Book Review: Personal Firewalls for Administrators and Remote Users By Lisa Yeo
Title: Personal Firewalls for Administrators and Remote UsersAuthor: Lisa YeoPublisher: Prentice Hall PTR, 2003ISBN: 0-13-046222-5Price: $34.99 US
From the title it may seem that [Personal Firewalls for Administrators and Remote Users] was written for administrators and users of business networks. However, as more people take advantage of "always on" Internet connections, they are becoming de facto administrators. Remote users are no longer only connecting to work from their home or a hotel room. Computers and wireless connections can now be found at schools, the local library, and the corner coffee shop. Unfortunately, as access has grown, so have the associated risks. [Personal Firewalls for Administrators and Remote Users] covers personal firewalls as a means to mitigate some of that risk. Lisa Yeo has also included security and networking basics, log reading and troubleshooting. While ipchains and iptables are mentioned, Linux firewalls are far from the main focus. Nonetheless, the book is well written and clear. Figures and tables are frequently used to clarify the author's point, but are not overused.
The first two chapters on security and networking basics are a primer of essential information for any technical discussion of firewalls. You may already be familiar with the information presented in these chapters and choose to skip past them. However, they are a brief and easy read. The detail was sufficient to keep me interested, but not so great that it would cause a novice's eyes to glaze over. It makes good foundation for the chapters that follow, establishing working definitions and a common viewpoint for the author and reader.
While the other chapters are very useful and add value, I found the section on personal firewalls to be particularly well crafted. As one would expect, Network Address Translation (NAT), packet filtering, stateful inspection and application proxy are discussed, as well as blocking on attack signature and intrusion detection. Each approach is described in an easy to understand manner. Diagrams are included to illustrate the process. The author explains how each method is implemented in personal firewalls, and where they fit in the design of a secure environment. She gives advantages, disadvantages, and examples of products using the particular method. A few example ipchains and iptables rules are provided, as well as listing Linux based application proxies and intrusion detection systems. Even though most methods can be implemented with "built-in" capabilities of Linux, the examples frequently involve add-on software.
The author points out that NAT, blocking on attack signature detection, and intrusion detection are not really part of firewalling. However, they are included in the discussion, since corporate firewall solutions and personal firewall products often include these functions. She explains that even though it is not a firewall, dynamic NAT may offer some protection. Aside from crafting source routed packets there should be no way for an external host to initiate contact with an internal one.
The next two chapters cover the use of personal firewalls at home and work. The topics covered include risk identification, needs assessment, and firewall management. Licensing, software configuration and distribution are also discussed. Together these chapters present a good discourse on the differences between business and home firewall implementations.
The author appears to be very keen on logs and has dedicated a chapter to them. She begins with a convincing argument about why you should log, and then presents a well-written tutorial on reading them. This is one point where the reader will need the background information covered in the networking basics chapter. While many programs have their own log format, they contain much of the same information, source and destination addresses and ports, protocol, date and time. Next she demonstrates how to use logs to identify configuration errors and monitor traffic as well as identify, report and respond to scans and attacks.
In "Configuration Options", the selection of an appropriate level of protection, dropping vs. rejecting packets, legitimate traffic, maintaining and updating software are addressed. There is a nice discussion on stealthing, passive finger printing and tarpits. Yeo encourages the reader to be a good Internet citizen and participate in an online security community. She also discourages aggressive responses to suspected attacks.
The section on troubleshooting is invaluable. It covers techniques that should be used when beginning to troubleshoot any networking problem. The author describes each step, including the expected results, and then presents a table summarizing them. Next she examines some common pitfalls resulting from installing a firewall including broken services such as DNS and FTP and what happens when ICMP is completely blocked. The symptoms and possible resolution are given for each of these issues.
The Appendix and bibliography present additional information that readers may find useful. The Appendix is a review of fourteen firewall products, grouped into hardware and software solutions. For each product, the author offers a brief description and discusses their features, strengths, and weaknesses. As mentioned before, Yeo is keen on logging and includes a description of each product's logging capabilities. Anyone interested in further reading should check out the resources listed in the bibliography.
This book is really about much more than personal firewalls. Lisa Yeo has included a discussion of networking and security basics, and a tutorial on troubleshooting. While the intended audience may be administrators and remote users, the true audience is broader than the title implies. In the context of this book, an administrator could be anyone who has networked his or her home computer, and a remote user may be anyone using a computer for work outside the office. The topics are presented in a clear manner. While the author does discuss features, benefits and uses for the various products, she does not attempt to compare the merits of one product over another, nor recommend which solution is best for you. With the knowledge gleaned from this book, and an understanding of your own situation, you should be able to make an informed choice.