Frederick M. Avolio, Marcus J. Ranum,
A Network Perimeter With Secure External Access
Abstract: A private network that carries sensitive data
between local computers requires proper security measures to
protect the privacy and integrity of the traffic. When such a
network is connected to other networks, or when telephone access
is allowed into that network, the remote terminals, phone lines,
and other connections become extensions to that private network
and must be protected accordingly. In addition, the private
network must be protected from outside attacks that could cause
loss of information, breakdowns in network integrity, or breaches
in security. While security is important, security measures that
are onerous or cumbersome often end up being circumvented by
legitimate users of the network in order to get their work done.
Because of this, usability - or "user friendliness" - in security
features is also of the utmost importance. Trusted Information
Systems, Inc. (TIS) has built a prototype system that provides
for strong user authentication, access control, and integrity
protection for unclassified but sensitive data on a private
(isolated) network (or collection of networks). Furthermore, the
prototype system supports the secure connection of the private
network to an external Internet, as well as dial-up network
connections to the private network, via a firewall and secured
links, with strong user authentication and encryption of traffic.
TIS used a combination of commercial off-the-shelf (COTS)
software and custom software for this project. This paper
summarizes the extended system configuration and functional
services, and describes the required security services and
specific protection mechanisms used to provide these
services.
Marcus J. Ranum, Frederick M. Avolio,
A Toolkit and Methods for Internet Firewalls
Abstract: As the number of businesses and government
agencies connecting to the Internet continues to increase, the
demand for Internet firewalls - points of security guarding a
private network from intrusion - has created a demand for
reliable tools from which to build them. We present the TIS
Internet Firewall Toolkit, which consists of software modules and
configuration guidelines developed in the course of a broader
ARPA-sponsored project. Components of the toolkit, while designed
to work together, can be used in isolation or can be combined
with other firewall components. The Firewall Toolkit software
runs on UNIX file systems using TCP/IP with the Berkeley socket
interface. We describe the Firewall Toolkit and the reasoning
behind some of its design decisions, discuss some of the ways in
which it may be configured, and conclude with some observations
as to how it has served in practice.
Bill Cheswick,
The Design of a Secure Gateway
Abstract: The Internet supports a vast growing community
of computers users around the world. Unfortunately, this network
can provide anonymous access to this community by the
unscrupulous, careless, or dangerous. On any given Internet there
is a certain percentage of poorly-maintained systems. AT&T
has a large internal Internet that we wish to protect from
outside attacks, while providing useful services between the two.
This paper describes our Internet Gateway. It is an
application-level gateway that passes mail and many of the common
Internet services between our internal machines and the Internet.
This is accomplished without IP connectivity using a pair of
machines: a trusted internal machine and an untrusted external
gateway. These are connected by a private link. The internal
machine provides a few carefully-guarded services to the external
gateway. This configuration helps protect the internal Internet
even if the external machine is fully compromised.
D. Brent Chapman,
Network (In)Security Through IP Packet Filtering
Abstract: Ever-increasing numbers of IP router products
are offering packet filtering as a tool for improving network
security. Used properly, packet filtering is a useful tool for he
security-conscious network administrator, but its effective use
requires a thorough understanding of its capabilities and
weaknesses, and of the quirks of the particular protocols that
filters are being applied to. This paper examines the utility of
IP packet filtering as a network security measure, briefly
contrasts IP packet filtering to alternative network security
approaches such as application-level gateways, describes what
packet filters might examine in each packet, and describes the
characteristics of common application protocols as they relate to
packet filtering. The paper then identifies and examines problems
common to many current packet filtering implementations, shows
how these problems can easily undermine the network
administrator's intents and lead to a false sense of security,
and proposes solutions to these problems. Finally, the paper
concludes that packet filtering is currently a viable network
security mechanism, but that its utility could be greatly
improved with the extensions proposed in the paper.
Fwalls-FAQ@tis.com,
Internet
Firewalls Frequently Asked Questions
Abstract: A firewall is any one of several ways of
protecting one network from another untrusted network. This
document is intended to answer the FAQ about Firewalls.
Livingston Enterprises
Inc.,
Firewall Application Notes
Abstract: These instructions are intended for use by
experienced system administrators who are familiar with firewall
concepts but don't have time to research all the details
themselves. It is not intended as a tutorial, an entire book
would be needed for that and as soon as one is written we'll
mention it prominently. Nor is this intended to be an exhaustive
discussion of the pros and cons of various kinds of firewalls,
for that you should read Bellovin & Cheswick's Firewalls and
Internet Security.
