Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Firewalls and Internet Security, Second Edition

timothy posted more than 11 years ago | from the anti-conflagration dept.

Security 96

dbc15 writes "A timely and much needed update to the first edition, Fwais 2.0 is an excellent overview of the current landscape and psychology involving intranet, vpn and Internet host security while correctly addressing the positives and negatives of firewall / internet security and the techniques used by hackers."

The authors start with hacking and security needs analysis, progress thru strategies and techniques, and end with useful security formulas, hypotheses and real life examples. They draw upon their own experiences and observations about network security and host protection to give the reader a well-rounded view of the concepts of security as they apply today. The book is well written with simple examples and antecedents. They have taken great care to explain how hackers work and their methodology. The best thing about the book is that it does not go into great detail about unnecessary finite security specifics and shows what works best while adding value by allowing the reader the opportunity to think for themselves and address their own needs. They maintain the premise that: " Simple security is better than complex security: it is easier to understand, verify, and maintain."(Page 81) while covering the types of attacks not only by method, but also by class, ranging from the kiddie script up to the sophisticated tunneling and VPN methods.

FWAIS 2.0 is a comprehensive guide to the most common security problems while not wasting time on the insignificant. It includes a good set of general rules and the tool sets necessary to secure a network at any level. FAWAIS 2.0 covers current protocols and allows simple guidelines for flexibility in determining your own network needs. It describes the weaknesses in both hardware and software while addressing their relational aspects in easy to understand terms. Written with Freebsd in mind many of the techniques in this edition adapt well to other sources such as Linux, Os/X, Unix, NetBsd, and Solaris.

The entire premise of the book revolves around the concept that old style layered security is not as good as it may appear. And that internet security and firewalls are a holistic endeavor of system integration and design. The authors have taken care to show just how difficult it can be to keep up with large network topology and lend truth to the fact that there is no such thing as absolute security.

The concepts found in this book cover subjects such as :

  • What firewalls can and cannot do, capabilities and weaknesses.
  • What filtering services work best.
  • What services and practices are overkill.
  • Why firewalls are necessary, the risks to servers and the servers relationship to proper firewall installation.
  • What the steps to hacking are and the methodology used to break into a host.
  • The why, what and where of limiting services and the tools to secure the appropriate functions.
  • Types of firewalls and best practices for implementing security while building and designing firewalls.
  • Why building your own firewalls may be your best solution.
  • Applying past experiences to your firewall design.
  • Intrusion detection systems and their role as a network tool in firewall construction.
  • Honey pot examples showing how the techniques have been used to thwart and frustrate potential adversaries.
This is not a how to book written with step-by-step specific fill-in-the-blanks, connect-the-dots, detailed mechanical guidelines; it addresses the real needs of the administrator in relation to actual daily situations. As they state on page 213 "-we don't think the hard part of firewall administration is data entry, it is knowing what the appropriate policies are."

The second edition is well documented and includes plenty of good link references, appendices and bibliography resources to help any professional keep current with the ever-changing environment of network defense.

Any organization evaluating current security needs should find the second edition helpful for determining their security goals and a comprehensive guide to help design, implement and deploy firewalls. The second edition is a definite must for any security library, certification-training program or public/private classroom situation.

I recommend Firewalls and Internet Security as the best starting point for anyone who might be considering any changes in company security structure or earning their security certifications.


You can purchase the Firewalls and Internet Security, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Sorry! There are no comments related to the filter you selected.

FP (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6401145)

Faggot Piss

Re:FP (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6401223)

one time there was this firewall and i looked at it and it was kinda old but you could see where the fire smoked up the windows and the doors and it was pretty cool because there was no way anyone could have put out the fire even though the firewall was well built it had these windows and doors that were put in by the owner and it was bad because firewalls aren't supposed to have doors and windows but he put them in anyway and it just proves that there shouldn't be any because the building next door burned down too even though it had no doors or windows because the two firewalls are supposed to work together i guess and since one was basically illegal and the other was fine it didn't matter but it's interesting because the building next to the second building didn't burn down because the firewalls were both intacted so it just goes to show you that the department of building and safety really know what the hell they're talking about and people who don't build to code are all idiots. my head hurts.

Re:FP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401562)

I love it when people invest some time to come up with an original troll.

