Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks, Routers and Network Intrusion Detection (Inside (New Riders)) [Paperback]

The books effectively straddles several difficult bordelines, that
adds significant value to it. For example, authors manage to not
express their preferences and provide coverage for both Windows and
UNIX, free and commercial software. Moreover, the book has both
valuable hands-on exercises (right down to 'permit icmp any any
packet-too-big' and 'SEC-6-IPACCESSLOGP') and strategic business
aspects (choosing the network design based on business and industry
requirements).

The book goes well beyond perimeter defense, stretching onto security
monitoring, incident response, vulnerability analysis, security audit
and network performance. Especially fun was a chapter devoted to the
"adversarial review". Security vs performance seem to be a timeless
conflict. The chapter is dedicated to this important aspect of
security design, covering performance impact of various security
technologies.

The important advantage of the book is real-life examples, case
studies and sample network security designs. They are given a thorough
evaluation, both from defender's and attacker's prospective. However,
some currently popular attacks are not given sufficient attention (such
as web hacking and malware). That seem to stem from the fact that in
the book infrastructure defense takes priority over information
protection. Apparently, the books focuses more on defense and
prevention (and thus is less valuable for those seeking to cause
computer mayhem).

Overall, the book is of great value to security novices and the
experienced professionals as well. The latter can use the book as a
complete guide for secure network design, implementation and
maintenance (extensive troubleshooting information is provided) under
real-life constraints. Even when most things in the book might already
be familiar, the added value is in integrated holistic approach to
network security presented by the true experts in the field. It
appears that is can make an effective study guide for SANS GCFW
certification.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major
information security company. His areas of infosec expertise include
intrusion detection, UNIX security, honeypots, etc. In his spare time
he maintains his security portal info-secure.org

With 18 years in the IT field, I have had the "blessing" of using literally thousands of vendor manuals, after-market "self-help" books, tutorials, resource kits and the like; covering operating systems, programming languages, networking, security, applications and utilities. Until now, I've found that I can invariably stick each one into one of my three "personal" review categories.

1. Idiot's Guide - information so general that the only people who could possibly derive any value from it are those who can best be evaluated on a performance review as: "Can IDENTIFY a computer 2 out of 5 times without assistance".

2. Trivial Pursuits - jam-packed with obscure tricks, keyboard shortcuts, links to Easter Eggs, and advanced functions that 98% of users will never have legitimate use for. Tries to be all things to all readers, and fails miserably. You wind up kicking yourself for paying [money] for 800 pages, and only using 5 of them.

3. Guru Goulash - so specific and/or technical that there are perhaps 100 people on Earth who can make sense of - and properly apply - the information it contains. You wonder why the author didn't save a boatload of paper and email a pdf to those 100 people, since he/she probably knows most of them. However, the author could have increased the value 100-fold simply by writing "cleanly" and intelligibly. IBM System 360 manuals, anyone?

BUT: after reading Inside Network Perimeter Security, I may have to develop a new category. The authors have hit the elusive "Sweet Spot"! A book that covers a broad range of topics within the IT Security field, is cleanly written to provide an introduction to these areas to an InfoSec novice; yet with enough "meat" to challenge a seasoned professional to dig a little deeper - and more importantly, to think a little harder.

Firewalls, VPN, routers, and IDS systems are all covered with just enough general information for a new practitioner, then go deeper into the concepts involved with concrete, real-world examples. How each of these components contributes to the idea of a securable "perimeter" is well explained. Most importantly, how each component interacts with, supports, supplements and complements each other as defensive measures is a crucial concept.

The entire tome is wrapped in the mantra of "defense in depth", undoubtedly the most valuable component of an effective IT security program, with real-life case studies to drive home the concepts. This has been done without getting to the level of specificity that limits the audience to either "Guru" or "Idiot" level. In this case, the "middle ground" and the "high ground" have found a commonality of purpose.

I applaud the manner in which diagrams, screen dumps, and example listings have been used. Normally, I find that these often distract from the written information. Here, they have been used judiciously, and effectively highlight the information being presented. The only thing better would be a companion disk with interactive screens to demonstrate the concepts.

Frequent use of "Tips" and "Notes", in conjunction with the aforementioned Case Studies, makes this an excellent long-term reference. This is my personal yardstick of the value of a book - will I come back to it repeatedly?

In the case of Inside Network Perimeter Security, the answer is a resounding YES. I expect to use this book as a solid reference for some time to come; and will undoubtedly use it a prime source in training my security team.

The SANS organization is known and respected as the premier proponent of IT Security. The authors, all members of SANS, have hit yet another home run with Inside Network Perimeter Security. The lack of a companion CD-ROM with extended examples, text version of the book, interactive screens, and perhaps some eval software; is the only thing that prevents it from being a "Grand Slam". Perhaps for the Second Edition?

C. Farley Howard; GSEC, CISSP

The style is very enjoyable and effective. A vast amount of real world experience is shared, often with interesting anecdotal stories. The authors engage you on a one on one basis and converse with you as if you are a close colleague. They discuss many of the commonly used approaches to provide security, but with the important added feature of discussing the critical thought processes that go into what aspects are weak and strong. This is a rarely shared benefit within the technology field that is crucial for learning how to become or remain a competent security practitioner. As an example, in one section two different designs created by students of the SANS firewall class are presented. The book discusses specifics about the designs and where the student's approach is adequate and alternatives that could be considered as improvements depending upon the circumstances. Good technical details are provided along the way, but the core strength is that the reader is taught how to think through problems to be solved instead of just given the answers with no idea about how to derive them on their own. The reader should be able to reason through new security challenges they may face in the future that may not be covered by any existing book or article by applying the wealth of information provided. This book is good at exploring some of the possibilities and encouraging thought provoking ideas about new ways to secure the enterprise, while realizing that sometimes risks must be accepted or mitigated.

Some of the interesting topics covered are: hardening of routers, networks, and computers, intrusion detection, vulnerability assessment, host-based firewalls, virus detection software, the process of design, centralized monitoring, log analysis and event correlation, network troubleshooting, and security policy. I found the appendix on Network Air Gaps very well written and interesting as it discusses an emerging new category of protection device with its own special developing niche.

As with any book, publishing deadlines mean that some new developments in the security field are not reflected within the content. Specifically, the Gauntlet Firewall has been subsequently sold by Network Associates to Secure Computing who is now merging it with its own Sidewinder firewall. Also, the fact that SunScreen Lite is bundled with Solaris 8 is mentioned, but the fact that the full version of SunScreen firewall is included with Solaris 9 is not presented. These types of deficiencies will afflict any book discussing products. Any practitioner should be independently researching and evaluating promising products no matter how they are first discovered anyway. These issues do not detract from the immense contribution this tome provides to the field of security.

This book is a gold mine of years of SANS knowledge in a well-packaged and digestible form. If you don't need this book, then you are not concerned with computer security.