Firewalls and Internet Security: Repelling the Wily Hacker

This is an introductory text, that is entertainly written. I originally read the first edition of this book. While preparing a recent seminar I found that I wanted to reference it, but then realized that the material was somewhat dated. The second edition is from 2003, which is still 7 years old, but I find that the information is still very useful, the definition of a classic.More than a mere book on firewalls, this is a primer for the entire workings of the Internet Protocols. It has clear explanations of DNS, DHCP, TCP, UDP, ICMP, SSL, FTP and many other protocols without all the nitty gritty details that you'll find in a book like "TCP/IP Illustrated." <http://www.amazon.com/TCP-IP-Illustrated-Vol-Protocols/dp/0201633469>, which I recommend if you need more technical detail.The authors describe the risks associated with the protocols and strategies for protecting your systems. But, they go further, and explain other attacks and how they might circumvent the barriers that a sysadmin might erect.The exposition on Firewalls and VPNs (Virtual Private Networks) begins in Part IV. There are specific strategies given for protecting several protocols. No specifics on CISCO PIX, sorry guys, the examples use software generally available on Unix (FreeBSD). But, that's mainly a syntax issue, the principles are the same for the large comercial firewall systems. But, once again, if you need specifics, you'll need to read the manuals. This book will give you the foundation to understand what you read in the manuals. Firewall manuals are dry in comparison and generally lack strategic recommendations.The first appendix does a decent job of explaining public key cryptography. The second appendix is "dated" though in that it attempts to give "links" to other resources. After 7+ years, you can imagine the problems with that.Likewise the bibliography mainly cites texts from the 1990's; although there is one reference from 1872: "Through the Looking Glass", Lewis Carroll. Typical of the entertaining quotes throughout the book, "When I use a word. . .it means just what I choose it to mean, neither more nor less." And perhaps that's a fitting summary of this book's purpose, to familiarize you with the meanings of the "Carrollesque" words associated with Internet Security.

First let me start by saying I'm new to firewalls, but have been a computer systems builder for years and configuring Windows operating systems for the past 5 years. I was looking for a primer book.. The book covers fundamentals and the authors give in-depth examples for UNIX systems. About a third of the way through the book it remarked about the Windows 95 and their new NT technology (which has been around since about 2000). i finished reading the book, allot about UNIX and non existent on Microsoft products. Not a total waste of money but I finished the book feeling like i sat down for a dinner and was only served a side salad. Back to Amazon book list for me!

The good;This book is well done for what it is... a basic outline of why friewalls started to be needed and how come things worked the way they did. It is not too hard for someone that can read english but perhaps not computer gik talk.The bad;The world has moved on and this stuff is of little use to todays computer user... i.e. the big bad KGB has the codes they needed and most people no longer care that someone can hack their Facebook accounts to see what you said in the emails.

No problems, good experience.

Great book. Helped me a lot through my research paper.

My hope was that reading Firewalls and Internet Security - Second Edition would be a chance to sit at the feet of the masters, but I was disappointed. Part of the problem is the title, this is not a firewall book; this is an internet oriented security overview. The writing style is professional, but terse, you will learn the names of many important things, but you will not learn how to DO anything and you will not even learn ABOUT very much. However the book gives you the NAMES of many important topics that you can go research on your own and is valuable for that. It is well edited and has a flawless layout making it a fast easy read because the technical level is low and the book is short.The book opens with a few pages on security truisms, my favorite part of the book and a dazzling display of intellect! All the material after the truisms and up to chapter 9 is a quick tour of topics like Security Policy, Host-Based Security and Perimeter Security, Authentication, and all the Protocols in a couple paragraphs each.Chapters 9 - 12 are where the book covers perimeters. Chapter 9 is dated material, Static Packet Filters, Network Topology, Application Gateways, and SOCKS. The book begins to improve in Chapter 10, remember, these authors really know their stuff and if you read closely there is wisdom here. The "Use the phone?" comment in the H.323 and SIP example firewall rule was a classic. Sadly, this whole critically important section got one thin paragraph.In Chapter 13, there is a fascinating discussion about using routing tricks to protect a host, but it isn't clear to me you can implement this with the four sentences of information the authors provide. As you march on to Chapter 16, they have a few paragraphs on host security, name some types of IDSes and so forth.Chapter 16 is from the original edition, An Evening with Berferd is a lovely read especially if you have a Unix background. Chapter 17, The Taking of Clark, another war story, was also fun.The ending of the book is sad, the technical material concludes with three and a half pages titled: Where do we go from here? They briefly mention IPv6, but come to no conclusion as to its future. DNSsec gets two paragraphs, we do not even learn what it is, (a new resource record where the information that is stored can be signed).In the final paragraph the authors conclude we are going backward not forward, that we cannot achieve the security level Multics had in the 1970s with modern operating systems. I sincerely hope that is not true; take a look at OpenBSD, one exploitable remote vulnerability in seven years. Think about the progress RedHat and Microsoft are making. Take a look at the work The Center for Internet Security is doing, take the Unix or Windows tracks at SANS, but never, ever give up.

Este libro es una joya básica de seguridad en redes. Eso sí, el inglés no es muy accesible. Es necesario un nivel medio-alto en mi opinión.