Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Practical Firewalls", Terry William Ogletree

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKPRCFRW.RVW 20000823 Practical Firewalls , Terry William Ogletree, 2000, 0-7897-2416-2, U$34.99/C$52.95/UK#25.50 %A Terry William Ogletree
    Message 1 of 1 , Nov 20, 2000
      BKPRCFRW.RVW 20000823

      "Practical Firewalls", Terry William Ogletree, 2000, 0-7897-2416-2,
      %A Terry William Ogletree ogletree@... two@...
      %C 201 W. 103rd Street, Indianapolis, IN 46290
      %D 2000
      %G 0-7897-2416-2
      %I Macmillan Computer Publishing (MCP)
      %O U$34.99/C$52.95/UK#25.50 800-858-7674 www.mcp.com info@...
      %P 491 p.
      %T "Practical Firewalls"

      Unfortunately, not much of this book is really practical. And a lot
      of it is not about firewalls, either.

      Part one presents the fundamentals of understanding firewalls and
      security. Chapter one looks at firewall basics, mentioning many
      topics but doing a poor job of explanation. Since the material is
      very generic there is almost no detail. The TCP/IP content, in
      chapter two, is also quite vague, with lots of irrelevant details like
      DNS (Domain Name Service) record fieldnames, but little related to
      security, and that of low quality. Security and the Internet gives a
      general listing of threats, most not related to firewalls, in chapter
      three. Chapter four has some good discussion of some aspects of
      policy and design, but it is limited. There are rough outlines of
      firewalls structures, but the material on pros and cons is poor. (As
      the book progresses there are increasing amounts of repetitious text,
      as this chapter amply demonstrates.) The review of packet filtering,
      in chapter five, has some good points, but too much of the text relies
      on "one size fits all" pronouncements. Again, there is a lot of
      irrelevant detail on TCP/IP headers and not much on, say, filtering
      rules. Because a bastion host is very highly secured itself, chapter
      six is merely general security material, touching on too many
      operating systems for good coverage. Some good points but limited
      scope makes the proxy server topic weak in chapter seven. Chapter
      eight does slightly better on auditing, by limiting itself to UNIX and
      Windows NT.

      Part two looks at encryption, the relationship of which to firewalls
      is problematic. Chapter nine does not really cover encryption
      technology, being simply a set of definitions of basic terms. Since a
      Virtual Private Network (VPN) is defined, in chapter ten, in terms of
      tunneling, the material is necessarily restricted to that subsection
      of the field. Chapter eleven does not really tell the reader how to
      use PGP (the Pretty Good Privacy encryption program) but only deals
      with some aspects of installation.

      Part three touches on installation and configuration of a number of
      products. Chapter twelve lists a number of firewall related tools,
      for UNIX, that are available on the Internet. "Lists" is definitely
      the operative word: so little information is given about the programs
      that chapters thirteen through sixteen cover basic installation and
      components of TCP Wrappers, TIS (Trusted Information Systems) Firewall
      Toolkit, SOCKS, and SQUID. ipfwadm and ipchains (for Linux) are
      described in chapter seventeen. Turning to Windows NT, chapter
      eighteen recounts the installation of Microsoft Proxy Server and
      nineteen does the same with the Elron CommandView firewall. Firewall
      appliances, or standalone units are promoted in chapter twenty.
      Chapter twenty one closes off with the same kind of vague generalities
      given in part one.

      The most valuable part of this book is part three: even though the
      material is very limited, it is, at least, of some practical use.
      Most of the other content is of questionable accuracy or completeness,
      and therefore restricted in practicality. As noted, large sections of
      the text aren't even about firewalls. This book definitely does not
      compare with the classics like Cheswick and Bellovin's "Firewalls and
      Internet Security" (cf. BKFRINSC.RVW) or Chapman and Zwicky's
      "Building Internet Firewalls" (cf. BKBUINFI.RVW): a few suggestions
      about installation of specific programs does not make up for a lack of
      explanation of fundamental concepts, attacks, and defensive

      copyright Robert M. Slade, 2000 BKPRCFRW.RVW 20000823

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Belief is no substitute for arithmetic. - Henry Spencer.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.