Loading ...
Sorry, an error occurred while loading the content.
 

REVIEW: "Building Internet Firewalls", Elizabeth D. Zwicky/Simon

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKBUINFI.RVW 20010105 Building Internet Firewalls , Elizabeth D. Zwicky/Simon Cooper/D. Brent Chapman, 2000, 1-56592-871-7, U$44.95/C$65.95 %A Elizabeth
    Message 1 of 1 , Feb 19, 2001
      BKBUINFI.RVW 20010105

      "Building Internet Firewalls", Elizabeth D. Zwicky/Simon Cooper/D.
      Brent Chapman, 2000, 1-56592-871-7, U$44.95/C$65.95
      %A Elizabeth Zwicky
      %A Simon Cooper
      %A D. Brent Chapman
      %C 103 Morris Street, Suite A, Sebastopol, CA 95472
      %D 2000
      %G 1-56592-871-7
      %I O'Reilly & Associates, Inc.
      %O U$44.95/C$65.95 707-829-0515 fax: 707-829-0104 nuts@...
      %P 869 p.
      %T "Building Internet Firewalls, Second Edition"

      Cheswick and Bellovin's "Firewalls and Internet Security" (cf.
      BKFRINSC.RVW) has been, and probably will continue to be, seen as the
      classic reference with the seriously technical crowd. Chapman and
      Zwicky, however, created the first reference for the more normal run
      of system administrators: those whose lives do not revolve around
      hacking the UNIX kernel. This expanded edition fulfills the same
      task, and maintains the same reasonable stance. It is refreshing, for
      example, to find a work that, even if it doesn't know much about
      viruses, admits that firewalls can do very little to protect against
      them.

      There is now a more general and introductory part one, discussing the
      basic concepts before getting deeply into technical details. Three
      chapters look at a rationale for firewall usage, Internet services and
      requirements, and universal security strategies.

      Part two (part one in the original edition) is an introduction to
      firewall technology and structure. It could easily stand as a
      separate book, itself, clearly explaining the operation of, and
      reasoning behind, functions that other firewall books merely mention.
      More, it is a very down-to-earth and practical guide to evaluating
      security needs and planning for security systems and practices. The
      writing is completely clear, and the explanations first-rate. Two
      chapters look at the packet structures of Internet protocols and basic
      firewall technologies. Chapter six, on firewall architectures, is a
      perfect introduction for the manager who, while not having a technical
      background, must lead or administer a security project, and is
      followed by a short but useful outline for a design process. The
      detailed chapter on packet filtering is the longest in the book, but
      there is also solid coverage of proxy systems and bastion hosts. The
      section concludes with valuable particulars of tools for securing UNIX
      (and Linux) and Windows (NT and 2000) systems.

      Part three reviews various Internet services, the reasons for having
      them, risks associated with them, and details that can be used to
      secure them. There is an introduction to the subject, and then
      coverage of intermediary protocols, the World Wide Web, email and
      news, file and print transfer and sharing, remote access, and real
      time conferencing systems. Each chapter also deals with related
      issues and technologies, such as the various specific mail protocols
      and active content for Web pages. As well, the topics of naming and
      directory services, authentication, administrative services, and
      databases and games are examined. Two sample firewall configurations,
      using the previous material, close off the division.

      Part four provides quick but decent guidance on general security
      issues. There is a look at security policies, firewall maintenance,
      and responding to security incidents.

      The appendices are useful, outlining resourcs for further information,
      tools, and a brief but reliable explanation of cryptography. The
      resource list, unlike the usual table of titles and URLs, contains
      quality works, and is annotated.

      This was the first book to truly explain, to the non-specialist, the
      various factors and functions involved in firewall choice and
      construction. I still have not found another of similar quality.
      This new edition is not just an update, but a valuable extension and
      expansion. For those building their own and for those evaluating
      vendor proposals, this book is a must.

      copyright Robert M. Slade, 1995, 2001 BKBUINFI.RVW 20010105

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      They know enough who know how to learn. - Henry Adams
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.