Frederick M. Avolio, Marcus J. Ranum,
A Network Perimeter With Secure External Access
Abstract: A private network that carries sensitive data between local computers requires proper security measures to protect the privacy and integrity of the traffic. When such a network is connected to other networks, or when telephone access is allowed into that network, the remote terminals, phone lines, and other connections become extensions to that private network and must be protected accordingly. In addition, the private network must be protected from outside attacks that could cause loss of information, breakdowns in network integrity, or breaches in security. While security is important, security measures that are onerous or cumbersome often end up being circumvented by legitimate users of the network in order to get their work done. Because of this, usability - or "user friendliness" - in security features is also of the utmost importance. Trusted Information Systems, Inc. (TIS) has built a prototype system that provides for strong user authentication, access control, and integrity protection for unclassified but sensitive data on a private (isolated) network (or collection of networks). Furthermore, the prototype system supports the secure connection of the private network to an external Internet, as well as dial-up network connections to the private network, via a firewall and secured links, with strong user authentication and encryption of traffic. TIS used a combination of commercial off-the-shelf (COTS) software and custom software for this project. This paper summarizes the extended system configuration and functional services, and describes the required security services and specific protection mechanisms used to provide these services.
Marcus J. Ranum, Frederick M. Avolio,
A Toolkit and Methods for Internet Firewalls
Abstract: As the number of businesses and government agencies connecting to the Internet continues to increase, the demand for Internet firewalls - points of security guarding a private network from intrusion - has created a demand for reliable tools from which to build them. We present the TIS Internet Firewall Toolkit, which consists of software modules and configuration guidelines developed in the course of a broader ARPA-sponsored project. Components of the toolkit, while designed to work together, can be used in isolation or can be combined with other firewall components. The Firewall Toolkit software runs on UNIX file systems using TCP/IP with the Berkeley socket interface. We describe the Firewall Toolkit and the reasoning behind some of its design decisions, discuss some of the ways in which it may be configured, and conclude with some observations as to how it has served in practice.
The Design of a Secure Gateway
Abstract: The Internet supports a vast growing community of computers users around the world. Unfortunately, this network can provide anonymous access to this community by the unscrupulous, careless, or dangerous. On any given Internet there is a certain percentage of poorly-maintained systems. AT&T has a large internal Internet that we wish to protect from outside attacks, while providing useful services between the two. This paper describes our Internet Gateway. It is an application-level gateway that passes mail and many of the common Internet services between our internal machines and the Internet. This is accomplished without IP connectivity using a pair of machines: a trusted internal machine and an untrusted external gateway. These are connected by a private link. The internal machine provides a few carefully-guarded services to the external gateway. This configuration helps protect the internal Internet even if the external machine is fully compromised.
D. Brent Chapman,
Network (In)Security Through IP Packet Filtering
Abstract: Ever-increasing numbers of IP router products are offering packet filtering as a tool for improving network security. Used properly, packet filtering is a useful tool for he security-conscious network administrator, but its effective use requires a thorough understanding of its capabilities and weaknesses, and of the quirks of the particular protocols that filters are being applied to. This paper examines the utility of IP packet filtering as a network security measure, briefly contrasts IP packet filtering to alternative network security approaches such as application-level gateways, describes what packet filters might examine in each packet, and describes the characteristics of common application protocols as they relate to packet filtering. The paper then identifies and examines problems common to many current packet filtering implementations, shows how these problems can easily undermine the network administrator's intents and lead to a false sense of security, and proposes solutions to these problems. Finally, the paper concludes that packet filtering is currently a viable network security mechanism, but that its utility could be greatly improved with the extensions proposed in the paper.
Firewalls Frequently Asked Questions
Abstract: A firewall is any one of several ways of protecting one network from another untrusted network. This document is intended to answer the FAQ about Firewalls.
Firewall Application Notes
Abstract: These instructions are intended for use by experienced system administrators who are familiar with firewall concepts but don't have time to research all the details themselves. It is not intended as a tutorial, an entire book would be needed for that and as soon as one is written we'll mention it prominently. Nor is this intended to be an exhaustive discussion of the pros and cons of various kinds of firewalls, for that you should read Bellovin & Cheswick's Firewalls and Internet Security.
