Firewalls and Internet Security, Second Edition.
by William Cheswick, Steven Bellovin, and Aviel Rubin

Addison-Wesley 2003.
ISBN 020163466X LoC TK5105.875.I57C44 2003. 433 pages. $49.99. Index, Bibliography, two Appendices, list of Acronyms.

Reviewed by  Robert Bruen   March 14, 2003 

The first edition of this book was a very worthwhile book, the second edition is even more so. It has been about ten years between the two editions and a lot has happened during that time. The principles put forth in the first edition are still valid. As an example, in the description of NFS, the authors asserted that while NFS had security problems, it was "not going away anytime soon." Well, the same statement in the second edition is just as correct now as it was then.

There are two main differences between the first and second edition. The approach is a little different and second, more material has been added to reflect the developments of the intervening years. Some of the more humorous parts have been removed, such as the pretend proofs, and the cartoon on the cover has been updated. The Recommendations to Vendors appendix in the first edition is also missing. A quick look finds recommendations for routers to include logging and to distinguish between incoming and outgoing TCP traffic. Since these were good ones, perhaps a list that tells us which recommendations were followed and which were not would be of interest. This is just another example of how good the book was to begin with.

Some of the changes are additional chapters on networking and intrusion detection. Firewalls are clearly related to intrusion detection, but the ID field has also moved forward over the years, so the relationship needed to be fleshed out a bit. Besides the Evening with Berferd, there is also the Taking of Clark, which analyzes the cracking of a system. And the addition of Aviel Rubin to the book cannot go without mention.

In early days most firewalls were built by hand with only a few kits available. Now that there are a fair number of commercial and free kits, the book now emphasizes how to use them. There is still a mention of building your own firewall using ipchains for those who might like to roll their own. The technical explanations are improved and more illustrations have been added.

Looking at the bibliography, there are twelve additional pages in spite of the deletion of some of the items on the first list. Naturally the other pointers to resources have been updated as well. The addition of more protocols, tools and applications have made the book even more useful. Things like VPNs, snort, RealPlayer and ssh were simply not around in the early 90s and the web was just beginning. To their credit, the authors did write about the web in the first edition, but it got much more attention in the second edition, its own chapter.

I kept my original copy from 1994 and I think I will hang on to it. It will be on my shelf next to the new edition. This second edition of Firewalls is a must have book, but there is something to be said about an original. Besides, I would like to spend a some more time with that recommendation list.