22.1.2.1. SNMP version 3
          2. 22.1.2.2. Packet filtering characteristics of SNMP
          3. 22.1.2.3. Proxying characteristics of SNMP
          4. 22.1.2.4. Network address translation and SNMP
        3. 22.1.3. System Management Server (SMS)
        4. 22.1.4. Performance Monitor and Network Monitor
        5. 22.1.5. Summary Recommendations for System Management
      2. 22.2. Routing Protocols
        1. 22.2.1. Routing Information Protocol (RIP)
          1. 22.2.1.1. Packet filtering characteristics of RIP
        2. 22.2.2. Open Shortest Path First (OSPF)
          1. 22.2.2.1. Packet filtering characteristics of OSPF
        3. 22.2.3. Internet Group Management Protocol (IGMP)
          1. 22.2.3.1. Packet filtering characteristics of IGMP
        4. 22.2.4. Router Discovery/ICMP Router Discovery Protocol (IRDP)
          1. 22.2.4.1. Packet filtering characteristics of router discovery
        5. 22.2.5. Proxying Characteristics of Routing Protocols
        6. 22.2.6. Network Address Translation Characteristics of Routing Protocols
        7. 22.2.7. Summary of Recommendations for Routing Protocols
      3. 22.3. Protocols for Booting and Boot-Time Configuration
        1. 22.3.1. bootp
        2. 22.3.2. Dynamic Host Configuration Protocol (DHCP)
        3. 22.3.3. Packet Filtering Characteristics of DHCP and bootp
        4. 22.3.4. Proxying Characteristics of bootp and DHCP
        5. 22.3.5. Network Address Translation Characteristics of Booting and Boot-Time Configuration
        6. 22.3.6. Summary of Recommendations for Booting and Boot-Time Configuration
      4. 22.4. ICMP and Network Diagnostics
        1. 22.4.1. ping
          1. 22.4.1.1. Packet filtering characteristics of ping
          2. 22.4.1.2. Proxying characteristics of ping
          3. 22.4.1.3. Network address translation and ping
        2. 22.4.2. traceroute
          1. 22.4.2.1. Packet filtering characteristics of traceroute
          2. 22.4.2.2. Proxying characteristics of traceroute
          3. 22.4.2.3. Network address translation and traceroute
        3. 22.4.3. Other ICMP Packets
          1. 22.4.3.1. Packet filtering characteristics of ICMP
        4. 22.4.4. Summary of Recommendations for ICMP
      5. 22.5. Network Time Protocol (NTP)
        1. 22.5.1. Packet Filtering Characteristics of NTP
        2. 22.5.2. Proxying Characteristics of NTP
        3. 22.5.3. Network Address Translation Characteristics of NTP
        4. 22.5.4. Configuring NTP to Work with a Firewall
        5. 22.5.5. Summary of Recommendations for NTP
      6. 22.6. File Synchronization
        1. 22.6.1. rdist
        2. 22.6.2. rsync
          1. 22.6.2.1. Packet filtering characteristics of rsync
          2. 22.6.2.2. Proxying characteristics of rsync
          3. 22.6.2.3. Network address translation characteristics of rsync
        3. 22.6.3. Windows NT Directory Replication
        4. 22.6.4. Windows 2000 File Replication Service (FRS)
        5. 22.6.5. Summary of Recommendations for File Synchronization
      7. 22.7. Mostly Harmless Protocols
        1. 22.7.1. Packet Filtering Characteristics of Mostly Harmless Protocols
        2. 22.7.2. Proxying Characteristics of Mostly Harmless Protocols
        3. 22.7.3. Network Address Translation Characteristics of Mostly Harmless Protocols
        4. 22.7.4. Summary Recommendations for Mostly Harmless Protocols
    11. 23. Databases and Games
      1. 23.1. Databases
        1. 23.1.1. Locating Database Servers
          1. 23.1.1.1. Putting both the web server and the database on the perimeter network
          2. 23.1.1.2. Putting both the web server and the database on the internal network
          3. 23.1.1.3. Using the database's protocols to connect to a perimeter web server
          4. 23.1.1.4. Using a custom protocol to connect to a perimeter web server
