Slashdot Mirror

← Back to Stories (view on slashdot.org)

Designing Network Security

Posted by timothy on from the money-for-nothin'-and-chicks-for-free dept.

cthulu13 writes "Network security can often be a difficult task because there are so many things to consider. This book can help you get a handle on it all by providing a single place to look for advice on policy, design, and implementation. I wish I had the benefit of this book when I was first starting out in my career in security." Read on below for cthulu13's review of the second edition of Merike Kaeo's Designing Network Security. Designing Network Security, 2nd. Ed. author Merike Kaeo pages 745 publisher CiscoPress rating 8 reviewer cthulu13 ISBN 1587051176 summary A good overall resource on network security policy, design, and implementation.

Weighing in at a hefty 745 pages, Designing Network Security is a concise and authoritative guide to the sometimes daunting task of designing secure networks - with a special emphasis placed on Cisco solutions, of course. The book is divided into three major sections:basic theory and essentials; policy design and best practices; and implementation with Cisco hardware. In my opinion this book is best suited as a reference book for those who already have a firm foundation in security and networking, but could also be of value to beginner level techs with a bit of patience. While the topics that are covered have all pertinent information discussed, some might wish that there were a bit more explanation of the Hows and Whys.

The first section, "Security Fundamentals," is an especially valuable part of the book in that it provides a great desk reference to the building blocks of secure networks. The first chapter deals with the basics of encryption technologies - symmetrical/asymmetrical cryptography, digital hashes, public key systems, etc. From there the book moves into what is probably its meatiest chapter, covering the application of encryption to security technologies which range from TACACS+ authorization to TLS encryption. Building on previous chapters, the third chapter deals with the application of these security technologies in protecting real world installations. I was especially impressed with the attention paid to wireless and VoIP technologies in this chapter - this is one of the first discussions of VoIP security I have seen in a general reference book. The first section winds up with a fairly exhaustive discussion on routing protocol security which I also thought was excellent.

The second section, "The Corporate Security Policy," is a good reference to infosec management. Many topics covered in this section are applicable to the CISSP exam - so if that is a career goal for you, this can act as one of your study guides. The section begins with a discussion of threats in the enterprise environment. Types of threats as well as common protocol vulnerabilites are discussed. I felt that some of the material in this chapter was a bit dated, in particular the sections on TCP sequence number attacks (most recent OSes have improved their sequence generation routines to make it nearly impossible to do this) and the ping of death (which I don't remember working on anything after Windows 95 or Linux 2.0.23). The next chapter is a bit more valuable in its discussion of the basics of risk assessment and management. This leads into a discussion of actual design and implementation of security policy. Sample topics include physical/logical controls, data confidentiality, and policies/procedures for staff. And finally this section concludes with a good chapter on incident handling and response.

The final section, "Practical Implementation," is the Cisco-centric third of the book. Many parts of this section are a good reference to points covered on the CCSP exams, especially the SECUR test. The first chapter deals with configuring access controls and audit on Cisco devices from the PIX to switches and routers. A brief discussion of intrusion detection implementations is also included. The next chapter consists of primarily information dealing with firewall/screening router construction - content filtering, packet screening, and the various types of IOS filters. Several implementation examples are included to walk you through the process of configuring CBAC (content-based access control) and the Cisco PIX. From there the section moves to remote access security, with good sections on all Cisco based AAA (authentication, authorization, and accounting) features including lock-and-key and accounting-based billing. Finally, the book wraps up with a chapter on securing VPN, Wireless, and VOIP networks which focuses more on design than implementation, although there are still some Cisco (PIX) based examples. The book's appedices cover DDOS attacks, well-known port numbers, and guidelines for reporting and preventing intrusions.

Overall, I felt this was an excellent book which clearly fufilled its purpose. For the intermediate to advanced network security engineer this could act as an excellent desktop reference, while still being accessible enough to teach to the beginner. The writing style is clear and precise, and I found no technical errors in the material presented. As I mentioned, the book could act as an additional study aid for several security certifications, including the CISSP or the CCSP. I look forward to the next volume by Ms. Kaeo.

