Date: 8/7/97 9:05:11 AM From: Subject: BoS: Re: Merits To: (""@LOCAL) CC: (""@LOCAL) > Can anybody point me in the direction of some sound documentation on the > Advantages and dis-advantages of some of some of the more well known > packaged firewall products compared to Applications such as Socks 4/5. I'm not going to claim that this is the perfect list for you, but a lot of people have asked for this document since I first posted it. I guess they're putting it up at freebsd.org. In the meantime, however, this will get you started. Eventually, by the way, this (and about two and a half times again) of a bibiliography will go up at http://www.gnss.com. My partner and I are going to build a huge server there. In about a month or so. (It will be searchable, blah, blah. Oh yes...and free, of course.) Unfortunately, in this batch, I don't really have anything that directly compares all firewalls to SOCKS technology specifically, but this will get you on that road. Here's the list, in descending order. All have some form of either comparison, a summary of features, wish lists, etc.(I haven't updated the links for some of M.J. Ranum's stuff, so, Mr. Ranum, if you're out there, you may wish to inform him - and me of those new links.) The list follows: Rating of application layer proxies. Michael Richardson. Wed Nov 13 13:54:09 EST 1996. http://www.sandelman.ottawa.on.ca/SSW/proxyrating/proxyrating.html Comparison: Firewalls. June 17, 1996. LanTimes. Comprehensive comparison of a wide variety of firewall products. http://www.lantimes.com/lantimes/usetech/compare/pcfirewl.html PCWEEK Intranet and Internet Firewall Strategies. Ed Amoroso & Ron Sharp, Ziff Davies Firewall Performance Measurement Techniques: A Scientific Approach. Marcus Ranum. February 4, 1996 (Last Known Date of Mod.) http://www.v-one.com/pubs/perf/approaches.htm Internet Firewalls and Network Security. Chris Hare, Karanjit Siyan. 2nd Edition. New Riders Pub. August 1,1996. ISBN: 1562056328 Internet Firewalls. Scott Fuller, Kevin Pagan. Ventana Communications Group Inc. January 1997. ISBN: 1566045061 Building Internet Firewalls. D. Brent Chapman, Elizabeth D. Zwicky. O'Reilly & Associates (ORA). September 1,1995. ISBN: 1565921240 Firewalls and Internet Security : Repelling the Wily Hacker. Addison-Wesley Professional Computing. William R. Cheswick, Steven M. Bellovin. June 1,1994. ISBN: 0201633574 Actually Useful Internet Security Techniques. Larry J. Hughes, Jr. New Riders Publishing, ISBN 1-56205-508-9 Internet Security Resource Library : Internet Firewalls and Network Security, Internet Security Techniques, Implementing Internet Security. New Riders. December 1995. ISBN: 1562055062 Firewalls FAQ. Marcus J. Ranum. http://www.cis.ohio-state.edu/hypertext/faq/usenet/firewalls-faq/faq.html NCSA Firewall Policy Guide. Compiled by Stephen Cobb, Director of Special Projects. National Computer Security Association. http://www.ncsa.com/fwpg_p1.html There Be Dragons. Steven M. Bellovin. "To appear in Proceedings of the Third Usenix UNIX Security Symposium, Baltimore, September 1992." AT&T Bell Laboratories, Murray Hill, NJ. August 15, 1992 Keeping your site comfortably secure: An Introduction to Internet Firewalls. John P. Wack and Lisa J. Carnahan. National Institute ofStandards and Technology. John Wack Thursday, Feb 9 18:17:09 EST 1995. http://csrc.ncsl.nist.gov/nistpubs/800-10/ SQL*Net and Firewalls. David Sidwell & Oracle Corporation. http://www.zeuros.co.uk/firewall/library/oracle-and-fw.pdf Covert Channels in the TCP/IP Protocol Suite. Craig Rowland. Rotherwick & Psionics Software Systems Inc. http://www.zeuros.co.uk/firewall/papers.htm If You Can Reach Them, They Can Reach You. A PC Week Online Special Report, June 19, 1995. William Dutcher. http://www.pcweek.com/sr/0619/tfire.html