the first work to deal seriously and completely with
the topic, the
first edition of "Firewalls and Internet Security" was
one of those
classics that get known only by the last names of the
authors, so as
not to leave any possibility of confusion with books
whose titles may
such a long time has elapsed between editions of a
work such as
this, it is more than possible that the field has moved
on far enough
that a minor updating of the material is simply not feasible.
authors are quite well aware of the new territory: where
original structure has been retained, but otherwise,
the book has
essentially been rewritten. A huge undertaking, but the
practical course, in the circumstances.
one establishes a starting point. Chapter one, an introduction,
presents a number of basic, but worthwhile, security
operations of various components of the TCP/IP protocol
discussed, with the most serious security vulnerabilities
highlighted, in chapters two (lower layers) and three
The authors' thoughts on the security of the Web are
in the title of chapter four: "The Web: Threat or
two outlines the threats to networked machines. Chapter
describes a number of different types of attacks. A variety
for determining security weaknesses are listed in chapter
alongside discussions of the relative costs/benefits
versus security by obscurity.
three details security tools and utilities. Chapter
reviews authentication concepts and techniques. Various
security systems are described in chapter eight.
four gets us to firewalls and virtual private networks
themselves. Chapter nine outlines the different types
Basic filtering concepts are examined in chapter ten.
for constructing and tuning your firewall are in chapter
Tunnelling and VPNs are discussed in chapter twelve.
five extends the isolated technology of firewalls into
application of protecting an organization. Network layout,
implications thereof, is reviewed in chapter thirteen.
fourteen deals with hardening of hosts. Chapter fifteen
is a rather
terse look at intrusion detection.
Part six is
entitled "Lessons Learned." The
detection and tracing of"
berferd" is described in chapter sixteen, along
with the taking of
the "CLARK" machine in chapter seventeen. In
Kerberos and IPSec are used as examples of approaches
to security of
insecure networks. Chapter nineteen finishes with some
ideas for work
that yet needs to be done to help with the security of
place of firewalls in regard to network security has
considerably in the past decade. This book does reflect
Unfortunately, that breadth of topic has come at the
expense of some
depth in coverage. The result is a book that is definitely
as an introduction to the field, but which may no longer
as a working reference. I must admit that, for some time,
I have been
recommending Chapman and Zwicky (cf. BKBUINFI.RVW) over
Bellovin's original text, since "Building Internet
Firewalls" seems to
have the edge in terms of practicality. Upon reviewing
edition of the classic, I would have to stick to that
copyright Robert M. Slade, 1994, 2003 BKFRINSC.RVW 20030321