You can purchase Designing Network Security, 2nd Ed. from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

90 comments

  1. Network Security by Anonymous Coward · · Score: 3, Funny

    Honestly, unless you are selling a book, I heave heard that the only real problem with Linux network security involves the fact the patches for it's many security flaws are often themselves compromised and infected with trojans, etc. On the other hand, the patches I get from Microsoft use a FIPS certified level 3 SSL connection so that the new code is certified by the source. Although I don't think I have needed any... been running Windows Server 2003 for about 2 years now and have never been without problems for a single day.

    Sincerely
    Bill Toms
    MCSD, MCSE
    SoftoTex Software

    1. Re:Network Security by Anonymous Coward · · Score: -1, Offtopic

      Network Security. What is it all about... is it good, or is it whack?

    2. Re:Network Security by pantycrickets · · Score: 5, Funny

      Although I don't think I have needed any... been running Windows Server 2003 for about 2 years now and have never been without problems for a single day.

      Exactly.

    3. Re:Network Security by MoralHazard · · Score: 1

      "the patches I get from Microsoft use a FIPS certified level 3 SSL connection so that the new code is certified by the source."

      Exactly the point that many OSS people have been making for a while. I hit Windows Update every month or so to get patches for machines I maintain, and I'm amazed by the sheer number of security vulnerabilities they're fixing each month. And the flow never stops, even though Win2K has been out for three years, now! Sure, Linux and the OSS projects have security needs that have to be addressed (notice how newsworthy and *rare* even a local root vulnerability is in the kernel, let alone a remote), but Jesus Christ.

      All I'm saying is, maybe it would be nice if some benevolent black hat broke into the MS development servers and started fixing code.

    4. Re:Network Security by webtre · · Score: 1

      so that the new code is certified by the source
      Does anybody else see a problem with this?

      --
      litigious bastards
      suck it sco!
    5. Re:Network Security by Hiro+Antagonist · · Score: 5, Insightful

      Honestly, unless you are selling a book, I heave heard that the only real problem with Linux network security involves the fact the patches for it's many security flaws are often themselves compromised and infected with trojans, etc.

      I realize that I'm just feeding the troll, but I've never run across a single 'security patch' that has introduced a single trojan into any of the Linux systems I administrate. In addition, Debian (my distribution of choice), as well as every other major vendor (to my knowledge) signs and checksums their packages to prevent tampering. Sure, the package archives don't use SSL, but that's because you don't need to -- it would be much easier to break in to the package repository than it would be to properly rewrite the packet stream in such a fashion so that it would even be functional, much less provide an appropriate checksum.

      A good case-in-point of how well this system works is the recent Debian break-in, in fact. Despite losing *four* crucial systems to a compromise, the integrity of the package archive was kept intact, because of GPG signatures, md5 checksums, and a massive pile of worldwide archive sites against which to verify. The compromise, recovery, and analysis of the break-in was kept open to the public, with factual updates made available at every step of the way. No cover-ups, no spin, no attempts to conceal the severity of the compromise. Just plain honesty.

      This prompts a very important question: Would you expect the same from Microsoft if they had faced a similar break-in?

      --

      --
      I Hit the Karma Cap, and All I Got Was This Lousy .sig.
    6. Re:Network Security by Anonymous Coward · · Score: 0
      On the other hand, the patches I get from Microsoft use a FIPS certified level 3 SSL connection so that the new code is certified by the source.

      I can see why the parent has been modded "Funny". It contains four basic misunderstandings of security in one sentence!

      binary patches are not verifiable, hence inherently insecure.

      Microsoft is hardly an organization to trust at face value.

      FIPS has absolutely nothing to do with SSL.

      a secure network connection does nothing to certify content.

    7. Re:Network Security by what+the+dumple+is · · Score: 1

      This prompts a very important question: Would you expect the same from Microsoft if they had faced a similar break-in?

      we'll never know because they'll never tell us.

    8. Re:Network Security by Anonymous Coward · · Score: 0

      Just shows you how little you need to know to have microsoft certs

  2. FP by Anonymous Coward · · Score: -1, Flamebait

    Michael Sims is a fascist that should be hung. anti-slash.org

  3. 500 Internal Server Error by Anonymous Coward · · Score: -1, Troll

    We don't know how to run a website!

    1. Re:500 Internal Server Error by Anonymous Coward · · Score: -1

      Score:-1, Troll

      Troll? How is that a troll?

  4. additional resources: by Tirel · · Score: 1, Informative

    the o'reilly network security articles are another great resource for the advanced system administrator.

    plus, they're free..