I mean, come on. This "bow down to the lord's penis" stuff is funny the first few times you see it, but after that... well...

Re:FP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6404294)

It doesn't matter how many times they say, "Imagine a beowulf cluster of all your base." It's always funny.

Re:FP (0)

Anonymous Coward | more than 11 years ago | (#6401820)

...and people who don't build to code are all idiots.

It's interesting, but this really applies to both computers and buildings. Except that building codes are analogous to program specs. And program code is analogous to built structures.

YOU NAILED IT! (0)

Anonymous Coward | more than 11 years ago | (#6402843)

That is so wonderful! We're all proud of you! Keep up the great work. Allah be praised!

Test (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401146)

Testing...

it worked. (-1)

Anonymous Coward | more than 11 years ago | (#6401406)

Step away from the computer! (1)

ta bu shi da yu (687699) | more than 11 years ago | (#6406679)

Never let an untrained poster go near the submit button. I hope that we've all learned a valuable lesson from this.

Yours humbly,
Ta bù shì dà yú

asdfasdfasdfa (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401149)

fp m0fo

YOU SO FUCKING FAIL IT!!! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6401165)

FP? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401150)

Is it just me, or are there not already THOUSANDS of books out there better than this one...

YOU LIKEWISE FAIL IT!!! (-1)

Anonymous Coward | more than 11 years ago | (#6401190)

Slapdash has mastered the art of... (-1)

Mike Hock (249988) | more than 11 years ago | (#6401484)

doing what already has been done!

w00t (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401161)

woot

Books are dying... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401173)

Save a tree - go download the PDF.

Unacknowledged Adobe security holes, they're the new Lorax, baby!

Anybody Else Think.. (-1, Insightful)

Anonymous Coward | more than 11 years ago | (#6401180)

that timothy writes worse "reviews", than a high schooler writes a book report?

This is the high quality slashdot content worth paying for?

No thanks.

Re:Anybody Else Think.. (0)

Anonymous Coward | more than 11 years ago | (#6401254)

that timothy writes worse "reviews", than a high schooler writes a book report?
This is the high quality slashdot content worth paying for?


Actually, they don't even generate content. They let their readers do that and supposedly proof-read them and decide when / what to post. Whether it would be worse if they wrote them or simply performed editor functions, with all the mistakes, dupes, etc, is left as an exercise ot the reader.

Re:Anybody Else Think.. (0)

Anonymous Coward | more than 11 years ago | (#6401260)

You ass clown, Timothy didn't write the review. He simply posted it. The review was written by D Bruce Curtis, Ceo, American Interconnect. Whoever the hell that is.

Re:Anybody Else Think.. (0)

Anonymous Coward | more than 11 years ago | (#6401307)

maybe a better question is, why does the CEO of a successful company waste time reviewing books for slashdot.


Did Timothy even check if he is, in fact, a CEO of this alleged company? Doing a quick google, I find a D Bruce Curtis that goes to high school in Florida (complete with lame-ass wannabe hacker website on geocities), but no CEOs.

AA++ (3, Insightful)

SweetAndSourJesus (555410) | more than 11 years ago | (#6401283)

It's hard not to be skeptical when you see a rating like that. I would think that a rating so high would be reserved for classics like "Applied Cryptography" and "The Art of Computer Programming". Is this book really of that caliber?

Maybe I'm just a little more stingy with my praise.

Re:AA++ (2, Informative)

rkhalloran (136467) | more than 11 years ago | (#6401704)

The parent almost rates a Troll; the first edition was definitely to the field what Schneier's and Knuth's was to theirs; Ches' honeypot suckered in more than a few would-be 'wily hackers' (hacking into BELL LABS was considered a Big Thing). The technology has moved on, but I expect the new version (the first one landed on my shelf just after publication) is, again, practical tactics and suggestions from people who have most definitely Been There...

yes! (1)

SweetAndSourJesus (555410) | more than 11 years ago | (#6401897)

Questioning a superlative, that's a Troll.

All I'm saying is that someone who uses a rating like "AA++" is likely given to exaggeration.

Re:AA++ (0)

Anonymous Coward | more than 11 years ago | (#6401948)

The first edition is widely regarded as being amongst the definitive works on internet security.

