The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Building Internet Firewalls (2nd Edition)'

Cover of Building Internet Firewalls (2nd Edition)
TitleBuilding Internet Firewalls (2nd Edition)
Author(s)Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman
ISBN1565928717
LanguageEnglish
PublishedJanuary 2000
PublisherO'Reilly & Associates
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer networks
Back to shelf Computer security
Amazon.com info for Building Internet Firewalls (2nd Edition)

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Building Internet Firewalls (2nd Edition)':

Reviewer amazon.com wrote:
In the vast and varied universe of computer books, only a few stand out as the best in their subject areas. Building Internet Firewalls is one of those. It's deep, yet carefully focused, so that almost anything you might want to know about firewall strategies for protecting networks is here. In addition, there's lots of information on the reasons that we build firewalls in the first place, which is to say the security risks that come with Internet connectivity. You'll learn a great deal about Internet services and the protocols that provide them as you follow this book's recommendations for stifling attacks. If there's a shortcoming to this book, it's its lack of coverage of the turnkey firewall products that are becoming popular among home and small-office users. Emphasis here is on more complicated network defenses that require careful design and setup--both design and implementation are the order of the day here. The authors carefully enumerate the threats they see in various situations, go into some detail on how those threats manifest themselves, and explain what configuration changes you can make to your perimeter defenses to repulse those threats. Plenty of illustrations make points about good and bad security strategies (you want to put the routers here and here, not here or here). You'll learn a lot by reading this book from cover to cover, no matter how much experience you have. --David Wall Topics covered: Means of protecting private networks from external security threats. The authors go into detail on attackers' means of exploiting security holes in common Internet services, and show how to plug those holes or at least limit the damage that can be done through them. With coverage of Unix, Linux, and Windows NT, the authors detail their philosophies of firewall design and general security policy.
Reviewer Rob Slade wrote:
Cheswick and Bellovin's "Firewalls and Internet Security" (see reviews) has been, and probably will continue to be, seen as the classic reference with the seriously technical crowd. Chapman and Zwicky, however, created the first reference for the more normal run of system administrators: those whose lives do not revolve around hacking the UNIX kernel. This expanded edition fulfills the same task, and maintains the same reasonable stance. It is refreshing, for example, to find a work that, even if it doesn't know much about viruses, admits that firewalls can do very little to protect against them. There is now a more general and introductory part one, discussing the basic concepts before getting deeply into technical details. Three chapters look at a rationale for firewall usage, Internet services and requirements, and universal security strategies. Part two (part one in the original edition) is an introduction to firewall technology and structure. It could easily stand as a separate book, itself, clearly explaining the operation of, and reasoning behind, functions that other firewall books merely mention. More, it is a very down-to-earth and practical guide to evaluating security needs and planning for security systems and practices. The writing is completely clear, and the explanations first-rate. Two chapters look at the packet structures of Internet protocols and basic firewall technologies. Chapter six, on firewall architectures, is a perfect introduction for the manager who, while not having a technical background, must lead or administer a security project, and is followed by a short but useful outline for a design process. The detailed chapter on packet filtering is the longest in the book, but there is also solid coverage of proxy systems and bastion hosts. The section concludes with valuable particulars of tools for securing UNIX (and Linux) and Windows (NT and 2000) systems. Part three reviews various Internet services, the reasons for having them, risks associated with them, and details that can be used to secure them. There is an introduction to the subject, and then coverage of intermediary protocols, the World Wide Web, email and news, file and print transfer and sharing, remote access, and real time conferencing systems. Each chapter also deals with related issues and technologies, such as the various specific mail protocols and active content for Web pages. As well, the topics of naming and directory services, authentication, administrative services, and databases and games are examined. Two sample firewall configurations, using the previous material, close off the division. Part four provides quick but decent guidance on general security issues. There is a look at security policies, firewall maintenance, and responding to security incidents. The appendices are useful, outlining resourcs for further information, tools, and a brief but reliable explanation of cryptography. The resource list, unlike the usual table of titles and URLs, contains quality works, and is annotated. This was the first book to truly explain, to the non-specialist, the various factors and functions involved in firewall choice and construction. I still have not found another of similar quality. This new edition is not just an update, but a valuable extension and expansion. For those building their own and for those evaluating vendor proposals, this book is a must. copyright Robert M. Slade, 1995
Add my review for Building Internet Firewalls (2nd Edition)

Book description:

In the years since publication of the first edition of this classic reference, Internet use has exploded and e-commerce has become a daily part of business and personal life. As Internet usage has grown, so have the security threats. Some threats, like password attacks and the exploiting of known security holes, have been around since the early days of networking. Others, like password sniffers, IP forgery, and various types of hijacking and replay attacks, are newer. And still others, like the defacement of web sites, and the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, come from today's headlines. Firewalls are a very effective way to protect a system from most Internet security threats and are a critical component of today's computer networks. Firewalls in networks keep damage on one part of the network (e.g., eavesdropping, a worm program, file damage) from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down. Like the first edition of Building Internet Firewalls, this second edition is a practical and detailed guide to designing and building firewalls and to configuring Internet services to work with firewalls. This much expanded edition covers Linux and Windows NT, as well as Unix. It describes a variety of firewall technologies (packet filtering, proxying, network address translation, virtual private networks) and architectures (e.g., screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, internal firewalls). It also contains a new set of chapters describing the issues involved in a variety of new Internet services and protocols through a firewall. Building Internet Firewalls covers more than 100 Internet services and protocols, including email and News; Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo); file transfer and sharing services (e.g., NFS, Samba); remote access services (e.g., Telnet, the BSD "r" commands, SSH, BackOrifice 2000); real-time conferencing services (e.g., ICQ, talk); naming and directory services (e.g., DNS, NetBT, the Windows Browser); authentication and auditing services (e.g., PAM, Kerberos, RADIUS); administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics); intermediary protocols (e.g., RPC, SMB, CORBA, IIOP); and database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server). The book also contains chapters on security policies, cryptography, maintaining firewalls, and responding to security incidents, as well as a complete list of resources, including the location of many publicly available firewall construction tools.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement