Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesSecuring Your Internet Connection

September 1994 / Book and CD-ROM Reviews / Securing Your Internet Connection
Rick Cook

FIREWALLS AND INTERNET SECURITY: REPELLING THE WILY HACKER, William R. Cheswick and Steven M. Bellovin Addison-Wesley Professional Computing Series, ISBN 0-201-63357-4, $26.95

Forget The Silence of the Lambs. This is the book that will keep system administrators sleepless and shivering. While it wasn't intended as a compendium of computer-user horror stories, once you finish it, you will never look at the sendmail program in quite the same way again.

This is an encyclopedia of computer cracking via a network. It is neither exhaustive nor sufficiently detailed to be of much use to the would-be digital criminals of the world (who, as the authors point out, have better sources of information), but it is invaluable to those who want to foil th em. Ostensibly, the audience is system administrators for Unix sites connected to the Internet. The focus is on Unix, as the mother tongue of the Internet, and the authors assume a fair level of Unix literacy. However, much of what they have to say applies to any network, and much more is applicable to NetWare, DOS, and Windows.

The basis of a safe connection, according to the authors, is a firewall, a computer system that sits between the Internet and your LAN, acting as an active gateway to keep the bad guys away from your goodies. However, bringing in your network connections through a separate system and calling it a firewall isn't enough. Creating a true firewall means limiting what that system will pass along to other systems, what an outsider can do with it, and how to ensure that you can keep track of who is trying to do what. Sometimes creating a firewall means creating a fool's paradise, where the crackers can bask in the delusion they have penetrated the system as they are being hunted down.

Chapter 10, ``An Evening with Berferd,'' includes a detailed account of a persistent attempt to crack the AT&T Internet gateway that the authors are responsible for. It shows how a determined attack proceeded and was defeated. The account is also a wry comment on the nature of modern Internet culture and computer criminals. The crackers were a group of Dutch teenagers who were beyond legal reach, because cracking was not then a crime in the Netherlands. When the law failed, someone from AT&T called the mother of one of the ring members. The cracking attempts dropped off sharply

A useful appendix provides sources of information on building firewalls, network management and monitoring tools, auditing software, and cryptographic software. A 20-page bibliography and a checklist of security holes round out the book.

The book deals with serious business, but through it all, the authors maintain a sense of humor, sprinkling the text with quotes from Juvenal to Tolkien to E. E. ``Doc'' Smith.

Rick Cook writes about computers but occasionally turns his hand to science fiction. You can contact him on BIX as ``rcook.''
Up to the Book and CD-ROM Reviews section contentsGo to previous article: That Perfect MatchSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network