Authors: Michael and Scott Shinn
Addison-Wesley Professional (December 14, 2004)
ISBN: 0321227239
369 pages
Troubleshooting Linux Firewalls is definitely a book that I would like on my bookshelf. As I have had Linux on my home system for the last five years, I have always had a mild interest in security, and since I have a toy server at home that I tinker with for testing purposes, I have had to learn a bit about the Linux firewall. By using a Linux system as my desktop computer at home, I also connect through my own firewall to the Internet. This book is aimed at potential and current users of Linux kernel-based firewalls.
Quite surprisingly, the book starts out with a very detailed description of the security model. It describes what a firewall is and how to determine what an organisation's security posture should be. The Shinn brothers explain that, contrary to popular belief, there is no such thing as a secure network. One can only measure the amount of risk that is acceptable for an organisation against what the organisation can afford to spend on security, and then one can design that organisation's security around these calculations.
Another aspect to security, and especially firewalls, which is highlighted in the book, is that when designing a firewall, you should block everything, and then systematically open gateways to protocols that are required. This is good practice. The opposite (bad practice) would be to have everything open to start with, and then systematically close ports that are not required, or pose a security threat. I have seen for myself how organisations follow the second route, which can be a recipe for disaster.
The part I enjoyed most dealt with intrusion detection and vulnerability-scanning tools. These tools should be used regularly in an audit capacity. A tool like Nessus, for example, can be acquired (it is an open-source tool) and used with particularly good results to build an audit-trail and historic data on the vulnerabilities of all machines on a network.
Ultimately, Troubleshooting Linux Firewalls describes routines used to rapidly determine the reasons for failure in firewalls, and how to get that all-important mechanism back into a properly working state effectively, with as little possible interference to permitted traffic or downtime.
The book is a pleasant read, catering for people unfamiliar with the basics of security and firewalls in the first half, then moving on to more technical matters in the second half. There are also recipes for configuring basic firewall rules. The authors invite the reader to peruse their website, www.gotroot.com for more details, and listings of downloadable tools to use in conjunction with firewalls.