Building Internet Firewalls

Topics such as ActiveX, RealVideo, IP version 6, and instant messaging were not even on the horizon when the first edition of this book was released. Now in its overdue second edition, the book covers these important topics and more.

Among the many fine security books available-several of which have been reviewed in this column-Building Internet Firewalls is one of the best. It is not just a comprehensive tome on firewalls; the authors take the many aspects of a firewall (for example, policies, protocols, and varied networks) and integrate them into a common framework. This is necessary, since management often equates security with firewalls.

Divided into four sections (network security, building firewalls, Internet services, and site security), the bulk of the book is built around the sections on Internet services and building firewalls. In these 20 chapters, the authors detail the many aspects of a firewall. Critical concepts such as firewall technologies, architectures, intermediary protocols, and directory services are discussed in detail. The authors do a splendid job of defining the various types of firewalls and exploring their advantages and weaknesses.

This book is remarkable for detailing the components of an effective information security system that are conferred via a firewall. Anyone needing a grasp on the often-confusing topic of firewalls need look no further.

This review originally appeared in the June issue of Security Management magazine

Rating:
Summary: The best.
Review: I build Firewall and Security Architectures for a living. In the last four years or so I have designed many architectures for major corporates worldwide. I consider this book as my standard reference work. Even after much practice I use this book occassionally still 'in the field'.

O'Reilly (Nutshell) books have always been quite superb. My TCP/IP and DNS references have been well worn over the years. As have my Perl nutshell.. etc...

Although Non Vendor specific this is actually a plus. To understand say Firewall-1 after assimilating this book will take you a 1/10 of the time it would take you from 'cold' - and your abilities will be 10 times as sharp. I say non-vendor specific as the books bias towards UNIX (and derivatives) expands to demonstrate several UNIX based free Firewall toolkits.

Really this book is a "practical" theory of Firewall systems. It covers an enormous amount of detail, and thus in some places may seem cursory. However in such circumstances the Internet can help you research these topics in more depth.

Many parts of this book actually described potential attacks that I was totally unfamiliar with (such as an unsolicited ECHO_REPLY ICMP padded with additional payload) - for this alone the book is worth its weight in gold.

However if I have criticisms, they are minor. The authors thinly disguised contempt of Windows (and praise of UNIX) on which to base a security architecture shows through occasionally (although to be fair, they are being realistic), and there are parts that demonstrate that the authors experience of "standard build" clients is limited.

Rating:
Summary: Very Good Book!
Review: I do not usually read a book from cover to cover, normally I buy books for reference only. But this book was so good I read it within 3 days. The book is about theory, there is no code at all. It gives great insight on security in general and firewalls completely, no matter if you use linux, unix, or windows. If only all sysadmins would read this book we would have a more secure internet.

I highly recommend this book to anyone that admin a system or even just a home based mini lan. It's full of information, some of which one might not think of, but should.

Rating:
Summary: very good book for networkers to understand security
Review: I purchased this book in hopes to have a reference guide for Iptables/Netfilter or even CheckPoint, but was sadly misled. The book covers only theory of how to build a firewall, while sighting no practical examples. It covers protocols, ports, and common types of security threats, but again gives no practical examples of how to write chains, tables or rules to prevent these attacks. If your a newbie to system administration you will learn quite a bit from this book, but if your a system admin such as I am looking for a reference guide THIS IS NOT IT

Rating:
Summary: Very Well Written
Review: Likes:
-This book is absolutely easy to comprehend and conveys the ideals and opinions of the author perfectly.
-It stays platform independent throughout the book which is a BIG plus.
-The first three chapters alone will already have you second guessing about your own security implementations.
-You can skip around in the book to suit your own needs.
-It is fairly up-to-date.
-It is an O'reilly published book

Basically there is really nothing about this book that you can not like. It is vague enough for an end-user and in-depth enough for security administrators. All in all I truly believe that this is an absolute must if you operate a *nix based operating system that is connected to the internet.

Rating:
Summary: Okay for discussing general ideas, but not much real world
Review: Okay for discussing general ideas, but not much real world use. There's not a lot to be had from this book. They cover too much and discuss too much generalized topics and never really touch on any real-world working, intelligent firewall fules and uses. Just too much generalized fluff. You'll get more from a 'man page' on iptables and be able to put it to use, at least, compared to this. It is interesting, but there's too much generalization and fluff and not much someone can *use* from it.

