Joined: 18 Apr 2002
Location: Kuala Lumpur, Malaysia
|Posted: Tue Nov 25, 2003 1:09 am Post subject: Book Review - Building Internet Firewalls 2nd Edition
Building Internet Firewalls 2nd Edition
Author(s): Elizabeth D. Zwicky, Simon Cooper & D. Brent Chapman
Book Specifications: Soft-Cover, 869 pages
Category: Firewall Strategy and Implementation
User Level: Sys Admin+, TCP/IP and Firewall experience is required to get the most from this book.
Suggested Publisher Price: $49.95 US, $74.95 CA, £29.43 UK
Amazon.co.uk: Building Internet Firewalls 2nd Edition
Amazon.com: Building Internet Firewalls 2nd Edition
Info from Back: "In the years since the publication of the first edition of this classic reference, Internet use has exploded and e-commerce has become a daily part of business and personal life. As Internet usage has grown, so have the security threats. From password sniffers, to IP forgeries, to defacing web sites, to attacks that shut down popular web sites using distributed denial of service.
The book also contains chapters on security policies, cryptography, maintaining firewalls, and responding to security incidents, as well as summaries of helpful firewall tools and other resources"
As a brief introduction for anyone that doesn't know, a firewall is the best known tool in information security, the only 'buzzword' that has crossed over into normal tech circles. Sadly firewalls are often misunderstood and even worse are commonly thought to be security panacea, "We have a firewall, we are safe!". Having a properly configured firewall is great, but a badly configured firewall is worse than having nothing at all as it gives a false sense of security. Essentially a firewall is "A component or set of components that restricts access between a protected (internal) network and the Internet, or between other sets of networks".
Being very interested in security, firewalls are an integral part of what I do, installing them, configuring them, watching them, reading the logs they generate, thinking of ways to abuse them and so on. This book is known to be the firewall bible so to speak, the one that covers everything, I was interested to see if it matched up to expectations and contained everything I would need to set up a firewall in a variety of situations.
When checking out the security of a new place my first port of call would always be the firewall, is there a firewall? Is it configured properly? How does it work? How up to date is it? What is it protecting? Is it adequate? And so on. I was interested to see if this book could teach me anything new, things I have missed or overlooked or perhaps broaden my views of the whole picture. I am pretty familiar with this area as mentioned, the book is pretty pervasive as it goes, it is a firewall book, but it does cover general good security practice and principles such as least privilege. It's aimed at System Administrators (The whole book), Senior Managers (Part I and Ch. 5) and InfoTech Managers (Part I, Ch. 5 and Part III).
The book is split into 27 chapters with 4 main sections:
The preface for this book is excellent and covers in 1 page pretty much what the book covers, a couple of pages on the scope of the book including a sentence describing each chapter, the audience the book is aimed at, the platforms the book covers, conventions and as always acknowledgements.
- I. Network Security
- II. Building Firewalls
- III. Internet Services
- IV. Keeping Your Site Secure
Chapters of Importance
A full Table of Contents including all chapters and subsections can be found HERE and there is a nice sample chapter (chapter 13) HERE.
- Why Internet Firewalls?
- Internet Services
- Security Strategies
- Packets & Protocols
- Proxy Systems
- Bastion Hosts
- Security Policies
- Maintaining Firewalls
If you are looking for a highly technical, exact book covering certain technologies, then this book is not really for you. To sum it up it's the ultimate platform independent firewall guide, it doesn't focus on any certain technology or platform but deals with things from a process point of view. It drills down through protocol, port and packet state level including filtering on SYN/ACK state. It very thoroughly covers what a firewall is, why you would want or need one, what a firewall can and cannot do, internet services (includes pretty much everything you could ever need including IRC, AUTH, MAPI and more), packet filtering, proxying, UNIX vs. NT and details on general security strategy and incident response.
Everything is written in a very platform independent style, there are references to Windows, Linux and some other proprietary platforms where required but the focus of the book is not on how to build a X brand firewalls, it's aim is to teach you how to build a suitable, secure and well thought out solution on any platform be it Windows, Linux or a Hardware solution. It focuses more on principles and general fundamentals, which in my eyes is what makes it so valuable. It compares the pro's and con's of packet filtering in all its forms (including stateful vs. non-stateful), proxying, reverse proxying, bastion hosts and general firewall architectures (screened hosts, single box, internal firewalls).
As mentioned above, you do really need a strong understanding of TCP/IP to get the most out of this book as it does go quite deep into connection states, TCP, UDP, ICMP and various other bits of the protocol suite. The main thing this book focuses on is protocols, ports and how to make communications secure, not how to do it with a certain OS, firewall or piece of software. Any scope of network can be covered using this book, it goes from very simply architectures involving perhaps 5-10 machines up to corporate networks which are internally firewalled up to 10,000 hosts with different needs and security requirements.
Style and Detail
There isn't much to say about the style and detail of the book really, it's an O'Reilly book, it's clear, well laid out and fairly concise. It's very well sectioned in a typical O'Reilly style with a good usage of tables, clear and understandable diagrams where needed and tips/pointers.
The entire first section is very easy to read and gives you a great introduction to the topic, the book is nicely sectioned off and succinct, which allows you to jump between sections of interest and pick out the bits that are relevant. It's designed this way I think so that you can read it through properly the first time you get it, then later on use it as a good reference for building firewalls whenever you need to. The book does go into technical detail where it needs to, but it never goes over the top, everything is understandable and nothing is assumed about your knowledge. You could read this book without any prior knowledge and gain a decent understanding of firewalls and major Internet security concerns. Due to the topic nature though you will get more out of it with the prerequisites I mentioned above.
As I've heard someone else say, this is the practical theory of firewalls, platform and vendor independent (with a slight *nix slant) it gives you a deep understanding of how to setup a robust and secure firewall solution for any environment, however demanding.
The book was published in 2002 but it hasn't really dated at all, there are a few new protocols now and technologies but as the book is platform/vendor independent it has weathered the year past just fine. As for improvements over the first edition? I don't know as I haven't read it, I think it was published in 2000 so I would recommend at least checking out the chapter list to see if there is anything major covered in this newer edition.
This book was certainly very interesting and informative and does an excellent job of giving you a wide overall view combined with granular protocol specific policies. I would recommend it to anyone involved in administering a network with public nodes, people who want to know more about protecting their home network and firewalls in general and any security or network pro involved in implementing firewalls of any scale.
A great reference, well deserved SFDC 8/10.
Keywords for this post: Firewall Building Internet Security Linux Windows OReilly O'Reilly
This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Last edited by ShaolinTiger on Sun Jan 18, 2004 11:22 pm; edited 2 times in total