Firewalls and Internet Security: Repelling the Wily Hacker (Addison-Wesley Professional Computing (Paperback))

ClanBrandon Books
view more info on this item
click here for more details, find new or used items

William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin

Our price £22.79 (£37.99)
New from £21.65
Used from £17.34

Pages: 464 (Paperback)

ISBN: 020163466X

Pub: Addison Wesley

Pub date: 2003-03-04

Amazon.co.uk Sales Rank: 181260
Check for 3rd party sellers (new/used)

Editorial Review:


Essential information for anyone wanting to protect Internet-connected computers from unauthorised access. Includes:

  • thorough discussion of security-related aspects of TCP/IP;
  • step-by-step plans for setting up firewalls;
  • hacking and monitoring tools the authors have built to rigorously test and maintain firewalls;
  • pointers to public domain security tools on the net;
  • first-hand step-by-step accounts of battles with the "Berferd" hackers; and
  • practical discussions of the legal aspects of security.

--Jake Bond

Reader Reviews:


4/5 stars

Firewalls & Internet Security: Interesting reading (9/9 people found this helpful)

Firewalls & Internet Security: Second Edition
Repelling the Wily Hacker
(Addion Wesley)
William R. Cheswick
Steven M. Bellovin
Aviel D. Rublin

The introduction starts with security truisms a section on picking and defining a security policy. This deals with ethics, strategies and different methods such as host or perimeter security. It touches on encryption and DMZs.

Chapter 2 then gives an overview of TCP/IP covering some common
basic infrastructure protocols. Starting with IP addressing and TCP, the chapter progresses routing, DNS and NAT. It ends with potential risks associated with wireless security.

The third chapter deals with the upper layers. A major focus here is mail transport protocols such as SMTP and the dangers associated with MIME encoded messages. The daemon used in context is sendmail and mail relaying is described. An introduction to RPCbind and NFS are presented along with the dangers of remote access including FTP, SSH and Rlogin.

Chapter 4 is entitled 'the web: threat or menace?' This explains
risks from activeX and javascript through to server side scripting.

The fifth section deals with classes of attacks which covers some
interesting contemporary subjects such as social engineering, backdoors, authentication failures and virii. There are four pages describing what to do about a denial of service attack which descibes a logical approach to mitigating an attack.

Chapter 6, 'the hacker's workbench' goes into more detail about
hacking tools and techniques. Methods such as scanning, rootkits
and clearing logs are described along with popular tools such as
nmap and juggernaut.

The seventh chapter deals with authentication methods whilst
the eighth deals with protecting existing services. Chroot and
jailing apache to restrict it to a certain directory. I found this section extremely beneficial to myself due to working with web servers and at the time had not implemented this solution.

Chapters 9 and 10 cover firewalls/VPNs and filtering respectively, with 11 giving examples of ipchains scripts with well written comments and chapter 12 concentrating on VPNs and tunneling.

The next sections deal with network layout in an organisation, best practices and secure hosts and clients.

Intrusion detection systems are covered in chapter 15 briefly
with the popular snort mentioned.

This leads into chapter 16 entitled 'an evening with bereford'
which is an interesting read into a security breach. Logs
of the breach are presented along with an alternative approach
from the sysadmin to 'play along' with the hacker. The next
chapter deals with another compromised system and the forensics
associated with the attack.

The eighteenth chapter covers cryptography with the final section
a small mention of the future including IPv6.

I found the book very interesting in places especially when you
can relate back to similar incidents yourself. Although the later sections are written with references to the first chapters they can be read seperately if wanting to focus on a certain area.

Along with the sections containing actual code, the firewalling
section for example, the theory sections also give good arguements and implementations which got me thinking about some of my current setups and how I could be vulnerable to certain attacks.

Personally I think its very easy to overlook internet security and be ignorant to the fact that it wont happen to you, or assume
that a firewall is enough and insecure hosts behind it will be fine.

After dealing with security breaches at work both externally for clients and internally its changed the way I think about security and this book has opened me to even more different paths

I would recommend the book for anyone who would like to learn about the different areas of internet security and for those who already have experience.

5/5 stars

*nix fans step right up! (3/3 people found this helpful)

For the budding unix administrator who still needs to learn the finer details of network protocols, and more to the point, how the various *nix systems handle them, this is the perfect book, along with this is throws in a good insight into common mistakes and exploited failures made when setting up a system. In a day and age when security is everything, this is a highly recomended book.

5/5 stars

Indepth to the very end... (2/2 people found this helpful)

This was very useful, describing the true aspects and functionality of network security. If your using NT / *NIX or a hardware solution for your gateway/firewall configurations, this book will get your thoughts racing.

Not for the mild hearted, it does require a certain amount of knowledge of networking and security, but stick with it...

2/5 stars

Designed withUnix in mind only (1/7 people found this helpful)

This book is great if you use Unix but forget it if you use NT. It had little or none examples

5/5 stars

Great book! (1/1 people found this helpful)

Any administrator will instantly relate with the authors as they describe their own experiences. Buy this book and save yourself the trouble of reinventing the wheel!

Similar Products

Building Internet Firewalls

Practical UNIX and Internet Security

Hacking Exposed 5th Edition: Network Security Secrets and Solutions (Hacking Exposed)

Secrets and Lies: Digital Security in a Networked World

Security in Computing

Categories

Amazon.co.uk places this book into the following categories:

Books -> Subjects -> Computing & Internet -> Networking & Security -> Security -> Cryptography & Encryption
Books -> Subjects -> Computing & Internet -> Networking & Security -> Security -> Network Security
Books -> Subjects -> Computing & Internet -> Networking & Security -> Security -> Firewalls
Books -> Subjects -> Computing & Internet -> Networking & Security -> Security -> General AAS
Books -> Subjects -> Computing & Internet -> Networking & Security -> General AAS
Books -> Subjects -> Computing & Internet -> General
Books -> Subjects -> Computing & Internet -> Digital Lifestyle -> Online Shopping -> Amazon
Books -> Subjects -> Computing & Internet -> Digital Lifestyle -> Internet Searching -> General AAS
Books -> Subjects -> Computing & Internet -> General AAS
Books -> Subjects -> Computing & Internet -> Software & Graphics -> General AAS
Books -> Special Features -> Regular Stores -> Books for Study Special Offers
Books -> Special Features -> Search Inside!
Books -> Refinements -> Language (feature_browse-bin) -> English
Books -> Refinements -> Age (feature_two_browse-bin)
Books -> Refinements -> Format (binding_browse-bin) -> Paperback
Books -> Refinements -> Condition (condition-type)

 

ClanBrandon Books | Prague airport transfer | Dreamweaver | Short Term Missions | English Teacher Jobs in the Czech Republic
Czech Republic | Operation Mobilisation | Czech Republic Map