Building Linux and OpenBSD Firewalls
tackles considerably more than its title implies. For one thing, it's an introductory Internet security text that explains some of the methods attackers employ and how security strategies (including firewalls) can help thwart them.
Some of this coverage is very basic indeed ("What's an IP address?" and "What's a good Password" are two elementary sidebars), but that's in keeping with this series, which is intended for managers and others somewhat removed from detail work as well as for technicians. Still, the differences between OpenBSD and Linux boil down to a couple of key features, and you'll find yourself halfway through this book before you get to any how-to material on configuring a firewall. The configuration information is easy to follow: the authors explain which options to choose in the operating systems' respective installation routines and outline some supplementary procedures to follow afterward.
This book deserves kudos for treating OpenBSD with the same respect most books lavish over the trendier Linux, and the odds are good you'll learn a lot about it. You'll find the general security material valuable as well, particularly if you're new to the security game and need a primer on firewalls, demilitarized zones (DMZs), and the vulnerabilities of particular protocols and services. Still, this isn't the best practical guide around. Look at Linux Firewalls for detailed information on configuring IP chains under Linux, Maximum Linux Security for an all-purpose take on that system's security characteristics, and Firewalls and Internet Security: Repelling the Wily Hacker for further comprehensive security coverage. --David Wall
Topics covered: Internet security background, fundamentals of firewall design and security policy, the relative merits of OpenBSD and Linux, and the configuration of bare-metal machines as firewalls under both operating systems. The authors use Red Hat Linux 6 and OpenBSD 2.5.
"This is an excellently written and organized examination of existing security perceptions and procedures."--System Administration magazine