Slashdot Mirror
Firewalls and Internet Security, 2nd Ed.
Those familiar with this classic have undoubtedly recommended it to other hackers seeking a definitive text. Firewalls and Internet Security has provided a roadmap for security conscious sysadmins since its publication in 1994. It mixed sound policy recommendations with examples of UNIX-based implementations, all rooted in experience from working in AT&T corporate security.
Although many of the ideas laid out in the original edition are just as relevant in today's Internet, much has changed technically since 1994. Alas, this month Addison-Wesley has released a new second edition ... nearly complete rewrite (and 135 page expansion) of the original classic.
A glance at the new edition indeed reveals significant changes. Avi Rubin has been added as an author. The preface details some of the predictions made from the first edition... some of which came true, and others that didn't. Most sections have been vastly expanded, if not completely restructured.
Denial-of-services (DoS) attacks, infamous in the previous decade, are explored in greater depth. Replacements of deprecated tools have been given new sections (ssh is detailed following the chapter on the "r" commands, for example.) The myriad of enumeration tools available today are discussed (i.e., Nessus, hping, nmap).
Intrusion-detection tools, almost completely absent from the first edition, are given space in the new book, although not nearly as much as I would have liked. Much has been added on the subject of cryptography and authentication. Forthcoming standards like IPV6 and DNSsec are discussed.
Those who've read the original will recall the "Evening with Berferd." the chapter detailing a break-in the authors were able to watch and analyze in real-time. This inspired more than a few honeypot oriented projects. The second edition introduces a second real-world scenario, the "Taking of Clark," which illustrates forensic measures to be taken after after a host is compromised. Fans of Foundstone's Hacker's Challenge will find it familiar.
The defining thread across all of these topics is what makes this book a classic: the emphasis of the "why," not just the "how." Although the examples are mostly geared towards UNIX users, the guidance and policy suggestions are directly applicable to any platform where the reader is responsible for making security decisions.
Perhaps the greatest aspect of this book is its availability: it's on the web here. Those who are working in the security field, or those interested in it, will benefit from owning the hard-copy available from Addison-Wesley.
You can also purchase Firewalls and Internet Security, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
"Perhaps the greatest aspect of this book is its availability: it's on the web here." That should put that in the article.
Karma: Bad due to google bombing - Robert Watkins woz 'ere.
This is, without a doubt *the* bible for the subject. Got mine 2nd hand from a car boot years ago, and it lives on my desk permanently. I'd love to see how it's been updated, and whether there are any new additions similar to the Berferd tracing story. The short scripts for scanning subnets etc were great too. Well, well, worth reading.
I know, this one could talk less about firewalls and windows and more about unix, but anyway, is good to see in what is better and in what not.
different league. This is about security from the ground up, such as choosing passwords, where holes lie, even how they traced a real live hacker ("berferd"). How services are installed, AT&T Research's real life setup etc etc... Read this one first, then get the O'Reilly one.
Only the first edition of the book is available on the web in full at http://www.wilyhacker.com/1e/
The second edition appears to be only available in hard copy, for the full purchase price, although there are some chapter excerpts available for download.
For anyone looking for more information on IDS's or Intelligent IDS's than is covered in the new book, take a look at the white paper on Intelligent IDS's at SecurityProfiling.
Personally, i think it's one of those books that grows with you. I got when i was just starting network administration, and things like the Berferd story, and what DMZ's were, etc, though just out of my grasp, interested me enough to find out what terms meant, and it's certainly easy enough to skip sections as you go along. The shell script examples are easy enough to follow, and should be fairly simple to modify for a beginner. Take the plunge, i promise you won't regret it. (it also has one of the clearest explanations of public key crypography too...)
To be fait, i think the fact that you can go and read it for free means that very little has to be said, other than "go see". And it's well worth it too :)
Yes. Well, at least the cover cartoon is new.
http://www-fp.aw.com/bigcovers/020163466X.jpg
-sig
It took us about 8 years to put the full text of the first edition on line. It's a marketing call, which we mostly leave up to our publishers. I don't think we will be putting the full text of the second edition up for quite some time.
ches
Firewalls are great when you can trust all your insiders. That's rarely the case.
Not exactly. Firewalls are great when you can't trust all your outsiders, which is always the case. It's just that you need more, besides the firewall, to deal with the internal problems.
Real-time intrusion detection systems also help out, but fail when:
* insiders do the job -- they're not "intruding"
The IDS belongs on the same network with the resources (servers) so that they see all activity, internal as well as external.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
I had the pleasure of attending LinuxForum 2003 (in danish) this weekend, where Cheswick talked about internet security. His slides can be found here and his entire talk is here. I must say that he is a very funny and interesting person.