    1. Re:additional resources: by Anonymous Coward · · Score: -1, Troll

      Tirel is a Karma-Whore Troll. Please review his history before modding up. His sig link is mostly a goatsex link also - it has been in the past but I am not about to test it now.

    2. Re:additional resources: by Evil+Adrian · · Score: 0, Offtopic

      Umm... his comment was informative. Therefore, it was modded as such.

      For the record, you're supposed to moderate comments, not users.

      --
      evil adrian
    3. Re:additional resources: by Anonymous Coward · · Score: -1, Offtopic

      He posted a link to O'reilly and you conside that informative? You are obviously part of the problem with this site. What he did is called Karma Whoring. It is providing otherwise easily obtainable information with the goal of get mod points. Add to that the fact that he later trolls with those points at +1. He also links to goatsex in his sig (although he deletes when somebody calls him on it) which is enough to be modded troll.

      Too bad we don't see moderator names when we meta-mod otherwise I would be sure you never modded again.

    4. Re:additional resources: by Anonymous Coward · · Score: -1, Offtopic

      I guess taking a look at his sig link shut you up pretty quick. Dumbass.

    5. Re:additional resources: by Pros_n_Cons · · Score: 0, Offtopic

      Who cares what he posts, the first comment is a link to goatse modded +5. Really infomative here is Sans reading room Now go mod me as +5 or do I need to have a disgusting sig juvenile losers think is funny?

      --

      -- "of course thats just my opinion, I could be wrong." --Dennis Miller
    6. Re:additional resources: by Evil+Adrian · · Score: -1, Offtopic

      Listen you crybaby, if signatures bother you so much, why don't you just TURN THEM OFF? That way, you don't have to read them, and none of us will ever have to read your pointless bitching about it.

      Secondly, it doesn't matter if he posts shitty comments -- if he posts a *good* comment, the good comment should be modded up! THAT IS THE WHOLE FUCKING POINT OF THE MODERATION SYSTEM, TO MOD GOOD COMMENTS UP.

      --
      evil adrian
    7. Re:additional resources: by Evil+Adrian · · Score: -1, Offtopic

      Blah blah blah, too bad you posted anonymously or you would have gotten modded down for this lovely piece of Flamebait and it would be harder for you to move up to posting at +1. You are obviously part of the problem with this site, bitching about sigs that can easily be turned off. Blow me.

      --
      evil adrian
    8. Re:additional resources: by Evil+Adrian · · Score: -1, Offtopic

      I don't look at sigs because I HAVE THEM TURNED OFF. That way I don't have to look at them, and I don't have to bitch about it to everybody in the world because I'm offended by it.

      Oh, and here's a link to http://www.goatse.cx, why don't you click on it and then bitch for an hour?

      --
      evil adrian
    9. Re:additional resources: by basingwerk · · Score: -1, Offtopic

      Have you considered calling yourself angry adrian?

      --
      I stole this .sig
    10. Re:additional resources: by Anonymous Coward · · Score: -1, Offtopic

      I post anonymously specifically because it starts at 0. It is quite obvious that I don't think these posts need to be at 1. I understand how moderation works. His post was nothing more than a link to a search result on O'Reilly. Perhaps it shouldn't me modded down but it definitely should not have been modded up. You also have to consider the person posting because you don't want to reward trolls. Just look at his history is all I ask.

      As for ignoring the sig - that is not the point. He is putting in the link disguised as a trap for somebody who thinks he is a legit poster and to rub it in the face of moron mods.

      I don't really worry though. I have a fair guess that you don't have mod points anyway. Judging by your history with trolling and flamebait along with your extensive list of people who call you foe I am guessing you are just another troll.

    11. Re:additional resources: by Anonymous Coward · · Score: -1, Offtopic

      If he had made a good comment I suppose that none of us would be arguing about now would we? I guess intelligent people know how to use a search engine and don't find his post all the informative. 12 yr olds who can't use their caps lock properly disagree. Maybe you should ask your mommy for permission first before posting.

      On another note. While I was waiting to post this I took a look at your friend list and wasn't too surprised to see that they are all trolls posting at 0 or -1. Not sure why I am bothering arguing with you now that I know why you defended him. Hell you may even be him.

