Rating: 
Summary: 2nd Edition Even Better
Review: A must read for Internet professionals. Well written and great presentation style. Clearly the authors have "done the job" and offer the fruits of their years of labor. The 2nd edition is terrific update to the original classic, with current information about today's Internet security environment and how to protect yourself. I didn't even mind buying it again, I liked that much.
Rating: 
Summary: Good for UNIX firewalls
Review: Another great book from the O'Reilly set. Don't expect a run down of different types of firewalls and don't expect NT to be mentioned anywhere, but that's O'Reilly. Good for Security concepts, policies, etc. and yet stuffed with technical detail on firewalls, protocols, encryption, proxies and actually getting the firewall to do what you want. As Practical as ever. If you run on UNIX buy it. If you don't buy it anyway it's good reading.
Rating:
Summary: very good book for networkers to understand security
Review: bought this book after I brought up my own internet facing servers. coming from a networking background, the internet was an open space for me not until I read this book. This book tells you what kinds of security threats are out there, why and how you can protect your sites while still running all the services.
very interesting and humorous too. Thanks.
Rating:
Summary: Great update to a classic.
Review: Buy this book! INFOSEC is too important to ignore. This book provides a great foundation on security and networking protocol basics to intermediate and advanced topics. Now covers NT for Micro$oft fans, as well as Linux. Not only tells you HOW, but also tells you the WHY of firewall construction. A bonus: does not suffer from overly dry O'Reilly - type prose. Very readable given the subject matter.
Rating:
Summary: The best firewall book available
Review: Every cell in the human body changes completely every seven years, but the underlying essence of the person remains. Similarly, information security has changed dramatically in the same time period, when the authors of this book were writing the first edition, but its essence has remained the same.Topics such as ActiveX, RealVideo, IP version 6, and instant messaging were not even on the horizon when the first edition of this book was released. Now in its overdue second edition, the book covers these important topics and more. Among the many fine security books available-several of which have been reviewed in this column-Building Internet Firewalls is one of the best. It is not just a comprehensive tome on firewalls; the authors take the many aspects of a firewall (for example, policies, protocols, and varied networks) and integrate them into a common framework. This is necessary, since management often equates security with firewalls. Divided into four sections (network security, building firewalls, Internet services, and site security), the bulk of the book is built around the sections on Internet services and building firewalls. In these 20 chapters, the authors detail the many aspects of a firewall. Critical concepts such as firewall technologies, architectures, intermediary protocols, and directory services are discussed in detail. The authors do a splendid job of defining the various types of firewalls and exploring their advantages and weaknesses. This book is remarkable for detailing the components of an effective information security system that are conferred via a firewall. Anyone needing a grasp on the often-confusing topic of firewalls need look no further. This review originally appeared in the June issue of Security Management magazine
Rating:
Summary: Firewalls and beyond; intrusion detectors will love it!
Review: I am the officer technical lead for a 50-person military intrusion detection operation. I am also working with a team redesigning one service's enterprise-wide communication and security infrastructure, for whom firewalls are a key concern. "Building Internet Firewalls" will challenge your concept of how firewalls are created and operated. The authors do not limit their discussion to single box firewall solutions offered by most commercial vendors. Instead, they present alternative approaches and explain their strengths and weaknesses in an unbiased manner. Furthermore, the reader is treated to 330 pages (chapters 14-23) of the clearest, most concise guide to network protocols I've encountered. (I recommend Eric Hall's Internet Core Protocols and forthcoming Internet Application Protocols for greater detail.) From an intrusion detector's standpoint, this information on protocol features, ports, and characteristics is invaluable, and may solve a few mysteries. The author's attention to Windows as well as UNIX technologies is welcome, although most readers will share the author's frustration with certain Windows protocols. Thanks for the excellent work!
Rating:
Summary: The best.
Review: I build Firewall and Security Architectures for a living. In the last four years or so I have designed many architectures for major corporates worldwide. I consider this book as my standard reference work. Even after much practice I use this book occassionally still 'in the field'. O'Reilly (Nutshell) books have always been quite superb. My TCP/IP and DNS references have been well worn over the years. As have my Perl nutshell.. etc... Although Non Vendor specific this is actually a plus. To understand say Firewall-1 after assimilating this book will take you a 1/10 of the time it would take you from 'cold' - and your abilities will be 10 times as sharp. I say non-vendor specific as the books bias towards UNIX (and derivatives) expands to demonstrate several UNIX based free Firewall toolkits. Really this book is a "practical" theory of Firewall systems. It covers an enormous amount of detail, and thus in some places may seem cursory. However in such circumstances the Internet can help you research these topics in more depth. Many parts of this book actually described potential attacks that I was totally unfamiliar with (such as an unsolicited ECHO_REPLY ICMP padded with additional payload) - for this alone the book is worth its weight in gold. However if I have criticisms, they are minor. The authors thinly disguised contempt of Windows (and praise of UNIX) on which to base a security architecture shows through occasionally (although to be fair, they are being realistic), and there are parts that demonstrate that the authors experience of "standard build" clients is limited.
Rating:
Summary: You need this book!
Review: I didn't grasp everything the first time around, but a few months later I read it for a second time, after reading more articles on firewalls/packet filtering, and it made more sense. Check the table of contents. This book covers damn near everything (and if it doesn't, I'm not sure what's missing!). Dual-home host, screened subnet, screened host, packet filtering, and a bunch of examples. Excellent reference, excellent theory. Just buy the damn thing!
Rating:
Summary: Very Good Book!
Review: I do not usually read a book from cover to cover, normally I buy books for reference only. But this book was so good I read it within 3 days. The book is about theory, there is no code at all. It gives great insight on security in general and firewalls completely, no matter if you use linux, unix, or windows. If only all sysadmins would read this book we would have a more secure internet. I highly recommend this book to anyone that admin a system or even just a home based mini lan. It's full of information, some of which one might not think of, but should.
Rating:
Summary: Very Good Book!
Review: I do not usually read a book from cover to cover, normally I buy books for reference only. But this book was so good I read it within 3 days. The book is about theory, there is no code at all. It gives great insight on security in general and firewalls completely, no matter if you use linux, unix, or windows. If only all sysadmins would read this book we would have a more secure internet. I highly recommend this book to anyone that admin a system or even just a home based mini lan. It's full of information, some of which one might not think of, but should.
| 
