Title Building Internet Firewalls (2nd Edition) Authors Elizabeth D. Zwicky, Simon Cooper, & D. Brent Chapman Publisher O'Reilly Publication Date June 2000 ISBN 1-56592-871-7 Price $44.95 (U.S) Pros Well presented, easy to understand, and full of concise, useful information. Cons Lack of coverage for "out-of-the-box" security solutions. Verdict Whether you're new to Internet firewalls or already a network security ace, this book is a great reference to have at hand.

This book presents firewall technologies, architectures and designs in a way that is easy to understand, detailing not only how firewalls work but exactly what they can and can't do for you. It also explains how to configure them on your Windows NT, Windows 2000, Unix or Linux-based networks. Most importantly, it shows you how to maintain them, so you won't be left with a firewall that does little but gather dust.

One aspect of this book I particularly like is that it gives instructions for using your existing computers in a more secure way, not just describing what equipment will be needed if you're starting from scratch. It also shows how to configure your firewall and why, without assuming a huge budget or a lot of expertise. The writers have taken into account that money, administrative abilities and time available for securing a network vary, doing a great job of presenting the available options and listing the pros and cons of each.

Once you've got a feel for how a firewall works and how to set one up, the book continues with a great reference: detailing nearly 100 network services and how to deal with them in a firewall environment. It demonstrates how to secure services such as HTTP, e-mail, file transfer, file sharing and remote access, to name just a few. The layout of the book is great. I especially like how, at the end of each section, the authors give recommendations for whether you should block a given service or, alternately, how you can provide it securely.

I found the information provided in Building Internet Firewalls to be general enough to allow me to use it in my existing setup right away, even though my company's proxy software is very obscure. At the same time, this book is detailed enough to take you through some of the finer points of securing your operating system explicitly--the mix is just right.

	Have you read this book? Rate it below!

After reading this book, I decided to take action and use a few of the settings and concepts on the proxy server at our work. Within 48 hours, log files were showing an unauthorized and unsuccessful attempt to access the network from the Netherlands, and the next day, a similar attempt from Los Angeles. Thanks in large part to the information I found in the book about packet filtering and how to restrict services, I was able to identify and remove a great deal of the vulnerabilities found in my proxy server. Our LA-based attacker spent 30 minutes of his (or her) life trying to exploit a hole that wasn't there, and in the process slipped up along the way, allowing one of the logging capabilities I had just enabled to identify them and pass the information on to the hacker's ISP.

I highly recommend adding this book to your library--the information you will find inside is well worth the price of admission. The only shortcoming I found is the lack of coverage for "out-of-the- box" security solutions. While, in most cases, you'd be better off assessing your personal needs and designing a system to meet them, there are a lot of networks running these devices. Even so, it's not a major drawback because the book educates you in a way that you will be able to assess each device or program yourself and make an educated judgment as to its efficacy. Building Internet Firewalls does a great job of providing in-depth detail as well as plenty of how-to info. Whether you're new to Internet firewalls or already a network security ace, this book is a great reference to have at hand.

Have you read this book? Let us know what you think! Rate it below or visit our Forums.