BKINFRNS.RVW   950426
 
"Internet Firewalls and Network Security", Siyan/Hare, 1995, 1-56205-437-6,
U$35.00/C$47.95/UK#32.49
%A   Karanjit Siyan ksiyan@kinetics.com
%A   Chris Hare
%C   201 W. 103rd Street, Indianapolis, IN   46290
%D   1995
%G   1-56205-437-6
%I   New Riders Publishing
%O   U$35.00/C$47.95/UK#32.49 800-858-7674 75141.2102@compuserve.com 
%P   410
%T   "Internet Firewalls and Network Security", 
 
The introduction states that this book is for those who already realize the
risks of attaching a system to the Internet.  This extreme limitation of
audience may explain the poverty of the tutorial materials, lack of overall
organization, and uneven content.  Those who are building firewalls know that
information is hard to get, and they are willing to go for just about anything.
 
There is a fair amount of material in the book.  It tends to jump from
definitions which are simplistic almost to the point of inaccuracy on one page,
to technical minutiae on the next, so this is a work to be battled with in
order to extract the goods.  The difficulty is not reduced by the fact that the
authors insist on defining, not too explicitly, new jargon.  It is therefore
difficult to assess whether advice about firewall architecture is truly as
pedestrian as it sounds, or merely confused wording.
 
A possibly useful feature is the inclusion of material on specific packet
screening and firewall systems.  This is quite limited, and does not address
the new "complete kit" firewall systems currently coming to market.  It does
mention some PC-based screening routers which may be helpful for testing and
experimentation.
 
Some text, such as the section on mailing lists and other electronic contracts,
appears based on material that is three or more years old.  (More up-to-date
material is provided in Appendix B.)
 
I recall a story about a network-connected system which had been "secured" by
removing its "outbound" capability.  The transmit pins, on the device connected
to the Internet, had been physically sheared off.  To demonstrate this, the
team "sent" a ping to a remote site--and got an immediate response.  As it
turned out, the machine was also connected to an internal network, and the
routing tables had found a gateway which eventually fed out to the Internet. 
Network security is complex.  You will need to work at it.
 
copyright Robert M. Slade, 1995   BKINFRNS.RVW   950426
 
============= 
Vancouver        roberts@decus.ca             | "Metabolically
Institute for    Robert_Slade@sfu.ca          |  challenged"
Research into    slade@freenet.victoria.bc.ca | 
User             rslade@CyberStore.ca         | politically correct
Security         Canada V7K 2G6               | term for "dead"