Re:AA++ (1)

BigBadDude (683684) | more than 11 years ago | (#6402248)

Well, I have read them all and yes, the first edition was ground-breaking.

BTW, it was infinitly more well written [that is, readable] than Knuths "Art of..." :)
Still today, if I need something fast, I rather look at Cormens "Introduction to Algorithms" and only if I dont find what I seek, I will open Knuths book. And where the hell is the fourth book ? :)

Re:AA++ (1)

Fosberry (527543) | more than 11 years ago | (#6402679)

AA++ is still a lower grade than AAA--, AAA-, AAA, AAA+, and AAA++. So the reviewer was holding back his praise.
-- Standard & Poors

VPNs / tunneling (4, Informative)

c64cryptoboy (310001) | more than 11 years ago | (#6401182)

Fwais 2.0 is an excellent overview of the current landscape and psychology involving intranet, vpn and Internet host security

For those who want a more thorough background in the crypto-related topics found in Fwais2 (VPNs, tunneling, TLS, etc.), check out: http://www.youdzone.com/cryptobooks.html [youdzone.com]

There are now 147 cryptography and cryptography-related books (90 reviewed). 29 of the books have on-line errata links, and 7 of the books are free to download in their entirety.

I BET YOU'D LIKE TO TUNNEL INTO MY ANUS, YOU FAG (-1)

Subject Line Troll (581198) | more than 11 years ago | (#6401485)

Great review - will be purchasing soon... (2, Interesting)

CodeMaster (28069) | more than 11 years ago | (#6401187)

At last a review that does not give you the classic "here is the index", and "the book has 3 parts, the 1st...".

Sounds like a really fun and informative read (i.e. not "secure your enterprise in 21 days"), will probably be on my reading list soon.

Thank!

Re:Great review - will be purchasing soon... (0)

Anonymous Coward | more than 11 years ago | (#6402754)

I thought this review sucked. He doesn't say who the target audience is, none of the shortcomings of the book are mentioned, nothing is said about how this edition differs from the first, etc. I suppose if you wanted to know these things you could read through the comments on Slashdot from when the first review for this book was posted. Maybe it's just me but I get the distinct impression that D Bruce Curtis, Ceo American Interconnect had somebody write this review for him and then posted it here and on Amazon specifically to promote his company, which doesn't seem to have a website that google knows about.

Oh my goodness! I finally get it for once. (5, Funny)

Jonsey (593310) | more than 11 years ago | (#6401199)

I get the joke finally! Internet Security

That's rich! : p

Re:Oh my goodness! I finally get it for once. (0, Funny)

Anonymous Coward | more than 11 years ago | (#6401227)

it's by the same guys who wrote Military Intelligence! lolololololololol!!!!!111

Score -2 NOT FUNNY (-1)

Anonymous Coward | more than 11 years ago | (#6401275)

You're pathetic. Really!

Firewalls will slowly stop working... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6401239)

Think about it. 10 years ago, nobody had very powerful firewalls. Now, almost all the ports are blocked with things that are so overly powerful like Windows's XP firewall. Eventually, we will be so scared of hackers that we will even close port 80 with new Norton Brutalwall. Honestly, I don't see why anyone would not have sex with Archie Bunker. I mean, come on. His dick is so supple it that I just can't help but fuck it with my cold, sweaty palms. It makes me feel like I'm working for the Vatican again! When it gets right down to it, props to all the slashdot trolls you're my homies my nizzles. Archie Bunker troll ownz you penisbird fewls! I mean come on, firewalls are too much nowadays. We should enforce stricter laws and create new hardware that fights hackers, instead of closing out all our damn ports. Palladium comes to mind.

Exceptional authors, but not an exceptional book (5, Informative)

Anonymous Coward | more than 11 years ago | (#6401240)

The book's strengths include sharing certain keen insights and summarizing key technical data. They repeat the conclusion that frequent password changes tend to decrease security, rather than improve it. They succinctly describe BGP and IPv6. They accurately explain that TCP sequence numbers count bytes of data, not packets -- unlike many other authors. Their case studies, while dating from the early 1990s, are the most enjoyable parts of FAWAIS 2.0. Like Avi Rubin's "White Hat Security Arsenal" (a better book), they cite scholarly work. Attention is paid to the firewall software of my favorite OS, FreeBSD, in ch 11.

