|
|
On December 18, 1995 the Computer Emergency Response Team(1) (CERT) issued an advisory [CA-95:18] entitled "Widespread Attacks on Internet Sites". The advisory stated :-
"Over the last several weeks, the CERT Co-ordination Centre has been working on a set of incidents in which the intruders have launched widespread attacks against Internet sites. Hundreds of sites have been attacked, and many of the attacks have been successful, resulting in root compromises at the targeted sites. We continue to receive reports, and we believe that more attacks are going undetected."
CERT handled a total of 2,412 computer security incidents during 1995 [CERT95]. More than 12,000 sites were affected by these incidents, which involved 732 break-ins and a similar number of probes and pranks. CERT reported that the most serious intruder activities during 1995 included :-
It is against this backdrop that the debate on Internet Security rages on. Some organisations believe that the Internet is too unruly to be used for business. Others believe that the Internet has too much potential for them to be dissuaded from using it by security breaches, preferring instead to seek ways to minimise their exposure to attacks and to manage the security issue.
However it becomes increasingly difficult to maintain an adequate level of security as the number of hosts on a network increases. This is because host based security does not scale well [Wack95]. Internet Firewalls avoid this problem because they are generally installed between an organisation's network and the Internet, thus providing a central point at which security measures can be concentrated. Internet firewalls maintain a level of segregation between an organisation's network and the Internet that is conducive to good security whilst permitting the requisite level of connectivity.
This report discusses what is meant by Internet Security, and presents firewalls as the primary means by which organisations can manage the risks associated with connecting their network to the Internet.
Chapter 1 presents an Introduction to Internet Security and discusses the four constituents of it, Authentication, Access Control, Integrity and Confidentiality.
Chapter 2 provides a brief introduction to the TCP/IP Protocols. The TCP/IP five layer model is described and used as a framework to discuss security weaknesses in the protocols.
Chapter 3 describes generic Computer Security Risks and specific Internet Attacks.
Chapter 4 looks at the nature and role of a Network Security Policy.
Chapter 5 provides an introduction to Firewalls, and presents Firewall Theory & Architectures.
Chapter 6 presents two Case Studies. The first investigates the decision making process when selecting a firewall. The second discusses the management issues that are raised when one is installed.
Chapter 7 discusses Future Developments.
Chapter 8 presents the Summary and Conclusions
(1) The CERT Co-ordination Centre was formed by the Advanced Research Projects Agency (ARPA) in November 1988 in response to the need for central security co-ordination demonstrated by the Internet Worm Virus. CERT's charter is to work with the Internet community to detect and resolve computer security incidents and to take steps to prevent future incidents
(2) Sendmail is the program that UNIX systems use to handle electronic mail.