Packet Filtering for Firewall Systems. February 1995. CERT (and Carnegie Mellon University.) ftp://info.cert.org/pub/tech_tips/packet_filtering Network Firewalls. Steven M. Bellovin and William R. Cheswick. ieeecm, 32(9), pp. 50-57, September 1994. Session-Layer Encryption. Matt Blaze and Steve Bellovin. Proceedings of the USENIX Security Workshop, June 1995. A Network Perimeter With Secure External Access. An extraordinary paper that details the implementation of a firewall purportedly at the White House. (Yes, the one at 1600 Pennsylvania Avenue.) Frederick M. Avolio; Marcus J. Ranum. (Trusted Information Systems, Incorporated). Glenwood, MD. January 25, 1994. http://www.alw.nih.gov/Security/FIRST/papers/firewall/isoc94.ps Packets Found on an Internet. Interesting Analysis of packets appearing at the Application Gateway of AT&T. Steven M. Bellovin. Lambda. August 23, 1993. ftp://ftp.research.att.com/dist/smb/packets.ps Using Screend to implement TCP/IP Security Policies. Jeff Mogul. Rotherwick and Digital. http://www.zeuros.co.uk/firewall/library/screend.ps Firewall Application Notes. Good document that starts out by describing how to build a firewall. It also addresses application proxies, Sendmail in relation to firewalls and the characteristics of a bastion host. Livingston Enterprises, Inc. http://www.telstra.com.au/pub/docs/security/firewall-1.1.ps.Z X Through the Firewall, and Other Application Relays. Treese/Wolman Digital Equipment Corp. Cambridge Research Lab. (October, 1993?). ftp://crl.dec.com/pub/DEC/CRL/tech-reports/93.10.ps.Z Intrusion Protection for Networks 171. BYTE Magazine. April, 1995. Benchmarking Methodology for Network Interconnect Devices. RFC 1944. S. Bradner & J. McQuaid. ftp://ds.internic.net/rfc/rfc1944.txt WARDING OFF THE CYBERSPACE INVADERS. Business Week. 03/13/95. Amy Cortese in New York, with bureau reports Vulnerability in Cisco Routers used as Firewalls. Computer Incident Advisory Capability Advisory: Number D-15. May 12, 1993 1500 PDT. http://ciac.llnl.gov/ciac/bulletins/d-15.shtml WAN-Hacking with AutoHack - Auditing Security behind the Firewall. Alec D.E. Muffett. (network Security Group, Sun Microsystems, United Kingdom.) Written by the author of Crack, the famous password cracking program. Extraordinary document that deals with methods of auditing security from behind a firewall. (And auditing of a network so large that it contained tens of thousands of hosts!) June 6, 1995. http://www.telstra.com.au/pub/docs/security/muffett-autohack.ps Windows NT Firewalls Are Born. February 4, 1997. PC Magazine. http://www.pcmagazine.com/features/firewall/_open.htm Group of 15 Firewalls Hold Up Under Security Scrutiny. Stephen Lawson June 1996. InfoWorld. http://www.infoworld.com/cgi-bin/displayStory.pl?96067.firewall.htm IP v6 Release and Firewalls. Uwe Ellermann. 14th Worldwide Congress on Computer and Communications Security. Protection, pp. 341-354, June 1996. The SunScreen Product Line Overview. (Sun Microsystems.) http://www.sun.com/security/overview.html Product Overview for IBM Internet Connection Secured Network Gateway for AIX, Version 2.2. (IBM Firewall Information.) http://www.ics.raleigh.ibm.com/firewall/overview.htm The Eagle Firewall Family. (Raptor Firewall Information.) http://www.raptor.com/products/brochure/40broch.html Secure Computing Firewall for NT. Overview. (Secure Computing). http://www.sctc.com/NT/HTML/overview.html Check Point FireWall-1 Introduction. (Checkpoint Technologies Firewall Information.) http://www.checkpoint.com/products/firewall/intro.html Cisco PIX Firewall. (Cisco Systems Firewall Information.) http://www.cisco.com/univercd/data/doc/cintrnet/prod_cat/pcpix.htm Protecting the Fortress From Within and Without. R. Scott Raynovich. April 1996. LAN Times. http://www.wcmh.com/lantimes/96apr/604c051a.html