On the negative side, the book is a mix of simplistic and advanced material. In some areas the authors start with basics, while in others they use terms like "black-hole" (p. 249) with little regard for newbies. The book seems disorganized; readers will find it hard to separate key points from normal text. The "forensics" advice, admittedly labeled as "crude" in ch 17, gives incomplete recommendations which do not reflect best forensic live response practices. (The "best thing to do" is "run ps and netstat" and then "turn the computer off"?) The authors are also very negative about the Windows OS, saying on p. 255 "We do not know how to secure them, or even if it is possible." While Windows is admittedly difficult to configure and operate securely, this statement is a cop-out. Better to direct readers to "Securing Windows NT/2000 Servers for the Internet" by Stefan Norberg. Examples with IPChains in ch 11 should have been updated with IPTables, or at least IPTables should not have been dismissed as being the same except for syntax.

FAWAIS 2.0 does contain useful information. I just think books like O'Reilly's "Building Internet Firewalls, 2nd Edition" and New Riders' "Linux Firewalls, 2nd Edition" are more helpful. Addison-Wesley's "White Hat Security Arsenal" is more enlightening, as well. Review FAWAIS 2.0 in a store before you commit to buying it -- you might find it helpful.

Re:Exceptional authors, but not an exceptional boo (0)

Anonymous Coward | more than 11 years ago | (#6401334)

Obligatory amazon.com plagiarism link [amazon.com]

Hello Moderators? (-1)

Anonymous Coward | more than 11 years ago | (#6401384)

On crack again? This is copy-pasted from amazon.com, look at the AC post above... why give +5?!

Re:Hello Moderators? (0)

Anonymous Coward | more than 11 years ago | (#6401538)

Perhaps because the slashdot review was also copy & pasted from Amazon (compare the /. one to the third review at Amazon)?

Re:Hello Moderators? (-1)

Anonymous Coward | more than 11 years ago | (#6401547)

Because it is informative? It was posted by a fucking AC so accusations of karma whoring are all a moot point. Assclowns.

Re:Hello Moderators? (0)

Anonymous Coward | more than 11 years ago | (#6401893)

i am the poster on the amazon site, you insensitive clod.

Parent is -1: Plagiarized (0)

Anonymous Coward | more than 11 years ago | (#6401518)

Please moderate accordingly!

Re:Exceptional authors, but not an exceptional boo (4, Interesting)

Zeinfeld (263942) | more than 11 years ago | (#6401683)

The book is probably useful mostly as an innoculation against the type of pseudo-security people often get hung up on. It is particularly useful in that it is written by some of the people who are frequently cited as the source of dogmas that they actually disclaim.

One of the commonly repeated security shiboleths is 'end to end' security. This is a good thing in the same way that it is a good idea to have a burglar alarm in your house. The problem is when people start claiming that you should ONLY have a burglar alarm and that locking your front door is a BAD IDEA.

Over ten years ago I was involved in a series of arguments over the need for shadow passwords in UNIX. Not only did most people not get that they were needed there was actual opposition to the idea, people would claim repeatedly that protecting the password file made a system less secure. This despite the fact that crack was already circulating and usually managed to break a sizable proportion of passwords.

I get rather worried by the way some network administrators seem to consider getting a firewall to be the end of their security issues. It is as if they think a firewall is a +5 amulet of invincibility. But I get equally woried when folk make the claim that firewalls are unnecessary, and there are some very expensive consultants who make that claim when their clients are not arround.

FOURTEENTH POST! (-1)

Anonymous Coward | more than 11 years ago | (#6401243)

FOURTEENTH POST!

Dammit! (-1)

Anonymous Coward | more than 11 years ago | (#6401340)

So close. Oh well, forty sixth post. Yea!

Oh, why even bother.

Re:FOURTEENTH POST! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401791)

Does Overrated ever get metamodded?

GAY NIGGER ASSOCIATION OF AMERICA, 2ND EDITION (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6401244)

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) Is Actively Seeking New Members.

