Firewall Fundamentals (Fundamentals (Cisco Press))

Books Details :

Author : Wes Noonan, Ido Dubrawsky
Paperback: 408 pages
Publisher: Cisco Press; 1st edition (June 2, 2006)
Language: English
ISBN: 1587052210
Product Dimensions: 9.1 x 7.3 x 0.9 inches

Book Description

The essential guide to understanding and using firewalls to protect personal computers and your network

• An easy-to-read introduction to the most commonly deployed network security device
• Understand the threats firewalls are designed to protect against
• Learn basic firewall architectures, practical deployment scenarios, and common management and troubleshooting tasks
• Includes configuration, deployment, and management checklists

Increasing reliance on the Internet in both work and home environments has radically increased the vulnerability of computing systems to attack from a wide variety of threats. Firewall technology continues to be the most prevalent form of protection against existing and new threats to computers and networks. A full understanding of what firewalls can do, how they can be deployed to maximum effect, and the differences among firewall types can make the difference between continued network integrity and complete network or computer failure. Firewall Fundamentals introduces readers to firewall concepts and explores various commercial and open source firewall implementations--including Cisco, Linksys, and Linux--allowing network administrators and small office/home office computer users to effectively choose and configure their devices. Firewall Fundamentals is written in clear and easy-to-understand language and helps novice users understand what firewalls are and how and where they are used. It introduces various types of firewalls, first conceptually and then by explaining how different firewall implementations actually work. It also provides numerous implementation examples, demonstrating the use of firewalls in both personal and business-related scenarios, and explains how a firewall should be installed and configured. Additionally, generic firewall troubleshooting methodologies and common management tasks are clearly defined and explained.

About the Author

Wesley J Noonan (Houston, Texas) has been working in the computer industry for over 12 years, specializing in Windows-based networks and network infrastructure security design and implementation. He is a Staff Quality Engineer for NetIQ working on their security solutions product line.

Ido Dubrawsky (Sliver Springs, MD) is a Senior Security Consultant with Callisma, an SBC subsidiary. He advises customers on a wide variety of security issues. Previously he was a Network Security Architect with Cisco Systems SAFE Architecture Team

Spotlight Reviews :

Reviewer: Joel E. Natt (Orlando, FL USA)

Firewall Fundamentals provides what I see as the first clear book in many years on the oldest known protection for the Information Technology field. Authors Wes Noonan and Ido Dubrawsky take the concepts of protection at the basic level and slowly walk the reader through protection and defense from the introduction of threats to the details of advanced firewalls like the Cisco PIX and ASA appliances to Microsoft's ISA application. While this book may to be advanced in nature, it explains in detail the simple items that make the understanding of Firewalls and their technology important. Even from the goal of the book "...personal and desktop..." where the authors clear state that no level will be untouched does this book make one feel comfortable and unafraid.

Considering that this is a Cisco Press, book it surprised me that the amount of non-Cisco detail the authors' included, from Checkpoint and Microsoft ISA in the larger areas to Trend-Micro in the smaller areas. These guys ensured in this book a level of detail and understanding that will guarantee a complete read; even a Security Engineer, like myself who has learned the advanced concepts and deployment methods/reasons for security, gained new insight into the world I work in. For both Noonan and Dubrawsky present the items I sometimes miss, the obvious and clear issues that the regular individuals encounter and need to help them.

Noonan and Dubrawsky start with the simple items and basic concepts slowly and adding to them while not forgetting the assumed reader. This book is divided into four sections including the Appendixes: The first of the major section as always the Introduction which covers the basics from what a threat is to the difference between a personal (computer) based firewall to a network firewall.

After the basics are covered the authors' begin moving into the how of firewall technology from the personal computer to the common home-office like Linksys and finally into the realm of small office and hardware that include the Cisco platforms. While these chapters may appear to focus more on the Cisco Products they do include important other chapters that deal with items like where a firewalls belongs within the network. Within this section of the book we see items as mentioned like the Linksys and Cisco products, but we also see NetFilter and other freeware and pay products including Microsoft's ISA and Checkpoint mentioned, configured and discussed in detail. Within Chapter 7 the Linux products that are slowly advancing in the industry due to their cost and availability are detailed with the NetFilter product. Flow-charts and diagrams again help to explain not only this product, but the key concepts behind firewall technologies and examples of scripting help individuals learn and understanding what should be occurring with the product.

Finally the last key section deals with the importance of Managing and Maintenance any Firewall. From policy management to troubleshooting they do not leave anything out. I personally found the chapter entitled "What is My Firewall Telling Me?" very different from what I would expect in a simple how to read the logs chapter. The authors took time to explain the concepts of logging, the importance and different methods to read the log. Again they showed that this is not a book that is Cisco centric on Cisco heavy by using products and screen shots of non-Cisco items like Microsoft and NetIQ.

What this book is missing is a disclaimer that while published by Cisco Press it is not entirely Cisco Centric and this is a good thing. Yes as many people know Cisco is a large player in the field of networking and information security these author's do everything to ensure a fair and equal play of the others I have mentioned before. I feel that if you where looking for a book to help anyone with a small or home office environment protect it, this is the book you need. While I found adding it to my collection a positive and enjoyable experience, I can only hope that you will too.

Reviewer: John Matlock "Gunny" (Winnemucca, NV)

Perhaps the most striking thing about this book is that it is not totally Cisco based. Often books from Cisco Press seem like they are really Cisco manuals that have been rewritten. When I picked this book up I was expecting to see nothing but the Cisco PIX Firwall and of course the new Adaptive Security Appliance (ASA). And yes, Chapter 6 is on the PIX/ASA Firewall. But then you go to Chapter 7 and it's about Linux based firewalls that can be put on a basic generic PC at a dramatically lower cost.

Also, somewhat surprising to see a chapter on what you might call personal firewalls, where it specifically covers the firewall that comes with Windows XP and the very popular Trend Micro's PC-cillin.

Basically this excellent book starts with a definition of firewalls, what they are, what they are supposed to do, why they sometimes fail. In short everything you need to know about firewalls. This includes some information that goes down to the basics of TCP/IP through what the screens look like for setting up the common firewalls. I also liked where he talks about points where some experts don't agree with others. When they do this, they point out the good and bad points of both positions.

All in all, an excellent book that meats the goals of discussing the fundamentals of firewalls.

Reviewer: W Boudville (US)
So what is a firewall? Noonan and Dubrawsky explain, at a sophisticated level far deeper than a "Dummies" book. Starting with the basics. Namely, why you should have one. As a major defense against a bevy of malware attacks on your network. These include worms, Trojans, Denial of Service and the always popular and pernicious social engineering.

Given this motivation, the book classifies the different types of firewalls available. There are various ways to do this. One is simply to divvy up all firewalls into software, appliance or integrated classes. Another method, which might be more meaningful, focuses on the technology used by a firewall. Regardless of whether it's provided by hardware or software. The technology classification gives you packet filtering, NAT, circuit level, proxies, stateful and others. To understand the distinctions, the book also gives a quick education about TCP/IP.

One noteworthy take home message provided by the book is that a NAT firewall is a pretty simple functionality. It really doesn't give that much protection, despite what you might read elsewhere on the Web. The details given in the book should disabuse you on relying on a NAT as your firewall.

I looked and looked for a Cisco bias in the book. It comes from ciscopress.com, after all. But the authors furnish a pretty objective analysis. Yes, at various points, they talk about what Cisco provides in this arena. But Cisco is a major player, and needs to be discussed. It's a disservice to the reader to omit it. Plus, other vendors also get fair play, like Trend Micro or Microsoft.