    12. Re:additional resources: by Evil+Adrian · · Score: -1, Offtopic

      Often. :-)

      --
      evil adrian
    13. Re:additional resources: by ScottKin · · Score: -1, Offtopic

      One of the few joys of /. is that people CAN post off-topic comments and they still get entered into the "stream"

      Adrian - kiss my hairy ass!

      --ScottKin

      --
      I don't give a rat's behind about "karma" here or anywhere else. Don't like what I have to say here? Deal with it!
    14. Re:additional resources: by ScottKin · · Score: -1, Offtopic

      Additionally, at least I have a web site listed, you happless twit!

      Unlike the happless-twit /. *NIX-weenies who post here, I have more important things to do (like staring two new businesses) with my time than to hard-code HTML. Would you rather I used Dreamweaver MX, or do some 1337-looking shee-yawt with Flash MX for my webpage? FrontPage works well, does my site quickly and with less hassle (unfortunately, the hassle percentage is swallowed-up by my provider), and lets me concentrate on trying to make a buck in a depressed job market.

      Have a nice day!

      --ScottKin

      --
      I don't give a rat's behind about "karma" here or anywhere else. Don't like what I have to say here? Deal with it!
    15. Re:additional resources: by Anonymous Coward · · Score: -1, Flamebait

      he isn't, but i wouldn't mind having his uid#.. - tirel

    16. Re:additional resources: by Anonymous Coward · · Score: -1, Troll

      Yeah we can see how busy you are. As we all know, the ones who live the richest, most fulfilling lives always have time out to crow about it on Slashdot to the poor unfortunates around them.

      Sha na na na, sha na na na na,
      Sha na na na, sha na na na na,
      Sha na na na, sha na na na na,
      Sha na na na, sha na na na na,
      Aw, Yip yip yip yip yip yip yip yip
      Mum mum mum mum mum mum
      Get a job
      Sha na na na, sha na na na na
      Every morning about this time
      she get me out of my bed
      a-crying get a job.
      After breakfast, everyday,
      she throws the want ads right my way
      And never fails to say,
      Get a job
      Sha na na na, sha na na na na
      Sha na na na, sha na na na na,
      Sha na na na, sha na na na na,
      Sha na na na, sha na na na na,
      Yip yip yip yip yip yip yip yip
      Mum mum mum mum mum mum
      Get a job
      Sha na na na, sha na na na na
      And when I get the paper
      I read it through and through
      And my girl never fails to say
      If there is any work for me,
      And when I go back to the house
      I hear the woman's mouth
      Preaching and a crying,
      Tell me that I'm lying 'bout a job
      That I never could find.
      Sha na na na, sha na na na na,
      Sha na na na, sha na na na na,
      Sha na na na, sha na na na na,
      Sha na na na, sha na na na na,
      Yip yip yip yip yip yip yip yip
      Mum mum mum mum mum mum
      Get a job
      Sha na na na, sha na na na na

    17. Re:additional resources: by ScottKin · · Score: -1, Offtopic

      This is a prime example of why marrying your cousin is a bad idea.

      This moron needs to hide behind the "Anonymous Coward" because they are afraid - hence the "Coward" moniker.

      You can kiss my hairy ass as well.

      --ScottKin

      --
      I don't give a rat's behind about "karma" here or anywhere else. Don't like what I have to say here? Deal with it!
    18. Re:additional resources: by Anonymous Coward · · Score: -1, Offtopic

      Afraid of what precisely?

    19. Re:additional resources: by Evil+Adrian · · Score: -1, Offtopic

      I so burned you about your crappy website weeks ago, are you still upset about that? I hope one of your new businesses isn't web design!

      Man, at least point the ScottCam at something interesting! We are quite literally watching paint dry on the side of your house...

      --
      evil adrian
  5. Too ignorant, didn't read :) by __aavhli5779 · · Score: 5, Informative

    Cisco was actually sending this book out for free a few months ago, and thanks to somebody's making me aware of this deal I managed to snag a copy.

    I'm no network security guy, more just a mundane perl hacker, so most of the chapters were over my head and I'm not really qualified to comment on the contents, but I can at least assert that the book is indeed very comprehensive and well-written, and I liked the diagrams, though I couldn't exactly recall what they were about. My only complaint was that the focus seemed exclusive at times on only securing Cisco equipment, which means that it has a rather narrow focus if one isn't deploying their technologies.