Internet Firewalls: An Introduction. Firewall White Paper. NMI Internet Expert Services. PO Box 8258. Portland, ME 04104-8258. http://www.netmaine.com/netmaine/whitepaper.html Features of the Centri(TM) Firewall. (Centri Firewall Information.) http://www.gi.net/security/centrifirewall/features.html Five Reasons Why an Application Gateway is the Most Secure Firewall. (Global Internet.) http://www.gi.net/security/centrifirewall/fivereasons.html An Introduction to Intrusion Detection. Aurobindo Sundaram. Last Apparent Date of Modification: October 26, 1996. http://www.techmanager.com/nov96/intrus.html Intrusion Detection for Network Infrastructures. S. Cheung, K.N. Levitt, C. Ko. 1995 IEEE Symposium on Security and Privacy, Oakland, CA, May 1995. http://seclab.cs.ucdavis.edu/papers/clk95.ps Network Intrusion Detection. Biswanath Mukherjee and L. Todd Heberlein and Karl N. Levitt. IEEE Network, May 1994. Fraud and Intrusion Detection in Financial Information Systems. S. Stolfo and P. Chan and D. Wei and W. Lee and A. Prodromidis. 4th ACM Computer and Communications Security Conference, 1997. http://www.cs.columbia.edu/~sal/hpapers/acmpaper.ps.gz A Pattern-Oriented Intrusion-Detection Model and Its Applications. Shiuhpyng W. Shieh and Virgil D. Gligor. Research in Security and Privacy, IEEECSP, May 1991. Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System (NIDES). Debra Anderson, Teresa F. Lunt, Harold Javitz, Ann Tamaru, and Alfonso Valdes. SRI-CSL-95-06, May 1995. (Available in hard copy only.) Abstract: http://www.csl.sri.com/tr-abstracts.html#csl9506 Intrusion Detection Systems (IDS): A Survey of Existing Systems and A Proposed Distributed IDS Architecture. S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, T. Grance, L.T. Heberlein, C. Ho, K.N. Levitt, B. Mukherjee, D.L. Mansur, K.L. Pon, and S.E. Smaha. Technical Report CSE-91-7, Division of Computer Science, University of California, Davis, February 1991. http://seclab.cs.ucdavis.edu/papers/bd96.ps A Methodology for Testing Intrusion Detection Systems. N. F. Puketza, K. Zhang, M. Chung, B. Mukherjee, R. A. Olsson. IEEE Transactions on Software Engineering, Vol.22, No.10, October 1996. http://seclab.cs.ucdavis.edu/papers/tse96.ps GrIDS -- A Graph-Based Intrusion Detection System for Large Networks. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle. The 19th National Information Systems Security Conference. http://seclab.cs.ucdavis.edu/papers/nissc96.ps NetKuang--A Multi-Host Configuration Vulnerability Checker. D. Zerkle, K. Levitt , Proc. of the 6th USENIX Security Symposium. San Jose, California. 1996. http://seclab.cs.ucdavis.edu/papers/zl96.ps Simulating Concurrent Intrusions for Testing Intrusion Detection Systems: Parallelizing Intrusions. M. Chung, N. Puketza, R.A. Olsson, B. Mukherjee. Proc. of the 1995 National Information Systems Security Conference. Baltimore, Maryland. 1995. http://seclab.cs.ucdavis.edu/papers/cpo95.ps Holding Intruders Accountable on the Internet. S. Staniford-Chen, and L.T. Heberlein. Proc. of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, 8-10 May 1995. http://seclab.cs.ucdavis.edu/~stanifor/seclab_only/notes/ieee_conf_94/revision/submitted.ps Machine Learning and Intrusion Detection: Current and Future Directions. J. Frank. Proc. of the 17th National Computer Security Conference, October 1994. Another Intrusion Detection Bibliography. http://doe-is.llnl.gov/nitb/refs/bibs/bib1.html Intrusion Detection Bibliography. http://www.cs.purdue.edu/coast/intrusion-detection/ids_bib.html Intrusion Detection Systems. This list concentrates primarily on discussions about methods of intrusion or intrusion detection. Target: majordomo@uow.edu.au Command: subscribe ids (In BODY of message) The WWW Security List. Members of this