---------------------------------------------------------------------- Date: Mon, 18 Jul 1994 01:37:32 MDT From: Rob Slade Subject: Book Review: "Firewalls and Internet Security" by Cheswick/Bellovin BKFRINSC.RVW 940502 Addison-Wesley Publishing Company P.O. Box 520 26 Prince Andrew Place Don Mills, Ontario M3C 2T8 416-447-5101 fax: 416-443-0948 Heather Rignanesi, Marketing, x340, 73171.657@Compuserve.com or Tiffany Moore, Publicity tiffanym@aw.com Bob Donegon bobd@aw.com John Wait, Editor, Corporate and Professional Publishing johnw@aw.com Tom Stone, Editor, Higher Education Division tomsto@aw.com Philip Sutherland, Schulman Series 74640.2405@compuserve.com Keith Wollman, Trade Computer Group keithw@aw.com Lisa Roth Blackman, Trade Computer Group lisaro@aw.com 1 Jacob Way Reading, MA 01867-9984 800-822-6339 617-944-3700 Fax: (617) 944-7273 5851 Guion Road Indianapolis, IN 46254 800-447-2226 "Firewalls and Internet Security", Cheswick/Bellovin, 1994, 0-201-63357-4, U$26.95. firewall-book@research.att.com ches@research.att.com smb@research.att.com The Internet has a reputation for a lack of security. Those books which mention security on the Internet generally suggest setting up a firewall machine in order to protect yourself, but stop short of giving anything resembling details of how to do such a thing. Cheswick and Bellovin not only give practical suggestions for firewall construction, they also address other aspects of Internet security, as well. Part one gives a basic background, both of security, and of TCP/IP. If you didn't think you needed security before, you will after reading chapter two. Part two details the construction of firewall gateways, as well as authentication, tools, traps, and cracking tools for use in testing the integrity of your system. Part three discusses attacks, and the logging and analysis, thereof. The book also looks at legal aspects, secure communication over insecure links, resources and various helpful information. Although the book deals specifically with TCP/IP, the concepts, which are the parts stressed, are applicable to any network-connected systems. This is probably destined to become one of the security classics within its specialized field.