ch27.htm

Maximum Security (First Edition) 网络安全 英文版

	that provides PCs and workstations with secure authentication.
</UL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>Check out SunScreen SKIP
	online at <A HREF="http://www.sun.com/security/skip.html"><TT>http://www.sun.com/security/skip.html</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>
<P><B>IBM Internet Connection Secured Network Gateway</B></P>
<P>Company: Internal Business Machines (IBM)</P>
<P>Specs: <A HREF="http://www.ics.raleigh.ibm.com/firewall/info.htm"><TT>http://www.ics.raleigh.ibm.com/firewall/info.htm</TT></A></P>
<P>Home: <A HREF="http://www.ics.raleigh.ibm.com/firewall/overview.htm"><TT>http://www.ics.raleigh.ibm.com/firewall/overview.htm</TT></A><TT></TT></P>
<P>This product is designed for AIX. Like Sun's SunScreen product line, it is capable
of hiding the IPs of your internal network. It supports application proxies and has
exceptional logging and reporting capabilities, as well as isolated Web services.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>For an extremely comprehensive
	study of IBM's Internet Connection Secured Network Gateway, visit <A HREF="http://www.ncsa.com/fpfs/ibm.html at NCSA"><TT>http://www.ncsa.com/fpfs/ibm.html</TT>
	at NCSA</A>. 
<HR>


</BLOCKQUOTE>

<P>
<P><B>Cisco PIX Firewall</B></P>
<P>Company: Cisco Systems</P>
<P>Specs: <A HREF="http://www.cisco.com/univercd/data/doc/cintrnet/prod_cat/pcpix.htm"><TT>http://www.cisco.com/univercd/data/doc/cintrnet/prod_cat/pcpix.htm</TT></A></P>
<P>Home: <A HREF="http://www.cisco.com"><TT>http://www.cisco.com</TT></A><TT></TT></P>
<P>This firewall relies not on application proxies (which can consume additional
network resources and CPU time) but instead on a secure operating system within the
hardware component itself. Special features include an HTML configuration and administration
control tool, IP concealment and non-translation, easy configuration, and support
for 16,000 instant connections.
<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>Firewalls now comprise the most commonly accepted method of protecting a network
and, for the most part, seem to be impenetrable when attacked by 95 percent of the
cracking community. Moreover, firewall technology is yet in its infancy. Nevertheless,
firewalls have been cracked in the past. It is also worth noting that some firewalls
can raise security issues themselves. For example, it was recently found that the
Gopher proxy in a Raptor product can, under certain circumstances, leave a Windows
NT server vulnerable to a denial-of-service attack. (The CPU climbs to near 100 percent
utilization.)</P>
<P>The future of firewall technology is a very interesting field indeed. However,
if you have truly sensitive data to protect (and it must be connected to the Internet),
I advise against using a firewall (commercial or otherwise) as your only means of
defense.
<H3><FONT COLOR="#000077"><B>Resources</B></FONT></H3>
<P><B>Internet Firewalls and Network Security (Second Edition).</B> Chris Hare and
Karanjit Siyan. New Riders. ISBN: 1-56205-632-8. 1996.</P>
<P><B>Internet Firewalls.</B> Scott Fuller and Kevin Pagan. Ventana Communications
Group Inc. ISBN: 1-56604-506-1. 1997.</P>
<P><B>Building Internet Firewalls.</B> D. Brent Chapman and Elizabeth D. Zwicky.
O'Reilly &amp; Associates. ISBN: 1-56592-124-0. 1995.</P>
<P><B>Firewalls and Internet Security : Repelling the Wily Hacker.</B> William R.
Cheswick and Steven M. Bellovin. Addison-Wesley Professional Computing. ISBN: 0-201-63357-4.
1994.</P>
<P><B>Actually Useful Internet Security Techniques.</B> Larry J. Hughes, Jr. New
Riders. ISBN: 1-56205-508-9. 1995.</P>
<P><B>Internet Security Resource Library: Internet Firewalls and Network Security,
Internet Security Techniques, Implementing Internet Security.</B> New Riders. ISBN:
1-56205-506- 2. 1995.</P>
<P><B>Firewalls FAQ.</B> Marcus J. Ranum.

<UL>
	<LI><A HREF="http://www.cis.ohio-state.edu/hypertext/faq/usenet/firewalls-faq/faq.html"><TT>http://www.cis.ohio-state.edu/hypertext/faq/usenet/firewalls-faq/faq.html</TT></A>
</UL>

<P><B>NCSA Firewall Policy Guide.</B> Compiled by Stephen Cobb, Director of Special
Projects. National Computer Security Association.

<UL>
	<LI><A HREF="http://www.ncsa.com/fwpg_p1.html"><TT>http://www.ncsa.com/fwpg_p1.html</TT></A>
</UL>

<P><B>Comparison: Firewalls.</B> Comprehensive comparison of a wide variety of firewall
products. <I>LANTimes</I>. June 17, 1996.