list discuss all techniques to maintain (or subvert) WWW security. (Things involving secure methods of HTML, HTTP and CGI.) Target: www-security-request@nsmx.rutgers.edu Command: SUBSCRIBE www-security your_email_address (In BODY of message) The Sneakers List. This list discusses methods of circumventing firewall and general security. This list is reserved for lawful tests and techniques. Target: majordomo@CS.YALE.EDU Command: SUBSCRIBE Sneakers (In BODY of message) The Secure HTTP List. This list is devoted to the discussion of S-HTTP and techniques to facilitate this new form of security for WWW transactions. Target: shttp-talk-request@OpenMarket.com Command: SUBSCRIBE (In BODY of message) The NT Security List. This list is devoted to discussing all techniques of security related to the Microsoft Windows NT operating system. (Individuals also discuss security aspects of other Microsoft operating systems as well.) Target: request-ntsecurity@iss.net Command: subscribe ntsecurity (In BODY of message) The Bugtraq List. This list is for posting or discussing bugs in various operating systems, those UNIX is the most often discussed. The information here can be quite explicit. If you are looking to learn the fine aspects (and cutting edge news) in UNIX security, this list is for you. Target: LISTSERV@NETSPACE.ORG Command: SUBSCRIBE BUGTRAQ(In BODY of message) Password Security: A Case History. Robert Morris and Ken Thompson. http://www.sevenlocks.com/papers/password/pwstudy.ps Site Security Handbook (update and Idraft version; June 1996, CMU. Draft-ietf-ssh-handbook-03.txt.) Barbara Fraser. http://www.internic.net/internet-drafts/draft-ietf-ssh-handbook-03.txt. Improving the Security of Your Site by Breaking Into It. Dan Farmer & Wietse Venema. (1995) http://www.craftwork.com/papers/security.html. Making Your Setup More Secure. NCSA Tutorial Pages. http://hoohoo.ncsa.uiuc.edu/docs/tutorials/security.html. The Secure HyperText Transfer Protocol. E. Rescorla, A. Schiffman (EIT) July 1995. http://www.eit.com/creations/s-http/draft-ietf-wts-shttp-00.txt. The SSL Protocol. (IDraft) Alan O. Freier & Philip Karlton (Netscape Communications) with Paul C. Kocher. http://home.netscape.com/eng/ssl3/ssl-toc.html. Writing, Supporting, and Evaluating TripWire. A Publicly Available Security Tool; Kim/Spafford. http://www.raptor.com/lib/9419.ps The Design and Implementation of TripWire. A Filesystem Integrity Checker; Kim/Spafford. Location: http://www.raptor.com/lib/9371.ps X Window System Security. Ben Gross & Baba Buehler. Beckman Institute System Services. http://www.beckman.uiuc.edu/groups/biss/VirtualLibrary/xsecurity.html. Last Apparent Date of Modification: January 11, 1996. On the (in)Security of the Windowing System X. Marc VanHeyningen of Indiana University. http://www.cs.indiana.edu/X/security/intro.html. September 14, 1994. Security in the X11 Environment. Pangolin. University of Bristol, UK. January, 1995. http://sw.cse.bris.ac.uk/public/Xsecurity.html. Security in Open Systems. (NIST) John Barkley, Editor. (With Lisa Carnahan, Richard Kuhn, Robert Bagwill, Anastase Nakassis, Michael Ransom, John Wack, Karen Olsen, Paul Markovitz and Shu-Jen Chang.) US Department of Commerce. Section: The X Window System: Bagwill, Robert. http://csrc.ncsl.nist.gov/nistpubs/800-7/node62.html#SECTION06200000000000000000. Security Enhancements of the DEC MLS+ System; The Trusted X Window System. November, 1995. http://ftp.digital.com/pub/Digital/info/SPD/46-21-XX.txt Evolution of a Trusted B3 Window System Prototype. J. Epstein, J. Mc Hugh, R.Psacle, C. Martin, D. Rothnie, H. Orman, A. Marmor-Squires, M.Branstad, and B. Danner, , In Proceeding of the 1992 IEEE Symposium on Security and Privacy, 1992. A Prototype B3 Trusted X Window System. J. Epstein, J. Mc