Cyber Shelf

// Comparison

Linux Firewalls vs Zero Trust Networks: Which Should You Read?

Two cybersecurity books on Networking, compared honestly: who each is for, what each does best, and which to read first.

Intermediate
4/52007
Linux Firewalls

Attack Detection and Response with iptables, psad, and fwsnort

Michael Rash

Michael Rash, author of psad and fwsnort, on building and operating Linux-native packet filtering and intrusion-response tooling. Pre-nftables in detail but conceptually durable.

Intermediate
4/52017
Zero Trust Networks

Building Secure Systems in Untrusted Networks

Evan Gilman, Doug Barth

Evan Gilman and Doug Barth's pre-marketing-bubble treatment of zero-trust architecture — what it is when you actually implement it (trust evaluation, device identity, dynamic policy) versus what the vendor pitch turned it into.

Read this if

Linux administrators and defensive practitioners who need to actually configure a firewall, not just understand the concept. Rash's iptables coverage remains the cleanest practical introduction; psad and fwsnort for the active-response side.
Architects and platform engineers tasked with implementing zero-trust without buying a product called Zero Trust. The book is the rare resource that walks through the engineering substrate — service identity, attestation, policy decision points — instead of the marketing.

Skip this if

Readers fully on nftables / firewalld / cloud-native security groups, or anyone wanting an architecture-level treatise. The book is hands-on iptables rules and analysis, not a strategic frame.
Readers wanting current vendor-comparison or specific cloud-native zero-trust (BeyondCorp, Tailscale, Cloudflare Access, Tetragon) detail. The 2017 publication pre-dates almost all of the productized zero-trust marketplace; the principles are durable, the products are not.

Key takeaways

  • iptables remains the foundational mental model; even in nftables-or-eBPF environments, understanding match-and-target chains is required to read the rule sets the field still ships.
  • Active response is a real defensive option that's easy to overstate; the book's chapter on the trade-offs is appropriately cautious.
  • Port scanning detection (psad) and signature-based blocking (fwsnort) are still useful primitives that punch above their weight in budget-constrained environments.
  • Zero trust is a property of the architecture, not a product; the book makes this case convincingly enough that it should be the first read for anyone leading a ZT initiative.
  • Device and workload identity are the load-bearing layer most ZT deployments under-invest in.
  • Migration is the project — most organizations cannot adopt zero trust without a multi-year incremental plan, and the book's chapters on incremental rollout are the most useful in practice.

How they compare

Linux Firewalls and Zero Trust Networks are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Linux Firewalls and Zero Trust Networks both cover Networking, Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

Linux Firewalls

Alternatives to Linux FirewallsWhat to read after Linux Firewalls

Zero Trust Networks

Alternatives to Zero Trust NetworksWhat to read after Zero Trust Networks

Related topics

NetworkingDefensive