Be a proud member of America's first GAY NIGGER ASSOCIATION.
For more information, make sure to stop by our official IRC channel,
#GNAA of EFNET.
If you are having trouble finding efnet servers, try connecting to irc.secsup.org or irc.isprime.com

Gay Niggers From Outerspace (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401429)

Is this your theme film then?

http://us.imdb.com/Title?0274518 [imdb.com]

Very nice book (0)

Anonymous Coward | more than 11 years ago | (#6401252)

I've bought a few other similar books before, but this is the only one that I've continued reading. The authors have balanced opinions, and don't feel the need to proselyte.

Actually, I gave away the book to a relative of my wife when in Romania, so I've got to buy a new one ;-)

No, you GNAA fool. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6401261)

It was renamed to Gay Niggers United (GNU).

GO to #gnu on irc.freenode.net for all our gclansmen.

Great review (5, Interesting)

tevenson (625386) | more than 11 years ago | (#6401271)

I loved the review and agree that it wasn't the normal run of the mill "here's the TOC and index" deal that we see far to often on Slashdot.

The real question is whether is goes into enough technical depth, I would say. I know reading overviews and general ideas is usually very useful and helpful in the short term (perhaps to sound knowledgable in a meeting?) but would this book really give you enough "technical prowess" to write your own firewall?

That's my only real concern, but a great review nonetheless.

Re:Great review (3, Insightful)

chef_raekwon (411401) | more than 11 years ago | (#6401569)

what i've found in the past is very similar to tevenson: techincal depth is lacking...all of the "concept" in the world won't help you build your own firewall...however, sample script files usually do...

if only the books would include samples, if nothing else, of an iptables based firewall, or even ipchains....some go indepth to talk about what the rules mean, but leave the rest for the reader to decipher -- and by this, i mean why the types of rules are being implemented, and why...

hopefully this rejuvenated title will help in this regard.

question about book (-1, Offtopic)

donald knuth troll (682408) | more than 11 years ago | (#6401277)

Did they use TeX to typeset this book?

Re:question about book (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6401724)

Nice troll. How about a RMStroll that corrects everyone that says Linux with "No it is GNU/Linux!!!"

Damn ... (5, Funny)

Sir Rhosys (84459) | more than 11 years ago | (#6401278)

Damn, I was thinking about buying this book, but it only got a AA++ rating.

I don't buy any books that don't get at least a AAAAAAAAAAAAAAA+++++++++++++ rating.

Books written by Fonzie ... (-1)

Anonymous Coward | more than 11 years ago | (#6401325)

have an "Aaaaayyyyyyyyyy!!!" rating

Re:Damn ... (1)

ted_nugent (226799) | more than 11 years ago | (#6405278)

Spend a lot of time on ebay, do ya?

book review (0)

Anonymous Coward | more than 11 years ago | (#6401279)

This one is a great addition to the book shelf, I know how to do certain things with firewalls by using the ipchains docs etc., but this book clarifies nicely why you are actually doing it and provides better ways of doing things that might not occur to you. Also, it introduces nice security concepts in a clear and easy way which even IT professionals might not have come across before.

Beautiful ----- MOD PARENT UP (-1)

Anonymous Coward | more than 11 years ago | (#6401449)

MOD PARENT UP

Re:Beautiful ----- MOD PARENT UP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401754)

Whenever I see someone write MOD PARENT UP I am always filled with visions of someone taking their parent and giving them a pair of leapord skin Creepers, a flight jacket, and a vespa covered with TrojanSkins stickers.

Few will understand this joke.

Re:Beautiful ----- MOD PARENT UP (0)

Anonymous Coward | more than 11 years ago | (#6403322)

Many understood, few found it funny, none laughed.

Firewalls (1, Insightful)

Anonymous Coward | more than 11 years ago | (#6401284)

Fact of the matter is (and I manage firewalls for a living) is that you can read all the books and white papers that you can find, but in the real world, nothing works like they say in books. Every firewall installation is different because every customer has different requirements. The book only serve as a general overview and in some cases, a how-to. But as I said, every VPN implementation and every rulebase is different. Until you get the trial by fire by working with firewalls yourself, no book can begin to tell you the absolute truth about how to implement anything. Firewalls, unfortunately are a very dynamic piece of the network puzzle and they require changes almost all of the time. Open up a port here, new VPN tunnel there, blcok this and allow that. Not to emtion that they have to play well with myriad other network devices like routers (ARP cache hell) and concentrators.
The books about this are all good and very well meaning, but to actually DO this stuff requires being there and being able to see exactly how things work. I've yet to pick up a book on firewalls that has really assisted me with anything beyond understanding the theory behind the digital curtain. Security is an ever changing business and it changes EVERY SINGLE DAY. By the time some of these books are publsihed, what held true with VPNs of one kind no longer holds true.
Read with an open mind, but unless the book is published by the firewall company itself, there is not alot there that will truly prepare you for the real world of firewall management.

