Authors: William Cheswick, Steven M. Bellovin and Aviel D. Rubin
Pages: 464
Publisher: Addison-Wesley
ISBN: 020163466X



Available for download is chapter 2 entitled "A Security Review of Protocols: Lower Layers".

Introduction

The first edition of "Firewalls and Internet Security" was written by William R. Cheswick and Steven M. Bellovin and was based on their experience administering the firewalls at AT&T. After the book appeared at the 1994 Las Vegas Interop, it became a bestseller, which gave a big possibility for an update in the way of a second edition. Now, almost nine years after the first print, Cheswick and Bellovin teamed with another noted expert, Aviel Rubin, and released the awaited "sequel" to the original book. This release can be called a sequel, as it is nearly a complete rewrite of the first edition. As the authors note - "The approach is different, and so are many of the technical details. Most people don't build their own firewalls anymore. There are far more Internet users, and the economic stakes are higher. The Internet is a factor in warfare."

About the authors

William R. Cheswick is Chief Scientist at Lumeta Corporation, which protects clients' network infrastructures from sabotage by mapping their intranets. Formerly he was a senior researcher at AT&T Bell Laboratories, doing pioneering work on firewall design and implementation and on PC viruses, mailers, Internet munitions, and the Plan 9 operating system.

Steven M. Bellovin is a senior researcher at AT&T Bell Laboratories, where he has designed and maintained AT&T's Internet gateway. One of the quotes from his web site, explains more about Steven's computers history - "While a graduate student, I helped create USENET." Also, Steven was a co-author for the first edition of this book.

Aviel D. Rubin is an Associate Professor of Computer Science at Johns Hopkins University, and has been appointment as the Technical Director of the Hopkins Information Security Institute. Mr. Rubin is a recognized expert in computer security; he serves on the USENIX board of directors and is coauthor of "Web Security Sourcebook".

An interview with Aviel Rubin is available here.

Inside the book

"Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition", which is the full title of this book, will contain six thematical parts which will be spread over 460 pages. I'm using the future tense here, as at time of writing this review, the book was not yet published. The manuscript we received had December 2002 imprinted inside, but the differences between the reviewed manuscript and the final print will be just of a cosmetical nature.

As the perfect opening for this kind of book, the authors give a security overview of TCP/IP protocol suite. Many of the books start with protocol descriptions, but this book is slightly different as it focuses on security perspectives of the commonly used protocols. The first part of the book contains the security review of lower and upper layers, where appropriate protocols and applications are looked into. The following twenty pages long chapter scratches the surface of the Web security, briefly describing risks for both clients and servers.

After the introductionary "Getting started" part of the book, the authors focus on the security threats and divide them on classes of attacks and ways the attacks can be made. Some of the possible scenarios described include: password issues, protocol failures, social engineering, exponential attacks (worms, viruses) and denial of service (DoS) attacks. The descriptions are not thorough, but present a brief overview with some useful examples. The DoS security issues receive a bit more coverage than the other attacks, as Distributed Denial of Service (DDoS) attacks and some practical workarounds for them are being considered. Tools briefly mentioned in this chapter include Crack, Nessus, Dsniff, Nmap, Nbaudit and Juggernaut.

"Safer Tools and Services" is the third part of this book. In the same manner as the rest of this book, authors go into various information security topics, discuss them briefly and move forward. Authentications basics and methods like passwords, biometrics and smart cards are mentioned in the context of proving identity being a corner stone of any security process. As the authors don't think much about the security of the standard network services, a chapter is dedicated to taming some of the mostly used ones (Named, Apache, SSL etc).

After the first three parts of "Firewalls and Internet Security" talked about Internet security, the fourth part goes deeper into firewalls and Virtual Private Networks. Authors in this part introduce various types of firewalls and filtering techniques. As expected, this part of the book goes deeper into various technical aspects related to firewalls, including:

• Kinds of Firewalls
• Filtering Services
• Firewall Engineering
• Tunneling and VPN

An especially interesting section of this part of the book helps readers into building their own firewalls from scratch. Both personal firewalls and firewalls meant to work in a corporate environment are covered. Virtual Private Networks are mentioned within the next ten pages. Topics talked about in the fifth part of the book include examining the problems and practices on modern intranets, deploying a hacking-resistant host and intrusion detection.

Part six, titled "Lessons Learned", is a reprint of Cheswick's 1992 Winter USENIX Conference paper titled "An Evening With Berferd, in which a Hacker is Lured, Endured, and Studied". If you like reading actual old school "hacking" stories, this part is a must, as it deals with Cheswick playing with an intruder on one of his systems. As a piece of interesting trivia, well known security expert Wietse Venema, back then working at Eindhoven University, helped Cheswick by calling one of the attacker's mothers, saying what kind of activities her son is taking a part at.

What I think of it

The title of the book, "Firewalls and Internet Security" may point someone into believing that the book is about firewalls and their part in the Internet Security sphere. That is not true, as the book provides a great deal of information on a wide specter of security topics. Written by an impressive trio of Information Security experts, this book is a well-done sequel to the "classic".