Customer Reviews

Building Internet Firewalls (2nd Edition)

5 star:		(30)
4 star:		(5)
3 star:		(1)
2 star:		(0)
1 star:		(3)

 

 

I have acquired a lot of web development tools e.g. ASP, JSP, javascript and so on, but I know nothing on how internet actually connects or how to secure a web page. Firewall has always come to my mind when i think about internet security, but I have no idea what it exactly is. Then, I find "Building Internet Firewalls" in a local bookstore one day.

O'Reilly books always gives me bad impression that they are hard to understand and won't teach you from the basics. However, this book changes my mind totally.

This book doesn't assume you have any experience on system Administration or knowledge on internet security. It starts out by explaining what firewall is. Then, it presents firewall technologies, architectures and design. After all the basics, it connects the concepts of firewall to Internet and how to configure it on UNIX and Window NT. In the last few chapters, it teaches how to maintain a firewall.

I can't tell whether this book is good for system administration or someone already has some knowledge on firewall before. but for me, as an absolute beginner, it makes me understands firewall and I am confident that I can make my own firewall.

This second edition goes into great detail on how to build and maintain a firewall. It briefly discusses the attacks earlier this year on various well-known web sites and notes that one effective way of (if not toally stopping) slowing down these types of attacks is by use of a firewall.

In the first section, it talks about the reasons for having a firewall and security strategies. The second section (Building Firewalls) consists of several chapters and describes topics like packet filtering, firewall architectures and design, proxy systems and bastion hosts. I gleaned a lot of good information from this section alone.

The next section contains chapters describeing how to protect against attackers invading any Internet services (World Wide Web, email & netnews, FTP, IRC, DNS, games, etc). The last section describes methods to keep your network secure, such as settinp up security policies, how to maintain your firewall once it's up and running, and how to deal with a "break-in." There's also three appendices containing various information about firewall tools, mailing lists and newsgroups.

All in all, an excellent book on building and maintaining a firewall.

Since there was no such thing as CIDR when it was written, we now have a few reserves to directly apply the book's conclusions. Because private IPs were rather new then, the authors did not take advantage of their security aspects. It was written at the time passive mode ftp was rather rare. Because there was no IP masquerades nor NAT, authors' choices for outbound connections were limited to few proxies and impractical packet filtering. PC unix-likes, which are the major player in building firewalls nowadays, were infantile, it they existed. There were very few choices on packet filters, the most important firewall component. Dialup connections were yet negligible, so the book did not discuss personal securities when connected to internet.

In spite of all these and other changes, the book solidly laid out firewall network structures. We don't see any significant variations of them, as yet. Its in depth discussions on impacts of various tcp/udp/icmp protocols upon firewalls are now the criteria we use to judge safeties of newly proposed ones. Despite new security softwares, and new exploits I must add, arrive daily, the book has established true home ground we start from. On the other hand, I am certainly interested in what authors would say looking at changes we have encountered.

I am the officer technical lead for a 50-person military intrusion detection operation. I am also working with a team redesigning one service's enterprise-wide communication and security infrastructure, for whom firewalls are a key concern. "Building Internet Firewalls" will challenge your concept of how firewalls are created and operated. The authors do not limit their discussion to single box firewall solutions offered by most commercial vendors. Instead, they present alternative approaches and explain their strengths and weaknesses in an unbiased manner. Furthermore, the reader is treated to 330 pages (chapters 14-23) of the clearest, most concise guide to network protocols I've encountered. (I recommend Eric Hall's Internet Core Protocols and forthcoming Internet Application Protocols for greater detail.) From an intrusion detector's standpoint, this information on protocol features, ports, and characteristics is invaluable, and may solve a few mysteries. The author's attention to Windows as well as UNIX technologies is welcome, although most readers will share the author's frustration with certain Windows protocols. Thanks for the excellent work!

Every cell in the human body changes completely every seven years, but the underlying essence of the person remains. Similarly, information security has changed dramatically in the same time period, when the authors of this book were writing the first edition, but its essence has remained the same.

Topics such as ActiveX, RealVideo, IP version 6, and instant messaging were not even on the horizon when the first edition of this book was released. Now in its overdue second edition, the book covers these important topics and more.

Among the many fine security books available-several of which have been reviewed in this column-Building Internet Firewalls is one of the best. It is not just a comprehensive tome on firewalls; the authors take the many aspects of a firewall (for example, policies, protocols, and varied networks) and integrate them into a common framework. This is necessary, since management often equates security with firewalls.

