Title: A Network Firewall
Authors: Marcus J. Ranum
Abstract:
- Information is the lifeblood of the computer age, and network
connectivity is crucial to day-to-day business. Connecting a private,
corporate network to the Internet is not acceptable without some form
of secure gateway acting as a firewall between the two networks, to
prevent miscreants and unwelcome visitors from accessing hosts on the
private network. In the case of a software or hardware vendor, source
code, CAD diagrams, and other product-specific information must be
kept secret. Hospitals and insurance companies, that maintain
confidential information, or pharmaceutical research labs with patent
applications cannot afford to take chances with data theft. A break-in
over the network could do incalculable damage in a very short
time. Digital has implemented several gateways between its corporate
network and the Internet, which provide a high degree of access while
maintaining excellent security. The gateways are composed of multiple
machines acting together, and a specially configured packet-screening
machine that provides discretionary TCP/IP access control. Software is
configured across the gateways to provide transparent USENET, SMTP
mail, FTP, and name service, while preventing direct connections
between internal machines and external machines. This paper discusses
the overall configuration, software used, and some of the security
measures that are in place. These three gateways have been in
operation for over six years, and to date no (discovered) break-in has
occurred. The importance of the gateways is hard to estimate, since it
provides a crucial link between Digital sales and their customers, as
well as maintaining an important presence on the network.
Title: A Network Perimeter With Secure External Access
Authors: Frederick M. Avolio Marcus J. Ranum
Abstract:
- A private network that carries sensitive data between local computers
requires proper security measures to protect the privacy and integrity
of the traffic. When such a network is connected to other networks,
or when telephone access is allowed into that network, the remote
terminals, phone lines, and other connections become extensions to
that private network and must be protected accordingly. In addition,
the private network must be protected from outside attacks that could
cause loss of information, breakdowns in network integrity, or
breaches in security. While security is important, security measures
that are onerous or cumbersome often end up being circumvented by
legitimate users of the network in order to get their work done.
Because of this, usability - or "user friendliness" - in security
features is also of the utmost importance. Trusted Information
Systems, Inc. (TIS) has built a prototype system that provides for
strong user authentication, access control, and integrity protection
for unclassified but sensitive data on a private (isolated) network
(or collection of networks). Furthermore, the prototype system
supports the secure connection of the private network to an external
Internet, as well as dial-up network connections to the private
network, via a firewall and secured links, with strong user
authentication and encryption of traffic. TIS used a combination of
commercial off-the-shelf (COTS) software and custom software for this
project. This paper summarizes the extended system configuration and
functional services, and describes the required security services and
specific protection mechanisms used to provide these services.
Title: A Toolkit and Methods for Internet Firewalls
Authors: Marcus J. Ranum Frederick M. Avolio
Abstract:
- As the number of businesses and government agencies connecting to the
Internet continues to increase, the demand for Internet firewalls -
points of security guarding a private network from intrusion - has
created a demand for reliable tools from which to build them. We
present the TIS Internet Firewall Toolkit, which consists of software
modules and configuration guidelines developed in the course of a
broader ARPA-sponsored project. Components of the toolkit, while
designed to work together, can be used in isolation or can be combined
with other firewall components. The Firewall Toolkit software runs on
UNIX file systems using TCP/IP with the Berkeley socket interface. We
describe the Firewall Toolkit and the reasoning behind some of its
design decisions, discuss some of the ways in which it may be
configured, and conclude with some observations as to how it has
served in practice.
Title: An Architectural Overview of UNIX Network Security
Authors: Robert B. Reinhardt
Abstract:
- The goal of this paper is to present my concept of a UNIX network
security architecture based on the Internet connectivity model and
Firewall approach to implementing security, the "UNIX- NSA Firewall
Model." This model defines seven layers of a firewall, which depict
the layers of vulnerability. This paper also provides some subjective
comments on some of the most widely known tools and methods available
to protect UNIX networks today, plus a brief discussion of the threat
and the risk.
Title: An Internet Gatekeeper
Authors: Herve' Schauer Christophe Wolfhugel
Abstract:
- As needs for both connectivity and security increase, it becomes
necessary for organizations to build and manage secure Internet gateways.
IP is the internetworking protocol of today. Its use continues to
grow. IP is the best-known protocol, it offers the user the best
combination of services, and it is the protocol choosen by the main
telecommunications carriers for their new services. IP is the
essential protocol at this time, and thus we are concentrating on IP
and ignoring other protocols. Effective security recommend the use of
a single common routing protocol.
As the Internet becomes more open, the number of possible kinds of
risks increases, both because input from the outside world becomes
easier and because the possibilities for output increase. We will try
to list the potential risks which must be protected against.
The goal is to obtain a reasonably open IP network with reasonnable
security, i.e. to reach a good compromise between convenience and security.
To attain this goal, we define the standard security needs of an
organization, and translate these needs into security requirements,
cookbooks for verification, and technical solutions.
This paper will show a technical solution for the gatekeeper, but of
course this is only a small part of the work. An important effort has
to be made in order to train the staff properly in the new
architecture and in its requirements. Several other documents,
generally specific to each organization, describe all the
prerequisites and daily tasks that have to be done in order to ensure
a proper and safe network service.
