Foreword

In the beginning, there were router access lists…

Then the next firewalls evolved into application proxies. The best definition of a firewall in its simplest form is by Steven Bellovin a co-author of Firewalls and Internet Security: Repeling the Wily Hacker. In this book Steven wrote "Firewalls are barriers between us and them for arbitrary values of 'them'."

With firewalls becoming a chokepoint of the network, they define what is to be trusted and what is not. The untrusted elements range from the standard hackers, spammers, and crackers, to a Human Resources department of an organization deeming the rest of the company "untrusted", to even the conventional chokepoint of a company trusting only itself, and not deeming the Internet "trustworthy or safe". Today firewalls have evolved into more than just a simple chokepoint. Firewalls include all sorts of different solutions: hardware, software, intrusion detection, desktop solutions, and so forth. As technology has evolved, the number of options that users have to choose from has increased exponentially. The Best Damn Firewall Book Period provides readers with a guide to the most popular firewall technology implementations.

Before you dive into the various firewall implementations, we recommend that you spend some time reading "Part I: Introduction to Network Security & Firewalls". Part I delves into network security basics, the different types of firewalls, and provides a brief introduction to intrusion detection systems (which should be part of any efficient and effective defense in depth security strategy).

After the Part I, the book is broken down into the following:

• Part II Linux & Solaris Firewalls

• Part III PIX Firewalls

• Part IV: Check Point NG and Nokia IP Series Appliances

• Part V ISA Server

• Part VI Intrusion Detection

This is not a "best of the marketing documentation" for various solutions and vendors. If you need marketing documentation, that's always available from the vendor's Web site. This book is about implementing various solutions on a technical level. This book is great for those system administrators, network administrators, and security administrators who are looking for how various firewall systems work, and how they can help secure your network. Each section provides detailed information with regards to the technical implementations of each firewall, in order to assist you in determining the strengths of each solution, and deciding which implementation would be best for your network.

Before you do pick a firewall, make sure you know that:

1. A firewall is not the end-all, be-all of network security.

2. Your firewall is only as strong as your security policy.

3. Make sure you educate your system administrators, management, and users regularly

Audience

The Best Damn Firewall Book Period is written for the system administrators and network administrators as these are the individuals who are going to be offering the recommendations and implementing the security solutions. Most of this book is quite technical, however this book could be considered a great overview of the variety of security concepts, exploits, and solutions for network security engineers. It provides some basic information about firewalls, as well as plenty of technical details that give you the nuts and bolts of how the various firewalls work.