Media praise for Building Internet Firewalls

"Attacks against Internet-connected systems continue to grow in volume, seriousness and complexity. For this reason, firewalls have become a common focal point for a site's Internet security plan. As the popularity of these devices grows, so does the number of commercial products on the market, and the complexity of their configurations. Building Internet Firewalls addresses some of these complicated issues and offers a practical guide to the implementation of a strong firewall.

"Chapman and Zwicky provide step-by-step explanations on how to design and install various firewall configurations. They do not evaluate or endorse any particular commercial products. In a very readable style, they describe how to configure the numerous Internet services such as E- mail, File Transfer Protocol (ftp), and the World Wide Web (www). Provided with these steps are setup examples and the authors' suggestions for rules and resources based on their experience in the field. The text is complemented by sufficient descriptive diagrams and figures for visual interpretation.

"D. Brent Chapman is a US consultant specializing in Internet firewalls. His experience is based on his design of firewall systems for a wide range of clients, in which he used a variety of techniques and technologies. He is perhaps best known as the moderator/manager of the Firewalls Internet mailing list and newsgroup Elizabeth D. Zwicky is a senior system administrator at Silicon Graphics and the president of the System Administrators Guild (SAGE). She has been doing large-scale UNIX system administration for 10 years. Both have contributed their wealth of experience and insight to make this book a very useful document for both the experienced system administrator and the Internet novice. This book is aimed at those who need to implement firewall solutions, but it is also an excellent source of information for anyone concerned about Internet security.

"For the most part, the book is platform independent, i.e., because most of the information provided consists of general principles, it will be applicable regardless of what equipment, software or networking is in place or planned for. The most platform-specific issue is a discussion of what type of system to use as a bastion host. There is a strong UNIX orientation to the specific examples in the book, due partly to the TCP/IP-based technology involved and partly to the authors' experience base.

"The book is divided into four parts, each building on the other. Part I reviews the global problems of Internet security and focuses on the theory of firewalls as a component of an effective strategy to solve some of the problems. This part will be especially useful for managers of sites or systems that are considering Internet connections. Part II describes how to build firewalls and configure services to run with them. Part III gives advice on how to establish site security policy, maintain firewalls and handle security problems. This will be especially useful for security administrators who are having difficulty getting management and users to accept the policy. Part IV consists of three appendixes with additional useful information, such as resources and a summary of the best freely available firewall tools and how to get them. Appendix C, which contains excellent background information on TCP/IP, a requirement for anyone setting up a firewall, is perhaps the most detailed part of the book.

"SEIT recommends this book as a primer on firewalls. The authors have undoubtedly produced an in-depth examination of Internet security issues, and this book will serve to raise the awareness levels of many system managers. Given its level of detail and relevancy, it may well serve as the definitive work on the subject of firewalls for years to come."

--Review by David Black, Information Technology Security Bulletin, RCMP IT Security Section,