Maybe you should actually read the book (4, Interesting)

MattW (97290) | more than 11 years ago | (#6401668)

-1, Clueless.

You should try actually reading the book before you speak in platitudes. I started Exodus's Managed Security Services group, which had thousands of firewalls under management when I left. Despite this book being published in 1994, it remained my #1 recommended reading on the topic of network security, right up until the end my time there in 2001. The principles are timeless, and for the discerning reader, they transcend firewall brands, configuration recommendations, or changes in protocols. It is a book about security principles, how layers of security interoperate, how human error and fallacy can wreck the best-designed security measures, and so on.

You'd be well advised to read it.

Trying to say that this book is not insightful because "security changes every day" is like trying to say that Knuth's Art of Computer Programming is not insightful because programming languages change all the time.

Re:Maybe you should actually read the book (0)

Anonymous Coward | more than 11 years ago | (#6402103)

I worked within Genuitys Managed Security Services department.

Same story - 'Cheswick and Bellovin' was regarded as a Bible.
Garfinkel and Spafford - "Practical Unix and Internet Security" was the other one.

Re:Maybe you should actually read the book (1)

BigBadBri (595126) | more than 11 years ago | (#6402799)

You're being a bit unkind.

The OP didn't really say that the book is no use, only that there's no substitute for experience.

You're dead right in that an understanding of the principles behind firewalling is essential for working with them, but he's dead right that only experience will allow you to deal with the requirements of the various users you'll come across (unless you go with a standard policy and refuse to change without exhaustive procedures, which happens to piss off most clients).

BTW, IAAFWG.

Re:Maybe you should actually read the book (0)

Anonymous Coward | more than 11 years ago | (#6405314)

BTW, IAAFWG


No, you are a dot com refugee. Fucking wankers who think they're a "guru" after five years really chap my hide.

You just lay down and let the big boys talk.

Re:Maybe you should actually read the book (1)

BigBadBri (595126) | more than 11 years ago | (#6412151)

Ooh! Get her!

Try ten years, Mr AC - back to the days of 9600 baud dial-up with packet filters.

Asshat.

Re:Firewalls (4, Insightful)

swb (14022) | more than 11 years ago | (#6401835)

These books should also come with a political section. At least once a month I get queries (often thinly-veiled demands from more senior executives) to make some network application "work through the firewall", when the applications in question are programs running on desktops or a milieu of non-business related functions (including one guy who wanted to run a game server "only over lunch").

From a technical perspective it's trivial to deny these requests, but from a political perspective it can get more challenging, particularly when the application has some kind of business application but needs either particular security scrutiny that hinders "ease of use" or is just a plain bad idea (ie, anonymous writable ftp site inside of a firewall).

Explaining the security implications in terms that non-technical users can understand is often impossible, particularly when the users are pre-convinced you just want to be a BOFH; they seem to only hear "blahblah you're stupid, blahblah I'm the boss and you can't have it".

Some, of course, are better than others and we're able to implement what they want to do in a way that satisfies security and functionality, but too often it just turns into political football.

You mean (5, Informative)

sulli (195030) | more than 11 years ago | (#6401287)

third edition? [slashdot.org]

(not often do we see dupe book reviews .. then again, I suppose it's fine to have multiple opinions on the subject.)

Also, note that this is identical to a review [amazon.com] (third one down, by the same guy it seems) on amazon. So it's a double-dupe!

Completely different, actually! (1)

goldspider (445116) | more than 11 years ago | (#6401473)

Completely different!

This one is the "Second Edition", with a rating of "AA++", whereas the one you refer to is the "2nd Ed.", with a rating of "9".

Re:You mean (0)

Anonymous Coward | more than 11 years ago | (#6401486)

Also, note that this is identical to a review (third one down, by the same guy it seems) on amazon.

