Firewalls and Internet Security

Last updated

Firewalls and Internet Security: Repelling the Wily Hacker is a 1994 book by William R. Cheswick and Steven M. Bellovin that helped define the concept of a network firewall. [1] [2] Describing in detail one of the first major firewall deployments at AT&T, the book influenced the formation of the perimeter security model, which became the dominant network security architecture in the mid-1990s. [3]

In 2003, a second edition was published, adding Aviel D. Rubin to its authors. [4]

Related Research Articles

<span class="mw-page-title-main">Alfred Aho</span> Canadian computer scientist

Alfred Vaino Aho is a Canadian computer scientist best known for his work on programming languages, compilers, and related algorithms, and his textbooks on the art and science of computer programming.

In software engineering, a design pattern describes a relatively small, well-defined aspect of a computer program in terms of how to write the code.

<span class="mw-page-title-main">Honeypot (computing)</span> Computer security mechanism

In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site which contains information or resources of value to attackers. It is actually isolated, monitored, and capable of blocking or analyzing the attackers. This is similar to police sting operations, colloquially known as "baiting" a suspect.

<span class="mw-page-title-main">Mary Ann Horton</span> American computer scientist and Usenet pioneer (born 1955)

Mary Ann Horton, is a Usenet and Internet pioneer. Horton contributed to Berkeley UNIX (BSD), including the vi editor and terminfo database, created the first email binary attachment tool uuencode, and led the growth of Usenet in the 1980s.

William Richard (Rich) Stevens was a Northern Rhodesia–born American author of computer science books, in particular books on Unix and TCP/IP.

<i>The Art of Unix Programming</i>

The Art of Unix Programming by Eric S. Raymond is a book about the history and culture of Unix programming from its earliest days in 1969 to 2003 when it was published, covering both genetic derivations such as BSD and conceptual ones such as Linux.

<span class="mw-page-title-main">Addison-Wesley</span> American publisher

Addison–Wesley is an American publisher of textbooks and computer literature. It is an imprint of Pearson plc, a global publishing and education company. In addition to publishing books, Addison–Wesley also distributes its technical titles through the O'Reilly Online Learning e-reference service. Addison–Wesley's majority of sales derive from the United States (55%) and Europe (22%).

<span class="mw-page-title-main">Matt Blaze</span> American researcher

Matt Blaze is an American researcher who focuses on the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University, and is on the board of directors of the Tor Project.

<span class="mw-page-title-main">Dorothy E. Denning</span> American information security researcher

Dorothy Elizabeth Denning is a US-American information security researcher known for lattice-based access control (LBAC), intrusion detection systems (IDS), and other cyber security innovations. She published four books and over 200 articles. Inducted into the National Cyber Security Hall of Fame in 2012, she is now Emeritus Distinguished Professor of Defense Analysis, Naval Postgraduate School.

Jeffrey David Ullman is an American computer scientist and the Stanford W. Ascherman Professor of Engineering, Emeritus, at Stanford University. His textbooks on compilers, theory of computation, data structures, and databases are regarded as standards in their fields. He and his long-time collaborator Alfred Aho are the recipients of the 2020 Turing Award, generally recognized as the highest distinction in computer science.

<span class="mw-page-title-main">Steven M. Bellovin</span>

Steven M. Bellovin is a researcher on computer networking and security who has been a professor in the computer science department at Columbia University since 2005. Previously, Bellovin was a fellow at AT&T Labs Research in Florham Park, New Jersey.

<span class="mw-page-title-main">Tom Limoncelli</span> American activist

Tom Limoncelli is an American system administrator, author, and speaker. A system administrator and network engineer since 1987, he speaks at conferences around the world on topics ranging from firewall security to time management. He is the author of Time Management for System Administrators from O'Reilly; along with Christine Hogan, co-author of the book The Practice of System and Network Administration from Addison-Wesley, which won the 2005 SAGE Outstanding Achievement Award, and in 2007 with Peter H. Salus he has published a compilation of the best April Fools jokes created by the IETF entitled The Complete April Fools' Day RFCs.

Layer Four Traceroute (LFT) is a fast, multi-protocol traceroute engine, that also implements numerous other features including AS number lookups through regional Internet registries and other reliable sources, Loose Source Routing, firewall and load balancer detection, etc. LFT is best known for its use by network security practitioners to trace a route to a destination host through many configurations of packet-filters / firewalls, and to detect network connectivity, performance or latency problems.

A network telescope is an Internet system that allows one to observe different large-scale events taking place on the Internet. The basic idea is to observe traffic targeting the dark (unused) address-space of the network. Since all traffic to these addresses is suspicious, one can gain information about possible network attacks as well as other misconfigurations by observing it.

Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack. Crack was the first standalone password cracker for Unix systems and the first to introduce programmable dictionary generation as well.

<span class="mw-page-title-main">Marcus J. Ranum</span> Computer and network security researcher

Marcus J. Ranum is a computer and network security researcher. He is credited with a number of innovations in firewalls, including building the first Internet email server for the whitehouse.gov domain, and intrusion detection systems. He has held technical and leadership positions with a number of computer security companies, and is a faculty member of the Institute for Applied Network Security.

<span class="mw-page-title-main">Happy99</span> Windows computer worm and early e-mail virus

Happy99 is a computer worm for Microsoft Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge. It is generally considered the first virus to propagate by email, and has served as a template for the creation of other self-propagating viruses. Happy99 has spread on multiple continents, including North America, Europe, and Asia.

A distributed firewall is a security application on a host machine of a network that protects the servers and user machines of its enterprise's networks against unwanted intrusion. A firewall is a system or group of systems that implements a set of security rules to enforce access control between two networks to protect the "inside" network from the "outside" network. They filter all traffic regardless of its origin—the Internet or the internal network. Usually deployed behind the traditional firewall, they provide a second layer of defense. The advantages of the distributed firewall allow security rules (policies) to be defined and pushed out on an enterprise-wide basis, which is necessary for larger enterprises.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

William R. "Bill" Cheswick is a computer security and networking researcher.

References

  1. Cheswick, William; Bellovin, Steven M. (1994). Firewalls and Internet Security: Repelling The Wily Hacker . Addison Wesley. ISBN   978-0-201-63357-3.
  2. Collinson, Peter (1994-07-09). "Review: How to build an electronic bomb". New Scientist.
  3. Jakubowski, Julian (1996). "Firewalls and internet security: Repelling the wily hacker. By William R. Cheswick, Steven M. Bellovin. Addison-Wesley, Amsterdam 1994, XIV, 306 pp., softcover, $26.95, 0-201-63357-4". Advanced Materials. 8 (3): 260. Bibcode:1996AdM.....8..260J. doi:10.1002/adma.19960080319.
  4. Cheswick, William R.; Bellovin, Steven M.; Rubin, Aviel D. (2003). Firewalls and Internet Security repelling the wily hacker (2 ed.). Addison-Wesley Professional. ISBN   9780201634662.