Firewalls for Dummies, 2Nd Edition.Pdf
Total Page:16
File Type:pdf, Size:1020Kb
Firewalls FOR DUMmIES‰ 2ND EDITION by Brian Komar, Ronald Beekelaar, and Joern Wettern, PhD Firewalls For Dummies®, 2nd Edition Published by Wiley Publishing, Inc. 909 Third Avenue New York, NY 10022 www.wiley.com Copyright © 2003 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8700. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, e-mail: [email protected]. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com and related trade dress are trademarks or registered trademarks of Wiley Publishing, Inc., in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: WHILE THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST EFFORTS IN PREPARING THIS BOOK, THEY MAKE NO REPRESENTATIONS OR WAR- RANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS BOOK AND SPECIFICALLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTA- TIVES OR WRITTEN SALES MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR YOUR SITUATION. YOU SHOULD CONSULT WITH A PROFESSIONAL WHERE APPRO- PRIATE. NEITHER THE PUBLISHER NOR AUTHOR SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CON- SEQUENTIAL, OR OTHER DAMAGES. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Control Number: 2003101908 ISBN: 0-7645-4048-3 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 2B/RT/QW/QT/IN is a trademark of Wiley Publishing, Inc. About the Authors Brian Komar, B. Comm (Hons), a native of Canada, makes his living as a Public Key Infrastructure (PKI) consultant, speaker, author, and trainer. Brian speaks at conferences around the world on network design and security topics. His consulting practice focuses on PKI design and architecture pro- jects and on research assignments specializing in interoperability between different vendors’ security products. In his spare time, Brian enjoys traveling and biking with his wife Krista and sharing a fine bottle of wine (or more) with his good friends. Ronald Beekelaar, M.Sc., a native of The Netherlands, makes his living as a net- work security consultant, author, and trainer. Ronald frequently trains network administrators on network design and enterprise security topics. He writes articles for several computer magazines, mostly about operating systems and security issues. Ronald lives in Utrecht, The Netherlands, with his wife Kim. They enjoy traveling abroad. If they find the time, they often travel to European cities, especially London, to see a theater show and visit museums. Joern Wettern, Ph.D., a native of Germany, is a network consultant and trainer. Joern has also developed a range of training materials for a large soft- ware publisher, and these materials are used to train thousands of network administrators around the world. He frequently travels to several continents to speak at computer conferences. Joern is paranoid enough to use an enter- prise-class firewall to connect his home network. Somehow, he still manages to enjoy the occasional sunny day and the many rainy ones in Portland, Oregon, where he lives with his wife Loriann and three cats. In his spare time, of which there is precious little, Joern and his wife hike up the mountains of the Columbia Gorge and down the Grand Canyon. You can also find him attending folk music festivals and dancing like a maniac. Joern’s latest project is to learn how to herd his cats — without much success thus far. The authors can be reached at [email protected]. Dedication To Loriann, Krista, and Kim, and our parents. Author’s Acknowledgments This second edition would not have been possible without a large number of people, especially the good folks at Wiley. We want to thank Byron Hynes for being an excellent technical editor, and especially the humor he contributed to the project. Melody Layne for pulling us together for another run at the content, Paul Levesque for his insights on the content, and Rebekah Mancilla for her editorial assistance. Beyond the Wiley crew, we received help from firewall vendors who made it possible for us to cover a number of different products and helped us with issues that came up during the writing of the book. We would like to espe- cially thank the ISA Server and PKI teams at Microsoft and Check Point for providing an evaluation copy of FireWall-1 NG. Finally, not a single chapter of this book would have been possible without our spouses, who were willing to let us work on this project and thus are the real heroes in this story. Publisher’s Acknowledgments We’re proud of this book; please send us your comments through our online registration form located at www.dummies.com/register/. Some of the people who helped bring this book to market include the following: Acquisitions, Editorial, and Media Production Development Project Coordinator: Ryan Steffen Project Editor: Paul Levesque Layout and Graphics: Seth Conley, (Previous Edition: Linda Morris) Carrie Foster, Lauren Goddard, Acquisitions Editor: Melody Layne Michael Kruzil, Tiffany Muth, Shelley Norris, Lynsey Osborn, Copy Editor: Rebekah Mancilla Jacque Schneider Technical Editor: Byron Hynes Proofreaders: Andy Hollandbeck, Angel Perez, Editorial Manager: Leah Cameron Kathy Simpson, Charles Spencer, Brian Walls, TECHBOOKS Production Media Development Manager: Services Laura VanWinkle Indexer: TECHBOOKS Production Services Media Development Supervisor: Richard Graves Editorial Assistant: Amanda Foxworth Cartoons: Rich Tennant, www.the5thwave.com Publishing and Editorial for Technology Dummies Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher Mary C. Corder, Editorial Director Publishing for Consumer Dummies Diane Graves Steele, Vice President and Publisher Joyce Pepple, Acquisitions Director Composition Services Gerry Fahey, Vice President of Production Services Debbie Stailey, Director of Composition Services Contents at a Glance Introduction .................................................................1 Part I: Introducing Firewall Basics ................................7 Chapter 1: Why Do You Need a Firewall? .......................................................................9 Chapter 2: IP Addressing and Other TCP/IP Basics ....................................................23 Chapter 3: Understanding Firewall Basics ...................................................................47 Chapter 4: Understanding Firewall Not-So-Basics .......................................................71 Chapter 5: “The Key Is under the Mat” and Other Common Attacks .......................97 Part II: Establishing Rules ........................................111 Chapter 6: Developing Policies ....................................................................................113 Chapter 7: Establishing Rules for Simple Protocols .................................................121 Chapter 8: Designing Advanced Protocol Rules ........................................................143 Chapter 9: Configuring “Employees Only” and Other Specific Rules .....................163 Part III: Designing Network Configurations ...............169 Chapter 10: Setting Up Firewalls for SOHO or Personal Use ....................................171 Chapter 11: Creating Demilitarized Zones with a Single Firewall ............................179 Chapter 12: Designing Demilitarized Zones with Multiple Firewalls ......................197 Part IV: Deploying Solutions Using Firewall Products .....................................................211 Chapter 13: Using Windows as a Firewall ...................................................................213 Chapter 14: Configuring Linux as a Firewall ...............................................................233 Chapter 15: Configuring Personal Firewalls: ZoneAlarm, BlackICE, and Norton Personal Firewall ....................................................................................249 Chapter 16: Microsoft’s Firewall: Internet Security and Acceleration Server