Shop now Shop now Shop now  Up to 70% Off Fashion  Shop all Amazon Fashion Cloud Drive Photos Shop now Learn More Shop now Shop now Shop Fire Shop Kindle Shop now Shop now

Your rating(Clear)Rate this item

There was a problem filtering reviews right now. Please try again later.

on 17 April 2003
Firewalls & Internet Security: Second Edition
Repelling the Wily Hacker
(Addion Wesley)
William R. Cheswick
Steven M. Bellovin
Aviel D. Rublin
The introduction starts with security truisms a section on picking and defining a security policy. This deals with ethics, strategies and different methods such as host or perimeter security. It touches on encryption and DMZs.
Chapter 2 then gives an overview of TCP/IP covering some common
basic infrastructure protocols. Starting with IP addressing and TCP, the chapter progresses routing, DNS and NAT. It ends with potential risks associated with wireless security.
The third chapter deals with the upper layers. A major focus here is mail transport protocols such as SMTP and the dangers associated with MIME encoded messages. The daemon used in context is sendmail and mail relaying is described. An introduction to RPCbind and NFS are presented along with the dangers of remote access including FTP, SSH and Rlogin.
Chapter 4 is entitled 'the web: threat or menace?' This explains
risks from activeX and javascript through to server side scripting.
The fifth section deals with classes of attacks which covers some
interesting contemporary subjects such as social engineering, backdoors, authentication failures and virii. There are four pages describing what to do about a denial of service attack which descibes a logical approach to mitigating an attack.
Chapter 6, 'the hacker's workbench' goes into more detail about
hacking tools and techniques. Methods such as scanning, rootkits
and clearing logs are described along with popular tools such as
nmap and juggernaut.
The seventh chapter deals with authentication methods whilst
the eighth deals with protecting existing services. Chroot and
jailing apache to restrict it to a certain directory. I found this section extremely beneficial to myself due to working with web servers and at the time had not implemented this solution.
Chapters 9 and 10 cover firewalls/VPNs and filtering respectively, with 11 giving examples of ipchains scripts with well written comments and chapter 12 concentrating on VPNs and tunneling.
The next sections deal with network layout in an organisation, best practices and secure hosts and clients.
Intrusion detection systems are covered in chapter 15 briefly
with the popular snort mentioned.
This leads into chapter 16 entitled 'an evening with bereford'
which is an interesting read into a security breach. Logs
of the breach are presented along with an alternative approach
from the sysadmin to 'play along' with the hacker. The next
chapter deals with another compromised system and the forensics
associated with the attack.
The eighteenth chapter covers cryptography with the final section
a small mention of the future including IPv6.
I found the book very interesting in places especially when you
can relate back to similar incidents yourself. Although the later sections are written with references to the first chapters they can be read seperately if wanting to focus on a certain area.
Along with the sections containing actual code, the firewalling
section for example, the theory sections also give good arguements and implementations which got me thinking about some of my current setups and how I could be vulnerable to certain attacks.
Personally I think its very easy to overlook internet security and be ignorant to the fact that it wont happen to you, or assume
that a firewall is enough and insecure hosts behind it will be fine.
After dealing with security breaches at work both externally for clients and internally its changed the way I think about security and this book has opened me to even more different paths
I would recommend the book for anyone who would like to learn about the different areas of internet security and for those who already have experience.
0Comment| 13 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 9 June 1999
This was very useful, describing the true aspects and functionality of network security. If your using NT / *NIX or a hardware solution for your gateway/firewall configurations, this book will get your thoughts racing.
Not for the mild hearted, it does require a certain amount of knowledge of networking and security, but stick with it...
0Comment| 3 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 20 December 1999
For the budding unix administrator who still needs to learn the finer details of network protocols, and more to the point, how the various *nix systems handle them, this is the perfect book, along with this is throws in a good insight into common mistakes and exploited failures made when setting up a system. In a day and age when security is everything, this is a highly recomended book.
0Comment| 3 people found this helpful. Was this review helpful to you?YesNoReport abuse
on 16 November 1998
Firewalls and protocol analysis are two subjects which would ordinarily be dry, dull and sleep-inducing reading. This book manages to hold the reader's interest from cover to cover, throwing in anecdotes and the tale of berferd to illustrate points of network security. Even if you think you know all there is to know about security, this book is required reading for any network professional.
0Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse
on 21 October 1998
Covers the weaknesses of TCP/IP and higher protocols in good detail. Occasionally difficult for the beginner but definitely manages to keep the interest up. Made me want to know much more about TCP/IP.
0Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse
on 27 December 1998
Any administrator will instantly relate with the authors as they describe their own experiences. Buy this book and save yourself the trouble of reinventing the wheel!
0Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse
on 20 January 1998
This book reads like a good novel. It's informative, and easy to read. It gives a good feel about the "true system administrator" and the issues and goals he/she faces. Eventhough the book needs a newer edition, I'd quickly recommend it to anyone who needs a good book on internet security.
0Comment|Was this review helpful to you?YesNoReport abuse
on 17 February 1997
The book is excellent detailing obscure aspects of internet
hacks. It lack views of other operating systems, but this
work of Bellowin an Cheswick is Superb!!.
0Comment|Was this review helpful to you?YesNoReport abuse
on 30 March 1999
This book is great if you use Unix but forget it if you use NT. It had little or none examples
0Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse

Customers also viewed these items

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.

Sponsored Links

  (What is this?)