Inside Network Perimeter Security: The Definitive Guide to Firewalls, Vpns, Routers, and Intrusion Detection Systems - Softcover

Review

Submarines handle awkwardly on the surface of the sea; airplanes are cumbersome when taxiing. Both modes of operation, however, are design requirements. Organizational computer networks have a similar requirement: they have to interface with other networks (thereby forming the Internet) in order to be useful. How network engineers manage their networks' perimeters has a lot to do with their usefulness, cost effectiveness, and--perhaps above all--security. Inside Network Perimeter Security concerns itself with this latter aspect of the connection to the outside world. It's carefully researched, cleverly written, and full of references to recent exploits and, more importantly, the trends they represent. The best details on emerging hack attacks will always be found online. This book takes a longer view, evaluating offensive and defensive technologies and offering well-reasoned advice on how to keep a network secure now and in the future.

Readers familiar with the previous work of the authors--particularly the highly respected Stephen Northcutt--will recognize the style here. It doesn't aim to teach you how to do much in particular--there are a few procedures, and some Cisco Internetwork Operating System (IOS) command listings--but rather tries to show how to think about networks and the data that comes from them. In a typical section, the authors analyze a log from Tiny Personal Firewall. They highlight the facts that are present in the log and the inferences that can be made from them. A similar style helps you master software tools and make network design decisions. This book is perfect for a network engineer wanting to improve his or her security skills for both design and administration purposes. --David Wall

Topics covered: How to design networks' borders for maximum security, and how to monitor them for unauthorized activity. After an introduction to firewalls, packet filtering, and access lists, the authors explain how to set up routers, special-purpose firewalls, and general-purpose hosts with security in mind. A large section has to do with security-conscious design, both for green field projects and existing networks that need expansion or improvement.

About the Author

Stephen Northcutt created the Shadow Intrusion Detection System, the DoD Shadow team, the GIAC Security Certification Series, and the SANS Immersion Security Training education system currently consisting of 11 tracks ranging from Security Essentials to Forensics. He authored, or teamed to write Incident Handling Step-by-Step, Network Intrusion Detection: An Analyst's Handbook, and Intrusion Signatures and Analysis. Before joining SANS, Stephen served as Chief for Information Warfare at the Ballistic Missile Defense Organization. Currently, he is an instructor for the SANS Institute.

Lenny Zeltser's work in information security draws upon experience in system administration, software architecture, and independent research. Lenny worked as a consultant to a major financial institution, co-founded a software company, and is presently a Director of Information Security at Kiodex, Inc. He has also written and presented coursework for SANS, reverse-engineered malicious software, and is an active member of several security GIAC certification advisory boards. Lenny holds a number of professional certifications such as MCSE, CCSE, GSEC, GCFW, GCIA, GCUX, and GCIH, and has earned a bachelor's degree in computer science engineering from the University of Pennsylvania.

Scott Winters has been working in all aspects of networking and computer security for 12 years. He has been an instructor, author, network engineer, consultant, and systems administrator and has worked with various perimeter security solutions, firewalls, and infrastructure designs. He has SANS GIAC GSEC, GCFW, and GCFW certifications, as well as MCSE, CNE, and Cisco CCNA and other technology certifications. Scott's other accomplishments include the authoring and editing of a SANS GIAC training and certification course and exam content. He has also been involved in the SANS GIAC mentoring program, and has served on the SANS GCFW Advisory Board.

Karen Kent Frederick is a senior security engineer for the Rapid Response Team at NFR Security. She holds a bachelor's degree in computer science from the University of Wisconsin-Parkside and a master's in computer science from the University of Idaho. Karen has more than 10 years of experience in various areas of IT, particularly system administration and information security. She holds four SANS GIAC certifications and also has the CCSA and MCSE + Internet certifications. Karen is one of the authors of Intrusion Signatures and Analysis (New Riders) and is a contributing author to the Handbook of Computer Crime Investigation (Academic Press). She also frequently writes on intrusion detection-related topics for SecurityFocus.com.

Ronald W. Ritchey is an authority in the areas of secure network design and network intrusion and regularly leads penetration testing efforts for Booz Allen Hamilton, where he has had the opportunity to learn first-hand the real-world impact of network vulnerabilities. He is also an active researcher in the field with peer-reviewed publications in the area of automated network security analysis. Ron holds a master's degree in computer science from George Mason University and is currently pursuing his Ph.D. in information technology at their School of Information Technology and Engineering. His doctoral research is attempting to automate network security analysis.