Review of Internet Firewalls and Network Security

Internet Firewalls and Network Security
Karanjit Siyan and Chris Hare
New Riders Publishing

Reviewed by Nick Christenson,

June 29, 1998

There are a large number of truly good books out there on computer and network security. Unfortunately, Internet Firewalls and Network Security is not one of them. It's not so much that there's anything incorrect or truly wrong in this book, although my own feeling is that many of the topics the authors emphasize are not the topics that would be most helpful to most network security practitioners, but that there are a number of books that are just so much better that I can't recommend the reader spend any of their valuable time with this one.

The first section is titled "Background Information". It provides such information as background on basic networking, Unix configuration, the Department of Defense Orange Book criteria, and designing a network policy. The Unix and networking stuff is routine, but passable. In my opinion, the background material in many other security books is better written. I found the information on basic security lacking as well, and I don't think the DoD security classifications mean much once the computer they are being applied to is hooked up to a network. The section on security policies is actually quite good, and I can recommend this portion to those struggling to create such a document for their organization from scratch. Unfortunately, it's not enough to make me recommend this book.

The second section covers routers and firewalls. The only way in which this section even holds a candle to such excellent security books as Firewalls and Internet Security by Cheswick and Bellovin or Building Internet Firewalls by Chapman and Zwicky is in its coverage of existing commercial systems like Firewall-1 and Gauntlet. However, it's my opinion that that in this case the discussion of commercial offerings covers for a lack of new insight into these issues.

The third section is the appendix which covers other sources of information. This is primarily a list of security tools which may be of use to a system administrator. It's relatively straightforward and there are no striking presences or omissions as compared to everyone else's list.

I don't really have anything else good to say about this book. Even the section I like most, on security policy, is mostly a workbook surrounding RFC 1244, the Site Security Handbook. There's very little new, interesting, insightful, or even especially well explained in this book. The only way I can recommend it is if someone started reading Firewalls and Internet Security, found it way too tough, and needed something more basic to sink their teeth into first.


While there aren't any factual errors or serious omissions, Internet Firewalls and Network Security adds little to the collective understanding of network security issues. It's mostly a fairly basic regurgitation of material that is better presented in other sources. The section on designing a site security policy is fairly thorough, nonetheless, there isn't anything sufficiently interesting here to make me think that perusing this book would be worth most people's time.

Click here to return to the index of reviews.