<< 1 >>
Rating: 
Summary: Network Security Design Must Have
Review: I have read many books in the Cisco Press and this one is up there with the best in terms of practical use, technical depth and ease of reading. The author does a great job of laying out the book in a logical manner that is sure to help Security Architects take on the daunting task of network security design with a higher level of confidence. As a systems engineer responsible for large network designs, I have found this book to provide very good information for many scenarios, a multitude of good links to provide additional resources for discussed topics as well as out of scope topics, and also a good supplement for the backround knowledge required for the CCIE Security exam, for which I am currently preparing for. I consider this one as much a must have as Doyle for IP Routing or Clarke for LAN Switching.Raymond Santini CCIE# 12315
Rating:
Summary: Recommended for professional infosec architects
Review: This comprehensive textbook is ideal for information security architects tasked with designing secure networks, both as a teaching text and as a reference. It covers:
- Good practice network security design guidelines ('axioms')
- Purpose and definition of network security policies
- Good advice on designing the network security system (i.e. the overarching network security architecture into which individual network devices must fit) from the ground up (i.e. physical security to application security, OSI layers 1 to 7)
- Specific technical advice on configuring network devices for
security ('hardening')
- Technical descriptions of the vulnerabilities in network services, accompanied by advice on how to secure them
- Typical design considerations for network perimeter ('edge') security, internal network ('campus') security and remote access (teleworker) security
- Secure network management and network security management (compared and contrasted in 40 pages) I appreciate the author's emphasis on architectural security design but he also succeeds in giving a reasonably comprehensive introduction to more specific elements of network security. This is not a hand-waving helicopter-overview of the topic but a far more substantial tome. At the same time, the clear writing style, simple diagrams and nuggets of practical advice make it an enjoyable read. The book is liberally sprinkled with URLs to useful additional resources although I fear some of them will be out of date before this book is out of print (an accompanying reference website might have been useful, Cisco!). Each chapter concludes with exam-style review questions (with answers) and further questions intended to stimulate the reader to think about the material in their local organizational context. The topic almost inevitably involves loads of acronyms so thankfully a succinct glossary is included. Three network security design examples (mini case studies) towards the end of the book demonstrate the techniques previously described. These are good for getting readers to practice thinking like a real network security architect. Despite being published by Cisco Press, the book is not specifically about Cisco products. However, the examples and several of the security features are Cisco-specific. Given the market presence of Cisco, this is not a serious drawback but a little more balance would have added credibility (e.g. security vulnerabilities in LEAP, Cisco's wireless LAN authentication protocol, are not described but merely hinted-at). All in all, this book has already proved its worth to me. I read it cover-to-cover in a couple of days and have already started using it as a reference. Recommended reading for those with a professional interest in information security architecture.
<< 1 >>
| 
