Amazon.com (ISBN 0735709009, Textbook Binding)

TCP/IP packet handling may seem crystal clear when you first hear about it, but after you've configured your Ethernet card's netmask address, the details become rather vague. You might find yourself asking--if you were a Danish prince--"What is a packet, if its chief good and market of its time be but to route and wrap?" If routing and wrapping were all packets did, we would all enjoy our ignorance blissfully. But packets--like men, as the prince learned--can be hollow carriers of ill will, and excluding the bad ones requires us to understand what they really truly are. At last.

Just how interesting packets turn out to be is revealed in Linux Firewalls, Robert L. Zeigler's sober, agile, and subtle text. Narrowing consideration to threats faced by small networks from external sources, Zeigler and his editors introduce security by delivering prerequisite tutorials on packet architecture and normal network-based client/server daemon-to-daemon communications. Nonthreatening daemon-to-daemon communication is part of the regular operation of a networked POSIX-compliant operating system (like Linux or Windows NT), but the incessant background chatter makes finding hostile intrusions a search for sometimes subtle irregularities in a high throughput environment.

In fact, bombardment of networks with useless packets can create diversions for more pernicious attacks. Distinguishing the good packets from the potentially hostile or merely useless packets requires levels of filtering criteria that depend on the specifics of the network environment. Zeigler sorts out all of these issues and outlines practical network administration strategies for packet filtering.

Linux Firewalls is a how-to for the home Linux box, including the creating and debugging firewall rules for home LANs and network interfaces. For larger LAN users, Zeigler describes intrusion logging; configurations based on varying levels of trust; and the how, why, and when of reporting intrusions to network authorities.

In the wrong hands, firewall reports are either hyped-up cloak-and-dagger sensationalism or monotonous treatises in bitwise accounting. Zeigler strikes a middle ground with a book fit for members of the Linux community who are curious about what is happening over their TCP/IP connections. These are folks who have the prowess to build kernel releases on their own but who aren't necessarily wonks at developing kernel or device driver sources. --Peter Leopold