Marcus J. Ranum,
Thinking About Firewalls
Abstract: Many companies connect to the Internet, guarded
by "firewalls" designed to prevent unauthorized access to their
private networks. Despite this general goal, firewalls span a
continuum between ease of use and security. This paper describes
some of the considerations and tradeoffs in designing firewalls.
A vocabulary for firewalls and their components is offered, to
provide a common ground for discussion.
Marcus J. Ranum,
A Network Firewall
Abstract: Information is the lifeblood of the computer
age, and network connectivity is crucial to day-to-day business.
Connecting a private, corporate network to the Internet is not
acceptable without some form of secure gateway acting as a
firewall between the two networks, to prevent miscreants and
unwelcome visitors from accessing hosts on the private network.
In the case of a software or hardware vendor, source code, CAD
diagrams, and other product-specific information must be kept
secret. Hospitals and insurance companies, that maintain
confidential information, or pharmaceutical research labs with
patent applications cannot afford to take chances with data
theft. A break-in over the network could do incalculable damage
in a very short time. Digital has implemented several gateways
between its corporate network and the Internet, which provide a
high degree of access while maintaining excellent security. The
gateways are composed of multiple machines acting together, and a
specially configured packet-screening machine that provides
discretionary TCP/IP access control. Software is configured
across the gateways to provide transparent USENET, SMTP mail,
FTP, and name service, while preventing direct connections
between internal machines and external machines. This paper
discusses the overall configuration, software used, and some of
the security measures that are in place. These three gateways
have been in operation for over six years, and to date no
(discovered) break-in has occurred. The importance of the
gateways is hard to estimate, since it provides a crucial link
between Digital sales and their customers, as well as maintaining
an important presence on the network.
Alec
Muffett,
Proper Care and Feeding of Firewalls
Abstract: An overview of firewalls, their components,
topology, funtion, maintainence and limitations. Discusses
security policy as a guiding force in the proper configuration of
a firewall. Security checklists are given for vulnerabilities
that should be checked on a firewall. This is not a detailed
how-to guide. It is a general overview of topics that should be
addressed during the design and upkeep of a firewall.
Robert B. Reinhardt,
An Architectural Overview of UNIX Network Security
Abstract: The goal of this paper is to present my concept
of a UNIX network security architecture based on the Internet
connectivity model and Firewall approach to implementing
security, the "UNIX- NSA Firewall Model." This model defines
seven layers of a firewall, which depict the layers of
vulnerability. This paper also provides some subjective comments
on some of the most widely known tools and methods available to
protect UNIX networks today, plus a brief discussion of the
threat and the risk.
Andrew T. Robinson,
Internet Firewalls - An Introduction
Abstract: Connecting to Internet connection will expose
some subset of your enterprise network resources, called the zone
of risk, to Internet-based attacks from any of millions of
Internet users. One way to reduce this exposure is to reduce the
zone of risk to a small number of extremely secure hosts. These
secure hosts are collectively referred to as a firewall. An
Internet firewall allows enterprise network administrators to
implement strict access controls, including strong authentication
methods such as token authentication, between the Internet and
the enterprise network.
Steven M. Bellovin,
There Be Dragons
Abstract: Our security gateway to the Internet,
research.att.com, provides only a limited set of services. Most
of the standard servers have been replaced by a variety of trap
programs that look for attacks. Using these, we have detected a
wide variety of pokes, ranging from simple doorknob-twisting to
determined assaults. The attacks range from simple attempts to
log in as guest to forged NFS packets. We believe that many other
sites are being probed but are unaware of it: the standard
network daemons do not provide administrators with either
appropriate controls and filters or with the logging necessary to
detect attacks.
G. Winfield Treese, Alec Wolman,
X Through The Firewall, And Other Application
Relays
Abstract: Organizations often impose an administrative
security policy when they connect to other organizations on a
public network such as the Internet. Many applications have their
own notions of security, or they simply rely on the security of
the underlying protocols. Using the X Window System as a case
study, we describe some techniques for building
application-specific "relays" that allow the use of applications
across organizational boundaries. In particular, we focus on
analyzing administrative and application-specific security
policies to construct solutions that satisfy the security
requirements while providing the necessary functions of the
applications.