    Hopefully some day when some corporation views my over-inflated resume and decides to trust me with their datacenter, I'll remember everything I skipped over in this quality book :)

    1. Re:Too ignorant, didn't read :) by WinterpegCanuck · · Score: 1

      I am all about pretty diagrams. I don't know if this book can top the secuirty plus one we used at school where hackers were always depicted as thin white kids at terminals wearing a mad-hatter's hat from alice in wonderland or the wardrobe of carmen sandiego, cape, fidora and all. Not to mention the firewalls were always a clip-art of a brick wall between the cloud and the office building. Where does the cloud plug in?

  6. security? by Anonymous Coward · · Score: -1, Offtopic

    What's that?

    1. Re:security? by grub · · Score: 2, Insightful


      What's that?

      Security is not a product but a never-ending process.

      --
      Trolling is a art,
  7. Security, what security! by cornholio_hehehe · · Score: -1, Flamebait

    Network security is about as secure as my drawers!

    --
    I am Cornholio I need TP for my BUNGHOLE!!! hehe hehe
    1. Re:Security, what security! by cornholio_hehehe · · Score: -1, Offtopic

      aaaaauuuugggggghhhhhh you flamed me! That was supposed to be a serious (hehe) response!

      --
      I am Cornholio I need TP for my BUNGHOLE!!! hehe hehe
  8. A to Z about network security, by geek00 · · Score: 5, Informative

    Compared to the first version of this title, the second version offers information regarding leading edge technologies such as Voice over IP (VoIP) and wireless networks. Another topic covered in the second version is Virtual Private Networks (VPN). Making the second version of this title a very well rounded resource. Another new chapter in the second addition is on Routing Protocol Security. The Routing Protocol Security chapter has some good information on several of the widely deployed Interior Gateway Protocols such as RIP, EIGRP and OSPF. The chapter covers information mostly on the authentication pieces and fundamental rules of each routing protocol and not much more.

    I found the small section on BGP in the chapter to be a little sparse and expected BGP to be covered in a bit more detail. Nonetheless, is does mention briefly, some of the challenges with BGP and a few of the proposed successors of the BGP protocol such as S-BGP and SoBGP.

    This is an all-a-round good reference for network security.

    1. Re:A to Z about network security, by webtre · · Score: 3, Insightful

      If security is your only concern you should have as many layers of security as possible with firewalls between each layer locked down as tight as possible. That said, security is never your only concern. Cost, ease of maintenance, performance, and flexibility are all important in a network design. After all, the purpose of your company is probably to get something accomplished, not to avoid getting hacked. There are times when every different network configuration is appropriate from super secure to a cable modem router to a windows box right on the internet. There is no one answer.

      --
      litigious bastards
      suck it sco!
  9. Languages can help as well by Space+cowboy · · Score: 2, Interesting

    Given that "VM" languages are being used more and more (and really, anything that handles it's own memory is the largest gain, IMHO), a lot of the attacks will be getting less and less to work with over time.

    I can't see mainstream OS's being written in Java just yet [grin - Windows JP (Java Protected), now with less memory holes!] but applications are getting more likely to be protected in this way.

    Running .NET or compiled-java is pretty much indistinguishable from running C++ programs, and they're so much easier to develop in than more-traditional languages, so perhaps the future is bright :-)

    Simon

    --
    Physicists get Hadrons!
    1. Re:Languages can help as well by Anonymous Coward · · Score: -1

      Whell, there's always LISP. Object-oriented, takes care of memory for you and there were OSes written in it. Try do a search for "LISP machines". Amazing since the language was invented (discoverer?) over 40 years ago.

    2. Re:Languages can help as well by MoralHazard · · Score: 1

      Wait... Maybe someone can explain this to me: compiled-java is when you compile your bytecode into actual machine-language beforehand to allow it to execute faster, right? And in Java, the memory allocation and de-allocation (new() calls and garbage collection) is done by the JVM, right?

      So is the JVM involved at all when you're running compiled-java, or not? It would seem like it would have to be, to handle memory, unless the compilation process builds in some kind of memory manager.

      This poster has me confused--I always thought that the big slowdown when running Java was because the JVM had to handle memory. Is the translation from bytecode to machine-language really such a huge portion of JVM's workload that running compiled-java can be "indistinguishable from running C++ programs"?

