Submarines handle awkwardly on the surface of the sea; airplanes are cumbersome when taxiing. Both modes of operation, however, are design requirements. Organizational computer networks have a similar requirement: they have to interface with other networks (thereby forming the Internet) in order to be useful. How network engineers manage their networks" perimeters has a lot to do with their usefulness, cost effectiveness, and--perhaps above all--security. Inside Network Perimeter Security concerns itself with this latter aspect of the connection to the outside world. It"s carefully researched, cleverly written, and full of references to recent exploits and, more importantly, the trends they represent. The best details on emerging hack attacks will always be found online. This book takes a longer view, evaluating offensive and defensive technologies and offering well-reasoned advice on how to keep a network secure now and in the future. Readers familiar with the previous work of the authors--particularly the highly respected Stephen Northcutt--will recognize the style here. It doesn"t aim to teach you how to do much in particular--there are a few procedures, and some Cisco Internetwork Operating System (IOS) command listings--but rather tries to show how to think about networks and the data that comes from them. In a typical section, the authors analyze a log from Tiny Personal Firewall. They highlight the facts that are present in the log and the inferences that can be made from them. A similar style helps you master software tools and make network design decisions. This book is perfect for a network engineer wanting to improve his or her security skills for both design and administration purposes. --David Wall Topics covered: How to design networks" borders for maximum security, and how to monitor them for unauthorized activity. After an introduction to firewalls, packet filtering, and access lists, the authors explain how to set up routers, special-purpose firewalls, and general-purpose hosts with security in mind. A large section has to do with security-conscious design, both for green field projects and existing networks that need expansion or improvement.