Contributed by Dengue on from the our-very-first-review dept.
Building Linux and OpenBSD Firewalls
Copyright 2000 by Wes Sonnenreich and Tom Yates
Published by John Wiley & Sons, Inc.
$69.95 CAN, $44.99 USA
This is one of those rare books that makes me think, "Gee, someone out there is on the same wavelength as I am". While all the information in this book can be found in man pages or on the internet, it packages it all conveniently in one chunk. What we are given is a book that serves as the best introduction to firewall design and implementation that I have yet seen. Experts will probably not find anything new in this book but it will still serve as excellent reference material. It even contains a brief vi tutorial :)
The book is written with a great sense of humour, so people that are expecting a dry technical volume may be put off by this, as well as the authors' proclivity to extoll the virtues of the open source philosophy at every possible opportunity. Mind you, these are some of the same reasons that I enjoyed the book as much as I did. If someone were to slap a picture of an animal on the cover, this book would be right at home in the O'Reilly nutshell series.
What made this book particularly valuable, in my opinion, was that the authors chose to focus on BOTH Linux and OpenBSD. Being able to compare both platforms is intrinsically interesting and very helpful: while most people are probably buying this book because Linux is in the title, it will help get OpenBSD's foot in the door. It outlines the differences quite well and fairly, and in my opinion, OpenBSD emerges as the clear winner for the purpose of building a firewall. Linux users please don't flame me; read this book first and then tell me if you still disagree. Chapter 4 is dedicated entirely to the issue of choosing which OS to use, even taking the time to discuss the idiocy of OS holy wars, a subject sure to arise in a topic like this.
While reading this book, I got the feeling that the authors do indeed have the day to day experience with either OS that they claim to have. Alot of handy tips are included, as well as great information about the nature of many attacks that a firewall could be subjected to. I'm not saying that this book is a primer for TCP/IP, but the sections that deal with it could be excerpted from the book and published as seperate guide, and still be usefull.
The only problems I had with this book was the Linux distro they chose to focus on, which was RedHat, and the versions of either OS (6.0 for RedHat and 2.5 for OpenBSD). Nothing against RedHat, it makes sense to focus on it due to the large marketshare it has, but information specific to other distros such as SuSE, Slackware and Debian would have been a great touch. Also, if I recall correctly, the framework for packet mangling in Linux has changed for the 2.4 kernel, so newcomers looking to build a Linux firewall with the latest and greatest might have issues here. I know things can't be cutting edge when your printing on dead trees, so I look forward to seeing new editions of this book that cover changes as they arise. These are personal gripes. If you have half a brain you should be able to extrapolate the information you need and apply it appropriately.
To sum it up, this is a great book. If you work for, or know, someone who is thinking of dropping a whack of dough on Borderware, FW-1 or a Pix, then buy them this book and force them to read it. It reads like a manifesto and is written like a good HOWTO.
- Chapter 1: The ABCs of Network Security, 15 pages
- Chapter 2: Fundamental Internet Security Issues, 17 pages
- Chapter 3: How Secure Should Your Network Be?, 66 pages
- Chapter 4: Choosing an OS: Linux versus OpenBSD, 18 pages
- Chapter 5: Getting the Right Hardware, 17 pages
- Chapter 6: Installing Linux, 23 pages
- Chapter 7: Configuring the Firewall under Linux, 25 pages
- Chapter 8: Installing OpenBSD, 36 pages
- Chapter 9: Configuring the Firewall under OpenBSD, 43 pages
- Chapter 10: Tuning Your Firewall, 20 pages
- Chapter 11: Intrusion Detection and Response, 14 pages
- Chapter 12: Loose notes, 19 pages
- Index: 10 pages and plenty of entries
(Comments are closed)