      I know it's off-topic, but PLEASE shed some light on this for me.

    3. Re:Languages can help as well by a55mnky · · Score: 3, Interesting
      Although on the surface this may appear to be true, as applications grow more and more complex, which is inevitable as users demand more and more services from corporate America, the business logic behind them dramatically increases in complexity as well.

      The trend in actual successful attacks versus theoretical or practical vulnerabilities is moving from OS and network hacks to more application based hacks - these attacks tend to focus on the business processes behind the applications per se.

      A more secure language may assist in securing the actual applications themselves it will do nothing to secure what lays behind under and over the applications.

      Until security becomes an integral part of the SDLC more VM based languages are not the solution.

      --
      Where oh where has my Underdog gone?
    4. Re:Languages can help as well by Space+cowboy · · Score: 1

      Maybe I wasn't clear. I was referring to the compile-to-machine-code not just-in-time-compiling. There is no VM in a precompiled java program, although there will be garbage collector and arrays will be checked etc.

      Tools like gcj, or newer JBuilder's will do this. There will always be some overhead for GC, but unless you're doing physics simulations running for weeks, I seriously doubt you'd notice the difference...

      Simon.

      --
      Physicists get Hadrons!
  10. funny or troll? by Anonymous Coward · · Score: -1, Offtopic

    i cant decide

  11. corepirate nazi storm troopers coming to a website by Anonymous Coward · · Score: -1, Offtopic

    near you?

    http://www.cyveillance.com/default.asp

  12. Concise!?! by Orien · · Score: 4, Funny
    at a hefty 745 pages, Designing Network Security is a concise and...

    Am the only one who sees some irony in that statement?

    --

    SCO.com uses Linux

    1. Re:Concise!?! by webtre · · Score: 3, Insightful

      You can make a book on that subject much larger if you want.
      Of course, you could write the whole book in 6 words: "Don't turn on the darn computer!"

      --
      litigious bastards
      suck it sco!
    2. Re:Concise!?! by cant_get_a_good_nick · · Score: 1

      Of course, you could write the whole book in 6 words: "Don't turn on the darn computer!"
      I prefer 4 words...
      Smash computer with sledgehammer.

    3. Re:Concise!?! by azaris · · Score: 1

      at a hefty 745 pages, Designing Network Security is a concise and...

      At least this one isn't infamous like several other topics yesterday.

    4. Re:Concise!?! by RagManX · · Score: 1

      I can secure that computer in 2 words:

      Unplug system

      There. Any single word book writers out there? :)

      RagManX

  13. mynuts won. N0T secured buy felons? by Anonymous Coward · · Score: -1, Offtopic

    you're saying that we're safe from the felonious fuddites?

    ok eye gas? fud on robbIE?

  14. Why a book ? by Krapangor · · Score: 3, Insightful

    It would be outdated 3 months after it was published.
    The only reason for buying is to get rid of the damned trees which lurk around everywhere.

    --
    Owner of a Mensa membership card.
    1. Re:Why a book ? by Anonymous Coward · · Score: 1, Informative

      While sometimes technologies become obsolete (e.g. computing power makes certain types of OLD encryption more vulnerable or some cryptographic scheme is cracked, or some software platform is now almost gone *cough*VAX/VMS*cough*) the fundamentals don't change that much.

      Hell, I picked up "Web Security, Privacy & Commerce" from O'Reilly the other day, and it has a bit on the old DOS program toneloc... you know, the wardialer from ages past. Why? It's still important to know if your computers have modems configured to answer and allow people to administer them. It's weird things like that that catch you off guard with respect to security.

  15. consice by manifest37 · · Score: 2, Funny

    concise ( P ) Pronunciation Key (kn-ss)
    adj.
    Expressing much in few words; clear and succinct.

    Last time i checked 745 pages was not "concise".

    1. Re:consice by Vaevictis666 · · Score: 1, Insightful

      Well, if being verbose would bring it to 2000 pages, I'd say 745 is concise. It depends on the depth of your topic.

    2. Re:consice by Anonymous Coward · · Score: 0

      It's a function of the amount of material covered. 745 pages is pretty compressed for a broad topic of network security. Think about how many pages it would take to adequately describe everything wrong with your sorry dumb ass, for example.