Hugh, R. Pascale, H. Orman, G. Benson, C.Martin, A. Marmor-Squires, B.Danner, and M. Branstad, The Proceedings of the 7th Computer Security Applications Conference, December, 1991. Improving X Windows Security. UNIX World, (Volume IX, Number 12) December 1992. Linda Mui. Security and the X Window System. UNIX World, 9(1), p. 103. January 1992. Dennis Sheldrick. The X Window System. Scheifler, Robert W. & Gettys, Jim. ACM Transactions on Graphics. Vol.5, No. 2 (April 1986), pp. 79-109. http://www.acm.org/pubs/toc/Abstracts/0730-0301/24053.html. X Window Terminals. Digital Technical Journal of Digital Equipment Corporation, 3(4), pp. 26-36, Fall 1991. Bjvrn Engberg and Thomas Porcher. ftp://ftp.digital.com/pub/Digital/info/DTJ/v3n4/X_Window_Terminals_01jul1992DTJ402P8.ps. Information Security: Computer Attacks at Department of Defense Pose Increasing Risks; General Accounting Office. Report on Failed Security at US Defense Sites. http://www.epic.org/security/GAO_OMB_security.html Defense Directive 5200.28. "Security requirements for Automated Information Systems." Document describing some antiquated government standards for security. http://140.229.1.16:9000/htdocs/teinfo/directives/soft/5200.28.html The Evaluated Products List (EPL). A list of products that have been evaluated for security ratings, based on DOD guidelines. http://www.radium.ncsc.mil/tpep/epl/index.html INTERNIC, or the Network Information Center. INTERNIC provides comprehensive databases on networking information. These databases contain the larger portion of collected knowledge on the design and scope of the Internet. (Of main importance here is the database of RFC documents.) http://ds0.internic.net/ds/dspg1intdoc.html The Rand Corporation. Security resources of various sorts. Also: very engrossing "early" documents on the Internets design. http://www.rand.org/publications/electronic/ Connected: An Internet Encyclopedia. (Incredible on-line resource for RFC documents and related information, apparently painstaking translated into HTML.) http://www.freesoft.org/Connected/RFC/826/ The Computer Emergency Response Team. (CERT) An organization that assists sites in responding to network security violations, break-ins and so forth. Great source of information, particularly for vulnerabilities. http://www.cert.org. Security Survey of Key Internet Hosts & Various Semi-Relevant Reflections. D. Farmer. Fascinating independent stud conducted by one of the authors of the now famous SATAN program. The survey involved approximately 2200 sites. The results are disturbing. http://www.trouble.org/survey/ CIAC. (U.S. Department of Energy's Computer Incident Advisory Capability.) The CIAC provides computer security services to employees and contractors of the United States Department of Energy, but the site is open to the public as well. There are many tools and documents at this location. http://ciac.llnl.gov/ The National Computer Security Association. This site contains a great deal of valuable security information, including reports, papers, advisories and analyses of various computer security products and techniques. http://www.ncsa.com/ Short Courses in Information Systems Security at George Mason University. This site contains information about security courses. Moreover, there are links a comprehensive bibliography of various security related documents. http://www.isse.gmu.edu:80/~gmuisi/ NCSA RECON. Spooks on the Net. The National Computer Security Associations "special" division. They offer a service where one can search through thousands of downloaded messages passed amongst hackers and crackers on BBS boards and the Internet. An incredible security resource, but a commercial one. http://www.isrecon.ncsa.com/public/faq/isrfaq.htm Lucent Technologies. Courses on security from the folks who really