The security provided by firewalls and VPNs is only as strong as the protocol rules and policies that you create. The concepts of "defense-in-depth" and "least privilege" are merely holes in your perimeter waiting to be exploited, unless you can define and maintain protocol rules that allow only the minimum protocols required to provide your requisite services.

This book provides fundamental information necessary to configure firewalls and build VPNs and DMZs to survive the dangers of today's internet. The book includes a bonus chapter from the companion Web site on using Ethereal to monitor and analyze network traffic. While you may now feel overwhelmed by the countless firewalls with a dizzying array of features, you will feel empowered by the knowledge gained from this book. This book covers the leading firewall products. It describes in plain English what features can be controlled by a policy, and walks the reader through the steps for writing the policy to fit the objective. Because of their vulnerability and their complexity, VPN policies are covered in more depth with numerous tips for troubleshooting remote connections. Products covered include Cisco PIX Firewall, ISA Server 2004, Check Point NGX, Juniper'?s NetScreen Firewalls, SonicWall, and Nokia.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 1 Ratings

Very simple book and full of serious errors - 2007-09-12
Reviewer Rating:
I am sure that, I wouldn't have bought this book if someone had reviewed this book before me.
Briefly, if you are looking for a deep information on several brand firewall's configuration and especially on VPN subject, belive, this book is not for you.
The first half of the book is full of with just generic information which almost avery avarage IT people have. That is, whithin a few minutes you pass the first two part.
Than you decide your point on this book while reading the VPN part. No detail on the issues, no real time application samples and most important one completely wrong several figures.
For example, on page 247 figure 5.20 says "MPLS Packet Structure", but you see screen snapshot of Putty telnet application's configuration window. I honestly couldn't understand if they are joking or have another purpose.

My only advice, always prefer the books you can look inside it.