This book is not just about firewalls, although that is its primary focus. Nor does it try to cover the entire field of Internet security, although it does provide a fairly good survey of that field along the way. A fair description would be that it is about building a security strategy around a firewall, which is the practical outcome with which most potential readers should be concerned. The first edition of this book was, for nearly a decade, pretty much the only work on building firewalls. This edition is a nearly complete rewrite, not so much because of the new functionality needed of firewalls, but because system administrators no longer write their own firewall software. In some ways, this has given more attention to the services being protected, reducing the emphasis on firewalls per se. Some readers will undoubtedly consider parts of this book to engage in Microsoft-bashing. I don't see it that way, for reasons that the authors sum up in the introduction, in one of their "security truisms": "Security is a tradeoff with convenience." They do consider Windows hosts on their networks to be insecure (and possibly unsecurable), but that has as much to do with letting users install software on their own machines as it does with the OS itself. Not only do the authors fully intend the implication that there will be different tradeoffs to be made for different situations, but they illustrate this in a number of situations, where they describe implications of tradeoffs that are driven by different end-user needs. The book is quite complete, although the technology changes quickly enough that this will be quite a bit less true by the time a third edition might be written. The only issue that I think deserved more attention was that of multi-homing. Protecting a multihomed network is particularly difficult because extra configuration is needed to identify packet spoofing, and any filtering done by the upstream providers will make life even more difficult. This problem deserves at least more recognition, if not a full treatment of its own. This book is not the ultimate reference on the topic that the first edition was in its time. But it is not possible for any one book to fill that role any more, and if it's no longer the only book, it's still the most important. If you are after that "ultimate reference," your best bet is probably the combination of this book and Zwicky (et. al.), "Building Internet Firewalls".