Rating:
Summary: Vamos al grano !
Review: Si, podria catalogar a este libro con esas palabras. Tuve la oportunidad de leer varios libros sobre seguridad, intrusion y firewalls en Internet, pero la gran parte de ellos mas parecen una historia, un libro de intruduccion a TCP/IP, o un libro introductorio a redes que un libro practico sobre firewalls.
Hace unos meses anduve buscando un libro, con configuraciones claras para firewalls, con una amplia variedad de protocolos analizados y detalles sobre los mismos. Honestamente no lo halle.

Luego de buscar en la red, encontre algunos buenos comentarios sobre este libro, me acerque a una tienda y lo revise. Sinceramente era lo que buscaba.
Sus paginas contienen configuraciones sobre una amplia varidad de protocolos, caracteristicas de los mismos, detalles que no se deben perder de vista, trucos para evitar dejar agueros abiertos.
Ofrece tablas por cada protocolo expuesto y como configurarlo a traves de packet filters, elemento esencial para mover la configuracion a un firewall especifico.
Me siento contento con mi compra y honestamente la recomiendo.
Desafortundamente este no es un libro para principiantes, y honestamente no creo que haya un libro sobre firewalls que a su vez enseñe TCP/IP (dicen que quien mucho abarca poco aprieta), asi que si deseas aprender sobre firewalls, seguridad o intrusion y no conoces a profundidad todavia TCP/IP, no compres este, compra el libro de Douglas Comer primeramente.
Este libro tampoco habla sobre intrusion o recuperacion, es tan concreto en sus paginas para construir firewalls como lo es en su titulo.
Unico Requisito: Conocer claramente TCP/IP.
Unico Objetivo: Configurar firewalls.
Verdadero Merito: Cubre ampliamente y en detalle la gran mayoria de los protocolos populares en redes internet.
No compres este libro si estas buscando tener un mejor panorama sobre firewalls o seguridad, compra este libro si quieres una tienes una silla y un firewall para configurar frente a ti.
Espero que mi esperiencia te sirva. Saludos.
Piyux.

Rating:
Summary: True, this book is now classic
Review: Since there was no such thing as CIDR when it was written, we now have a few reserves to directly apply the book's conclusions. Because private IPs were rather new then, the authors did not take advantage of their security aspects. It was written at the time passive mode ftp was rather rare. Because there was no IP masquerades nor NAT, authors' choices for outbound connections were limited to few proxies and impractical packet filtering. PC unix-likes, which are the major player in building firewalls nowadays, were infantile, it they existed. There were very few choices on packet filters, the most important firewall component. Dialup connections were yet negligible, so the book did not discuss personal securities when connected to internet.

In spite of all these and other changes, the book solidly laid out firewall network structures. We don't see any significant variations of them, as yet. Its in depth discussions on impacts of various tcp/udp/icmp protocols upon firewalls are now the criteria we use to judge safeties of newly proposed ones. Despite new security softwares, and new exploits I must add, arrive daily, the book has established true home ground we start from. On the other hand, I am certainly interested in what authors would say looking at changes we have encountered.

Rating:
Summary: Essential for you computer bookshelf
Review: This is another fine example of O'Reilly's lucid and informative publishing. It is a must have (like a lot of O'Reilly books) for anyone interested in computer and internet security and should be read by all who are involved in administrating internetworked computer systems. Plain English descriptions and humorous little details like April Fool's Day RFC's make reading it unlike reading typical internetworking books. 27 extensive, well-organized chapters include firewall design, packet filtering, proxy systems, bastion hosts and even 2 sample firewalls. There is also a special appendix on cryptography. It could have been a bit more product-oriented (could have mentioned Cisco's Pix or Checkpoints FW-1, but I guess that's not the point of this book, really). This is the only book other than Crime & Punishment I have ever given 5 Stars!

Rating:
Summary: Very thorough
Review: Very good coverage of basic firewall concepts. Thankfully, it's OS agnostic; the concepts can be applied to any firewall-type: Windows-based, Unix/Linux/BSD, or even hardware. Describes how to secure all sorts of configurations for businesses of small to large scale. Many pictures illustrate the ideal (and non-ideal) layouts of your network.

Finally, at the end they wrap it all up by showing you a complete sample ruleset. I pretty much copied this to set up my home firewall. I sleep better at night thanks to this book.