Actually, I believe slashdot got trolled again. I think the "reviewer" simply cut & pasted the Amazon review, then submitted it to slashdot.

BTW, American Interconnect was a boiler-room telemarketing scam operation that was raided by the feds in the early '90s [thesmokinggun.com] (go down to about the 5th paragraph).

Re:You mean (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6401786)

MOD PARENT UP- Insightful!

Slashdot really did get tr0lled!

Re:You mean (0)

Anonymous Coward | more than 11 years ago | (#6402850)

I don't think it is the same company. This guy has contact information listing 6822 N. 35 th
Ave. #C Phoenix, AZ 85017 Phone (602) 973-8378. The telemarketing scam was based in NY.

Re:You mean (0)

Anonymous Coward | more than 11 years ago | (#6405023)

Yeah, I know. My point was that American Interconnect of Phoenix is a not a real company. Just a made up name for trolling purposes.

Re:You mean (1)

ilikecaffeine (567091) | more than 11 years ago | (#6401587)

A dupe of a dupe? That would means it's the third time. Does that make it a tripe?

*rimshot*

Re:You mean (1)

fobbman (131816) | more than 11 years ago | (#6402156)

It's also very interesting that the reviewer above (D Bruce Curtis, CEO of American Interconnect) is different than the reviewer from Amazon.com ("Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org").

Of course, I've learned over time to not trust people who go by "first-initial middle name".

Incorrect (1)

sulli (195030) | more than 11 years ago | (#6402205)

Actually the Amazon reviewer is also D Bruce Curtis from AICS,Phoenix,Az-USA. So I think the same guy submitted it to both Amazon and slashdot. Not quite the same as a pure troll (if it's a real troll, where's the goatse redirect?).

"not a how to book" (5, Funny)

burgburgburg (574866) | more than 11 years ago | (#6401310)

This is not a how to book written with step-by-step specific fill-in-the-blanks, connect-the-dots, detailed mechanical guidelines

What about a point-by-point, layer-on-layer, inch-by-inch, over-the-meadow-and-through-the woods, up-the-flagpole-and-see-if-anyone-salutes, nose-to-the-grindstone, pedal-to-the-metal, gun-crazed-kill-spree sort of a guideline? Would that apply?

Re:"not a how to book" (1)

Hubert_Shrump (256081) | more than 11 years ago | (#6407490)

only if it's full of shock-and-awe.

More reviews for this book (2, Informative)

Anonymous Coward | more than 11 years ago | (#6401318)

There are another couple of fairly decent reviews for this book here:

Security Forums Review [security-forums.com]

All in all not a bad book, perhaps a little disorganised, trying to fit too much in at once.

FWAIS? (0)

Anonymous Coward | more than 11 years ago | (#6401366)

Fast Wide Area Internet Search?

(Okay, so maybe I'm a bit old school.)

Re:FWAIS? (0)

Anonymous Coward | more than 11 years ago | (#6402409)

I worked for a dot-bomb company (posting anon. because I don't burn bridges) which insisted on using WAIS even though the author himself had declared two years previously that it was dead and no one should use it anymore. This was only the surface of their transgressions...

HOWTOs languishing (5, Insightful)

SuperBanana (662181) | more than 11 years ago | (#6401397)

You know, I've noticed that as linux grows more popular, the HOWTOs and mini-HOWTOs are in a pitiful state...yet books on Linux and networking are exploding on the market. When I first started with Linux, the HOWTOs were great sources of information- current, relevant...often funny, too.

Nowadays, they're languishing. Outdated to the point of near uselessness. Just today someone asked me if the Software RAID HOWTO was up to date or not- it was dated 5/8/2002 and referred only to kernel 2.2!

The networking howtos are worse- documentation for iptables/ipchains, and especially the QoS stuff, is SEVERELY out of date, incomplete, or just plain wrong. Dozens of kernel options or features have ZERO documentation, not even a help message.

Folks, if you find a howto that's really out of date, try to contact the author. If they're not interested in continuing to develop it, work with the Linux Documentation Project to see if you can take it over or if they have someone that can. At the very least, give the current author some 'patches'(if anything, if they don't make corrections, that's a good argument for finding a new maintainer.)