        2. 23.1.2. Open Database Connectivity (ODBC) and Java Database Connectivity ( JDBC)
        3. 23.1.3. Oracle SQL*Net and Net8
          1. 23.1.3.1. Security implications of SQL*Net and Net8
          2. 23.1.3.2. Packet filtering characteristics of SQL*Net and Net8
          3. 23.1.3.3. Proxying characteristics of SQL*Net and Net8
          4. 23.1.3.4. Network address translation characteristics of SQL*Net and Net8
          5. 23.1.3.5. Summary of recommendations for SQL*Net and Net8
        4. 23.1.4. Tabular Data Stream (TDS)
        5. 23.1.5. Sybase
          1. 23.1.5.1. Packet filtering characteristics of Sybase
          2. 23.1.5.2. Proxying characteristics of Sybase
          3. 23.1.5.3. Network address translation characteristics of Sybase
          4. 23.1.5.4. Summary of recommendations for Sybase
        6. 23.1.6. Microsoft SQL Server
          1. 23.1.6.1. Packet filtering characteristics of Microsoft SQL Server
          2. 23.1.6.2. Proxying characteristics of Microsoft SQL Server
          3. 23.1.6.3. Network address translation and Microsoft SQL Server
          4. 23.1.6.4. Summary of recommendations for Microsoft SQL Server
      2. 23.2. Games
        1. 23.2.1. Quake
        2. 23.2.2. Summary of Recommendations for Games
    12. 24. Two Sample Firewalls
      1. 24.1. Screened Subnet Architecture
        1. 24.1.1. Service Configuration
          1. 24.1.1.1. HTTP and HTTPS
          2. 24.1.1.2. SMTP
          3. 24.1.1.3. Telnet
          4. 24.1.1.4. SSH
          5. 24.1.1.5. FTP
          6. 24.1.1.6. NNTP
          7. 24.1.1.7. DNS
        2. 24.1.2. Packet Filtering Rules
          1. 24.1.2.1. Interior router
          2. 24.1.2.2. Exterior router
        3. 24.1.3. Other Configuration Work
        4. 24.1.4. Analysis
          1. 24.1.4.1. Least privilege
          2. 24.1.4.2. Defense in depth
          3. 24.1.4.3. Choke point
          4. 24.1.4.4. Weakest link
          5. 24.1.4.5. Fail-safe stance
          6. 24.1.4.6. Universal participation
          7. 24.1.4.7. Diversity of defense
          8. 24.1.4.8. Simplicity
        5. 24.1.5. Conclusions
      2. 24.2. Merged Routers and Bastion Host Using General-Purpose Hardware
        1. 24.2.1. Service Configuration
          1. 24.2.1.1. HTTP and HTTPS
          2. 24.2.1.2. SMTP
          3. 24.2.1.3. Telnet
          4. 24.2.1.4. SSH
          5. 24.2.1.5. FTP
          6. 24.2.1.6. NNTP
          7. 24.2.1.7. DNS
        2. 24.2.2. Packet Filtering Rules
        3. 24.2.3. Other Configuration Work
        4. 24.2.4. Analysis
          1. 24.2.4.1. Least privilege
          2. 24.2.4.2. Defense in depth
          3. 24.2.4.3. Choke point
          4. 24.2.4.4. Weakest link
          5. 24.2.4.5. Fail-safe stance
          6. 24.2.4.6. Universal participation
          7. 24.2.4.7. Diversity of defense
          8. 24.2.4.8. Simplicity
        5. 24.2.5. Conclusions
  6. IV. Keeping Your Site Secure
    1. 25. Security Policies
      1. 25.1. Your Security Policy
        1. 25.1.1. What Should a Security Policy Contain?
          1. 25.1.1.1. Explanations
          2. 25.1.1.2. Everybody's responsibilities
          3. 25.1.1.3. Regular language
          4. 25.1.1.4. Enforcement authority
          5. 25.1.1.5. Provision for exceptions
          6. 25.1.1.6. Provision for reviews
          7. 25.1.1.7. Discussion of specific security issues
        2. 25.1.2. What Should a Security Policy Not Contain?
          1. 25.1.2.1. Technical details
          2. 25.1.2.2. Somebody else's problems
          3. 25.1.2.3. Problems that aren't computer security problems
      2. 25.2. Putting Together a Security Policy
        1. 25.2.1. What Is Your Security Policy?
        2. 25.2.2. What Is Your Site's Security Policy?
