Firewall Fundamentals
Reviewer Name: Joel E. Natt, Information Security Engineer
Firewall Fundamentals provides what I see as the first clear book in many years on the oldest known protection for the Information Technology field. Authors Wes Noonan and Ido Dubrawsky take the concepts of protection at the basic level and slowly walk the reader through protection and defense from the introduction of threats to the details of advanced firewalls like the Cisco PIX and ASA appliances to Microsoft’s ISA application. While this book may to be advanced in nature, it explains in detail the simple items that make the understanding of firewalls and their technology important. Even from the goal of the book “…personal and desktop…” where the authors clearly state that no level will be untouched does this book make one feel comfortable and unafraid.
Considering that this is a Cisco Press book it surprised me the amount of non-Cisco detail the authors’ included, from Checkpoint and Microsoft ISA in the larger areas to Trend-Micro in the smaller areas. These guys ensured in this book a level of detail and understanding that will guarantee a complete read; even a security engineer like myself who has learned the advanced concepts and deployment methods/reasons for security gained new insight into the world I work in. For both Noonan and Dubrawsky present the items I sometimes miss, the obvious and clear issues that the regular individuals encounter and need to help them.
Noonan and Dubrawsky start with the simple items and basic concepts slowly adding to them while not forgetting the assumed reader. This book is divided into four sections including the Appendixes: The first of the major section as always the Introduction which covers the basics from what a threat is to the difference between a personal (computer) based firewall to a network firewall.
After the basics are covered the authors’ begin moving into the how of firewall technology from the personal computer to the common home office like Linksys and finally into the realm of small office and hardware that include the Cisco platforms. While these chapters may appear to focus more on the Cisco products, they do include important other chapters that deal with items like where a firewall belongs within the network. Within this section of the book we see items as mentioned like the Linksys and Cisco products, but we also see NetFilter and other freeware and pay products including Microsoft’s ISA and Checkpoint mentioned, configured and discussed in detail. Within Chapter 7 the Linux products that are slowly advancing in the industry due to their cost and availability are detailed with the NetFilter product. Flow-charts and diagrams again help to explain not only this product, but the key concepts behind firewall technologies and examples of scripting help individuals learn and understanding what should be occurring with the product.
Finally the last key section deals with the importance of Managing and Maintaining Firewalls. From policy management to troubleshooting they do not leave anything out. I personally found the chapter entitled “What is My Firewall Telling Me?” very different from what I would expect in a simple how to read the logs chapter. The authors took time to explain the concepts of logging, the importance and different methods to read the log. Again they showed that this is not a book that is Cisco centric or Cisco heavy by using products and screen shots of non-Cisco items like Microsoft and NetIQ.
What this book is missing is a disclaimer that while published by Cisco Press it is not entirely Cisco centric and this is a good thing. Yes, as many people know Cisco is a large player in the field of networking and information security. These authors do everything to ensure a fair and equal play of the others I have mentioned before. I feel that if you are looking for a book to help anyone with a small or home office environment protect it, this is the book you need. While I found adding it to my collection a positive and enjoyable experience, I can only hope that you will too.