Most helpful positive review
13 of 13 people found the following review helpful
Firewalls & Internet Security: Interesting reading
on 17 April 2003
Firewalls & Internet Security: Second Edition
Repelling the Wily Hacker
William R. Cheswick
Steven M. Bellovin
Aviel D. Rublin
The introduction starts with security truisms a section on picking and defining a security policy. This deals with ethics, strategies and different methods such as host or perimeter security. It touches on encryption and DMZs.
Chapter 2 then gives an overview of TCP/IP covering some common
basic infrastructure protocols. Starting with IP addressing and TCP, the chapter progresses routing, DNS and NAT. It ends with potential risks associated with wireless security.
The third chapter deals with the upper layers. A major focus here is mail transport protocols such as SMTP and the dangers associated with MIME encoded messages. The daemon used in context is sendmail and mail relaying is described. An introduction to RPCbind and NFS are presented along with the dangers of remote access including FTP, SSH and Rlogin.
Chapter 4 is entitled 'the web: threat or menace?' This explains
The fifth section deals with classes of attacks which covers some
interesting contemporary subjects such as social engineering, backdoors, authentication failures and virii. There are four pages describing what to do about a denial of service attack which descibes a logical approach to mitigating an attack.
Chapter 6, 'the hacker's workbench' goes into more detail about
hacking tools and techniques. Methods such as scanning, rootkits
and clearing logs are described along with popular tools such as
nmap and juggernaut.
The seventh chapter deals with authentication methods whilst
the eighth deals with protecting existing services. Chroot and
jailing apache to restrict it to a certain directory. I found this section extremely beneficial to myself due to working with web servers and at the time had not implemented this solution.
Chapters 9 and 10 cover firewalls/VPNs and filtering respectively, with 11 giving examples of ipchains scripts with well written comments and chapter 12 concentrating on VPNs and tunneling.
The next sections deal with network layout in an organisation, best practices and secure hosts and clients.
Intrusion detection systems are covered in chapter 15 briefly
with the popular snort mentioned.
This leads into chapter 16 entitled 'an evening with bereford'
which is an interesting read into a security breach. Logs
of the breach are presented along with an alternative approach
from the sysadmin to 'play along' with the hacker. The next
chapter deals with another compromised system and the forensics
associated with the attack.
The eighteenth chapter covers cryptography with the final section
a small mention of the future including IPv6.
I found the book very interesting in places especially when you
can relate back to similar incidents yourself. Although the later sections are written with references to the first chapters they can be read seperately if wanting to focus on a certain area.
Along with the sections containing actual code, the firewalling
section for example, the theory sections also give good arguements and implementations which got me thinking about some of my current setups and how I could be vulnerable to certain attacks.
Personally I think its very easy to overlook internet security and be ignorant to the fact that it wont happen to you, or assume
that a firewall is enough and insecure hosts behind it will be fine.
After dealing with security breaches at work both externally for clients and internally its changed the way I think about security and this book has opened me to even more different paths
I would recommend the book for anyone who would like to learn about the different areas of internet security and for those who already have experience.