Product: 0672327716

Ever since the early 90s, when the Internet phenomenon exploded, security became an issue, since the number of exposed machines grown exponentially. This also led to an inevitable increase in the amount of books being written on the subject, thousands and thousands of pages targeting both simple end users, interested in protecting their home LAN, and network administrators, responsible to keep the gates of huge castles and companies well guarded against dragons and hackers. Among them, Linux Firewalls definitely stands out, both for its quality and readability. Despite being 10 years old, it still represents a must have for any network and system administrator interested in learning how to defend the perimeter.

Definitely targeting network professionals, on the contrary of many titles out there, Linux Firewalls tackles security from all sides. True, it is a text mainly focused on iptables, but it’s not a reference, which is what the official man pages have been written for. The authors do instead cover security in a broad sense, from designing secure networks, depending on size and value of the services being protected, up to security incident response.

Throughout the three parts of the book (which is actually made of four parts, considering the appendixes), we make the acquaintance of iptables through an example that, overall, is a good starting point for the reader to build upon its own firewall configuration. Each and every network protocol (ok, not every protocol…) is analyzed individually from the perspective of the gateway firewall. The authors share their expertise and show us the challenges we network administrators must face when that specific service is served either locally or remotely and how securely iptables can control it, if it can.

Talking about shared expertise, I have particularly enjoyed the emphasis that the authors give not only to preventing malicious traffic from entering our network, but also to preventing it from leaving our gates, be it purposely generated or not. The chapters dedicated to investigating and reporting successful intrusions were ice on the cake.

It’s pretty hard to find something wrong with this title. If I must, well I think that more space should have been dedicated to both NAT and mangle tables. True, NAT has its own chapter dedicated but still, overall, they are really given a small share of the cake.

A must have for any system/network administrator willing to understand how to secure his perimeter. This text is more than just firewalling; it’s a concentrate of precious notes from a veteran to avoid newbies pitfalls. It definitely deserves an honored place in the bookshelf.

As usual, you can find more reviews on my personal blog: http://books.lostinmalloc.com Feel free to pass by and share your thoughts!
Rating: 5
0672327716
Count: 7