<UL>
	<LI><A HREF="http://www.lantimes.com/lantimes/usetech/compare/pcfirewl.html"><TT>http://www.lantimes.com/lantimes/usetech/compare/pcfirewl.html</TT></A>
</UL>

<P><B>There Be Dragons.</B> Steven M. Bellovin. Proceedings of the Third Usenix UNIX
Security Symposium, Baltimore, September 1992. AT&amp;T Bell Laboratories, Murray
Hill, NJ. August 15, 1992.</P>
<P><B>Rating of Application Layer Proxies.</B> Michael Richardson.

<UL>
	<LI><A HREF="http://www.sandelman.ottawa.on.ca/SSW/proxyrating/proxyrating.html"><TT>http://www.sandelman.ottawa.on.ca/SSW/proxyrating/proxyrating.html</TT></A>
</UL>

<P><B>Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls.</B>
John P. Wack and Lisa J. Carnahan. National Institute of Standards and Technology.

<UL>
	<LI><A HREF="http://csrc.ncsl.nist.gov/nistpubs/800-10/"><TT>http://csrc.ncsl.nist.gov/nistpubs/800-10/</TT></A>
</UL>

<P><B>SQL*Net and Firewalls.</B> David Sidwell and Oracle Corporation.

<UL>
	<LI><A HREF="http://www.zeuros.co.uk/firewall/library/oracle-and-fw.pdf"><TT>http://www.zeuros.co.uk/firewall/library/oracle-and-fw.pdf</TT></A>
</UL>

<P><B>Covert Channels in the TCP/IP Protocol Suite.</B> Craig Rowland. Rotherwick
&amp; Psionics Software Systems Inc.

<UL>
	<LI><A HREF="http://www.zeuros.co.uk/firewall/papers.htm"><TT>http://www.zeuros.co.uk/firewall/papers.htm</TT></A>
</UL>

<P><B>If You Can Reach Them, They Can Reach You.</B> William Dutcher. A PC Week Online
Special Report, June 19, 1995.

<UL>
	<LI><A HREF="http://www.pcweek.com/sr/0619/tfire.html"><TT>http://www.pcweek.com/sr/0619/tfire.html</TT></A>
</UL>

<P><B>Packet Filtering for Firewall Systems.</B> February 1995. CERT (and Carnegie
Mellon University).

<UL>
	<LI><A HREF="ftp://info.cert.org/pub/tech_tips/packet_filtering"><TT>ftp://info.cert.org/pub/tech_tips/packet_filtering</TT></A>
</UL>

<P><B>Network Firewalls.</B> Steven M. Bellovin and William R. Cheswick. IEEECM,
32(9), pp. 50-57, September 1994.</P>
<P><B>Session-Layer Encryption.</B> Matt Blaze and Steve Bellovin. Proceedings of
the Usenix Security Workshop, June 1995.</P>
<P><B>A Network Perimeter With Secure External Access.</B> Frederick M. Avolio and
Marcus J. Ranum. An extraordinary paper that details the implementation of a firewall
purportedly at the White House.

<UL>
	<LI><A HREF="http://www.alw.nih.gov/Security/FIRST/papers/firewall/isoc94.ps"><TT>http://www.alw.nih.gov/Security/FIRST/papers/firewall/isoc94.ps</TT></A>
</UL>

<P><B>Packets Found on an Internet.</B> Steven M. Bellovin. Lambda. Interesting analysis
of packets appearing at the application gateway of AT&amp;T.

<UL>
	<LI><A HREF="ftp://ftp.research.att.com/dist/smb/packets.ps"><TT>ftp://ftp.research.att.com/dist/smb/packets.ps</TT></A>
</UL>

<P><B>Using Screend to Implement TCP/IP Security Policies.</B> Jeff Mogul. Rotherwick
and Digital.

<UL>
	<LI><A HREF="http://www.zeuros.co.uk/firewall/library/screend.ps"><TT>http://www.zeuros.co.uk/firewall/library/screend.ps</TT></A>
</UL>

<P><B>Firewall Application Notes.</B> Livingston Enterprises, Inc. Good document
that starts by describing how to build a firewall. It also addresses application
proxies, Sendmail in relation to firewalls, and the characteristics of a bastion
host.

<UL>
	<LI><A HREF="http://www.telstra.com.au/pub/docs/security/firewall-1.1.ps.Z"><TT>http://www.telstra.com.au/pub/docs/security/firewall-1.1.ps.Z</TT></A>
</UL>

<P><B>X Through the Firewall, and Other Application Relays.</B> Treese/Wolman. Digital
Equipment Corp. Cambridge Research Lab.

<UL>
	<LI><A HREF="ftp://crl.dec.com/pub/DEC/CRL/tech-reports/93.10.ps.Z"><TT>ftp://crl.dec.com/pub/DEC/CRL/tech-reports/93.10.ps.Z</TT></A>
</UL>

<P><B>Intrusion Protection for Networks 171.</B> <I>BYTE Magazine</I>. April, 1995.</P>
<P><B>Benchmarking Methodology for Network Interconnect Devices (RFC 1944).</B> S.
Bradner and J. McQuaid.

<UL>
	<LI><A HREF="ftp://ds.internic.net/rfc/rfc1944.txt"><TT>ftp://ds.internic.net/rfc/rfc1944.txt</TT></A>
</UL>

<P><B>Firewall Performance Measurement Techniques: A Scientific Approach.</B> Marcus
Ranum.