        3. 25.2.3. External Factors That Influence Security Policies
      3. 25.3. Getting Strategic and Policy Decisions Made
        1. 25.3.1. Enlist Allies
        2. 25.3.2. Involve Everybody Who's Affected
        3. 25.3.3. Accept "Wrong" Decisions
        4. 25.3.4. Present Risks and Benefits in Different Ways for Different People
        5. 25.3.5. Avoid Surprises
        6. 25.3.6. Condense to Important Decisions, with Implications
        7. 25.3.7. Justify Everything Else in Terms of Those Decisions
        8. 25.3.8. Emphasize that Many Issues Are Management and Personnel Issues, not Technical Issues
        9. 25.3.9. Don't Assume That Anything Is Obvious
      4. 25.4. What If You Can't Get a Security Policy?
    2. 26. Maintaining Firewalls
      1. 26.1. Housekeeping
        1. 26.1.1. Backing Up Your Firewall
        2. 26.1.2. Managing Your Accounts
        3. 26.1.3. Managing Your Disk Space
      2. 26.2. Monitoring Your System
        1. 26.2.1. Special-Purpose Monitoring Devices
        2. 26.2.2. Intrusion Detection Systems
        3. 26.2.3. What Should You Watch For?
        4. 26.2.4. The Good, the Bad, and the Ugly
        5. 26.2.5. Responding to Probes
        6. 26.2.6. Responding to Attacks
      3. 26.3. Keeping up to Date
        1. 26.3.1. Keeping Yourself up to Date
          1. 26.3.1.1. Mailing lists
          2. 26.3.1.2. Newsgroups
          3. 26.3.1.3. Web sites
          4. 26.3.1.4. Professional forums
        2. 26.3.2. Keeping Your Systems up to Date
      4. 26.4. How Long Does It Take?
      5. 26.5. When Should You Start Over?
    3. 27. Responding to Security Incidents
      1. 27.1. Responding to an Incident
        1. 27.1.1. Evaluate the Situation
        2. 27.1.2. Start Documenting
        3. 27.1.3. Disconnect or Shut Down, as Appropriate
        4. 27.1.4. Analyze and Respond
        5. 27.1.5. Make "Incident in Progress" Notifications
          1. 27.1.5.1. Your own organization
          2. 27.1.5.2. CERT-CC or other incident response teams
          3. 27.1.5.3. Vendors and service providers
          4. 27.1.5.4. Other sites
        6. 27.1.6. Snapshot the System
        7. 27.1.7. Restore and Recover
        8. 27.1.8. Document the Incident
      2. 27.2. What to Do After an Incident
      3. 27.3. Pursuing and Capturing the Intruder
      4. 27.4. Planning Your Response
        1. 27.4.1. Planning for Detection
        2. 27.4.2. Planning for Evaluation of the Incident
        3. 27.4.3. Planning for Disconnecting or Shutting Down Machines
        4. 27.4.4. Planning for Notification of People Who Need to Know
          1. 27.4.4.1. Your own organization
          2. 27.4.4.2. CERT-CC and other incident response teams
          3. 27.4.4.3. Vendors and service providers
          4. 27.4.4.4. Other sites
        5. 27.4.5. Planning for Snapshots
        6. 27.4.6. Planning for Restoration and Recovery
        7. 27.4.7. Planning for Documentation
        8. 27.4.8. Periodic Review of Plans
      5. 27.5. Being Prepared
        1. 27.5.1. Backing Up Your Filesystems
        2. 27.5.2. Labeling and Diagramming Your System
        3. 27.5.3. Keeping Secured Checksums
        4. 27.5.4. Keeping Activity Logs
        5. 27.5.5. Keeping a Cache of Tools and Supplies
        6. 27.5.6. Testing the Reload of the Operating System
        7. 27.5.7. Doing Drills
  7. V. Appendixes
    1. A. Resources
      1. A.1. Web Pages
        1. A.1.1. Telstra
        2. A.1.2. CERIAS
        3. A.1.3. The Linux Documentation Project
        4. A.1.4. The Linux Router Project
      2. A.2. FTP Sites
        1. A.2.1. cerias.purdue.edu
        2. A.2.2. info.cert.org
      3. A.3. Mailing Lists