know security. http://www.attsa.com/ Massachusetts Institute of Technology distribution site for United States residents for Pretty Good Privacy (PGP). PGP provides some of the most powerful, military grade encryption currently available. http://web.mit.edu/network/pgp.html The Anonymous Remailer FAQ. A document that covers all aspects of anonymous remailing techniques and tools. http://www.well.com/user/abacard/remail.html The Anonymous Remailer List. A comprehensive but often changing (dynamic) list of anonymous remailers http://www.cs.berkeley.edu/~raph/remailer-list.html Microsoft ActiveX Security. This page addresses the security features of ActiveX. http://www.microsoft.com/intdev/signcode/ Purdue University COAST Archive. One of the more comprehensive security sites, containing many tools and documents of deep interest within the security community. http://www.cs.purdue.edu//coast/archive/ Raptor Systems. Makers of one of the better firewall products on the Net have established a fine security library. http://www.raptor.com/library/library.html The Risks Forum. A moderated digest of security and other risks in computing. A great resource that is also searchable. You can tap the better security minds on the Net. http://catless.ncl.ac.uk/Risks FIRST. (Forum of Incident Response and Security Teams). A conglomeration of many organizations undertaking security measures on the Internet. A powerful organization and good starting place for sources. http://www.first.org/ The CIAC Virus Database. The ultimate virus database on the Internet. An excellent resource to learn about various viruses that can effect your platform. http://ciac.llnl.gov/ciac/CIACVirusDatabase.html Information Warfare and Information Security on the Web. A comprehensive lost of links and other resources concerning Information Warfare over the Internet. http://www.fas.org/irp/wwwinfo.html Criminal Justice Studies of the Law Faculty of University of Leeds, The United Kingdom. Site with interesting information on cryptography and civil liberties. http://www.leeds.ac.uk/law/pgs/yaman/cryptog.htm. Federal Information Processing Standards Publication documents. (Government guidelines.) National Institute of Standards and Technology reports on DES encryption and related technologies. http://csrc.nist.gov/fips/fips46-2.txt Wordlists available at NCSA and elsewhere. (For use in testing the strength of, or "cracking" UNIX passwords.) http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html. Department of Defense Password Management Guideline. (Treatment of password security in classified environments.) http://www.alw.nih.gov/Security/FIRST/papers/password/dodpwman.txt Dr. Solomons. A site filled with virus information. Anyone concerned with viruses (or anyone who just wants to know more about virus technology,) should visit Dr. Solomons site. http://www.drsolomon.com/vircen/allabout.html The Seven Locks server. An eclectic collection of security resources, including a number of papers that cannot be found elsewhere! http://www.sevenlocks.com/CIACA-10.htm.[m1] S/Key informational page. Provides information on S/Key and use of one time passwords in authentication. http://medg.lcs.mit.edu/people/wwinston/skey-overview.html. A page devoted to ATP, the "Anti-Tampering Program". (In some ways, similar to Tripwire or Hobgoblin.) http://www.cryptonet.it/docs/atp.html Bugtraq Archives. An archive of the popular mailing list, Bugtraq. This is significant because Bugtraq is one of the most reliable source for up-to-date reports on new found vulnerabilities in UNIX (and at times, other operating systems.) http://geek-girl.com/bugtraq/ Wang Federal. This company produces very high quality security operating systems and other security solutions. They are the leader in TEMPEST