Divided into four sections (network security, building firewalls, Internet services, and site security), the bulk of the book is built around the sections on Internet services and building firewalls. In these 20 chapters, the authors detail the many aspects of a firewall. Critical concepts such as firewall technologies, architectures, intermediary protocols, and directory services are discussed in detail. The authors do a splendid job of defining the various types of firewalls and exploring their advantages and weaknesses.

This book is remarkable for detailing the components of an effective information security system that are conferred via a firewall. Anyone needing a grasp on the often-confusing topic of firewalls need look no further.

This review originally appeared in the June issue of Security Management magazine

This book does a very good job of explaining what firewalls are, the function they serve, what they can and cannot do, and other topics related to them. I purchased this book to distribute to students as I teach Network Security in my place of business and it helped individuals with little or no experience in firewalls and servers understand and even setup and install a firewall on a network. If you are just learning about firewalls or know a moderate amount on them this is a good book to bring you to a very educated level.

Since someone from Boston gave this book such a horrible review I had to counter with my own opinion. I am a systems administrator for an internet start up in Boston. I have a good understanding of security and firewalls. I bought this book to increase that knowlege. This book was a big help. While it is a bit outdated by the standards of the internet the basic principles of security are the same. This is an excellent reference book as well as a good book to get started with. The sections the packet filtering charactoristics of a lot of popular services was helpful.

Very good coverage of basic firewall concepts. Thankfully, it's OS agnostic; the concepts can be applied to any firewall-type: Windows-based, Unix/Linux/BSD, or even hardware. Describes how to secure all sorts of configurations for businesses of small to large scale. Many pictures illustrate the ideal (and non-ideal) layouts of your network.

Finally, at the end they wrap it all up by showing you a complete sample ruleset. I pretty much copied this to set up my home firewall. I sleep better at night thanks to this book.

I build Firewall and Security Architectures for a living. In the last four years or so I have designed many architectures for major corporates worldwide. I consider this book as my standard reference work. Even after much practice I use this book occassionally still 'in the field'.

O'Reilly (Nutshell) books have always been quite superb. My TCP/IP and DNS references have been well worn over the years. As have my Perl nutshell.. etc...

Although Non Vendor specific this is actually a plus. To understand say Firewall-1 after assimilating this book will take you a 1/10 of the time it would take you from 'cold' - and your abilities will be 10 times as sharp. I say non-vendor specific as the books bias towards UNIX (and derivatives) expands to demonstrate several UNIX based free Firewall toolkits.

Really this book is a "practical" theory of Firewall systems. It covers an enormous amount of detail, and thus in some places may seem cursory. However in such circumstances the Internet can help you research these topics in more depth.

Many parts of this book actually described potential attacks that I was totally unfamiliar with (such as an unsolicited ECHO_REPLY ICMP padded with additional payload) - for this alone the book is worth its weight in gold.

However if I have criticisms, they are minor. The authors thinly disguised contempt of Windows (and praise of UNIX) on which to base a security architecture shows through occasionally (although to be fair, they are being realistic), and there are parts that demonstrate that the authors experience of "standard build" clients is limited.

This book has hundreds of little gems that will be very helpful for anyone who is designing or maintaining a firewall. While not specific enough to contain all you'll need to build a firewall it does have a great deal of information you can use to make your firewall more efficient and secure. Some examples are: how powerful your bastion host should be, general background on IPSec, different vulnerabilities of Java vs. Active X, why you want to keep your bastion host isolated from your internal network, a handy breakdown of some useful NT registry keys and an informative appendix on cryptography. The authors go through the majority of the most commonly used protocols (and implementations of those protocols) on the Internet and talk about the hazards of using them. I particularly enjoyed the sections on DNS (with its treatment of different types of DNS records, double reverse lookup and hiding information with multiple servers) and X Windows ( particularly how it's used by ssh and what XDMCP is for). Along with every protocol description there was also a nice section with advice on how to make it work with SOCKS. I also enjoyed the charts presenting packet filtering suggestions found throughout the book and the section on sample firewalls at the end which combined the charts. The only thing missing from this book was some more specific information on firewall implementation. There were also some occasions were the authors brought up protocols or applications just for the sake of mentioning them and then didn't provide any useful information about them. All in all though, this book was very much worth reading.