Inside Network Perimeter Security (2nd Edition) (Paperback)

by Stephen Northcutt (Author), Lenny Zeltser (Author), Scott Winters (Author), Karen Kent (Author), Ronald W. Ritchey (Author)

Editorial Reviews

Product Description

Security professionals and administrators now have access to one of the most valuable resources for learning best practices for network perimeter security. Inside Network Perimeter Security, Second Edition is your guide to preventing network intrusions and defending against any intrusions that do manage to slip through your perimeter. This acclaimed resource has been updated to reflect changes in the security landscape, both in terms of vulnerabilities and defensive tools. Coverage also includes intrusion prevention systems and wireless security. You will work your way through fortifying the perimeter, designing a secure network, and maintaining and monitoring the security of the network. Additionally, discussion of tools such as firewalls, virtual private networks, routers and intrusion detection systems make Inside Network Perimeter Security, Second Edition a valuable resource for both security professionals and GIAC Certified Firewall Analyst certification exam candidates.

About the Author

Stephen Northcutt is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, whitewater raft guide, chef, martial arts instructor, cartographer, and network designer. Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security, 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials, and Network Intrusion Detection, 3rd Edition. He was the original author of the Shadow Intrusion Detection System before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen currently serves as Director of the SANS Institute.

Lenny Zeltser's work in information security draws upon experience in system administration, software architecture, and business administration. Lenny has directed security efforts for several organizations, co-founded a software company, and consulted for a major financial institution. He is a senior instructor at the SANS Institute, having written and taught a course on reverse-engineering malware. Lenny is also a coauthor of books such as SANS Security Essentials and Malware: Fighting Malicious Code. He holds a number of professional certifications, including CISSP and GSE, and is an incident handler at SANS Internet Storm Center. Lenny has earned a bachelor of science in engineering degree from the University of Pennsylvania and a master in business administration degree from MIT. More information about Lenny's projects and interests is available at http://www.zeltser.com.

Scott Winters has been working in all aspects of networking and computer security for over 14 years. He has been an Instructor, Network Engineer, and Systems Administrator and is currently employed as a Senior Consultant for Unisys at the Commonwealth of Pennsylvania Enterprise Server Farm. He has SANS GIAC Firewalls and Incident Handling certifications, as well as MCSE, CNE, Cisco CCNP, CCDP, and other industry certifications. Other accomplishments include authoring and editing of SANS GIAC Training and Certification course content, as well as exam content. He was a primary author of the first edition of Inside Network Perimeter Security and a contributing author for SANS Security Essentials with CISSP CBK. He has also been involved in the SANS GIAC Mentoring program and has served on the SANS GCFW Advisory Board.

Karen Kent is an Associate with Booz Allen Hamilton, where she provides guidance to Federal agencies on a broad range of information assurance concerns, including incident handling, intrusion detection, VPNs, log monitoring, and host security. Karen has earned a bachelor's degree in computer science from the University of Wisconsin-Parkside and a master's degree in computer science from the University of Idaho. She holds the CISSP certification and four SANS GIAC certifications. Karen has contributed to several books, including Intrusion Signatures and Analysis, published numerous articles on security, and coauthored several publications for the National Institute of Standards and Technology (NIST), including NIST Special Publication 800-61: Computer Security Incident Handling Guide.

Ronald W. Ritchey has an active interest in secure network design and network intrusion techniques. He gets to exercise this interest regularly by conducting penetration testing efforts for Booz Allen Hamilton, where he has had the opportunity to learn firsthand the real-world impact of network vulnerabilities. He is also an active researcher in the field with peer-reviewed publications in the area of automated network security analysis. Ronald has authored courses on computer security that have been taught across the country, and he periodically teaches graduate-level courses on computer security. Ronald holds a masters degree in computer science from George Mason University and is currently pursuing his Ph.D. in information technology at their School of Information Technology and Engineering. His doctoral research involves automating network security analysis.

About the Technical Editors

Todd Chapman has 10+ years of experience delivering IT services as varied as systems management, security, networking, clustering, Perl programming, and corporate development and training. Currently, Todd is a consultant for gedas USA, Inc., in Auburn Hills, Michigan, where he provides security consulting services for Volkswagen/Audi of America. For the last three years Todd has been an active member of the SANS GCFW advisory board and has written SANS certification exam questions in a number of disciplines. Todd's certifications include Red Hat Certified Engineer (RHCE), Microsoft Certified Systems Engineer (MCSE), GIAC Certified Firewall Analyst (GCFW), GIAC Certified Intrusion Analyst (GCIA), and GIAC Systems and Network Auditor (GSNA).