Unknown,
Packet Filtering For Firewall Systems
Abstract: If your site isn't filtering certain TCP/IP
packets, it may not be as secure as you think it is. When the
Computer Emergency Response Team (CERT) started in 1988, it was
author's opinion that security was the responsibility of the
system and not the network. While they still believe it is
important for system managers to be aware of security issues and
to continue to be diligent in securing their systems, they
realize that this effort will not protect from the exploitation
of flawed protocols. Many of the systems affected were using the
TFTP daemon to boot X terminals locally. Filtering TFTP
connections would have protected these sites from this
attack.
Paul Traina,
Access List Examples
Abstract: A series of Perl scripts that allow one to
quickly and easily configure ACL entries for filewall
routers.
Bruce Corbridge, Robert Henig, Charles Slater,
Packet Filtering in an IP Router
Abstract: By using existing information in packet headers,
routers can provide system administrators a facility to manage
network connections between computers. Host address, network
number, interface, direction, protocol, and port number are
parameters that may be used to implement an access control
policy. We present experiences developing the packet filtering
facility in the NetBlazer dial-up IP router. We address the
sometimes conflicting design goals of efficient performance and
ease of administration by choosing internal data structures that
simplify per packet lookup and then devoting 90 per cent of our
code to implementing commands that maintain these tables in
manner that is easy for system administrators.
Herve Schauer, Christophe Wolfhugel,
An Internet Gatekeeper
Abstract: As needs for both connectivity and security
increase, it becomes necessary for organizations to build and
manage secure Internet gateways. IP is the internetworking
protocol of today. Its use continues to grow. IP is the
best-known protocol, it offers the user the best combination of
services, and it is the protocol choosen by the main
telecommunications carriers for their new services. IP is the
essential protocol at this time, and thus we are concentrating on
IP and ignoring other protocols. Effective security recommend the
use of a single common routing protocol. As the Internet becomes
more open, the number of possible kinds of risks increases, both
because input from the outside world becomes easier and because
the possibilities for output increase. We will try to list the
potential risks which must be protected against. The goal is to
obtain a reasonably open IP network with reasonnable security,
i.e. to reach a good compromise between convenience and security.
To attain this goal, we define the standard security needs of an
organization, and translate these needs into security
requirements, cookbooks for verification, and technical
solutions. This paper will show a technical solution for the
gatekeeper, but of course this is only a small part of the work.
An important effort has to be made in order to train the staff
properly in the new architecture and in its requirements. Several
other documents, generally specific to each organization,
describe all the prerequisites and daily tasks that have to be
done in order to ensure a proper and safe network service.
Annette DeSchon, Danny Cohen,
The ISI "Tunnel"
Abstract: The ISI Tunnel allows sites that are hidden
behind "firewalls", also known as "gatekeepers" or "mail
bridges", to have IP-based internet access without being open to
attacks over the Internet. The Tunnel is a special router that
provides smooth seamless internet access from a closed
environment, the "inside", to the "outside" while restricting the
access from the outside to the inside. The advantage of the
Tunnel, in comparison with traditional firewalls, is that it
supports any IP-based communication; not just terminal access,
file transfer, and electronic mail.
Jeffrey C. Mogul, Simple
and Flexible Datagram Access Controls for Unix-based
Gateways
Abstract: Internetworks that connect multiple
organizations create potential security problems that cannot be
solved simply by internal administrative procedures.
Organizations would like to restrict inter-organization access to
specific restricted hosts and applications, in order to limit the
potential for damage and to reduce the number of systems that
must be secured against attack. One way to restrict access is to
prevent certain packets from entering or leaving an organization
through its gateways. This paper describes simple, flexible, and
moderately efficient mechanisms for screening the packets that
flow through a Unix-based gateway.
Wietse
Venema,
TCP WRAPPER Network monitoring, access control, and booby
traps.
Abstract: This paper presents a simple tool to monitor and
control incoming network traffic. The tool has been successfully
used for shielding off systems and for detection of cracker
activity. It has no impact on legal computer users, and does not
require any change to existing systems software or configuration
files. The tool has been installed world-wide on numerous UNIX
systems without any source code change.
James
Hughes,
A High Speed Firewall architecture for ATM/OC-3c (A
related WWW homepage
exists for this item)
Keywords: firewall, ATM, networkd, integrity,
authenticity
Abstract: The goal of ATM is high-performance wide area
connectivity both site to site and end-point to end-point. Moving
ATM from the labs and LANs to the MANs and WANs is not possible
for many because of a lack of data stream policy, audit,
commercial privacy, data integrity and authentication with
existing ATM switches, end-points or network offerings. This
paper describes a device whose intended purpose is to add these
security features while maintaining the end-to-end
high-performance nature of ATM
Built by Mark Crosbie
and Ivan
Krsul.