Re:HOWTOs languishing - LDP's fault? (0)

Anonymous Coward | more than 11 years ago | (#6401741)

The problem has always been the LDP insisting on docbook format. A lot of people are willing to do the writing. But learning another markup format, just for updating some out-of-date text, simply isn't worth the effort to a lot of us.

Maybe this has changed?

I totally agree about the kernel. ESR's project was actually cleaning this mess up. Pity some others can't be bothered with a few words on what their kernel option code actually does. Shame.

Re:HOWTOs languishing (0)

Anonymous Coward | more than 11 years ago | (#6401921)

I feel your pain - you make some very good points.

However, I'd like to point out that you should save that text and repost it next time there is a review of a _new_ book about linux or networking.

Cheswick and Bellovin - "Firewalls and Internet Security" was originally published in 1994. I don't think that it is at all fair to approportion any of the blame for the HOWTOs decline on this book. I wouldn't even be shocked to discover that linux didn't have firewalling code in '94. In addition, C&B is very well regarded in the internet security business. It actually looks at real-life scenarios and helps you to learn how to _think_ about security, rather than just how to _do_ security (which quickly becomes obsolete)

Re:HOWTOs languishing (2, Funny)

sean.peters (568334) | more than 11 years ago | (#6402257)

...and referred only to kernel 2.2!

What do you mean, only 2.2? I run Debian, you insensitive clod!

Sean

Re:HOWTOs languishing (1, Informative)

Anonymous Coward | more than 11 years ago | (#6402280)

I setup software RAID in linux like a week ago -- the howto had plenty of useful info. Between that and the relevant man pages, it was a snap

Re:HOWTOs languishing (0)

Anonymous Coward | more than 11 years ago | (#6404286)

Simple explanation.

There are open source developers who care about helping out newbies, and then there is the other 99.7%.

Starting Point (1)

darth_MALL (657218) | more than 11 years ago | (#6401436)

Would anyone recommend this as an "I know sweet FA about firewalls" learning/info book. I have some cursory (fundamental) knowledge, bu I would love to get my hands on a good implementation beginners guide. Any other recommendations would be appreciated.

Re:Starting Point (1)

Penguinshit (591885) | more than 11 years ago | (#6403808)

I'd recommend "Building Internet Firewalls, 2nd Edition" from O'Reilly & Associates. It can be found here: http://www.oreilly.com/catalog/fire2/

Then read the FAQ for your particular firewall implementation and by all means join a relevant mailing list for that implementation.

We're the Internet; we're here to help.

What is the best free FireWall software ? zone ??? (0)

zymano (581466) | more than 11 years ago | (#6401548)

zonealarm ?

Re:What is the best free FireWall software ? zone (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6401593)

The best firewall software would probably be if I set your fat, greasy mom on fire in a gasoline-filled trench, you stupid nigger!

OpenBSD? (2, Interesting)

mr.henry (618818) | more than 11 years ago | (#6402147)

Written with Freebsd in mind many of the techniques in this edition adapt well to other sources such as Linux, Os/X, Unix, NetBsd, and Solaris.

No love for OpenBSD [openbsd.org] ? It's arguably the best OS for security and firewalls.

Re:OpenBSD? (0)

Anonymous Coward | more than 11 years ago | (#6402366)

No love for OpenBSD? It's arguably the best OS for security and firewalls.


The authors says that OpenBSD is a very good choice for a securable operating system.

As of FreeBSD they say that some of the authors tend to use this operating system, which I suppose explain the emphasis on FreeBSD.

As of Linux they give examples using ipchains, and barely mention ipfilter, even though ipfilter is what they term a "dynamic packet filter". They don't like the word "stateful" for some reason. However, the authors believe that a dynamic packet filter is much superior to an ordinary packet filter.

AA++ ? ? (1)

yack0 (2832) | more than 11 years ago | (#6403353)

I think the reviewer is one of the same people that left me some feedback on eBay.

"Great seller, would use again, AAAAAAAAAAAAAAAAAAAAAAAA+++++++++++++++++++++++"

Not that using all the extra A's and plusses cheapens the use of A's and plusses. Just makes the user look like Mr. Dumas.

Re:AA++ ? ? (1)

Penguinshit (591885) | more than 11 years ago | (#6403822)

you mean the guy who wrote "The Count of Monte Cristo"?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?