Slashdot Mirror
Designing Network Security
Weighing in at a hefty 745 pages, Designing Network Security is a concise and authoritative guide to the sometimes daunting task of designing secure networks - with a special emphasis placed on Cisco solutions, of course. The book is divided into three major sections:basic theory and essentials; policy design and best practices; and implementation with Cisco hardware. In my opinion this book is best suited as a reference book for those who already have a firm foundation in security and networking, but could also be of value to beginner level techs with a bit of patience. While the topics that are covered have all pertinent information discussed, some might wish that there were a bit more explanation of the Hows and Whys.
The first section, "Security Fundamentals," is an especially valuable part of the book in that it provides a great desk reference to the building blocks of secure networks. The first chapter deals with the basics of encryption technologies - symmetrical/asymmetrical cryptography, digital hashes, public key systems, etc. From there the book moves into what is probably its meatiest chapter, covering the application of encryption to security technologies which range from TACACS+ authorization to TLS encryption. Building on previous chapters, the third chapter deals with the application of these security technologies in protecting real world installations. I was especially impressed with the attention paid to wireless and VoIP technologies in this chapter - this is one of the first discussions of VoIP security I have seen in a general reference book. The first section winds up with a fairly exhaustive discussion on routing protocol security which I also thought was excellent.
The second section, "The Corporate Security Policy," is a good reference to infosec management. Many topics covered in this section are applicable to the CISSP exam - so if that is a career goal for you, this can act as one of your study guides. The section begins with a discussion of threats in the enterprise environment. Types of threats as well as common protocol vulnerabilites are discussed. I felt that some of the material in this chapter was a bit dated, in particular the sections on TCP sequence number attacks (most recent OSes have improved their sequence generation routines to make it nearly impossible to do this) and the ping of death (which I don't remember working on anything after Windows 95 or Linux 2.0.23). The next chapter is a bit more valuable in its discussion of the basics of risk assessment and management. This leads into a discussion of actual design and implementation of security policy. Sample topics include physical/logical controls, data confidentiality, and policies/procedures for staff. And finally this section concludes with a good chapter on incident handling and response.
The final section, "Practical Implementation," is the Cisco-centric third of the book. Many parts of this section are a good reference to points covered on the CCSP exams, especially the SECUR test. The first chapter deals with configuring access controls and audit on Cisco devices from the PIX to switches and routers. A brief discussion of intrusion detection implementations is also included. The next chapter consists of primarily information dealing with firewall/screening router construction - content filtering, packet screening, and the various types of IOS filters. Several implementation examples are included to walk you through the process of configuring CBAC (content-based access control) and the Cisco PIX. From there the section moves to remote access security, with good sections on all Cisco based AAA (authentication, authorization, and accounting) features including lock-and-key and accounting-based billing. Finally, the book wraps up with a chapter on securing VPN, Wireless, and VOIP networks which focuses more on design than implementation, although there are still some Cisco (PIX) based examples. The book's appedices cover DDOS attacks, well-known port numbers, and guidelines for reporting and preventing intrusions.
Overall, I felt this was an excellent book which clearly fufilled its purpose. For the intermediate to advanced network security engineer this could act as an excellent desktop reference, while still being accessible enough to teach to the beginner. The writing style is clear and precise, and I found no technical errors in the material presented. As I mentioned, the book could act as an additional study aid for several security certifications, including the CISSP or the CCSP. I look forward to the next volume by Ms. Kaeo.
You can purchase Designing Network Security, 2nd Ed. from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Network Security. What is it all about... is it good, or is it whack?
What's that?
i cant decide
near you?
http://www.cyveillance.com/default.asp
you're saying that we're safe from the felonious fuddites?
ok eye gas? fud on robbIE?
aaaaauuuugggggghhhhhh you flamed me! That was supposed to be a serious (hehe) response!
I am Cornholio I need TP for my BUNGHOLE!!! hehe hehe
Umm... his comment was informative. Therefore, it was modded as such.
For the record, you're supposed to moderate comments, not users.
evil adrian
He posted a link to O'reilly and you conside that informative? You are obviously part of the problem with this site. What he did is called Karma Whoring. It is providing otherwise easily obtainable information with the goal of get mod points. Add to that the fact that he later trolls with those points at +1. He also links to goatsex in his sig (although he deletes when somebody calls him on it) which is enough to be modded troll.
