Rating: 
Summary: Review by an independent computer consultant in the Bay Area
Review: As an independent computer consultant in the Bay Area, I had read more than 20 titles on Cisco products and technologies (routing, switching, remote access, and troubleshooting) from Cisco Press and other publishers in order to be certified as Cisco Certified Network Professional (CCNP) and Cisco Certified Network Associated (CCNA). After comparing the quality of those books between Cisco Press and other publishers, such as Sybex and The Coriolis Group, I personally think that Cisco Press is still the number one source to learn Cisco products and network technologies.
Before preparing for the Cisco Certified Internetworking Expert(Security) exam, I started to search for books to study. Then, I found this very well organized book written by Saadat Malik, who is also the author of the CCIE Security written and lab exams. This book ¡§Network Security Principles and Practices¡¨(ISBN: 1587050250) is designed for network engineers or security officers to give them an in-depth understanding and help them widely implement network security in medium size or enterprise networks.
Before reading the book, I thought that it might be just like some of the books from Cisco Press which are similar to the printouts from Cisco Systems website, but this book is extraordinary by the reason of its complete explanations on the latest network security tools. After finishing the book, it should become part of your reference collection if you are serious about learning network security.
In the book, each chapter starts with a comprehensive introduction to show the big picture of each technology, such as Virtual Private Networks, IPsec, PIX Firewall, and Intrusion Detection Systems. After that, Saadat Malik illustrates the technological concepts in great detail by using graphs, examples, configurations and even case studies. You can find information on security concepts you want to learn form math formulas to complex system configurations. The parts I liked the most were the case studies which made the book different from other books since they used scenarios to show readers how to implement the concepts they just learned from the pervious chapter.
Another exceptional feature of the book was the detailed explanation on code examples. While some other books leave readers guessing the meaning of system configurations, this book showed all the settings with highlights and comments. Readers don¡¦t need to look up the those commands from other books or Cisco¡¦s website to understand those examples .
This book can help networkers to open the door of network security and candidates to get ready for the CCIE Security exam. Some people even used it for other industrial security examinations, such as CISSP and Security+, since this book was ranked as the best book for preparing networking security exams in Certification preparation websites.
Saadat Malik did a great job of writing this classic network security book. I look forward to seeing his other publications from Cisco Press. I even think about taking his class on this topic at San Jose State University.
I would rate this must-have book as 5/5 stars and I would recommended this book to all network professionals who face security threats as their networks expand and more new technologies, such as 802.1b, are implemented.
Sunny Chiu, Kwok Pang (CCNP & CCNA)
Rating:
Summary: Not just if you want to be a CCIE
Review: I am not one to read a book only to get a certification: I want to understand what's going on under the hood of all the processes operating on the network and systems I'm working on. That's a pretty tall order, and I'll probably never get all the way there. But this book is a significant help for those who think like I do. It really does cover the gamut of network security - fundamentals, network design, devices (routers, switches, firewalls, IDS), access control, VPNs and tunneling at Layer 2, some service provider-specific problems, and troubleshooting. It does not cover host-specific items, like OS or application tradeoffs, the merits of different patching regimes, etc. Frankly, those topics depend too much on why those applications and systems are present. And, as it stands, this is a big enough book, covering plenty of territory, and covering a lot of it in depth. As one example of the depth you can expect to find here, consider IKE establishing an IPSec SA between two peers. The discussion starts with the relationships among IKE's constituent parts (ISAKMP, SKEME, and Oakley), and how each contributes to the process. Next there is a substantial discussion of the two major steps in establishing an SA between the peers, including the advantages and disadvantages of Main Mode vs. Aggressive Mode during the first step. This is followed by the details of the actual messages exchanged at each point in the whole process, including the packet structures involved. There is also a good discussion of how the Diffie-Hellman Algorithm is used to create the session key without exposing it to anyone except the two peers. Finally, there's a discussion of the use of digital signatures vs. pre-shared keys for authentication, and encrypted nonces. All told, the discussion of this one aspect of VPNs covers 36 pages. When you've finished, you will understand exactly what happens during the creation of an IPSec VPN. That level of detail is typical of the coverage once you get beyond the first two chapters. Those cover some basics, just to be sure you have those fresh in your mind as you start digging into the details. I did notice a few minor errors (things like the spelling of the famous hacker's name - it's Kevin Mitnick, not Kevin Metnick), but those were really very few and far between. As an author, I know that there will always be a few items that get by everyone, including the editors and proofreaders. There are far fewer in this book than in any book of comparable size (700+ pages) that I've read in a long, long time. Because the coverage in this book is so deep as well as broad, don't plan to read it in a few days. You'll find yourself chasing things by checking the RFCs, looking again at the network's design, and so on. But if you are looking into network security, whether it's just to know more or because you're getting certified, this book is a good one to read. If you're working on Cisco's Security CCIE, it's a must read. Either way, I highly recommend it - it's five stars all the way.
Rating:
Summary: Great Book for All Security Professionals
Review: I have read quite a number of Cisco Press Titles and several books on Computer Security. Saadats's book is in the same class as some of the best I have read. As a practising Network engineer with more than six years of Enterprise wide network and System management, this is one book, I wish I had read much earlier. Its a great resource for every category of Personnel working with networks. The First Part gives you a good overview of the issues and the details become juicier with each passing chapter. No matter what level of expertise you have, you're bound to find some use for this book, and for the CCIE -Security folks out there (current and aspiring), this is surely one of the must haves, from a writer who knows what he's writing about.
