Building Internet Firewalls
This book is probably the most important book published on the subject. It is a general look at how internet firewalls work from a conceptual point of view and their role in network security. This is not intended to guide how to use specific firewall products. It is an excellent overview of network perimeter security.
The book contains two essential elements: A conceptual understanding of firewalls and how to look at perimeter security generally on the one hand and detailed TCP protocol reference material on the other. I found (for the second edition) that both sides were reasonably up to date and that the industry hasn’t moved far enough since 2000 to invalidate this material.
As I said, this has very little product-specific information and is not a substitute for product documentation (whether Cisco, Checkpoint, or Linux/Netfilter). However, it is the best reference on the subject I have found and the best introduction to network perimeter security I have seen. This topic is also universally applicable to IT fields and should be considered a classic study of an important issue. For this reason, this book belongs on the bookshelf of every IT professional.
This book is a part of The Networking CD Bookshelf, Version 2.0.
Firewalls, critical components of today’s computer networks, protect a system from most Internet security threats. They keep damage on one part of the network–such as eavesdropping, a worm program, or file damage–from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down.
Like the bestselling and highly respected first Edition, Building Internet Firewalls, 2nd Edition is a practical and detailed step-by-step guide to designing and installing firewalls and configuring Internet services to work with a firewall. Much expanded to include Linux and Windows coverage, the second Edition describes:
- Firewall technologies: packet filtering, proxying, network address translation, virtual private networks
- Architectures include screening routers, dual-homed hosts, screened hosts, subnets, perimeter networks, and internal firewalls.
- Issues involved in a variety of new Internet services and protocols through a firewall
- Email and News
- File transfer and sharing services such as NFS, Samba
- Remote access services such as Telnet, the BSD “r” commands, SSH, BackOrifice 2000
- Real-time conferencing services such as ICQ and talk
- Naming and directory services (e.g., DNS, NetBT, the Windows Browser)
- Authentication and auditing services (e.g., PAM, Kerberos, RADIUS);
- Administrative services (e.g., Syslog, SNMP, SMS, RIP and other routing protocols, and ping and further network diagnostics)
- Intermediary protocols (e.g., RPC, SMB, CORBA, IIOP)
- Database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server)
In the vast and varied universe of computer books, only a few stand out as the best in their subject areas. Building Internet Firewalls is one of those. It’s deep yet carefully focused, so almost anything you might want to know about firewall strategies for protecting networks is here. In addition, there’s lots of information on why we build firewalls in the first place, which is to say the security risks that come with Internet connectivity. Following this book’s recommendations for stifling attacks, you’ll learn much about Internet services and their protocols. If there’s a shortcoming to this book, it’s its lack of coverage of the turnkey firewall products that are becoming popular among home and small-office users. The emphasis here is on more complicated network defenses that require careful design and setup – design and implementation are the order of the day here. The authors carefully enumerate the threats they see in various situations, detail how those threats manifest themselves, and explain what configuration changes you can make to your perimeter defenses to repulse those threats. Plenty of illustrations make points about good and bad security strategies (you want to put the routers here and here, not here or here). You’ll learn a lot by reading this book from cover to cover, no matter how much experience you have.
Building Internet Firewalls: Internet and Web security PDF
Author(s): Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman
Publisher: O’Reilly, Year: 2000