Contributed by Dengue on from the our-very-first-review dept.
Building Linux and OpenBSD Firewalls
Copyright 2000 by Wes Sonnenreich and Tom Yates
Published by John Wiley & Sons, Inc.
ISBN 0-471-35366-3
$69.95 CAN, $44.99 USA
352 pages
This is one of those rare books that makes me think, "Gee, someone out there is on the same wavelength as I am". While all the information in this book can be found in man pages or on the internet, it packages it all conveniently in one chunk. What we are given is a book that serves as the best introduction to firewall design and implementation that I have yet seen. Experts will probably not find anything new in this book but it will still serve as excellent reference material. It even contains a brief vi tutorial :)
The book is written with a great sense of humour, so people that are expecting a dry technical volume may be put off by this, as well as the authors' proclivity to extoll the virtues of the open source philosophy at every possible opportunity. Mind you, these are some of the same reasons that I enjoyed the book as much as I did. If someone were to slap a picture of an animal on the cover, this book would be right at home in the O'Reilly nutshell series.
What made this book particularly valuable, in my opinion, was that the authors chose to focus on BOTH Linux and OpenBSD. Being able to compare both platforms is intrinsically interesting and very helpful: while most people are probably buying this book because Linux is in the title, it will help get OpenBSD's foot in the door. It outlines the differences quite well and fairly, and in my opinion, OpenBSD emerges as the clear winner for the purpose of building a firewall. Linux users please don't flame me; read this book first and then tell me if you still disagree. Chapter 4 is dedicated entirely to the issue of choosing which OS to use, even taking the time to discuss the idiocy of OS holy wars, a subject sure to arise in a topic like this.
While reading this book, I got the feeling that the authors do indeed have the day to day experience with either OS that they claim to have. Alot of handy tips are included, as well as great information about the nature of many attacks that a firewall could be subjected to. I'm not saying that this book is a primer for TCP/IP, but the sections that deal with it could be excerpted from the book and published as seperate guide, and still be usefull.
The only problems I had with this book was the Linux distro they chose to focus on, which was RedHat, and the versions of either OS (6.0 for RedHat and 2.5 for OpenBSD). Nothing against RedHat, it makes sense to focus on it due to the large marketshare it has, but information specific to other distros such as SuSE, Slackware and Debian would have been a great touch. Also, if I recall correctly, the framework for packet mangling in Linux has changed for the 2.4 kernel, so newcomers looking to build a Linux firewall with the latest and greatest might have issues here. I know things can't be cutting edge when your printing on dead trees, so I look forward to seeing new editions of this book that cover changes as they arise. These are personal gripes. If you have half a brain you should be able to extrapolate the information you need and apply it appropriately.
To sum it up, this is a great book. If you work for, or know, someone who is thinking of dropping a whack of dough on Borderware, FW-1 or a Pix, then buy them this book and force them to read it. It reads like a manifesto and is written like a good HOWTO.
- Chapter 1: The ABCs of Network Security, 15 pages
- Chapter 2: Fundamental Internet Security Issues, 17 pages
- Chapter 3: How Secure Should Your Network Be?, 66 pages
- Chapter 4: Choosing an OS: Linux versus OpenBSD, 18 pages
- Chapter 5: Getting the Right Hardware, 17 pages
- Chapter 6: Installing Linux, 23 pages
- Chapter 7: Configuring the Firewall under Linux, 25 pages
- Chapter 8: Installing OpenBSD, 36 pages
- Chapter 9: Configuring the Firewall under OpenBSD, 43 pages
- Chapter 10: Tuning Your Firewall, 20 pages
- Chapter 11: Intrusion Detection and Response, 14 pages
- Chapter 12: Loose notes, 19 pages
- Index: 10 pages and plenty of entries
(Comments are closed)
By Jeff () no@thanks.com on none
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471353663
Comments
By James Phillips () dengue@deadly.org on file:/dev/null
By Byron Sonne () blsonne@home.com on mailto:blsonne@home.com
Regards,
Byron
Comments
By Jeff () no@thanks.com on none
By James Phillips () dengue@deadly.org on file:/dev/null
Comments
By Byron Sonne () blsonne@home.com on mailto:blsonne@home.com
After reading my comment I realized that I sounded like a bit of a prick there. That was not my intention; but I would like to apologize anyways.
Regards,
Byron
By some guy that visits this site a lot... () on
It is very fun to read and there are quite a fair funny parts that suck you into the material and stop you from falling asleep (firewalls can be dry matrial). This is the type of book that helps you put up a firewall, with no OpenBSD experience. I didn't encounter any problems building mine, but if you do I might think you won't find too much help here. You'll have to figure out how to carry on with the lesson by yourself. There's no mention of anything ISDN (some of us are still stuck with ISDN), but that's ok.
OpenBSD did come up on top, which may have been helped by Theo's involvement by helping the author (does not appear in the book)? OpenBSD may have been made more accessible to the Linux community with this book. Maybe some people will move to OpenBSD. It must be said, the book offers a very neutral perspective on the comparison of the two camps. Especially the GPL vs. BSD section (no rel. wars here). It didn't leave me with the notion OpenBSD rules as a firewall and Linux doesn't.
Intrusion Detection is a bit short, I wish they had included a little more. If they'd copied a little bit of that from "Maximum Linux Security"'s it may be have been a little better.
All in all, a good book that's worth the money (I've read it twice). I may be biased towards OpenBSD but this is a well rounded book, it's fun to read, offers nice information, and has "OpenBSD" in the title.
Darn, I ended up writing a review, when all I wanted to say is I liked this review and I knew I should have written one on this book earlier :-)
Comments
By Tony () aschlemm@comcast.net on mailto:aschlemm@comcast.net
I also have a VPN setup using isakmpd between my office's little Netgear FVS318 firewall appliance and my firewall so I now have the option to work from home. :)
By Curtis Collicutt () on
Also, I will never understand how publishers determine the price of a book, as $70 is steep.
Comments
By Goetz.R () Roland.Goetz@erl.sbs.de on mailto:Roland.Goetz@erl.sbs.de
price 35.99 $
shipping 5.95 $
----------------
41.94 $
What is not nice is the long time to get it shipped. Still waiting. I am in Germany
Comments
By daniel () toowonderful@hotmail.com on mailto:toowonderful@hotmail.com
it's selling for $27.50 (U.S. dollars)
By Dave () karnak@nova.org on mailto:karnak@nova.org
By Karnak () karnak@nova.org on mailto:karnak@nova.org
Comments
By Anonymous Coward () on
It's a good IPFilter reference, and it's now
mainly used on FreeBSD and NetBSD.
This good book it's completely outdated, compares
ipchains on Linux with IPFilter on OpenBSD.
By Philip Jensen () phil_jensen@yahoo.com on mailto:phil_jensen@yahoo.com
Overall it is good to see OpenBSD get out there commercially. I even saw the book on my local bookstore shelves, and 2 copies at that.
Comments
By Tyrann () Tyrann@Astux.com on http://www.Astux.com
By Stefan Feurle () phuego@phlatcode.de on www.phlatcode.de
I tried to order it at amazon, but they don't have it on stock; even a search on
John Wiley & Sons webpage remained unsuccessful.
So tell me please where I can purchase it.
thanx,
phuego
Comments
By Anonymous Coward () on
I'm guessing your in Germany... so I don't have any idead where you can buy it over there. I'm located in Toronto, Canada, and I purchased my copy at 'The World's Biggest Bookstore'.
I try never to buy things online because I always (with the exception of buying my OpenBSD CDs) get shipped the wrong thing or the couriers lose my order.
As a side note, perhaps the people who sell the OpenBSD CDs ('The Computer Shop' in Calgary, Canada?) ought to carry this book, it would be most helpful and tie in really well.
Regards,
Byron
Comments
By Cabl3 () openbsd@cybercable.fr on mailto:openbsd@cybercable.fr
By Cabl3 () openbsd@cybercable.fr on mailto:openbsd@cybercable.fr
I began fiddling around with OpenBSD 3/4 months ago and I'm really astonished by the very quality of this wonderful OS.
I think that OpenBSD deserves more coverage (that's why I started wearing BlowFish or OBSD cop gear ;-) ) and this book is truly GUH-REAT . It has a companion website where you can find very interesting pieces of info and updates to the book.
Get this book if you can (very funny style), buy OpenBSD CDs (as it helps the project) and feel the groove ;-).
Regards,
By lambchop () i_lambchop@yahoo.com on Yes, Please!
By ZZ () zz@mickey.cc.uic.edu on http://mickey.cc.uic.edu
By John Smith () on
The basics are the same but the little bits have changed a lot. When building a firewall these little bits are important.
Anyway, a great book.
BR, JS
Comments
By goon () goonmail@netspace.net.au on slashdot.org/~goon