Slashdot Mirror
Firewalls and Internet Security, 2nd Ed.
Those familiar with this classic have undoubtedly recommended it to other hackers seeking a definitive text. Firewalls and Internet Security has provided a roadmap for security conscious sysadmins since its publication in 1994. It mixed sound policy recommendations with examples of UNIX-based implementations, all rooted in experience from working in AT&T corporate security.
Although many of the ideas laid out in the original edition are just as relevant in today's Internet, much has changed technically since 1994. Alas, this month Addison-Wesley has released a new second edition ... nearly complete rewrite (and 135 page expansion) of the original classic.
A glance at the new edition indeed reveals significant changes. Avi Rubin has been added as an author. The preface details some of the predictions made from the first edition... some of which came true, and others that didn't. Most sections have been vastly expanded, if not completely restructured.
Denial-of-services (DoS) attacks, infamous in the previous decade, are explored in greater depth. Replacements of deprecated tools have been given new sections (ssh is detailed following the chapter on the "r" commands, for example.) The myriad of enumeration tools available today are discussed (i.e., Nessus, hping, nmap).
Intrusion-detection tools, almost completely absent from the first edition, are given space in the new book, although not nearly as much as I would have liked. Much has been added on the subject of cryptography and authentication. Forthcoming standards like IPV6 and DNSsec are discussed.
Those who've read the original will recall the "Evening with Berferd." the chapter detailing a break-in the authors were able to watch and analyze in real-time. This inspired more than a few honeypot oriented projects. The second edition introduces a second real-world scenario, the "Taking of Clark," which illustrates forensic measures to be taken after after a host is compromised. Fans of Foundstone's Hacker's Challenge will find it familiar.
The defining thread across all of these topics is what makes this book a classic: the emphasis of the "why," not just the "how." Although the examples are mostly geared towards UNIX users, the guidance and policy suggestions are directly applicable to any platform where the reader is responsible for making security decisions.
Perhaps the greatest aspect of this book is its availability: it's on the web here. Those who are working in the security field, or those interested in it, will benefit from owning the hard-copy available from Addison-Wesley.
You can also purchase Firewalls and Internet Security, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
A guy called "O'Reilly" and he's building walls??
It gets me laughing every time I think of the ending to that episode.. Basil walking out of the hotel with the garden gnome under his arm..
"Where are you going Basil??!?"
"I'm just going to see Mr O'Reilly dear. Then I think I might go to Canada.."
(sick, just sick.. maybe even worse mental imagery than the goatse trolls can think up..)
The surest patching technique is, counterintuitively, to introduce another hole. Using your own choice of weapon.
Is the author really lamenting the release of the new book? (Perhaps Eater is actually a Wily Hacker?)
sulli
RTFJ.
At the time I was thinking of going into security consulting. I thought it would be best to really study up.
They live near Portland, Oregon, which is the home of the famous Powells bookstore, and Powells Technical Books, probably the best technical bookstore in the world. It's worth visiting Portland just to go to Powell's technical books.
So on a visit to the bookstore I bought a copy of 2600 just to see what the bad guys were up to. You know, so I'd be a better security expert.
Well, this got my parents really worried. They thought I was going to start cracking people's boxes. My mother, in a very frightened tone of voice, asked me to promise never to do that. I don't think they really believed that I was trying to learn about it so I could do a better job as a consultant.
Considering that the government can now force bookstores to reveal book purchases without either a search warrant or your knowledge, I would suggest purchasing the book (and any security books) from a brick & mortar bookstore, and paying cash.
If my mother thought I was studying it so I could become 31337, imagine what John Ashcroft might think.
Request your free CD of my piano music.
Say, have I ever told you about the time I hacked Steve Bellovin? I did? Oh, well, never mind.
After ten years of apprenticeship, Tenno achieved the rank of Zen teacher. One rainy day, he went to visit the famous master Nan-in. When he walked in, the master greeted him with a question, "Did you leave your wooden clogs and umbrella on the porch?"
"Yes," Tenno replied.
"Tell me," the master continued, "did you place your umbrella to the left of your shoes, or to the right?"
Tenno did not know the answer, and realized that he had not yet attained full awareness. So he became Nan-in's apprentice and studied under him for ten more years.
That is why gurus rejoice a good security book.
"I may be Love's bitch, but at least I'm man enough to admit it."
isn't that an oxymoron like "army intelligence"?
Only 'flamers' flame!