Contributed by Dengue on from the packets-ports-and-sockets dept.
Building Internet Firewalls
By Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman
Copyright © 2000 O'Reilly & Associates, Inc.
ISBN 1-56592-871-7
$65.95 CAN, $44.95 US
869 pages
This is not a new book, first appearing in print in April of 1995, now updated and on it's second edition. To be honest, I didn't really feel this book would offer me much after all, I am comfortable writing ipfilter rules and since I use OpenBSD for everything , I don't have to do much in the way of OS hardening. I was wrong, Building Internet Firewalls is about much more than just firewalls. In fact, you have to go quite a ways into the book before you actually get to the nuts and bolts of firewall building. Building Internet Firewalls focuses primarily on Unix systems, with occasional sections focusing on WinNT/2k, and a chapter dedicated to Windows NT/2000 bastion hosts. Though it provides useful information on hardening Windows machines, this is not a good sole resource for you if your firewall runs on NT.
Part I Network Security provides an excellent overview of security principals, and is recommended reading for everyone who might be involved in a firewall project. In Chapter 1, you are faced with questions that are key to creating a successful security strategy. Chapter 3 does an effective job of describing security strategies and terminologies to everyone who might be involved in the firewall project.
Part II Building Firewalls provides system administrators and technical leads with a high-level view of the information they will need to make intelligent choices. The IP protocol is covered, along with a description of common attack methods based on low-level protocol details. Firewall architecture and technology chapters provide information useful to system archtects. These sections are excellent as well for management types who may not understand exactly where some of the requirements you are developing come from.
Of particular note to system administrators are the chapters on preparing bastion hosts. If you are less than intimately familiar with the platforms you administer, I highly recommend this series of chapters.
Part III Internet Services , systematically covers application protocols providing advice on the packet filtering and proxying characteristics of each service, along with specific information on how to secure each service further to prevent abuse. At the end of discussion of each application protocol, a summary of recommendations is presented.
Part IV Keeping Your Site Secure is geared more towards policy wonks, and provides a description of how to put together a security policy, what that policy should contain, and how it should be enforced.
Building Internet Firewalls is a well organized comprehensive resource, I have provided a complete chapter listing to pique your interest.
-
Network Security
- Why Internet Firewalls?
- Internet Services
- Security Strategies
- Packets and Protocols
- Firewall Technologies
- Firewall Architectures
- Firewall Design
- Packet Filtering
- Proxy Systems
- Bastion Hosts
- Unix and Linux Bastion Hosts
- Windows NT and Windows 2000 Bastion Hosts
- Internet Services and Firewalls
- Intermediary Protocols
- The World Wide Web
- Electronic Mail and News
- File Transfer, File Sharing, and Printing
- Remote Access to Hosts
- Real-Time Conferencing Services
- Naming and Directory Services
- Authentication and Auditing Services
- Administrative Services
- Databases and Games
- Two Sample Firewalls
- Security Policies
- Maintaining Firewalls
- Responding to Security Incidents
- Resources
- Tools
- Cryptography
Building Internet Firewalls is an excellent resource. It provides a comprehensive overview of the security process. The detailed descriptions, and summary of recommendations of application protocols alone make it outstanding for firewall administrators. This is a book that is useful on many levels, and by many people within an organization.
(Comments are closed)
By BluNereid () blu_nereid@yahoo.com on mailto:blu_nereid@yahoo.com
Also, has anybody else read O'Reilly's "Building Internet Firewalls" and what did they think?
BluNereid
Comments
By Steve Tremblett () sjt@sympatico.ca on mailto:sjt@sympatico.ca
I bought it last night, and on my first skim over the book I'd have to agree %100 - a fantastic resource - very comprehensive content. Everything you would expect from an O'Reilly title.
By JC () jc@liquifried.com on www.liquifried.com
By Douglas B () NoEmailPlease@Localhost on mailto:NoEmailPlease@Localhost
I read the Sonnenheim (et.al.) book last week, and it too is excellent--a companion to the Zwicky book. It was the "last straw" in getting me to use OpenBSD instead of Linux. It's strength is not only the review of the pieces of the puzzle, but also the practical How-To's of actually installing and configuring a system.
Bonus is the scripts -- the web site at
www.openlysecure.com is good too.
You may also want to check out the New Riders book
"Linux Firewalls" by Robert Ziegler. Though his preferred OS may be different than yours, there's still a lot of meaty stuff. Besides, anyone with ties to Wisconsin (he's a UW-Madison grad) deserves a plug.
Comments
By Nicolas Herry () nicolasherry@yahoo.co.uk on mailto:nicolasherry@yahoo.co.uk
By Christopher Hylarides () chylarides@home.com on mailto:chylarides@home.com
It a great resource to getting started with OpenBSD and they keep up to date via www.openlysecure.org
I think I'm gonna get this book too. I'm always looking to expand my services w/o compromising security. Somthing that is all to common in the real world.
Comments
By BluNereid () blu_nereid@yahoo.com on mailto:blu_nereid@yahoo.com
Comments
By james phillips () dengue@ on file:/dev/null
Comments
By Randy Kyrk () randyk@mudlarkpapers.com on mailto:randyk@mudlarkpapers.com
Comments
By Christopher Hylarides () chylarides@home.com on mailto:chylarides@home.com
By Philip Jensen () phil_jensen@[nospam]yahoo.com on mailto:phil_jensen@[nospam]yahoo.com