Building Internet Firewalls

Every cell in the human body changes completely every seven years, but the underlying essence of the person remains. Similarly, information security has changed dramatically in the same time period, when the authors of this book were writing the first edition, but its essence has remained the same.Topics such as ActiveX, RealVideo, IP version 6, and instant messaging were not even on the horizon when the first edition of this book was released. Now in its overdue second edition, the book covers these important topics and more.Among the many fine security books available-several of which have been reviewed in this column-Building Internet Firewalls is one of the best. It is not just a comprehensive tome on firewalls; the authors take the many aspects of a firewall (for example, policies, protocols, and varied networks) and integrate them into a common framework. This is necessary, since management often equates security with firewalls.Divided into four sections (network security, building firewalls, Internet services, and site security), the bulk of the book is built around the sections on Internet services and building firewalls. In these 20 chapters, the authors detail the many aspects of a firewall. Critical concepts such as firewall technologies, architectures, intermediary protocols, and directory services are discussed in detail. The authors do a splendid job of defining the various types of firewalls and exploring their advantages and weaknesses.This book is remarkable for detailing the components of an effective information security system that are conferred via a firewall. Anyone needing a grasp on the often-confusing topic of firewalls need look no further.This review originally appeared in the June issue of Security Management magazine

I am the officer technical lead for a 50-person military intrusion detection operation. I am also working with a team redesigning one service's enterprise-wide communication and security infrastructure, for whom firewalls are a key concern. "Building Internet Firewalls" will challenge your concept of how firewalls are created and operated. The authors do not limit their discussion to single box firewall solutions offered by most commercial vendors. Instead, they present alternative approaches and explain their strengths and weaknesses in an unbiased manner. Furthermore, the reader is treated to 330 pages (chapters 14-23) of the clearest, most concise guide to network protocols I've encountered. (I recommend Eric Hall's Internet Core Protocols and forthcoming Internet Application Protocols for greater detail.) From an intrusion detector's standpoint, this information on protocol features, ports, and characteristics is invaluable, and may solve a few mysteries. The author's attention to Windows as well as UNIX technologies is welcome, although most readers will share the author's frustration with certain Windows protocols. Thanks for the excellent work!

This second edition goes into great detail on how to build and maintain a firewall. It briefly discusses the attacks earlier this year on various well-known web sites and notes that one effective way of (if not toally stopping) slowing down these types of attacks is by use of a firewall.In the first section, it talks about the reasons for having a firewall and security strategies. The second section (Building Firewalls) consists of several chapters and describes topics like packet filtering, firewall architectures and design, proxy systems and bastion hosts. I gleaned a lot of good information from this section alone.The next section contains chapters describeing how to protect against attackers invading any Internet services (World Wide Web, email & netnews, FTP, IRC, DNS, games, etc). The last section describes methods to keep your network secure, such as settinp up security policies, how to maintain your firewall once it's up and running, and how to deal with a "break-in." There's also three appendices containing various information about firewall tools, mailing lists and newsgroups.All in all, an excellent book on building and maintaining a firewall.

I have acquired a lot of web development tools e.g. ASP, JSP, javascript and so on, but I know nothing on how internet actually connects or how to secure a web page. Firewall has always come to my mind when i think about internet security, but I have no idea what it exactly is. Then, I find "Building Internet Firewalls" in a local bookstore one day. O'Reilly books always gives me bad impression that they are hard to understand and won't teach you from the basics. However, this book changes my mind totally. This book doesn't assume you have any experience on system Administration or knowledge on internet security. It starts out by explaining what firewall is. Then, it presents firewall technologies, architectures and design. After all the basics, it connects the concepts of firewall to Internet and how to configure it on UNIX and Window NT. In the last few chapters, it teaches how to maintain a firewall. I can't tell whether this book is good for system administration or someone already has some knowledge on firewall before. but for me, as an absolute beginner, it makes me understands firewall and I am confident that I can make my own firewall.

Since there was no such thing as CIDR when it was written, we now have a few reserves to directly apply the book's conclusions. Because private IPs were rather new then, the authors did not take advantage of their security aspects. It was written at the time passive mode ftp was rather rare. Because there was no IP masquerades nor NAT, authors' choices for outbound connections were limited to few proxies and impractical packet filtering. PC unix-likes, which are the major player in building firewalls nowadays, were infantile, it they existed. There were very few choices on packet filters, the most important firewall component. Dialup connections were yet negligible, so the book did not discuss personal securities when connected to internet.In spite of all these and other changes, the book solidly laid out firewall network structures. We don't see any significant variations of them, as yet. Its in depth discussions on impacts of various tcp/udp/icmp protocols upon firewalls are now the criteria we use to judge safeties of newly proposed ones. Despite new security softwares, and new exploits I must add, arrive daily, the book has established true home ground we start from. On the other hand, I am certainly interested in what authors would say looking at changes we have encountered.