8. References/Bibliography/Glossary
[Bel89] Steven M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communications Review, 9(2):32-48, April 1989.
[Cerf93] Vinton Cerf. A National Information Infrastructure. Connexions, June 1993.
[CERT94] Computer Emergency Response Team/Coordination Center. CA-94:01, Ongoing Network Monitoring Attacks. Available from FIRST.ORG, file pub/alerts/cert9401.txt, February 1994.*
[Chap92] D. Brent Chapman. Network (In)Security Through IP Packet Filtering. In USENIX Security Symposium III Proceedings, pages 63-76. USENIX Association, September 14-16 1992.*
[Chap95] D. Brent Chapman. Building Internet Firewalls. O'Reilly & Associates, 1995.+
[Ches94] William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security. Addison-Wesley, Reading, MA, 1994.
[CIAC94a] Computer Incident Advisory Capability. Number e-07, unix sendmail vulnerabilities update. Available from FIRST.ORG, file pub/alerts/e-07.txt, January 1994.
[CIAC94b] Computer Incident Advisory Capability. Number e-09, network monitoring attacks. Available from FIRST.ORG, file pub/alerts/e-09.txt, February 1994.
[CIAC94c] Computer Incident Advisory Capability. Number e-14, wuarchive ftpd trojan horse. Available from FIRST.ORG, file pub/alerts/e-14.txt, February 1994.
[Com91a] Douglas E. Comer. Internetworking with TCP/IP: Principles, Protocols, and Architecture. Prentice-Hall, Englewood Cliffs, NJ, 1991.
[Com91b] Douglas E. Comer and David L. Stevens. Internetworking with TCP/IP: Design, Implementation, and Internals. Prentice-Hall, Englewood Cliffs, NJ, 1991.
[Cur92] David Curry. UNIX System Security: A Guide for Users and System Administrators. Addison-Wesley, Reading, MA, 1992.
[Farm93] Dan Farmer and Wietse Venema. Improving the security of your site by breaking into it. Available from FTP.WIN.TUE.NL, file /pub/security/admin-guide-to-cracking.101.Z, 1993.
[Ford94] Warwick Ford. Computer Communications Security. Prentice-Hall, Englewood Cliffs, NJ, 1994.
[Garf92] Simpson Garfinkel and Gene Spafford. Practical UNIX Security. O'Reilly and Associates, Inc., Sebastopol, CA, 1992.
[Haf91] Katie Hafner and John Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon and Schuster, New York, 1991.
[Hugh] Larry J. Hughes, Jr. Actually Useful Internet Security Techniques. New Riders Publishing, 1995.
[Hunt92] Craig Hunt. TCP/IP Network Administration. O'Reilly and Associates, Inc., Sebastopol, CA, 1992.
[NIST91a] NIST. Advanced Authentication Technology. CSL Bulletin, National Institute of Standards and Technology, November 1991.
[NIST91b] NIST. Establishing a Computer Security Incident Response Capability. Special Publication 800-3, National Institute of Standards and Technology, January 1991.
[NIST93] NIST. Connecting to the Internet: Security Considerations. CSL Bulletin, National Institute of Standards and Technology, July 1993.
[NIST94a] NIST. Guideline for the use of Advanced Authentication Technology Alternatives. Federal Information Processing Standard 190, National Institute of Standards and Technology, September 1994.
[NIST94b] NIST. Reducing the Risk of Internet Connection and Use. CSL Bulletin, National Institute of Standards and Technology, May 1994.
[NIST94c] NIST. Security in Open Systems. Special Publication 800-7, National Institute of Standards and Technology, September 1994.
[Oppl97] Rolf Oppliger, Internet Security: Firewalls and Beyond, Communications of the ACM, May 1997, Vol 40. No. 5, page 92.
[Ran93] Marcus Ranum. Thinking About Firewalls. In SANS-II Conference, April 1993.
[RFC1244] Paul Holbrook and Joyce Reynolds. RFC 1244: Security Policy Handbook. Prepared for the Internet Engineering Task Force, 1991.