Anton Chuvakin, Ph.D., GCIA, GCIH, is a Security Strategist with netForensics, a security information management company, where he is involved with designing the product, researching potential new security features, and advancing the security roadmap. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, and more. He is the author of the book Security Warrior (O'Reilly, January 2004) and a contributor to "Know Your Enemy II" by the Honeynet Project (AWL, June 2004) and "Information Security Management Handbook" (CRC, April 2004). In his spare time he maintains his security portal http://www.info-secure.org website.

Dan Goldberg recently created MADJiC Consulting, Inc., to provide network design and architecture reviews, intrusion detection and response, and vulnerability assessments in Central Virginia. He also works on research and writing projects for the SANS Institute and as technical director for Global Information Assurance Certification (GIAC). When not occupied by these activities, you may find him riding a mountain bike in the Blue Ridge Mountains.

John Spangler is a freelance Network Systems Engineer. Having over 10 years of experience, he has worked on everything from small office systems to large enterprise and ISP networks. John has worked as a technical editor for Cisco certification manuals.

See all Editorial Reviews

Product Details

• Paperback: 768 pages
• Publisher: Sams; 2 edition (March 14, 2005)
• Language: English
• ISBN-10: 0672327376
• ISBN-13: 978-0672327377
• Product Dimensions: 8.9 x 6.9 x 1.8 inches
• Shipping Weight: 2.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.4 out of 5 stars See all reviews (7 customer reviews)
• Amazon.com Sales Rank: #429,006 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #11 in

  Books > Computers & Internet > Certification Central > Publisher > Sams

Customer Reviews

Most Helpful Customer Reviews

6 of 6 people found the following review helpful:

5.0 out of 5 stars Excellent book at discussing how to defend your network perimeter, February 4, 2006

By	Sean E. Connelly "Just a bithead - CCIE#17085" (Alexandria, VA) - See all my reviews (REAL NAME)

This review is for the 2nd edition of this book.

"Inside Network Perimeter Security" (INPS) by Northcutt, Zeltser, Winters, Kent, and Ritchey suitably covers the broad topic of securing a network's edge. The book is based, on part, from various SANS Institute training material (Northcutt is the CEO of the SANS Institute). Most of the items documented in INPS are honed from years of discussions in classes (and is mentioned an `excellent supplementary resource" for the GIAC Certified Firewall Analyst (GCFW)).

The book first focuses on perimeter fundamentals - including dedicating about 100 pages to the three main types of firewalls (Packet, Stateful & Proxy). The second section discusses how to fortify other areas of the perimeter - by implementing hardened routers and hosts, VPNs, IDSs, and IPS. The third section discusses designing a secure perimeter from the ground up (consider it best practices). This includes a much-needed chapter on wireless security. The last section is how to monitor and maintain the perimeter.

It is hard to characterize who this book should be aimed at. While configurations examples are given for many different platforms and OSs, the configs cannot be considered complete. I feel this book would serve network admins well as a starting point and as introduction to concepts that they might not be familiar with.

Some items I like from Inside Network Perimeter Security:

-Chapter 6 gives a great discussion on Cisco routers. What really impresses me is, since the documentation is from someone besides CiscoPress, you get an idea of other ways to harden Cisco routers (see the telnet trick on page 142). The first appendix also gives a great collection of different ACLs (consider it an update of the NSA's list). I have over 50 CiscoPress books, and information found in these 2 chapters I have not seen documented in any CiscoPress book.

-Chapter 21 provides a `quick' list of tools to use to help troubleshoot and isolate an issue. While there are some great books that are wholly dedicated to showing the ins-and-outs of different tools, sometimes you can't see the trees through the forest. Within just a few short pages, INPS is able to suggest a plethora of different tools to use based upon the issue.

The book mentions that it's goal "...is to create a practical guide for designing, deploying, and maintaining a real-world network security perimeter." I believe they have done just that!

I give this book 5 pings out of 5:
!!!!!

3 of 3 people found the following review helpful:

5.0 out of 5 stars state of the art, June 20, 2005

By	W Boudville (Terra, Sol 3) - See all my reviews (TOP 50 REVIEWER)    (REAL NAME)

The authors provide a nicely detailed explanation of current network defenses and practises. Each major topic in this field is well covered. Firewalls and packet filtering are clearly done. The preferred choice of example router is from Cisco. But the principles are obviously applicable to devices from any competing vendor.

The book also recommends egress filtering; which is not often discussed in other texts. It helps guard against your net being used to send out malware. This helps the overall environment of the Internet. Moreover, there is also a tangible benefit to you. By doing egress checks, you can detect if one of your machines has been subverted. Which is always good to know.

VPNs are given an entire chapter, due to their importance. The book also goes beyond talking about Intrusion Detection Systems to discuss Intrusion Prevention Systems. More proactive.

To some sysadmins, the most important chapter might be that on wireless networks. As these have grown hugely, so too have the attacks against them. You can learn how to bolt down your wireless network.

4 of 6 people found the following review helpful:

3.0 out of 5 stars Four stars if reorganized and distilled, five if updated, August 30, 2006

By	Richard Bejtlich "TaoSecurity.com" (Metro Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

I first looked at Inside Network Perimeter Security, 2nd Ed (INPS:2E) for my blog, in May 2005. I decided to try reading it this week because I've been reading books on related topics. Individually, the INPS:2E authors largely know their craft. Unfortunately, the book is so poorly organized and diffused that I don't know why other reviewers rate it so highly. Furthermore, the choice of material covered and certain recommendations drag the book down. A third edition might be promising, but I recommend avoiding INPS:2E.

On the macro level, I question the ordering of the book's parts. It's best to lead with definitions, policy, and design, but that doesn't happen here. Part I is mostly about firewalls, with a chapter about policy at the end (Ch 5). Fundamentals of Secure Perimeter Design (Ch 12) appears in Part III (Designing a Secure Network Perimeter). Another design chapter (Ch 23) pops up in Part IV. This makes no sense. The book should have been divided into Theory / Implementation / Processes or some other rational system, with all related material in the proper place.

For example, the operation of FTP (control vs data channels, active vs passive FTP, etc.) is separated into three chapters (2, 3, and 4). FTP should have been explained early in one place, then referenced later. Host IPS appears as part of Ch 11, when it should have been in Ch 10 (Host Defense Components). VPNs appear in Ch 7 and again in Ch 16. TCP state is explained in Ch 3 (Stateful Firewalls), when it should have been covered in Ch 2 (Packeting Filtering) or in a different and earlier section. Yet another firewall -- Pf -- isn't shown until Ch 10 (which covers host defense). Ch 6 (The Role of a Router) covers routers, but Ch 2 mostly covered using routers for filtering.

Beyond organization, the book's choice of technical material is sometimes questionable. INPS:2E spends a good deal of time on reflexive ACLs, even though Cisco recommends using CBAC instead. INPS:2E mentions CBAC but gives no implementation details. Worse, the extrusion RACL suggestion on p 51 allows outbound FTP control (port 21 TCP) but makes no provision for FTP data channels. Ch 19 promotes the virtues of Big Brother, a monitoring tool that's been declining for years since its acquisition. Nagios should have been covered instead. When I also see discussions of IPChains (Ch 2) and FWTK (Ch 4), I question the relevancy of the text.

Despite these problems, most of the book's technical recommendations are sound. I found fault with a few suggestions, e.g. "a good way to improve security is to disable SSID broadcasts on all wireless access points" (p 364). I did like the tip on changing Windows MAC addresses on p 365.

If a third edition is planned, I would like to see a ground-up rewrite. A lead author should plan the chapters of the book, including a rough outline of each chapter's contents. Experts can work within that framework, and then have the lead author edit for consistency and coherency. As it stands, INPS:2E reads more like a collection of disparate thoughts loosely bound by a network security theme. If the existing material was rewritten with clarity and structure in mind, the book would probably be 350-400 pages (not 660).

Richard Deal's Cisco Router Firewall Security, while Cisco-centric, is a better book on this subject. The older Security Sage's Guide to Hardening the Network Infrastructure is helpful. Sean Convery's Network Security Architectures might be the best of all.