        1. A.3.1. Firewalls
        2. A.3.2. Firewall Wizards
        3. A.3.3. FWTK-USERS
        4. A.3.4. BugTraq
        5. A.3.5. NTBugTraq
        6. A.3.6. CERT-Advisory
        7. A.3.7. RISKS
      4. A.4. Newsgroups
      5. A.5. Response Teams
        1. A.5.1. CERT-CC
        2. A.5.2. FIRST
        3. A.5.3. NIST CSRC
      6. A.6. Other Organizations
        1. A.6.1. Internet Engineering Task Force (IETF)
        2. A.6.2. World Wide Web Consortium (W3C)
        3. A.6.3. USENIX Association
        4. A.6.4. System Administrators Guild (SAGE)
        5. A.6.5. System Administration, Networking, and Security (SANS) Institute
      7. A.7. Conferences
        1. A.7.1. USENIX Association Conferences
          1. A.7.1.1. USENIX Unix Security Symposium
          2. A.7.1.2. USENIX System Administration (LISA) Conference
          3. A.7.1.3. USENIX Large Installation System Administration of Windows NT (LISA-NT) Conference
          4. A.7.1.4. USENIX Technical Conferences
        2. A.7.2. Unix System Administration, Networking, and Security (SANS) Conference
        3. A.7.3. Internet Society Symposium on Network and Distributed System Security (SNDSS)
      8. A.8. Papers
      9. A.9. Books
    2. B. Tools
      1. B.1. Authentication Tools
        1. B.1.1. TIS Internet Firewall Toolkit (FWTK)
        2. B.1.2. Kerberos
      2. B.2. Analysis Tools
        1. B.2.1. COPS
        2. B.2.2. Tiger
        3. B.2.3. Tripwire
        4. B.2.4. SATAN
        5. B.2.5. SAINT
      3. B.3. Packet Filtering Tools
        1. B.3.1. ipfilter
      4. B.4. Proxy Systems Tools
        1. B.4.1. TIS Internet Firewall Toolkit (FWTK)
        2. B.4.2. SOCKS
        3. B.4.3. UDP Packet Relayer
        4. B.4.4. tircproxy
      5. B.5. Daemons
        1. B.5.1. wuarchive ftpd
        2. B.5.2. GateD
        3. B.5.3. Zebra
        4. B.5.4. Postfix
        5. B.5.5. qmail
        6. B.5.6. smail
        7. B.5.7. portmap
        8. B.5.8. Andrew File System (AFS)
        9. B.5.9. rsync
        10. B.5.10. Samba
        11. B.5.11. ssh
        12. B.5.12. BO2K
        13. B.5.13. mIRC
      6. B.6. Utilities
        1. B.6.1. TIS Internet Firewall Toolkit (FWTK)
        2. B.6.2. TCP Wrapper
        3. B.6.3. chrootuid
        4. B.6.4. inzider
        5. B.6.5. MRTG
        6. B.6.6. NOCOL
        7. B.6.7. NetCat
        8. B.6.8. NetSaint
        9. B.6.9. PGP
        10. B.6.10. trimlog
        11. B.6.11. AntiSniff
        12. B.6.12. tcpdump
    3. C. Cryptography
      1. C.1. What Are You Protecting and Why?
      2. C.2. Key Components of Cryptographic Systems
        1. C.2.1. Encryption
          1. C.2.1.1. Kinds of encryption algorithms
          2. C.2.1.2. Encryption algorithms and key length
        2. C.2.2. Cryptographic Hashes, Checksums, and Message Digests
        3. C.2.3. Integrity Protection
        4. C.2.4. Random Numbers
      3. C.3. Combined Cryptography
        1. C.3.1. Digital Signatures
        2. C.3.2. Certificates
        3. C.3.3. Certificate Trust Models
        4. C.3.4. Key Distribution and Exchange
      4. C.4. What Makes a Protocol Secure?
        1. C.4.1. Selecting an Algorithm
        2. C.4.2. Mutual Authentication
        3. C.4.3. Sharing a Secret
        4. C.4.4. Identifying Altered Messages
        5. C.4.5. Destroying the Shared Secret
      5. C.5. Information About Algorithms
        1. C.5.1. Encryption Algorithms
        2. C.5.2. Digital Signature Algorithms
        3. C.5.3. Cryptographic Hashes and Message Digests
        4. C.5.4. Key Exchange
        5. C.5.5. Key Sizes and Strength
        6. C.5.6. Evaluating Other Algorithms
  8. Index
  9. About the Authors
  10. Colophon
  11. Copyright