Too bad we don't see moderator names when we meta-mod otherwise I would be sure you never modded again.
I guess taking a look at his sig link shut you up pretty quick. Dumbass.
Who cares what he posts, the first comment is a link to goatse modded +5. Really infomative here is Sans reading room Now go mod me as +5 or do I need to have a disgusting sig juvenile losers think is funny?
-- "of course thats just my opinion, I could be wrong." --Dennis Miller
Listen you crybaby, if signatures bother you so much, why don't you just TURN THEM OFF? That way, you don't have to read them, and none of us will ever have to read your pointless bitching about it.
Secondly, it doesn't matter if he posts shitty comments -- if he posts a *good* comment, the good comment should be modded up! THAT IS THE WHOLE FUCKING POINT OF THE MODERATION SYSTEM, TO MOD GOOD COMMENTS UP.
evil adrian
Blah blah blah, too bad you posted anonymously or you would have gotten modded down for this lovely piece of Flamebait and it would be harder for you to move up to posting at +1. You are obviously part of the problem with this site, bitching about sigs that can easily be turned off. Blow me.
evil adrian
I don't look at sigs because I HAVE THEM TURNED OFF. That way I don't have to look at them, and I don't have to bitch about it to everybody in the world because I'm offended by it.
Oh, and here's a link to http://www.goatse.cx, why don't you click on it and then bitch for an hour?
evil adrian
Have you considered calling yourself angry adrian?
I stole this
I post anonymously specifically because it starts at 0. It is quite obvious that I don't think these posts need to be at 1. I understand how moderation works. His post was nothing more than a link to a search result on O'Reilly. Perhaps it shouldn't me modded down but it definitely should not have been modded up. You also have to consider the person posting because you don't want to reward trolls. Just look at his history is all I ask.
As for ignoring the sig - that is not the point. He is putting in the link disguised as a trap for somebody who thinks he is a legit poster and to rub it in the face of moron mods.
I don't really worry though. I have a fair guess that you don't have mod points anyway. Judging by your history with trolling and flamebait along with your extensive list of people who call you foe I am guessing you are just another troll.
If he had made a good comment I suppose that none of us would be arguing about now would we? I guess intelligent people know how to use a search engine and don't find his post all the informative. 12 yr olds who can't use their caps lock properly disagree. Maybe you should ask your mommy for permission first before posting.
On another note. While I was waiting to post this I took a look at your friend list and wasn't too surprised to see that they are all trolls posting at 0 or -1. Not sure why I am bothering arguing with you now that I know why you defended him. Hell you may even be him.
Often. :-)
evil adrian
One of the few joys of /. is that people CAN post off-topic comments and they still get entered into the "stream"
Adrian - kiss my hairy ass!
--ScottKin
I don't give a rat's behind about "karma" here or anywhere else. Don't like what I have to say here? Deal with it!
Additionally, at least I have a web site listed, you happless twit!
/. *NIX-weenies who post here, I have more important things to do (like staring two new businesses) with my time than to hard-code HTML. Would you rather I used Dreamweaver MX, or do some 1337-looking shee-yawt with Flash MX for my webpage? FrontPage works well, does my site quickly and with less hassle (unfortunately, the hassle percentage is swallowed-up by my provider), and lets me concentrate on trying to make a buck in a depressed job market.
Unlike the happless-twit
Have a nice day!
--ScottKin
I don't give a rat's behind about "karma" here or anywhere else. Don't like what I have to say here? Deal with it!
This is a prime example of why marrying your cousin is a bad idea.
This moron needs to hide behind the "Anonymous Coward" because they are afraid - hence the "Coward" moniker.
You can kiss my hairy ass as well.
--ScottKin
I don't give a rat's behind about "karma" here or anywhere else. Don't like what I have to say here? Deal with it!
Afraid of what precisely?
I so burned you about your crappy website weeks ago, are you still upset about that? I hope one of your new businesses isn't web design!
Man, at least point the ScottCam at something interesting! We are quite literally watching paint dry on the side of your house...
evil adrian