Great Circle Associates logo

Building Internet Firewalls, Second Edition

Second Edition, June 2000

First Edition no longer available, but Errata still online

Building Internet Firewalls, Second Edition cover by Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman

Published by O'Reilly & Associates
2nd Edition June 2000
894 Pages
ISBN 1-56592-871-7

List price $49.95

Full details (including reviews, table of contents, index, and a sample chapter) are available from the O'Reilly & Associates catalog.


Completely revised and much expanded, this second edition of the highly respected and bestselling Building Internet Firewalls now covers Unix, Linux, and Windows NT. It's a practical and detailed guide which provides step-by-step explanations of how to design and install firewalls, and how to configure Internet services to work with a firewall. It covers a wide range of services and protocols (e.g., SMTP, FTP, DNS, Telnet, JavaScript, ActiveX, NetBT, SMB, Kerberos, CORBA, IIOP, ODBC, JDBC, and dozens more). It also contains a complete list of resources, including the location of many publicly available firewalls construction tools.


In the five years since the first edition of this classic book was published, Internet use has exploded, and e-commerce has become a daily part of business and personal life. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks -- and the need to protect both business and personal data -- have never been greater.

What kinds of security threats are posed by the Internet? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. Others, like password sniffers, IP forgery, and various types of hijacking and replay attacks, are newer. And still others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, come from today's headlines.

Firewalls are a very effective way to protect your system from most Internet security threats and are a critical component of today's computer networks. Firewalls in networks keep damage on one part of the network (e.g., eavesdropping, a worm program, file damage) from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down.

Like the first edition of the highly respected and bestselling Building Internet Firewalls, the second edition is a practical and detailed guide to building firewalls on the Internet. It provides step-by-step explanations of how to design and install firewalls, and how to configure Internet services to work with a firewall. The second edition is much expanded. It covers Linux and Windows NT, as well as Unix platforms. It describes a variety of firewall technologies (packet filtering, proxying, network address translation, virtual private networks) and architectures (e.g., screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, internal firewalls). It also contains a new set of chapters describing the issues involved in a variety of new Internet services and protocols through a firewall. It covers email and News; Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo); file transfer and sharing services (e.g., NFS, Samba); remote access services (e.g., Telnet, the BSD "r" commands, SSH, BackOrifice 2000); real-time conferencing services (e.g., ICQ, talk); naming and directory services (e.g., DNS, NetBT, the Windows Browser); authentication and auditing services (e.g., PAM, Kerberos, RADIUS); administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics); intermediary protocols (e.g., RPC, SMB, CORBA, IIOP); and database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server).

The book also contains a complete list of resources, including the location of many publicly available firewall construction tools.

About the Authors

Elizabeth D. Zwicky is a director at Counterpane Internet Security, a managed security services company. She has been doing large-scale UNIX system administration and related work for 15 years, and was a founding board member of both the System Administrators Guild (SAGE) and BayLISA (the San Francisco Bay Area system administrators' group), as well as a non-voting member of the first board of the Australian system administration group, SAGE-AU. She has been involuntarily involved in Internet security since before the Internet worm. In her lighter moments, she is one of the few people who makes significant use of the "rand" function in PostScript, producing PostScript documents that are different every time they're printed.

Simon Cooper is a computer professional currently working in the San Francisco Bay Area. He has worked in different computer-related fields ranging from hardware through operating system drivers to application software and systems support in both commercial and educational environments. He has an interest in the activities of the Internet Engineering Task Force (IETF) and USENIX, and is a member of the British Computer Conservation Society and a founding member of the Computer Museum History Center. Simon has released a small number of his own open source programs and has contributed time and code to both the XFree86 project and the Gnu C compiler. In his spare time Simon likes to play ice hockey, solve puzzles of a mathematical nature, and tinker with Linux.

D. Brent Chapman is a networking professional in the Silicon Valley. He has designed and built Internet firewall systems for a wide range of organizations, using a variety of techniques and technologies. He is the founder of the Firewalls Internet mailing list, and creator of the Majordomo mailing list management package. He is the founder, principal, and technical lead of Great Circle Associates, Inc., a highly regarded strategic consulting and training firm specializing in Internet networking and security. Over the last 15 years, Brent has worked in a variety of consulting, engineering, and management roles in information technology, operations, and technology marketing for a wide range of employers and clients, including the Xerox Palo Alto Research Center (PARC), Silicon Graphics, Inc. (SGI), and Covad Communications Company.

Great Circle Associates, Inc.
2608 Buena Vista Ave.
Alameda, CA 94501 USA

Please report problems to Webmaster@GreatCircle.COM
Copyright © 2020 Great Circle Associates, Inc.
USA Toll Free: 877 GRT CRCL
(877 478 2725)
International: +1 415 861 3588
Fax: +1 415 552 2982

Search Internet Search