Most helpful critical review
41 of 45 people found the following review helpful
A nice internet security overview
on March 22, 2003
My hope was that reading Firewalls and Internet Security - Second Edition would be a chance to sit at the feet of the masters, but I was disappointed. Part of the problem is the title, this is not a firewall book; this is an internet oriented security overview. The writing style is professional, but terse, you will learn the names of many important things, but you will not learn how to DO anything and you will not even learn ABOUT very much. However the book gives you the NAMES of many important topics that you can go research on your own and is valuable for that. It is well edited and has a flawless layout making it a fast easy read because the technical level is low and the book is short.
The book opens with a few pages on security truisms, my favorite part of the book and a dazzling display of intellect! All the material after the truisms and up to chapter 9 is a quick tour of topics like Security Policy, Host-Based Security and Perimeter Security, Authentication, and all the Protocols in a couple paragraphs each.
Chapters 9 - 12 are where the book covers perimeters. Chapter 9 is dated material, Static Packet Filters, Network Topology, Application Gateways, and SOCKS. The book begins to improve in Chapter 10, remember, these authors really know their stuff and if you read closely there is wisdom here. The "Use the phone?" comment in the H.323 and SIP example firewall rule was a classic. Sadly, this whole critically important section got one thin paragraph.
In Chapter 13, there is a fascinating discussion about using routing tricks to protect a host, but it isn't clear to me you can implement this with the four sentences of information the authors provide. As you march on to Chapter 16, they have a few paragraphs on host security, name some types of IDSes and so forth.
Chapter 16 is from the original edition, An Evening with Berferd is a lovely read especially if you have a Unix background. Chapter 17, The Taking of Clark, another war story, was also fun.
The ending of the book is sad, the technical material concludes with three and a half pages titled: Where do we go from here? They briefly mention IPv6, but come to no conclusion as to its future. DNSsec gets two paragraphs, we do not even learn what it is, (a new resource record where the information that is stored can be signed).
In the final paragraph the authors conclude we are going backward not forward, that we cannot achieve the security level Multics had in the 1970s with modern operating systems. I sincerely hope that is not true; take a look at OpenBSD, one exploitable remote vulnerability in seven years. Think about the progress RedHat and Microsoft are making. Take a look at the work The Center for Internet Security is doing, take the Unix or Windows tracks at SANS, but never, ever give up.