How This Book Is Organized

How This Book Is Organized

This book is organized into three sections. Section 1 is a brief introduction to our principles of security and risk management in which we explain how firewalls work, how they should be set up, and some sample recipes for various firewall configurations. If you're new to firewalls or need a refresher, this is a good section for you to read. If you're an old hand with firewalls, you can probably skip this section and move on to Sections 2 and 3.

Section 2 is about troubleshooting and diagnostic methodologies. The intent here is to pass on troubleshooting methods and tools to reduce the amount of effort involved with troubleshooting and implementing a solution. The goal for this section is to teach you how to figure things out for yourself, to do it quickly, and to be able to repeat that process in the future. In Section 2 we explain how the key element to solving problems is to methodically reduce variables and to start with the simplest explanation first.

Section 3 contains the specific troubleshooting chapters in the book. This is where the troubleshooting guides reside. It should be possible to just flip open the book to any part of Section 3 and follow the instructions to diagnose and fix the problem. The goal of the section is to be a fix-it manual for even the least technically adept user . We believe this gradual procession to the final section of our book provides enough background information to make the process of troubleshooting second nature to the reader.

With regard to the issues of making this material as approachable as possible, we make no assumption about the reader's knowledge about good firewalling, risk management, and computer security practices. An important thought hopefully not lost on the reader is that firewalls and other security devices should be managed with a great deal of forethought and knowledge. Failure to understand a protocol or the consequences of allowing it through your firewall could have disastrous consequences.

However, we do understand that time is short, and sometimes you have to fix the problem and come back to it and understand what effect it has later. Nevertheless, with that said, along with our deepest empathy for all the overworked systems engineers out there, it is very easy to make changes to security models, firewalls, and other security technologies that can have profound and dangerous implications on the security posture of your network if you do not understand what those changes do. This book is not meant to be a replacement for competent technical security advice. There is much to be said for understanding how the products you support work, and firewalls are all the more important to fully grasp. If you're having trouble understanding the guts of your firewall, you could be in for trouble. When in doubt, you can never know too much, so avail yourself of all the information you can get your hands on about information security principles, risk management, and specifically firewall fundamentals. Given the propensity of organizations to rely solely on their firewalls for the lion's share of their security needs, it's critical that the firewall be configured in the most secure manner possibleit could be all that stands between your network's continued normalcy and high-pressure down time.