Title: Network (In)Security Through IP Packet Filtering
Authors: D. Brent Chapman
Abstract:
- Ever-increasing numbers of IP router products are offering packet
filtering as a tool for improving network security. Used properly,
packet filtering is a useful tool for he security-conscious network
administrator, but its effective use requires a thorough understanding
of its capabilities and weaknesses, and of the quirks of the
particular protocols that filters are being applied to. This paper
examines the utility of IP packet filtering as a network security
measure, briefly contrasts IP packet filtering to alternative network
security approaches such as application-level gateways, describes what
packet filters might examine in each packet, and describes the
characteristics of common application protocols as they relate to
packet filtering. The paper then identifies and examines problems
common to many current packet filtering implementations, shows how
these problems can easily undermine the network administrator's
intents and lead to a false sense of security, and proposes solutions
to these problems. Finally, the paper concludes that packet filtering
is currently a viable network security mechanism, but that its utility
could be greatly improved with the extensions proposed in the
paper.
Title: Packet Filtering in an IP Router
Authors: Bruce Corbridge Robert Henig Charles Slater
Abstract:
- By using existing information in packet headers, routers can provide
system administrators a facility to manage network connections between
computers. Host address, network number, interface, direction, protocol,
and port number are parameters that may be used to implement an access
control policy. We present experiences developing the packet filtering
facility in the NetBlazer dial-up IP router. We address the sometimes
conflicting design goals of efficient performance and ease of administration
by choosing internal data structures that simplify per packet lookup and
then devoting 90 per cent of our code to implementing commands that maintain
these tables in manner that is easy for system administrators.
Title: Simple and Flexible Datagram Access Controls for Unix-based Gateways
Authors: Jeffrey C. Mogul
Abstract:
- Internetworks that connect multiple organizations create potential
security problems that cannot be solved simply by internal
administrative procedures. Organizations would like to restrict
inter-organization access to specific restricted hosts and
applications, in order to limit the potential for damage and to reduce
the number of systems that must be secured against attack. One way to
restrict access is to prevent certain packets from entering or leaving
an organization through its gateways. This paper describes simple,
flexible, and moderately efficient mechanisms for screening the
packets that flow through a Unix-based gateway.
Title: TCP WRAPPER Network monitoring, access control, and booby traps.
Authors: Wietse Venema
Abstract:
- This paper presents a simple tool to monitor and control
incoming network traffic. The tool has been successfully used for
shielding off systems and for detection of cracker activity. It has
no impact on legal computer users, and does not require any change to
existing systems software or configuration files. The tool has been
installed world-wide on numerous UNIX systems without any source code
change.
Title: The Design of a Secure Gateway
Authors: Bill Cheswick
Abstract:
- The Internet supports a vast growing community of computers users
around the world. Unfortunately, this network can provide anonymous
access to this community by the unscrupulous, careless, or
dangerous. On any given Internet there is a certain percentage of
poorly-maintained systems. AT&T has a large internal Internet that we
wish to protect from outside attacks, while providing useful services
between the two. This paper describes our Internet Gateway. It is an
application-level gateway that passes mail and many of the common
Internet services between our internal machines and the Internet. This
is accomplished without IP connectivity using a pair of machines: a
trusted internal machine and an untrusted external gateway. These are
connected by a private link. The internal machine provides a few
carefully-guarded services to the external gateway. This configuration
helps protect the internal Internet even if the external machine is
fully compromised.
Title: There Be Dragons
Authors: Steven M. Bellovin
Abstract:
- Our security gateway to the Internet, research.att.com, provides only
a limited set of services. Most of the standard servers have been
replaced by a variety of trap programs that look for attacks. Using
these, we have detected a wide variety of pokes, ranging from simple
doorknob-twisting to determined assaults. The attacks range from
simple attempts to log in as guest to forged NFS packets. We believe
that many other sites are being probed but are unaware of it: the
standard network daemons do not provide administrators with either
appropriate controls and filters or with the logging necessary to
detect attacks.
Title: Thinking About Firewalls
Authors: Marcus J. Ranum
Abstract:
- Many companies connect to the Internet, guarded by "firewalls"
designed to prevent unauthorized access to their private networks.
Despite this general goal, firewalls span a continuum between ease of
use and security. This paper describes some of the considerations and
tradeoffs in designing firewalls. A vocabulary for firewalls and their
components is offered, to provide a common ground for
discussion.
Title: X Through The Firewall, And Other Application Relays
Authors: G. Winfield Treese Alec Wolman
Abstract:
- Organizations often impose an administrative security policy when they
connect to other organizations on a public network such as the
Internet. Many applications have their own notions of security, or
they simply rely on the security of the underlying protocols. Using
the X Window System as a case study, we describe some techniques for
building application-specific "relays" that allow the use of
applications across organizational boundaries. In particular, we focus
on analyzing administrative and application-specific security policies
to construct solutions that satisfy the security requirements while
providing the necessary functions of the applications.
|