[Stall] William Stallings, Peter Stephenson, and others. Implementing Internet Security. New Riders Publishing, 1995.
[Siya] Karanjit Siyan and Chris Hare. Internet Firewalls and Network Security. New Riders Publishing, 1995.+
[Wash] Washington Technology, January 1995.
[Wack] John P. Wack and Lisa J. Carnahan, Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls, NIST Special Publication 800-10, 1995.*
[Wink] Ira Winkler, Corporate Espionage: What it is, why it is happening
in your company, what you must do about it._ Prima Publishing, 1997.
Abuse of Privilege: When a user performs an action that they should not have, according to organizational policy or law.
Application-Level Firewall: A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.
Authentication: The process of determining the identity of a user that is attempting to access a system.
Authentication Token: A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.
Authorization: The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication: once you have authenticated a user, they may be authorized different types of access or activity.
Bastion Host: A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be "outside" Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., UNIX, VMS, WNT, etc.) rather than a ROM-based or firmware operating system.
Challenge/Response: An authentication technique whereby a server sends an unpredictable challenge to the user, who computes a response using some form of authentication token.
Chroot: A technique under UNIX whereby a process is permanently restricted to an isolated subset of the filesystem.
Cryptographic Checksum: A one-way function applied to a file to produce a unique "fingerprint" of the file for later reference. Checksum systems are a primary means of detecting filesystem tampering on UNIX.
Data Driven Attack: A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall.
Defense in Depth: The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.
DNS spoofing: Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Dual Homed Gateway: A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.
Encrypting Router: see Tunneling Router and Virtual Network Perimeter.
Firewall: A system or combination of systems that enforces a boundary between two or more networks.
Host-based Security: The technique of securing an individual system from attack. Host based security is operating system and version dependent.
Insider Attack: An attack originating from inside a protected network.
Intrusion Detection: Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network.
IP Spoofing: An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.
IP Splicing / Hijacking: An attack whereby an active, established, session is intercepted and co-opted by the attacker. IP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.
Least Privilege: Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach.
Logging: The process of storing information about events that occurred on the firewall or network.
Log Retention: How long audit logs are retained and maintained.
Log Processing: How audit logs are processed, searched for key events, or summarized.
Network-Level Firewall: A firewall in which traffic is examined at the network protocol packet level.
Perimeter-based Security: The technique of securing a network by controlling access to all entry and exit points of the network.
Policy: Organization-level rules governing acceptable use of computing resources, security practices, and operational procedures.
Proxy: A software agent that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.
Screened Host: A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router.
Screened Subnet: A subnet behind a screening router. The degree to which the subnet may be accessed depends on the screening rules in the router.
Screening Router: A router configured to permit or deny traffic based on a set of permission rules installed by the administrator.
Session Stealing: See IP Splicing.
Social Engineering: An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems.
Trojan Horse: A software entity that appears to do something normal but which, in fact, contains a trapdoor or attack program.
Tunneling Router: A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.
Virtual Network Perimeter: A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks.
Virus: A self-replicating code segment. Viruses may or may not contain attack programs or trapdoors.
Current FWPD Consortium Members
3Com Communications
ANS Communications
Ascend Communications
Atlantic Systems
Group
Check Point Software
Technologies
Cisco Systems, Inc.
Digital
Equipment Corporation
enterWorks
Global Internet
Global Technologies
Associates
Cyberguard Corporation
(Formally Harris Corp)
IBM
Intel Corporation
Internet Devices
Internet Dynamics Systems, Inc.
Internet Security Systems
Livermore Software Laboratories,
Inc.
McAfee Associates
Microsoft
Milkyway Network Corporations
NEC Internet
Business Unit
Netguard
Network-1 Software and Technology
Network Systems
ON Technology, Cambridge MA.
Novell
OpenROUTE Networks, Inc. (Formally
Proteon)
Radguard
Raptor, of Waltham, MA.
Secure Computing
Sterling Commerce
Sun Microsystems
Technologic
Trusted Information Systems
Ukiah Software
WatchGuard Technologies, Inc.