Building Internet Firewalls: Internet and Web Security 2nd Edition

Building Internet Firewalls: Internet and Web Security (2nd Edition) by Elizabeth D. Zwicky, D. Brent Chapman, and Simon Cooper is a seminal work in the field of network security. This comprehensive guide offers an in-depth exploration of firewall technologies, providing readers with practical, step-by-step instructions on designing, installing, and configuring firewalls to safeguard internet services.The authors delve into various firewall technologies, including packet filtering, proxying, network address translation, and virtual private networks. They also discuss architectures such as screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, and internal firewalls. The book addresses a wide array of internet services and protocols, offering insights into configuring them securely through a firewall. Topics covered include: • Email and News: Guidance on securing email servers and news services. • Web Services and Scripting Languages: Security considerations for HTTP, Java, JavaScript, ActiveX, RealAudio, and RealVideo. • File Transfer and Sharing Services: Best practices for NFS and Samba. • Remote Access Services: Securing Telnet, BSD “r” commands, SSH, and BackOrifice 2000. • Real-Time Conferencing Services: Security measures for ICQ and talk. • Naming and Directory Services: Considerations for DNS, NetBT, and the Windows Browser. • Authentication and Auditing Services: Insights into PAM, Kerberos, and RADIUS. • Administrative Services: Guidance on syslog, SNMP, SMS, RIP, and network diagnostics. • Intermediary Protocols: Discussion on RPC, SMB, CORBA, and IIOP. • Database Protocols: Security considerations for ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server.Published by O’Reilly Media, this 894-page volume is a must-read for anyone involved in network security, from novices to seasoned professionals. Its detailed explanations and practical advice make it an invaluable resource for designing and implementing robust firewall solutions.

The content and overall presentation are just as I had planned. I bought it how a source of reference and information.

This is one of those rare books that manages to enlighten you (rather than inform you) about technology. The second edition is a classic. Covers so much ground (classic networking theory/stacks, protocol design, network architectures, attack vectors etc.) without losing sight of its focus, security, and without becoming diluted. I have literally read many "advanced" electrical engineering "departmental" textbooks, and this is the ONLY book I've come across that enlightens you for example, about the concept of internal addressing (within a host) vs external addressing (across nets)! {and i've checked all the "classics" like stallman, varaiya etc.} In fact, I think they should teach ee students network protocol design by first immersing students in network security failings via this book rather than all those stodgy classic texts which are the best cure for insomnia known to man!

I do not usually read a book from cover to cover, normally I buy books for reference only. But this book was so good I read it within 3 days. The book is about theory, there is no code at all. It gives great insight on security in general and firewalls completely, no matter if you use linux, unix, or windows. If only all sysadmins would read this book we would have a more secure internet.I highly recommend this book to anyone that admin a system or even just a home based mini lan. It's full of information, some of which one might not think of, but should.

This book is dated, however it makes for a great reference guide when building firewalls or troubleshooting issues with existing firewalls

Gospel by now

This book is probably the most important book published on the subject. It is a general look at how internet firewalls work from a conceptual point of view and their role in network security. This is not and is not intended to be a guide on how to use specific firewall products. It is an excellent overview to network perimeter security.The book contains two basic elements: Conceptual understanding of firewalls and how to look at perimeter security generally on one hand, and detailed TCP protocol reference material on the other. I found (for the second edition) both sides were reasonably up to date, and that the industry hasn't moved far enough since 2000 to invalidate this material.As I said, this is has very little product-specific information in it and it is not a substitute for product documentation (whether Cisco, Checkpoint, or Linux/Netfilter). However it is the best reference on the subject I have found, and it is the best introduction to network perimeter security I have seen. This topic also is universally applicable to IT fields and so should be considered to be a classic study of an important topic. For this reason, this book belongs on the bookshelf of every IT professional.

_Building Internet Firewalls_ is a great reference if you are looking for physical configuration recommendations (how to connect stuff) or protocol packet filtering characteristics (lots of great detail there), but it does not describe firewall policy design or management in any detail (and I'm not aware of a firewall book that does). This could use a few more "real world" examples of filter policies (not just physical architecture), perhaps even a chapter dedicated to each of a home network, a small-to-medium-size business (with perhaps a more complicated and rigorous policy), and a large enterprise (with multiple firewalls and a complex policy).