Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems (Inside (New Riders)) [Paperback]

Stephen Northcutt (Author), Karen Frederick (Author), Scott Winters (Author), Lenny Zeltser (Author), Ronald W. Ritchey (Author)

Book Description

ISBN-10: 0735712328 | ISBN-13: 978-0735712324 | Publication Date: June 28, 2002 | Edition: 1

The most practical, comprehensive solution to defending your network perimeter. Get expert insight from the industry's leading voices: Stephen Northcutt and the expertise of the SANS team. Inside Network Perimeter Security is a practical guide to designing, deploying, and maintaining network defenses. It discusses perimeter components such as firewalls, VPNs, routers, and intrusion detection systems, and explains how to integrate them into a unified whole to meet real-world business requirements. The book consolidates the experience of seventeen information security professionals working together as a team of writers and reviewers. This is an excellent reference for those interested in examining best practices of perimeter defense and in expanding their knowledge of network security. Because the book was developed in close coordination with the SANS Institute, it is also a valuable supplementary resource for those pursuing the GIAC Certified Firewall Analyst (GCFW) certification.

Editorial Reviews

Amazon.com Review

Submarines handle awkwardly on the surface of the sea; airplanes are cumbersome when taxiing. Both modes of operation, however, are design requirements. Organizational computer networks have a similar requirement: they have to interface with other networks (thereby forming the Internet) in order to be useful. How network engineers manage their networks' perimeters has a lot to do with their usefulness, cost effectiveness, and--perhaps above all--security. Inside Network Perimeter Security concerns itself with this latter aspect of the connection to the outside world. It's carefully researched, cleverly written, and full of references to recent exploits and, more importantly, the trends they represent. The best details on emerging hack attacks will always be found online. This book takes a longer view, evaluating offensive and defensive technologies and offering well-reasoned advice on how to keep a network secure now and in the future.

Readers familiar with the previous work of the authors--particularly the highly respected Stephen Northcutt--will recognize the style here. It doesn't aim to teach you how to do much in particular--there are a few procedures, and some Cisco Internetwork Operating System (IOS) command listings--but rather tries to show how to think about networks and the data that comes from them. In a typical section, the authors analyze a log from Tiny Personal Firewall. They highlight the facts that are present in the log and the inferences that can be made from them. A similar style helps you master software tools and make network design decisions. This book is perfect for a network engineer wanting to improve his or her security skills for both design and administration purposes. --David Wall

Topics covered: How to design networks' borders for maximum security, and how to monitor them for unauthorized activity. After an introduction to firewalls, packet filtering, and access lists, the authors explain how to set up routers, special-purpose firewalls, and general-purpose hosts with security in mind. A large section has to do with security-conscious design, both for green field projects and existing networks that need expansion or improvement.

From the Back Cover

The most practical, comprehensive solution to defending your network perimeter. Get expert insight from the industry's leading voices: Stephen Northcutt and the expertise of the SANS team. Inside Network Perimeter Security is a practical guide to designing, deploying, and maintaining network defenses. It discusses perimeter components such as firewalls, VPNs, routers, and intrusion detection systems, and explains how to integrate them into a unified whole to meet real-world business requirements. The book consolidates the experience of seventeen information security professionals working together as a team of writers and reviewers. This is an excellent reference for those interested in examining best practices of perimeter defense and in expanding their knowledge of network security. Because the book was developed in close coordination with the SANS Institute, it is also a valuable supplementary resource for those pursuing the GIAC Certified Firewall Analyst (GCFW) certification.

See all Editorial Reviews

Product Details

• Paperback: 712 pages
• Publisher: Sams; 1 edition (June 28, 2002)
• Language: English
• ISBN-10: 0735712328
• ISBN-13: 978-0735712324
• Product Dimensions: 9.1 x 7.4 x 1.5 inches
• Shipping Weight: 2.6 pounds
• Average Customer Review: 4.9 out of 5 stars  See all reviews (18 customer reviews)
• Amazon Best Sellers Rank: #1,091,747 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

31 of 33 people found the following review helpful:

5.0 out of 5 stars Excellent holistic security book, September 25, 2002

By 

Dr Anton Chuvakin "Dr. Anton Chuvakin" (CA, USA) - See all my reviews

This review is from: Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems (Inside (New Riders)) (Paperback)

The first thing that appeals to the reader of this excellent book
["Inside Network Perimeter Security" by Steven Northcutt, et al] is a
curious title. So will the authors take the reader "inside perimeter"
or will they cover the perimeter security inside and out? In fact,
they excel at both. It is well known that the defense perimeter of the
modern Internet-enabled business is not just the choke router
connecting the company to the public network. Perimeter manifests
itself in wireless leaks outside the building, in VPN links stretching
out to partners an suppliers and forgotten modems on the company
premises.

