Neat topic!
I'd start by pointing out that a firewall is a gizmo to help enforce a
security policy, so there's little point in trying to dive into the details
without some basic understanding of computer and network security issues.
I personally like Practical Unix and Internet Security, by Garfinkel and
Spafford (O'Reilly and Associates, 1996); it has enough general concepts
commentary through it to give you the foundation you need, but it's focused on
and therefore grounded in the real world. Heaven help us from theoreticians
trying to do applied security work.
Now for firewalls specifically, I'd definitely start with the first book on
the topic; when it came out, few people knew what firewalls were well enough
to build one. This book opened up the field. It's Firewalls and Internet
Security, by Cheswick and Bellovin (Addison-Wesley, 1994). Read that and
you'll have a clear understanding of what a firewall is supposed to do, and
basic ideas about how it can do it.
Then comes the advanced engineering text in the field, Building Internet
Firewalls by Chapman and Zwicky (O'Reilly and Associates, 1995). That book
laid down much of the nomenclature for firewall architectures.
>From there, which way to go .... For books, I tend to shop by author and by
publisher. If you follow mailing lists and newsgroups the names of worthy
authors will emerge. As for publishers, if O'Reilly and Associates publishes
the book, it's probably a good book, so visit www.ora.com. Addison-Wesley
tends to do good technical editing as well. Prentice-Hall used to, I haven't
seen anything out of them in a decade though. They still around? At the other
extreme, if Que or Sams publishes a book, assume it's a waste of dead trees
unless proven otherwise; they tend to bottom-feed on the material that no
reputable publisher would take, and sell to people who don't know any better.
Then you've gotta follow mailing lists; Bugtraq, firewall-wizards, and
firewalls are all valuable. Get on the SANS list; by the time you see
something in their newsletter, if it's on a topic you are interested in, it
should already be old news, but the SANS coverage is broad, and it gives you a
comforting reassurance that you really are staying up-to-date in your
specialty when you see the same news come around a few weeks later in SANS:-).
And there are a few newsgroups, too; comp.security.firewalls,
comp.security.unix, and comp.security.misc come to mind.
Somewhere in the course of all this reading you're gonna get a hankering to
build yourself a firewall, test it out, try various scanning and burglary
tools against it, etc. Buy a cheap PC and load Linux or one of the free BSDs
on it, configure the packet filtering, load some proxies, and go wild.
Then comes the real meat of the field: designing and maintaining security
policies. That's where the work gets done. I've yet to see any good sources on
that topic; what I've learned, I've picked up on the job.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