    3. Re:consice by Anonymous Coward · · Score: 0

      That's a crappy definition. Here is the right one:

      marked by brevity of expression or statement : free from all elaboration and superfluous detail

      Where did you get yours from - the children's illustrated dictionary?

    4. Re:consice by happyfrogcow · · Score: 3, Funny

      to be a geek and misquote the FotR movie,

      "A wizard is never late. He arrives precisely when he intends to."

      so in those terms, the book could be concise if it explains precisely what it intends.

  16. Condensed version by Anonymous Coward · · Score: 0
    1. Install server hardware.
    2. Install server software.
    3. Activate network.
    4. Deploy armed guard and three-headed dog. Kill all intruders or potential intruders.
    5. Repeat step 4 as necessary.
    1. Re:Condensed version by Cipster · · Score: 1

      And when that fails pull the plug?

    2. Re:Condensed version by Anonymous Coward · · Score: 0

      When that fails, the dog eats you.

  17. Linux Updates are signed by Anonymous Coward · · Score: 3, Informative

    Most RPM systems use signed RPMs, so there is a similar system. Even better, updates are not given in the form of an .exe file that you have to click on to see what it is. With Unix/Linux package managers, there is a seperation of the package and the (trusted) installer package, so you can get information on a package, including the list of files and changes before even launching the update. Also, I have not seen Linux updates that say "You cannot remove this after it is installed."

  18. It's easy by Chairboy · · Score: 5, Funny

    Designing network security is easy, I already learned about this in movies and books by Gibson. First, you need to cyberjack a killer ICE. If you use a BLACK ICE, you can actually kill the jackers that are cracking into your mainframe by overloading their neural interfaces.

    Something else you might do is write defensive viruses that sit on your router and can be deployed against attackers.

    Another thing that has good success is having circuit breakers hooked to your network interface that can channel all the power from your corporate reactor straight into the network. This will cause any attackers machine to burst into flame.

    Artificial intelligence bots can be a cheap way to get good security, but keep in mind that they can go rogue, so also keep a stable of CircuitRunners, basically AI Bounty Hunters that can track down your security AIs and terminate them if they go rogue. Symantec makes good CircuitRunners, I hear.

    Oh, be sure to hire a network administrator that 'knows linux'. It's probably best to hire someone young who has the dexterity to use the 3d flythrough administration interface.

    Good luck, and be secure in the knowledge that you can now jack into your iron in safety!

    1. Re:It's easy by xenoputtss · · Score: 1

      I agree totally! I tried admin'ing my box with the 3d fly through admin package, but the g-force was too much, i blacked out from lack of blood just doing a kernal rebuild.

    2. Re:It's easy by screwdriver · · Score: 1
      Good luck, and be secure in the knowledge that you can now jack into your iron in safety!

      Now that would make a mess!

  19. Old One Security? by Anonymous Coward · · Score: 0

    Hrm....I would be cautious about following a book on security supported by someone named cthulu, even if he is missing the second 'h'...

    1. Re:Old One Security? by Anonymous Coward · · Score: 0

      Fools! crypt and DES-3 taste the same to great Cthulhu!

  20. You're ruining my Karma! by cornholio_hehehe · · Score: -1, Troll

    First flamebait ... hehe hehe, then off topic, hehe hehe, what's the matter .. no humor!

    --
    I am Cornholio I need TP for my BUNGHOLE!!! hehe hehe
  21. totally fool proof network security system: by burninginside · · Score: 1

    Scissors

    really what more do you need?

    1. Re:totally fool proof network security system: by cant_get_a_good_nick · · Score: 1

      Wow, scissors that work on WiFi links too!!!

      Not trying to be too mean. I printed this out, and sent it to some of the admins here.

    2. Re:totally fool proof network security system: by burninginside · · Score: 1

      well if you're using a usb card it could....if not it'll take a little more effort but you can trash the card either way....

  22. Scary by Anonymous Coward · · Score: 1, Insightful

    It scares me when I see comments like "I wish I knew of this book when I was starting my security career". It really irritates me that people are so incompetent to feel that they are competent in the security without even understanding the basics.

    1. Re:Scary by Anonymous Coward · · Score: 0

      It scares me that the world is full of arrogant assholes such as yourself.