Marcus J. Ranum,
Thinking About Firewalls
Abstract: Many companies connect to the Internet, guarded by "firewalls" designed to prevent unauthorized access to their private networks. Despite this general goal, firewalls span a continuum between ease of use and security. This paper describes some of the considerations and tradeoffs in designing firewalls. A vocabulary for firewalls and their components is offered, to provide a common ground for discussion.
Marcus J. Ranum,
A Network Firewall
Abstract: Information is the lifeblood of the computer age, and network connectivity is crucial to day-to-day business. Connecting a private, corporate network to the Internet is not acceptable without some form of secure gateway acting as a firewall between the two networks, to prevent miscreants and unwelcome visitors from accessing hosts on the private network. In the case of a software or hardware vendor, source code, CAD diagrams, and other product-specific information must be kept secret. Hospitals and insurance companies, that maintain confidential information, or pharmaceutical research labs with patent applications cannot afford to take chances with data theft. A break-in over the network could do incalculable damage in a very short time. Digital has implemented several gateways between its corporate network and the Internet, which provide a high degree of access while maintaining excellent security. The gateways are composed of multiple machines acting together, and a specially configured packet-screening machine that provides discretionary TCP/IP access control. Software is configured across the gateways to provide transparent USENET, SMTP mail, FTP, and name service, while preventing direct connections between internal machines and external machines. This paper discusses the overall configuration, software used, and some of the security measures that are in place. These three gateways have been in operation for over six years, and to date no (discovered) break-in has occurred. The importance of the gateways is hard to estimate, since it provides a crucial link between Digital sales and their customers, as well as maintaining an important presence on the network.
Proper Care and Feeding of Firewalls
Abstract: An overview of firewalls, their components, topology, funtion, maintainence and limitations. Discusses security policy as a guiding force in the proper configuration of a firewall. Security checklists are given for vulnerabilities that should be checked on a firewall. This is not a detailed how-to guide. It is a general overview of topics that should be addressed during the design and upkeep of a firewall.
Robert B. Reinhardt,
An Architectural Overview of UNIX Network Security
Abstract: The goal of this paper is to present my concept of a UNIX network security architecture based on the Internet connectivity model and Firewall approach to implementing security, the "UNIX- NSA Firewall Model." This model defines seven layers of a firewall, which depict the layers of vulnerability. This paper also provides some subjective comments on some of the most widely known tools and methods available to protect UNIX networks today, plus a brief discussion of the threat and the risk.
Andrew T. Robinson,
Internet Firewalls - An Introduction
Abstract: Connecting to Internet connection will expose some subset of your enterprise network resources, called the zone of risk, to Internet-based attacks from any of millions of Internet users. One way to reduce this exposure is to reduce the zone of risk to a small number of extremely secure hosts. These secure hosts are collectively referred to as a firewall. An Internet firewall allows enterprise network administrators to implement strict access controls, including strong authentication methods such as token authentication, between the Internet and the enterprise network.
Steven M. Bellovin,
There Be Dragons
Abstract: Our security gateway to the Internet, research.att.com, provides only a limited set of services. Most of the standard servers have been replaced by a variety of trap programs that look for attacks. Using these, we have detected a wide variety of pokes, ranging from simple doorknob-twisting to determined assaults. The attacks range from simple attempts to log in as guest to forged NFS packets. We believe that many other sites are being probed but are unaware of it: the standard network daemons do not provide administrators with either appropriate controls and filters or with the logging necessary to detect attacks.
G. Winfield Treese, Alec Wolman,
X Through The Firewall, And Other Application
Abstract: Organizations often impose an administrative security policy when they connect to other organizations on a public network such as the Internet. Many applications have their own notions of security, or they simply rely on the security of the underlying protocols. Using the X Window System as a case study, we describe some techniques for building application-specific "relays" that allow the use of applications across organizational boundaries. In particular, we focus on analyzing administrative and application-specific security policies to construct solutions that satisfy the security requirements while providing the necessary functions of the applications.
Packet Filtering For Firewall Systems
Abstract: If your site isn't filtering certain TCP/IP packets, it may not be as secure as you think it is. When the Computer Emergency Response Team (CERT) started in 1988, it was author's opinion that security was the responsibility of the system and not the network. While they still believe it is important for system managers to be aware of security issues and to continue to be diligent in securing their systems, they realize that this effort will not protect from the exploitation of flawed protocols. Many of the systems affected were using the TFTP daemon to boot X terminals locally. Filtering TFTP connections would have protected these sites from this attack.