Rating:
Summary: Two Thumbs Up
Review: I read a portion of this book and it is definitely 5 stars. Saadat covered too many topics in Cisco securtiy portfolio with great ease. Most of the info is hard if not impossible to find @ CCO. I liked his coverage for IPSec message flows and concepts . He gave similiar presentation @ Networkers 2002 and now it is covered in greater detail in this book. Way to go Saadat!!!!
Rating:
Summary: Essential Network Security Reference
Review: I recently had the opportunity to read Network Security Principles and Practices (ISBN 1587050250) from Cisco Press's CCIE Professional Development series. I am a CCNA currently studying for the CCSP, however I am not interested only in putting more letters on my resume; I want to understand and apply the knowledge on the networks that I work on. I want to know bit-by-bit what happens when two peers negotiate a connection and especially how it can go wrong. Additionally, what tools can I use to detect problems and monitor the health of the network? I appreciate that Malik respects and expects the reader's understanding of basic networking concepts. I have too many books on the shelf that claim to cover advanced topics, yet they spend hundreds of pages explaining the basics of subnetting or binary to decimal conversion before they dive in to content promised by the title. I am currently reading another book to prepare for the Securing Cisco IOS Networks exam (SECUR 642-501). While it adequately covers the "whats" and all of the topics required for the exam it does not always fill in the "whys". Network Security Principles and Practices has helped to fill in the gaps. Since the text is published by Cisco Press and is deigned to support the CCIE Security written exam, it is naturally Cisco-centric. However I would like to see coverage of more non-cisco solutions such as Snort for IDS or possibly typical problems creating VPN tunnels between Cisco equipment non-Cisco equipment. The organization of content within the chapters is logical and easy to navigate. Chapters are prefaced by an outline of the key topics and wrapped up with a summary and a set of review questions. Malik uses examples and drawings that are easy to understand and most illustrate common real-world scenarios. The case studies at the end of many chapters were especially valuable to me. For example each of the case studies in the PIX chapter include a description of the case, a drawing of the network topology (including host & network addresses), and most importantly the device configuration annotated with Malik's explanations. There is no need to look up the commands in another reference or to guess what concept in the chapter's text the command addresses. As one would expect from the manager of the Cisco VPN & Network Security groups, Malik's sections for troubleshooting NAT, PIX Firewalls, IOS Firewalls, VPN's, Intrusion Detection, and AAA are very thorough. Malik explains the IOS show and debug commands used for troubleshooting, as well as their output. Anyone responsible for NAT should make the NAT troubleshooting section mandatory reading for the Order of Operations and Common Problems and Resolutions sections. Every page of Saadat Malik's tome of Network Security has helped me to better understand security principles and best practices. This book will become a key text in my reference library not just for exam preparation, but for daily network security administration. This text won't collect any dust on my shelf. I rate it five out of five stars and I eagerly await new titles from Malik.
Rating:
Summary: An Excellent Reference!
Review: Many people criticize Cisco Press titles as being bound versions of the documentation that is freely available on their website. To a certain extent, I agree with that and I suppose you could say some of the same things about this book. However, this has been the most reliable and thorough title in my technical library, bar none. Like other Cisco titles, this book does suffer from minor technical mistakes and editing oversights but this does not overshadow the incredible wealth of information contained in this book. If you're looking for a comprehensive reference on Cisco network security (fundamental concepts and advanced topics), detailed discussions of IPSec and case studies to illustrate the concepts, this is your book. And, even though this book is targeted toward CCIE professional development, I found it very useful in filling in some of the gaps for lower level certifications (as I found myself preparing for the CSS1/CCSP after the tests had been updated, but not the self-study materials). If you do any work with Cisco security equipment, especially in the areas of firewalls and VPNs, you should probably have this book. It will save you a mess of time by keeping you off Cisco's website or off the phone with TAC. Really, I can't say enough good things about this title.
Rating:
Summary: An Excellent Reference!
Review: Many people criticize Cisco Press titles as being bound versions of the documentation that is freely available on their website. To a certain extent, I agree with that and I suppose you could say some of the same things about this book. However, this has been the most reliable and thorough title in my technical library, bar none. Like other Cisco titles, this book does suffer from minor technical mistakes and editing oversights but this does not overshadow the incredible wealth of information contained in this book. If you're looking for a comprehensive reference on Cisco network security (fundamental concepts and advanced topics), detailed discussions of IPSec and case studies to illustrate the concepts, this is your book. And, even though this book is targeted toward CCIE professional development, I found it very useful in filling in some of the gaps for lower level certifications (as I found myself preparing for the CSS1/CCSP after the tests had been updated, but not the self-study materials). If you do any work with Cisco security equipment, especially in the areas of firewalls and VPNs, you should probably have this book. It will save you a mess of time by keeping you off Cisco's website or off the phone with TAC. Really, I can't say enough good things about this title.
Rating:
Summary: Best ever book from Cisco
Review: Not only for exam preparation, this book is for every Cisco lover. Covers a lot of stuff, took me over 2 months to finish but I feel way more knowledgeable now.
Rating:
Summary: 1st Rate
Review: This book is extremely well organized and thought out for these topics. Some of the clearest explanations of IPSec and associated protocols I've seen anywhere. So well put together I'd recommend it for beginners and experts alike. Bill Newsham, CCNP,MCSE,CNE,CSS1
Rating:
Summary: This is the best book for the CCIE Security written and Lab
Review: This book is very well written and covers everything you need to pass the Security part of your CCIE security lab. You will still need to study your routing and switching because that is 50% of the lab. Jeremy CCIE (R/S, Security
|