The books effectively straddles several difficult bordelines, that
adds significant value to it. For example, authors manage to not
express their preferences and provide coverage for both Windows and
UNIX, free and commercial software. Moreover, the book has both
valuable hands-on exercises (right down to 'permit icmp any any
packet-too-big' and 'SEC-6-IPACCESSLOGP') and strategic business
aspects (choosing the network design based on business and industry
requirements).

The book goes well beyond perimeter defense, stretching onto security
monitoring, incident response, vulnerability analysis, security audit
and network performance. Especially fun was a chapter devoted to the
"adversarial review". Security vs performance seem to be a timeless
conflict. The chapter is dedicated to this important aspect of
security design, covering performance impact of various security
technologies.

The important advantage of the book is real-life examples, case
studies and sample network security designs. They are given a thorough
evaluation, both from defender's and attacker's prospective. However,
some currently popular attacks are not given sufficient attention (such
as web hacking and malware). That seem to stem from the fact that in
the book infrastructure defense takes priority over information
protection. Apparently, the books focuses more on defense and
prevention (and thus is less valuable for those seeking to cause
computer mayhem).

Overall, the book is of great value to security novices and the
experienced professionals as well. The latter can use the book as a
complete guide for secure network design, implementation and
maintenance (extensive troubleshooting information is provided) under
real-life constraints. Even when most things in the book might already
be familiar, the added value is in integrated holistic approach to
network security presented by the true experts in the field. It
appears that is can make an effective study guide for SANS GCFW
certification.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
information security company. His areas of infosec expertise include
intrusion detection, UNIX security, honeypots, etc. In his spare time
he maintains his security portal info-secure.org

19 of 19 people found the following review helpful:

5.0 out of 5 stars All Good Things ......, September 5, 2002

By 

"faho" (Tallahassee, FL USA) - See all my reviews

This review is from: Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems (Inside (New Riders)) (Paperback)

must come to pass. And with the publication of Inside Network Perimeter Security, a good thing has DEFINITELY come to pass!

With 18 years in the IT field, I have had the "blessing" of using literally thousands of vendor manuals, after-market "self-help" books, tutorials, resource kits and the like; covering operating systems, programming languages, networking, security, applications and utilities. Until now, I've found that I can invariably stick each one into one of my three "personal" review categories.

1. Idiot's Guide - information so general that the only people who could possibly derive any value from it are those who can best be evaluated on a performance review as: "Can IDENTIFY a computer 2 out of 5 times without assistance".

2. Trivial Pursuits - jam-packed with obscure tricks, keyboard shortcuts, links to Easter Eggs, and advanced functions that 98% of users will never have legitimate use for. Tries to be all things to all readers, and fails miserably. You wind up kicking yourself for paying [money] for 800 pages, and only using 5 of them.

3. Guru Goulash - so specific and/or technical that there are perhaps 100 people on Earth who can make sense of - and properly apply - the information it contains. You wonder why the author didn't save a boatload of paper and email a pdf to those 100 people, since he/she probably knows most of them. However, the author could have increased the value 100-fold simply by writing "cleanly" and intelligibly. IBM System 360 manuals, anyone?

BUT: after reading Inside Network Perimeter Security, I may have to develop a new category. The authors have hit the elusive "Sweet Spot"! A book that covers a broad range of topics within the IT Security field, is cleanly written to provide an introduction to these areas to an InfoSec novice; yet with enough "meat" to challenge a seasoned professional to dig a little deeper - and more importantly, to think a little harder.