<UL>
	<LI><A HREF="http://www.v-one.com/pubs/perf/approaches.htm"><TT>http://www.v-one.com/pubs/perf/approaches.htm</TT></A>
</UL>

<P><B>Warding Off the Cyberspace Invaders.</B> Amy Cortese. <I>Business Week</I>.
03/13/95.</P>
<P><B>Vulnerability in Cisco Routers Used as Firewalls.</B> Computer Incident Advisory
Capability Advisory: Number D-15.

<UL>
	<LI><A HREF="http://ciac.llnl.gov/ciac/bulletins/d-15.shtml"><TT>http://ciac.llnl.gov/ciac/bulletins/d-15.shtml</TT></A>
</UL>

<P><B>WAN-Hacking with AutoHack--Auditing Security behind the Firewall.</B> Alec
D.E. Muffett. Written by the author of Crack, the famous password-cracking program.
Extraordinary document that deals with methods of auditing security from behind a
firewall (and auditing of a network so large that it contained tens of thousands
of hosts).

<UL>
	<LI><A HREF="http://solar.net.ncu.edu.tw/~jslee/me/docs/muffett-autohack.ps"><TT>http://solar.net.ncu.edu.tw/~jslee/me/docs/muffett-autohack.ps</TT></A>
</UL>

<P><B>Windows NT Firewalls Are Born.</B> <I>PC Magazine</I>. February 4, 1997.

<UL>
	<LI><A HREF="http://www.pcmagazine.com/features/firewall/_open.htm"><TT>http://www.pcmagazine.com/features/firewall/_open.htm</TT></A>
</UL>

<P><B>IP v6 Release and Firewalls.</B> Uwe Ellermann. 14th Worldwide Congress on
Computer and Communications Security. Protection, pp. 341-354, June 1996.</P>
<P><B>The SunScreen Product Line Overview.</B> Sun Microsystems.

<UL>
	<LI><A HREF="http://www.sun.com/security/overview.html"><TT>http://www.sun.com/security/overview.html</TT></A>
</UL>

<P><B>Product Overview for IBM Internet Connection Secured Network Gateway for AIX,
Version 2.2.</B> IBM firewall information.

<UL>
	<LI><A HREF="http://www.ics.raleigh.ibm.com/firewall/overview.htm"><TT>http://www.ics.raleigh.ibm.com/firewall/overview.htm</TT></A>
</UL>

<P><B>The Eagle Firewall Family.</B> Raptor firewall information.

<UL>
	<LI><A HREF="http://www.raptor.com/products/brochure/40broch.html"><TT>http://www.raptor.com/products/brochure/40broch.html</TT></A>
</UL>

<P><B>Secure Computing Firewall</B>&amp;tm;<B> for NT.</B> Overview. Secure Computing.

<UL>
	<LI><A HREF="http://www.sctc.com/NT/HTML/overview.html"><TT>http://www.sctc.com/NT/HTML/overview.html</TT></A>
</UL>

<P><B>Check Point FireWall-1 Introduction.</B> Check Point Technologies firewall
information.

<UL>
	<LI><A HREF="http://www.checkpoint.com/products/firewall/intro.html"><TT>http://www.checkpoint.com/products/firewall/intro.html</TT></A>
</UL>

<P><B>Cisco PIX Firewall.</B> Cisco Systems firewall information.

<UL>
	<LI><A HREF="http://www.cisco.com/univercd/data/doc/cintrnet/prod_cat/pcpix.htm"><TT>http://www.cisco.com/univercd/data/doc/cintrnet/prod_cat/pcpix.htm</TT></A>
</UL>

<P><B>Protecting the Fortress From Within and Without.</B> R. Scott Raynovich. <I>LAN
Times</I>. April 1996.

<UL>
	<LI><A HREF="http://www.wcmh.com/lantimes/96apr/604c051a.html"><TT>http://www.wcmh.com/lantimes/96apr/604c051a.html</TT></A>
</UL>

<P><B>Internet Firewalls: An Introduction.</B> Firewall white paper. NMI Internet
Expert Services.

<UL>
	<LI><A HREF="http://www.netmaine.com/netmaine/whitepaper.html"><TT>http://www.netmaine.com/netmaine/whitepaper.html</TT></A>
</UL>

<P><B>Features of the Centri</B><FONT SIZE="1"><SUP>TM</SUP></FONT><B> Firewall.</B>
Centri firewall information.

<UL>
	<LI><A HREF="http://www.gi.net/security/centrifirewall/features.html"><TT>http://www.gi.net/security/centrifirewall/features.html</TT></A>
</UL>

<P><B>Five Reasons Why an Application Gateway Is the Most Secure Firewall.</B> Global
Internet.

<UL>
	<LI><A HREF="http://www.gi.net/security/centrifirewall/fivereasons.html"><TT>http://www.gi.net/security/centrifirewall/fivereasons.html</TT></A>
</UL>

<CENTER>
<P>
<HR>
<A HREF="../ch26/ch26.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch28/ch28.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>