technology. http://www.wangfed.com The Center for Secure Information Systems. This site, affiliated with the Center at George Mason University, has some truly incredible papers. There is much research going on here; research of a cutting edge nature. The link below send you directly to the publications page, but you really should explore the entire site. http://www.isse.gmu.edu/~csis/publication.html SRI International. Some very highbrow technical information. The technical reports here are of extreme value. However, you must have at least a fleeting background in security to even grasp some of the concepts. Nevertheless, a great resource. http://www.sri.com/ The Security Reference Index. This site, maintained by the folks at telstra.com, is a comprehensive pointer page to many security resources. http://www.telstra.com.au/info/security.html Wietse Venemas Tools Page. This page, Maintained by Wietse Venema (co-author of SATAN and author of TCP_Wrapper and many, other security tools), filled papers, tools and general information. It is a must-visit for any UNIX system administrator. ftp://ftp.win.tue.nl/pub/security/index.html United States. Congress. House. Committee on Science, Space, and Technology. Subcommittee on Science. Internet security : Hearing Before the Subcommittee on Science of the Committee on Science, Space, and Technology. U.S. House of Representatives, One Hundred Third Congress, second session, March 22, 1994. Washington. U.S. G.P.O. For sale by the U.S. G.P.O., Supt. of Docs., Congressional Sales Office, 1994. UNIX Unleashed. SAMS Publishing, 1994. ISBN: 0-672-30402-3. Internet QuickKIT. Brad Miser. HAYDEN. ISBN: 1568302401 Bots and Other Internet Beasties. SAMS.NET. Joseph Williams. ISBN: 1575210169 (1996) The Internet Unleashed 1996. SAMS.NET. SAMS Development Group. ISBN: 157521041X. (1995) Microsoft Internet Information Server 2 Unleashed. Arthur Knowles. SAMS.NET. ISBN: 1575211092. (1996) Designing and Implementing Microsoft Internet Information Server. SAMS.NET. ISBN: 1575211688. (1996) Internet Research Companion. Que Education and Training. Geoffrey McKim. ISBN: 1575760509. (1996) An Interactive Guide to the Internet. Que Education and Training. J. Michael BLocher, Vito Amato & Jon Storslee. ISBN: 1575763540. (1996) Internet Security for Business. New York. Wiley, 1996. xi, 452 p. : ill. ; 24 cm. LC CALL NUMBER: HD30.38 .I57 1996 Managing Windows NT Server 4. NRP. Howard F. Hilliker. ISBN: 1562055763. (1996) Internet 1997 Unleashed, Second Edition. SAMS.NET. Jill Ellsworth, Billy Barron, et al. ISBN: 1575211858. (1996) Windows NT Server 4 Security, Troubleshooting, and Optimization. NRP. ISBN: 1562056018. (1996) Apache Server Survival Guide. SAMS.NET. Manuel Alberto Ricart. ISBN: 1575211750. (1996) Internet Firewalls and Network Security, Second Edition. NRP. Chris Hare and Karanjit S. Siyan, Ph.D. ISBN: 1562056328. (1996) PC Week Intranet and Internet Firewalls Strategies. ZDPRESS. Ed Amoroso & Ronald Sharp. ISBN: 1562764225. (1996) Internet Security Professional Reference. NRP. Chris Hare, et al. ISBN: 1562055577. (1996) NetWare Security. NRP. William Steen. ISBN: 1562055453. (1996) Internet Security Resource Library. NRP. Box-set. ISBN: 1562055062. (1996) LINUX System Administrator's Survival Guide. SAMS. Timothy Parker, Ph. D. ISBN: 0672308509. (1996) Internet Commerce. NRP. Andrew Dahl and Leslie Lesnick. ISBN: 1562054961. (1995) Windows NT Server 4 Security, Troubleshooting, and Optimization. NRP. ISBN: 1562056018. (1996) E-Mail Security: How To Keep Your Electronic Messages Private. Bruce Schneier. John Wiley & Sons Inc. 605 Third Ave. New York, NY 10158. ISBN: 0-471-05318-X Protection and Security on the Information Superhighway. Frederick B. Cohen. John Wiley & Sons Inc. 605 Third Ave. New York, NY 10158. ISBN: 0-471-11389-1