Firewalls, VPN, routers, and IDS systems are all covered with just enough general information for a new practitioner, then go deeper into the concepts involved with concrete, real-world examples. How each of these components contributes to the idea of a securable "perimeter" is well explained. Most importantly, how each component interacts with, supports, supplements and complements each other as defensive measures is a crucial concept.

The entire tome is wrapped in the mantra of "defense in depth", undoubtedly the most valuable component of an effective IT security program, with real-life case studies to drive home the concepts. This has been done without getting to the level of specificity that limits the audience to either "Guru" or "Idiot" level. In this case, the "middle ground" and the "high ground" have found a commonality of purpose.

I applaud the manner in which diagrams, screen dumps, and example listings have been used. Normally, I find that these often distract from the written information. Here, they have been used judiciously, and effectively highlight the information being presented. The only thing better would be a companion disk with interactive screens to demonstrate the concepts.

Frequent use of "Tips" and "Notes", in conjunction with the aforementioned Case Studies, makes this an excellent long-term reference. This is my personal yardstick of the value of a book - will I come back to it repeatedly?

In the case of Inside Network Perimeter Security, the answer is a resounding YES. I expect to use this book as a solid reference for some time to come; and will undoubtedly use it a prime source in training my security team.

The SANS organization is known and respected as the premier proponent of IT Security. The authors, all members of SANS, have hit yet another home run with Inside Network Perimeter Security. The lack of a companion CD-ROM with extended examples, text version of the book, interactive screens, and perhaps some eval software; is the only thing that prevents it from being a "Grand Slam". Perhaps for the Second Edition?

C. Farley Howard; GSEC, CISSP

14 of 15 people found the following review helpful:

5.0 out of 5 stars Learning Security Thoroughly and Completely, September 25, 2002

By 

D. Pitts (Dallas, TX USA) - See all my reviews
(REAL NAME)   

This review is from: Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems (Inside (New Riders)) (Paperback)

This is the real deal. This book has such a broad coverage, but with such depth, that it is like getting three or four books for the price of one. The word "Encyclopedia" should probably be in the title somewhere. Everything dealing with security is at least touched upon, but almost without exception, there are detailed and well prepared discussions on every topic. I have heard that at least one college level course is already using this as their textbook.

The style is very enjoyable and effective. A vast amount of real world experience is shared, often with interesting anecdotal stories. The authors engage you on a one on one basis and converse with you as if you are a close colleague. They discuss many of the commonly used approaches to provide security, but with the important added feature of discussing the critical thought processes that go into what aspects are weak and strong. This is a rarely shared benefit within the technology field that is crucial for learning how to become or remain a competent security practitioner. As an example, in one section two different designs created by students of the SANS firewall class are presented. The book discusses specifics about the designs and where the student's approach is adequate and alternatives that could be considered as improvements depending upon the circumstances. Good technical details are provided along the way, but the core strength is that the reader is taught how to think through problems to be solved instead of just given the answers with no idea about how to derive them on their own. The reader should be able to reason through new security challenges they may face in the future that may not be covered by any existing book or article by applying the wealth of information provided. This book is good at exploring some of the possibilities and encouraging thought provoking ideas about new ways to secure the enterprise, while realizing that sometimes risks must be accepted or mitigated.

Some of the interesting topics covered are: hardening of routers, networks, and computers, intrusion detection, vulnerability assessment, host-based firewalls, virus detection software, the process of design, centralized monitoring, log analysis and event correlation, network troubleshooting, and security policy. I found the appendix on Network Air Gaps very well written and interesting as it discusses an emerging new category of protection device with its own special developing niche.

As with any book, publishing deadlines mean that some new developments in the security field are not reflected within the content. Specifically, the Gauntlet Firewall has been subsequently sold by Network Associates to Secure Computing who is now merging it with its own Sidewinder firewall. Also, the fact that SunScreen Lite is bundled with Solaris 8 is mentioned, but the fact that the full version of SunScreen firewall is included with Solaris 9 is not presented. These types of deficiencies will afflict any book discussing products. Any practitioner should be independently researching and evaluating promising products no matter how they are first discovered anyway. These issues do not detract from the immense contribution this tome provides to the field of security.

This book is a gold mine of years of SANS knowledge in a well-packaged and digestible form. If you don't need this book, then you are not concerned with computer security.