BKBUINFI.RVW 20010105 "Building Internet Firewalls", Elizabeth D. Zwicky/Simon Cooper/D. Brent Chapman, 2000, 1-56592-871-7, U$44.95/C$65.95 %A Elizabeth Zwicky %A Simon Cooper %A Brent Chapman %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2000 %G 1-56592-871-7 %I O'Reilly & Associates, Inc. %O U$44.95/C$65.95 707-829-0515 fax: 707-829-0104 nuts@ora.com %P 869 p. %T "Building Internet Firewalls, Second Edition" Cheswick and Bellovin's "Firewalls and Internet Security" (cf. BKFRINSC.RVW) has been, and probably will continue to be, seen as the classic reference with the seriously technical crowd. Chapman and Zwicky, however, created the first reference for the more normal run of system administrators: those whose lives do not revolve around hacking the UNIX kernel. This expanded edition fulfills the same task, and maintains the same reasonable stance. It is refreshing, for example, to find a work that, even if it doesn't know much about viruses, admits that firewalls can do very little to protect against them. There is now a more general and introductory part one, discussing the basic concepts before getting deeply into technical details. Three chapters look at a rationale for firewall usage, Internet services and requirements, and universal security strategies. Part two (part one in the original edition) is an introduction to firewall technology and structure. It could easily stand as a separate book, itself, clearly explaining the operation of, and reasoning behind, functions that other firewall books merely mention. More, it is a very down-to-earth and practical guide to evaluating security needs and planning for security systems and practices. The writing is completely clear, and the explanations first-rate. Two chapters look at the packet structures of Internet protocols and basic firewall technologies. Chapter six, on firewall architectures, is a perfect introduction for the manager who, while not having a technical background, must lead or administer a security project, and is followed by a short but useful outline for a design process. The detailed chapter on packet filtering is the longest in the book, but there is also solid coverage of proxy systems and bastion hosts. The section concludes with valuable particulars of tools for securing UNIX (and Linux) and Windows (NT and 2000) systems. Part three reviews various Internet services, the reasons for having them, risks associated with them, and details that can be used to secure them. There is an introduction to the subject, and then coverage of intermediary protocols, the World Wide Web, email and news, file and print transfer and sharing, remote access, and real time conferencing systems. Each chapter also deals with related issues and technologies, such as the various specific mail protocols and active content for Web pages. As well, the topics of naming and directory services, authentication, administrative services, and databases and games are examined. Two sample firewall configurations, using the previous material, close off the division. Part four provides quick but decent guidance on general security issues. There is a look at security policies, firewall maintenance, and responding to security incidents. The appendices are useful, outlining resourcs for further information, tools, and a brief but reliable explanation of cryptography. The resource list, unlike the usual table of titles and URLs, contains quality works, and is annotated. This was the first book to truly explain, to the non-specialist, the various factors and functions involved in firewall choice and construction. I still have not found another of similar quality. This new edition is not just an update, but a valuable extension and expansion. For those building their own and for those evaluating vendor proposals, this book is a must. copyright Robert M. Slade, 1995, 2001 BKBUINFI.RVW 20010105