  23. IWPTA by Anonymous Coward · · Score: -1

    "Disney Network Security"

  24. Books I'd like now. by Anonymous Coward · · Score: 1, Funny

    Books that I also want now.
    The hand book of lottery ticket and sports winners for 2004-2010.
    The worst security holes of win98/winXP and their solutions for "Open MS Lic." fifth edition 2015.
    IP6 Now! how to painless update legacy IP4 appa. (2030)

    And my personal future favorite:
    The source to votedote used to mod your government up or down.

  25. I'll tell you how by Anonymous Coward · · Score: 0

    Sometimes "Troll" is used as if it were a synonym for "Inconvenient Fact"

  26. Crypto-gram newsletter by glinden · · Score: 5, Informative

    Sounds like an interesting book. If you're interested in security topics, I can't recommend Bruce Schneider's (author of Applied Cryptography, among other things) Crypto-gram newsletter. It's free and gives a great overview of the news on computer security. His focus is often on ineffective security measures that people manage to avoid and how they can be improved. Well worth reading.

    1. Re:Crypto-gram newsletter by mydrh · · Score: 1

      In addition to Schnier's excellent monthly mailing, the Dartmouth College Institute for Security Technology Studies offers a fantastic daily blog of info-security news from around the world. Well worth subscribing to, and highly informative for those interested. Website: http://news.ists.dartmouth.edu/ Newsletter Signup: http://news.ists.dartmouth.edu/cgi-bin/signup.cgi

  27. Three steps to network security by wowbagger · · Score: 1

    There are three simple steps to network security - follow them to the letter and you will never have any problems.

    The three steps are:

    1) Ban Windows from your network.

    2) Ban Doors.

    3) Ban Users.

    Follow those steps and you will never have any problems!

    --
    www.eFax.com are spammers
  28. Eliminate QA! Dev will test! PROFIT!!! by JimmytheGeek · · Score: 1

    Yeah - what are they going to say? "Of course it works. Of course I'm sure. Oh, hold on. Oops. All your base are belong to j-randon haxor. You did read our EULA, didn't you?"

  29. windows box on the internet by JimmytheGeek · · Score: 1

    Honeypot? That's about the only thing I can think of...

  30. nice 'expert' review by Anonymous Coward · · Score: 0

    I know the author. He's just an admin, and a relatively new one at that. Not what I would consider qualified to comment.

    1. Re:nice 'expert' review by Anonymous Coward · · Score: 0

      hey, you `genius`. your not suppose to say disparaging things about me...at least online. now I`m gonna have to root you with all my new skillz from this `cisco` propaganda manual. beware.

    2. Re:nice 'expert' review by Anonymous Coward · · Score: 0

      You're just jealous. Fuck off.

      -The author

    3. Re:nice 'expert' review by Anonymous Coward · · Score: 0

      good comeback. did your mom help you with that?

  31. It was a joke. Laugh, it's funny [EOM] by hal9000(jr) · · Score: 1

    Honestly, schmonesty.

  32. more reviews of this book by Anonymous Coward · · Score: 0

    VeryGeekyBooks has more reviews of this book.

  33. Speaking of which by Anonymous Coward · · Score: -1, Troll

    Sha na na na, sha na na na na,
    Sha na na na, sha na na na na,
    Sha na na na, sha na na na na,
    Sha na na na, sha na na na na,
    Aw, Yip yip yip yip yip yip yip yip
    Mum mum mum mum mum mum
    Get a job
    Sha na na na, sha na na na na
    Every morning about this time
    she get me out of my bed
    a-crying get a job.
    After breakfast, everyday,
    she throws the want ads right my way
    And never fails to say,
    Get a job
    Sha na na na, sha na na na na
    Sha na na na, sha na na na na,
    Sha na na na, sha na na na na,
    Sha na na na, sha na na na na,
    Yip yip yip yip yip yip yip yip
    Mum mum mum mum mum mum
    Get a job
    Sha na na na, sha na na na na
    And when I get the paper
    I read it through and through
    And my girl never fails to say
    If there is any work for me,
    And when I go back to the house
    I hear the woman's mouth
    Preaching and a crying,
    Tell me that I'm lying 'bout a job
    That I never could find.
    Sha na na na, sha na na na na,
    Sha na na na, sha na na na na,
    Sha na na na, sha na na na na,
    Sha na na na, sha na na na na,
    Yip yip yip yip yip yip yip yip
    Mum mum mum mum mum mum
    Get a job
    Sha na na na, sha na na na na