Firewalls and Internet Securtiy, Second Edition Repelling the Wily Hacker
by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin
Addison-Wesley, 2003
433 pages

review by Ken Dyke

The first edition appeared in May of 1994. It went on to become a classic covering real world computer system security. In the years since then and now the world has experienced the Dot Boom (and the Dot Bust). This second edition is a major re-write and expansion over the first.

The book begins by laying out the philosophy and engineering culture that has emerged for treating system/network security. Taken hand in hand with the Unix philosophy as described by esr in The Art of Unix Programming one is then armed with a powerful worldview for solving problems in a manner that ratches forward.

After laying out this approach to systems design the authors conduct a protocol by protocol review from a security prospective. There is a healthy mix of examples taken from the real world to illustrate the points they wish to make.

While it is much easier reading than the actual RFCs that describe the protocols themselves it is still technical stuff. I think most everyone would greatly benefit from reading the philosophy but one may want to get a little more knowledge about systems and networks before attempting to make sense of the rest of this book. A good time might be immmediately after setting up your first LAN.

For the professional this book serves as an excellent review that WILL find gaps in your knowledge base. If you are responsible for building or maintaining systems that are exposed to any sort of risk, do yourself and the organization you are with a favor and read this book. Consider it a progress test. Remember security is a process to which there is no final solution.