Penguin Power!
Buy Linux distributions at discount prices!
Linux| Perl| PHP| Webserv| Databases| Sysadmin| Programming| Filesystems| Java| Webprog
News from Slashdot
Therapy Over IP Draws the Young, Isolated

Ask Slashdot: How To Deal With Refurbed Drives With Customer Data?

Three Unexpected Data Points Describe Elementary School Quality

WSJ Says Pro-ACTA Forces Helped Drive Anti-ACTA Reactions

Google Close To Launching Cloud Storage 'Google Drive'

FAA Bill Authorizes Surveillance Drones Over US

The Lack of Scientific Philanthropy In Japan

TomTom Satnavs To Set Insurance Prices

EPIC Sues FTC Over Google's Planned Privacy Changes

What Scorpions Have To Teach Aircraft Designers


Related products:

Linux iptables Pocket Reference Linux iptables Pocket Reference


Building Linux Virtual Private Networks Building Linux Virtual Private Networks

LINUX Routers: A Primer for Network Administrators LINUX Routers: A Primer for Network Administrators

Hacking Linux Exposed, Second Edition Hacking Linux Exposed, Second Edition

Linux

Linux Firewalls (3rd Edition)

Linux
Format: Paperback
Author: Steve Suehring
ReleaseDate: 14 September, 2005
Publisher: Novell Press
Rating:

Excellent addition to the SysAdmin's bookshelf
If you're concerned about security, then you will want a copy of "Linux Firewalls" handy. If you are a system or network administrator, then you're concerned about security. In spite of its title, "Linux Firewalls" is about more than just firewalling.

After introductory material about firewalls, and how packet-filtering firewalls work, Suehring and Ziegler dive into creating firewalls with iptables: Enabling services, blocking attacks, optimizing firewall rules, etc. They spend a decent amount of time looking at forwarding and NAT. They demonstrate some possible network setups of varying complexity, and show how to write iptables rules for those environments. The remaining third of the book explores other security tools, such as TCPDump, Snort, and AIDE. Kernel "enhancements" SELinux and GrSecurity are discussed briefly. If that sounds like a lot of material to cover, it is. The book weighs in at over 500 pages, but it's laid out such that it's pretty easy to get to the information you need quickly. The authors have done a good job presenting such a large amount of material in a clear, easy-to-grasp fashion. Also, the book includes links to further resources in highlighted boxes is the text, and collected in an appendix, if you need to go into greater depth on a particular topic.

The book is full of useful tips. For example,in the discussion of the LOG target, they explain the technique for extracting the iptables messages from the noise in /var/log/messages and directing them to their own log. This is a question that comes up repeatedly on the iptables mailing list. The trick is to use the "--log-level" switch and configure syslog to write items that come through with the specified log-level to a seperate log. You still get the occasional false positive this way, but it sure beats slogging through all the noise in /var/log/messages.

I do have a couple of criticisms to make of the book. For example, to start the firewall at boot time, the authors recommend ieither using the "iptables save" function (Red Hat), or adding a line to rc. local. The problem with the former is that "iptables save" is, as the authors point out, not terribly reliable. Furthermore, if you're using a script to generate your firewall rules, then your rules are already saved. The problem with rc. local is that then the firewall will start after the network is up and services are listening. I prefer to write an init script and use the chkconfig utility (Red Hat/SuSE) to bring up the firewall rules before the network. The biggest omission from the book is any information on bridge firewalls. A bridge can be very useful for putting a transparent firewall onto your network. I am surprised that there is not even a mention of bridging, or ebtables (the userspace bridge tools), since bridging is now part of the standard kernel. Iptables can also be made to work with the bridge module. Pointing out this omission may not be a completely fair criticism: I have yet to see a firewall book that covers bridging with Linux and ebtables (or iptables).

Nonetheless, "Linux Firewalls" is a very nice addition to my library. This book will live either on my desk, or on any easily-accessed shelf nearby.

DISCLOSURE: The publisher sent me a copy of this book for review. .


A solid text


This isn't a general purpose security book, nor does it waste paper with lots of "filler" sections. Don't be fooled by the Novell Press label, this book isn't about Novell firewalls - it's about Linux firewalls. If you're completely new to security, read this in conjunction with a general text on (Linux) security.

This book is about firewalls and their associated underlying theory. In fact, it's a well written, detailed book about Linux firewalls. Many such texts are quite dry. However, Steve Suehring has a much more readable, frank, down to earth and, yes, amusing, approach that I find very refreshing.

While it also introduces complimentary security systems, such as intrusion detection systems, it doesn't try to explain any of these extras in great depth. Nor should it. Instead, it provides enough information for the reader to assess the benefits and links to more detailed information.

Whilst content is important, I believe that presentation is too. This book, unlike some, is well laid out and easy on the eye. Personally, being extremely picky, I like to see a list of figures and tables, but that's just me :)

All in all, a good book.


Well written and useful
I used it more as a reference, but it did solve some problems. This book has been useful to me in the past and I'm sure it still holds some value now. .


Go to lyrics-now.com for music lyrics and song lyrics.
Bass and guitar tablatures: Fretplay.com, Guitar tabs, Bass tabs, Fresh tabs, How to read tabs
Plan your travel and holiday here: Travel Helper!