Access List Examples
Abstract: A series of Perl scripts that allow one to quickly and easily configure ACL entries for filewall routers.
Bruce Corbridge, Robert Henig, Charles Slater,
Packet Filtering in an IP Router
Abstract: By using existing information in packet headers, routers can provide system administrators a facility to manage network connections between computers. Host address, network number, interface, direction, protocol, and port number are parameters that may be used to implement an access control policy. We present experiences developing the packet filtering facility in the NetBlazer dial-up IP router. We address the sometimes conflicting design goals of efficient performance and ease of administration by choosing internal data structures that simplify per packet lookup and then devoting 90 per cent of our code to implementing commands that maintain these tables in manner that is easy for system administrators.
Herve Schauer, Christophe Wolfhugel,
An Internet Gatekeeper
Abstract: As needs for both connectivity and security increase, it becomes necessary for organizations to build and manage secure Internet gateways. IP is the internetworking protocol of today. Its use continues to grow. IP is the best-known protocol, it offers the user the best combination of services, and it is the protocol choosen by the main telecommunications carriers for their new services. IP is the essential protocol at this time, and thus we are concentrating on IP and ignoring other protocols. Effective security recommend the use of a single common routing protocol. As the Internet becomes more open, the number of possible kinds of risks increases, both because input from the outside world becomes easier and because the possibilities for output increase. We will try to list the potential risks which must be protected against. The goal is to obtain a reasonably open IP network with reasonnable security, i.e. to reach a good compromise between convenience and security. To attain this goal, we define the standard security needs of an organization, and translate these needs into security requirements, cookbooks for verification, and technical solutions. This paper will show a technical solution for the gatekeeper, but of course this is only a small part of the work. An important effort has to be made in order to train the staff properly in the new architecture and in its requirements. Several other documents, generally specific to each organization, describe all the prerequisites and daily tasks that have to be done in order to ensure a proper and safe network service.
Annette DeSchon, Danny Cohen,
The ISI "Tunnel"
Abstract: The ISI Tunnel allows sites that are hidden behind "firewalls", also known as "gatekeepers" or "mail bridges", to have IP-based internet access without being open to attacks over the Internet. The Tunnel is a special router that provides smooth seamless internet access from a closed environment, the "inside", to the "outside" while restricting the access from the outside to the inside. The advantage of the Tunnel, in comparison with traditional firewalls, is that it supports any IP-based communication; not just terminal access, file transfer, and electronic mail.
Jeffrey C. Mogul, Simple
and Flexible Datagram Access Controls for Unix-based
Abstract: Internetworks that connect multiple organizations create potential security problems that cannot be solved simply by internal administrative procedures. Organizations would like to restrict inter-organization access to specific restricted hosts and applications, in order to limit the potential for damage and to reduce the number of systems that must be secured against attack. One way to restrict access is to prevent certain packets from entering or leaving an organization through its gateways. This paper describes simple, flexible, and moderately efficient mechanisms for screening the packets that flow through a Unix-based gateway.
TCP WRAPPER Network monitoring, access control, and booby
Abstract: This paper presents a simple tool to monitor and control incoming network traffic. The tool has been successfully used for shielding off systems and for detection of cracker activity. It has no impact on legal computer users, and does not require any change to existing systems software or configuration files. The tool has been installed world-wide on numerous UNIX systems without any source code change.
A High Speed Firewall architecture for ATM/OC-3c (A
related WWW homepage
exists for this item)
Keywords: firewall, ATM, networkd, integrity, authenticity
Abstract: The goal of ATM is high-performance wide area connectivity both site to site and end-point to end-point. Moving ATM from the labs and LANs to the MANs and WANs is not possible for many because of a lack of data stream policy, audit, commercial privacy, data integrity and authentication with existing ATM switches, end-points or network offerings. This paper describes a device whose intended purpose is to add these security features while maintaining the end-to-end high-performance nature of ATM
Built by Mark Crosbie and Ivan Krsul.
Security Archive Homepage.
COAST Project (CERIAS)Page.
Purdue CS Dept page.