skip to main content
article
Free Access

Internet security: firewalls and beyond

Published:01 May 1997Publication History
First page image

References

  1. 1 Chapman, D. and Zwicky, E. Internet Security Firewalls. O'Reilly, Sebastopol, Calif., 1995.Google ScholarGoogle Scholar
  2. 2 Cheswick, W., and Bellovin, S. Firewalls and Internet Security: Repelling the Wiley Hacker. Addison-Wesley, Reading, Mass., 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. 3 IEEE. Local and Metropolitean Area Networks: Interoperable LAN/MAN Security (SILS). IEEE Std 802.10, 1990.Google ScholarGoogle Scholar
  4. 4 Kent, S. Internet privacy enhanced mail. Common. ACM 36, 8 (Aug. !993), 48-60. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. 5 Morris, R. A Weakness in the 4.2BSD UNIX TCP/IP Software. Computing Science Technical Report No. 117, AT&T Bell Laboratories, Murray Hill, N J, Feb. 1985.Google ScholarGoogle Scholar
  6. 6 Oppliger, R. Authentication and key distribution in computer networks and distributed systems. In Communications and M~ltimedia Security. R. Posch, Ed. Chapman & Hall, London, UK, 1995.Google ScholarGoogle Scholar
  7. 7 Oppliger, R. Internet Kiosk: Internet security enters the Middle Ages. IEEE Comp~t. 28, 10 (Oct. 1995), 100-101. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. 8 Oppliger, R. Authentication Systems for Secure Networks. Artech Home, Norwood, Mass. 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. 9 Schneier, B. Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley, New York, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. 10 Spafford, E. The Internet worm: Crisis and aftermath. Common. ACM 32, 6 (June 1989), 678-688. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. 11 Tsudik, G. Message authentication with one-way hash functions. ACM Computer Communication Review 22, 5 (1992), 29-38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. 12 Wagner, D., and Bellovin, S. A "bump in the stack" encryptor for MS- DOS systems. In Proceedings of the Internet Society Symposium on Network and Distributed System Security (Feb. 1996). Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Internet security: firewalls and beyond

              Recommendations

              Reviews

              Matthew Allen Bishop

              Two techniques for enhancing the security of systems connected to the Internet are presented. The first technique, the use of firewalls, is currently available and popular. The second, making changes to applications and protocol implementations, holds greater promise but is still being developed. This expository paper provides a good but shallow over view of the protocols and implementation issues. It focuses on the technical details but also touches on the political and social ramifications of introducing and maintaining security. The author's analogies in support of security are thought-provoking. The presentation of firewall technology is shorter and less satisfying. It describes the main types of firewalls and contrasts their advantages and disadvantages. The paper includes a number of frustrating minor errors. For example, the author states that “PGP conforms to most parts of the PEM specification” (p. 100). This is inaccurate: PGP provides a functionality similar to that of Privacy Enhanced Mail, and uses the same fundamental idea of differing interchange and session keys, but the two are incompatible. To be fair, the paper correctly notes the major differences in the trust model . This paper provides a reasonable and readable survey, but leaves the reader wanting to know more.

              Access critical reviews of Computing literature here

              Become a reviewer for Computing Reviews.

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image Communications of the ACM
                Communications of the ACM  Volume 40, Issue 5
                May 1997
                117 pages
                ISSN:0001-0782
                EISSN:1557-7317
                DOI:10.1145/253769
                Issue’s Table of Contents

                Copyright © 1997 ACM

                Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 1 May 1997

                Permissions

                Request permissions about this article.

                Request Permissions

                Check for updates

                Qualifiers

                • article

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader