Book Description
The complete guide to the most popular Cisco PIX®, ASA, FWSM, and IOS® firewall security features
- Learn about the various firewall models, user interfaces, feature sets, and configuration methods
- Understand how a Cisco firewall inspects traffic
- Configure firewall interfaces, routing, IP addressing services, and IP multicast support
- Maintain security contexts and Flash and configuration files, manage users, and monitor firewalls with SNMP
- Authenticate, authorize, and maintain accounting records for firewall users
- Control access through the firewall by implementing transparent and routed firewall modes, address translation, traffic filtering, user authentication, content filtering, application inspection, and traffic shunning
- Increase firewall availability with firewall failover operation
- Understand how firewall load balancing works
- Generate firewall activity logs and learn how to analyze the contents of the log
- Verify firewall operation and connectivity and observe data passing through a firewall
- Control access and manage activity on the Cisco IOS firewall
- Configure a Cisco firewall to act as an IDS sensor
Every organization has data, facilities, and workflow processes that are critical to their success. As more organizations make greater use of the Internet, defending against network attacks becomes crucial for businesses. Productivity gains and returns on company investments are at risk if the network is not properly defended. Firewalls have emerged as the essential foundation component in any network security architecture.
Cisco ASA and PIX Firewall Handbook is a guide for the most commonly implemented features of the popular Cisco Systems® firewall security solutions. This is the first book to cover the revolutionary Cisco ASA and PIX® version 7 security appliances. This book will help you quickly and easily configure, integrate, and manage the entire suite of Cisco® firewall products, including Cisco ASA, PIX version 7 and 6.3, the Cisco IOS router firewall, and the Catalyst Firewall Services Module (FWSM). Organized by families of features, this book helps you get up to speed quickly and efficiently on topics such as file management, building connectivity, controlling access, firewall management, increasing availability with failover, load balancing, logging, and verifying operation. Shaded thumbtabs mark each section for quick reference and each section provides information in a concise format, with background, configuration, and example components. Each section also has a quick reference table of commands that you can use to troubleshoot or display information about the features presented. Appendixes present lists of well-known IP protocol numbers, ICMP message types, and IP port numbers that are supported in firewall configuration commands and provide a quick reference to the many logging messages that can be generated from a Cisco PIX, ASA, FWSM, or IOS firewall.
Whether you are looking for an introduction to the firewall features of the new ASA security appliance, a guide to configuring firewalls with the new Cisco PIX version 7 operating system, or a complete reference for making the most out of your Cisco ASA, PIX, IOS, and FWSM firewall deployments, Cisco ASA and PIX Firewall Handbook helps you achieve maximum protection of your network resources.
âMany books on network security and firewalls settle for a discussion focused primarily on concepts and theory. This book, however, goes well beyond these topics. It covers in tremendous detail the information every network and security administrator needs to know when configuring and managing market-leading firewall products from Cisco.â
âJason Nolet, Sr. Director of Engineering, Security Technology Group, Cisco Systems
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Customer Reviews:
A excellent, detailed book on PIX Firewall configurations.......2007-05-02
The Cisco ASA and PIX Firewall Handbook by Dave Hucaby is an excellent book on PIX firewalls and covers versions 6.x and 7.x, including FWSM configurations. There is negligible coverage of ASA and readers looking for a detailed ASA book best look elsewhere. The cream of this book is really Chapter 6 - Controlling Access Through the Firewall. A detailed chapter of running the Pix in Transparent mode, Address Translation, ACL's, Content filtering, Modular Policy Framework, along with Application Inspection. The section on the Modular Policy Framework is very good and detailed. I plan to refer to this book often when troubleshooting PIX's.
There were hardly any errors or issues with this book. For example, in Chapter 7: Increasing Firewall Availability with Failover, the author writes that Stateful firewall failover packets are sent using IP Protocol 8 (EGP). I presume they meant IP protocol 105.
The authors list configuration commands for FWSM , 6.x and 7.x versions of the PIX. Personally, I'm not too fond of this approach and would rather read commands pertaining to a single version. Commands of other versions are available at the Cisco Documentation site.
More detail, please.......2007-01-12
While the book was rather detailed in several areas, I was hoping it would be more detailed on the subject of VPN. While most of it is straight forward, configuring VPN on the 5520 was a pain. Someone reading this book should be from a large enterprise, using failover, etc. Someone from a small company that is not using these features might find it to be overkill, and start looking for other books to meet their specific needs.
Complement to other sources available.......2006-08-26
I think author did a wonderful job filling in where other popular litrature about PIX left off. I read the CCSP book, and leared alot. This book filled in stuff that CCSP book just does not talk about. Not to knock the CCSP book; each auther can only fill in so much. It is a difficult decision on what to keep and what to leave off. I find the PIX and ASA book is very practical. If you want a good understanding of this platform, then you want this book as the pliers in your tool box of knowledge. Do not expect it to be swiss army tool though. I think author was especially considerate to the reader's needs to publish items that other litrature just does not cover. There is alot of good information. Nice pictures which addressed questions I had and even posted to some CCIE sites and there was no answer. Definately worth buying.
Very little on ASA.......2006-06-26
This book is very helpful for PIX firewalls, but is mislabeled for ASA. There is very little on the ASA product. Usually just a mention of command differences between ASA and PIX. If you are looking for a book on ASA do not buy this book.
One point makes this book a must have.......2006-05-27
Most commands explained have three lines:
PIX 6.3
PIX 7.0
FWSM
This allows you to work on multiple platforms easily with one handbook. Also tells you when something ISN'T supported so you don't have to go digging on the web.
Average customer rating:
- Almost perfect....
- A valuable source of information
- excellent resource
- Great PIX reference
- A good book on Pix Platform
|
Cisco(R) PIX (TM) Firewalls
Richard Deal
Manufacturer: McGraw-Hill Osborne Media
ProductGroup: Book
Binding: Paperback
 Encryption
| Security & Encryption
| Web Development
| Computers & Internet
| Subjects
| Books
Privacy
| Business & Culture
| Computers & Internet
| Subjects
| Books
Bridges & Routers
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
Networks
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
Internet
| Home Computing
| Computers & Internet
| Subjects
| Books
| Internet & Education
| Online Searching
| Web Browsers
| Web for Kids
General
| Computers & Internet
| Subjects
| Books
General
| Software
| Computers & Internet
| Subjects
| Books
Firewalls
| Security & Encryption
| Computers & Internet
| Subjects
| Books
General
| E-commerce
| Industries & Professions
| Business & Investing
| Subjects
| Books
Look Inside Business Books
| Trip
| Specialty Stores
| Books
Look Inside Computer Books
| Trip
| Specialty Stores
| Books
All Amazon Upgrade
| Amazon Upgrade
| Stores
| Books
Business & Investing
| Amazon Upgrade
| Stores
| Books
Computers & Internet
| Amazon Upgrade
| Stores
| Books
Similar Items:
-
Cisco Security Specialist's Guide to PIX Firewall
-
Cisco PIX Firewalls: Configure, Manage, & Troubleshoot
-
Cisco Routers for the Desperate: Router Management, The Easy Way
-
The Complete Cisco VPN Configuration Guide (Networking Technology)
-
Cisco Cookbook
ASIN: 0072225238 |
Book Description
Secure your mission-critical networks with the #1 leading firewall and this definitive guide. Featuring in-depth coverage of installation, configuration, and maintenance this book will show you how to protect your data from unauthorized users and hackers.
Customer Reviews:
Almost perfect...........2007-01-05
I bought this book because I needed to learn how to use the PIX Firewall for my company. My experience with configuring firewalls (Or any Cisco device) is extremely limited, so I needed a basic book that explains how to configure a PIX firewall (what the commands do, how traffic flows, and the consequences of your actions when configuring a firewall)
This book has helped me greatly in understanding how the PIX firewall works. After reading through it and using it as a study aid for my job, it has given me the knowledge to know what I need to look for when configuring my PIX Firewall.
Unfortunately, this book has many grammatical errors that leave you confused as to what the author is trying to describe. Also, alot of the errors make you question the validity and integrity of the author's knowledge on some of the configuration examples.
Example: The author has diagrams that lay out the network design of certain scenarios, using the diagram to explain what a company's public IP address is. Unfortunately no where on the diagram does it show the public IP address. In fact, in some examples, the IP address is completely different from what the author is describing.
In summary...
If you can except that there are going to be grammatical errors and possibly even conflicting examples described in the book. Then this book will help you greatly.
After reading this book and using it to take notes and actually 'study' for it, it has helped me greatly in understanding how to configure my PIX.
Personally.... I wish there was a book that simply layed out the commands needed to configure your PIX firewall a specific way. I'd rather get the firewall configured now, and then understand how it works later.
A valuable source of information.......2005-09-12
Its contents is the best I was able to find for a relatively novice. It covers all areas with examples and diagrams that complement the explanations. A must have for newbies.
excellent resource.......2005-07-29
It gave a great for overview for beginners and yet still has good information to be kept as a reference. He also has over 100 additional pages of info on his website. Great Buy
Great PIX reference.......2005-02-07
This is a great book on how to use the Cisco PIX firewall.
Even though Cisco has great documentation, there is still a lot you can learn about PIX, and this book show you how.
A good book on Pix Platform.......2004-04-14
Complete strudy on Pix platform but there isn't a part on the Blade in Cat6500 Device based on pix tech.
Book Description
Protect critical data and maintain uptime with Cisco ASDM and Cisco Security Agent
Many people view security as a âblack-box-voodooâ technology that is very sophisticated and intimidating. While that might have been true a few years ago, vendors have been successful in reducing the complexity and bringing security to a point where almost anyone with a good understanding of technology can deploy network security.
Securing Your Business with Cisco ASA and PIX Firewalls is an extension of the work to simplify security deployment. This easy-to-use guide helps you craft and deploy a defense-in-depth solution featuring the newly released Cisco® ASA and PIX® version 7 as well as Cisco Security Agent host intrusion prevention software. The book simplifies configuration and management of these powerful security devices by discussing how to use Cisco Adaptive Security Device Manager (ASDM), which provides security management and monitoring services through an intuitive GUI with integrated online help and intelligent wizards to simplify setup and ongoing management. In addition, informative, real-time, and historical reports provide critical insight into usage trends, performance baselines, and security events. Complete with real-world security design and implementation advice, this book contains everything you need to know to deploy the latest security technology in your network.
Securing Your Business with Cisco ASA and PIX Firewalls provides you with complete step-by-step processes for using Cisco ASDM in conjunction with Cisco Security Agent to ensure that your security posture is strong enough to stand up against any network or host attack whether sourced from the Internet or from inside your own network.
"Firewalls are a critical part of any integrated network security strategy, and books such as this will help raise awareness of both the threats inherent in today’s open, heterogeneous internetworking environments and the solutions that can be applied to make the Internet a safer place."
âMartin E. Hellman, professor emeritus of Electrical Engineering,
Stanford University and co-inventor of public key cryptography
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Customer Reviews:
Completely Awesome Book.......2005-09-09
This book 'Securing Your Business with Cisco ASA and PIX Firewalls' is absolutely awesome, I wish I could give it siz stars. The sections that VERY CLEARLY explian problems that you can run into on the internet and the sections on how to deploy a new ASA device are fantastic. The Step-by-step, saved me about $2,500 - $3,000 dollars because I didn't have to hire a consultant to do the installation for me. I looked at the ASA Handbook as suggested by another reviewer, although that book is pretty good, I found this book to be much more simple and to the point.
Waste of money.......2005-08-27
Sadly, this think book is all but useless for anything beyond a very standard configuration of Cisco's (new) ASA devices.
It hardly provided more information than what you get with the Quickstart guide that's included with the appliance itself. That means some simple scenarios with an Internet connection, a DMZ and a main LAN, with a bit of NAT thrown in.
Half the book is generics, such as the importance of protecting your network and other such items. No explanation of the how's and why's. You're better off downloading the technical documents and white papers off Cisco's website. Or even poring over the PIX/ASA command line guide, even if you intend to use ASDM.
A much better choice is the "Cisco ASA and PIX Firewall Handbook".
Good Introduction, Good Instruction.......2005-08-27
Oh if life were only easier. The web must be a lot like the old west was rumored to be. Except that there doesn't even appear to be a sheriff anywhere around. All of us have to build our own little forts for protection against the bad guys. One of the best forts you can build uses the Cisco ASA/PIX Security Appliance.
You can, of course, set up the equipment without anything but the manual. But this book goes into a lot more background that is very nice to know. It starts with why they might want into your network. (I couldn't imagine why anyone would want into mine until they started attacking to use my equipment for re-mailing and bandwidth.) It then goes into they types of attacks that might be used against you.
It's probably impossible to build a totally secure system unless it isn't connected to the outside world in any way at all. But when your users want things like e-mail, web access and more, you've got to do something. The Cisco approach at least makes it very difficult for all but the most determined bad buy to get into your system.
The author has been working on the Cisco approach to security since 1996, he understands it pretty well and has a good writing style to make it understandable to you. Highly Recommended!
This Book was Great!!!.......2005-08-05
I'm a system admin in a medium size company, 800 epmloyees in 4 locations across the US. Our Security Admin position was eliminated because of budget considerations. I was forced into the role (opportunity) without any training and have been learning as I go. I needed to deploy firewall in all four locations so I bought this book- Securing Your Business with Cisco ASA and PIX Firewalls by Greg Abelar. It was a life saver. Not only was it comprehensive in it's deployment instructions but it did such a great job of explaining internet threats and why deploying these devices are so important. It also made me aware of Host Intrusion Prevention, I am going to go out and evaluate CSA.
I would recommend this book to anyone deploying ASA or anyone who would just like to understand security, why it is neccessary, what ASA will do for you and most of all how it fits into the concept of defense in depth.
EXCELLENT Source for Network Security.......2005-08-01
I've been in the security business for quite some time. This book is excellent. It not only covers network security basics in a very understandable way, but also provides you with a step-by-step process on how to deploy network security, in this case using Cisco's new ASA device. Well done, it's a great read. Hats off to Cisco Press.
Book Description
Umer Khan's first book, "Cisco Security Specialist's Guide to PIX Firewalls," ISBN: 1931836639, has consistently maintained its spot as the #1 best-selling PIX book on amazon.com by providing readers with a clear, comprehensive, and independent introduction to PIX Firewall configuration. With the market for PIX Firewalls maintaining double digit growth and several major enhancements to both the PIX Firewall and VPN Client product lines, this book will have enormous appeal with the audience already familiar with his first book.
* The Cisco Pix firewall is the #1 market leading firewall, owning 43% market share. Cisco is poised to release the newest, completely re-designed version 7 of the Pix operating system in the first quarter of 2004.
* "Cisco Pix Firewalls: configure | manage | troubleshoot" Covers all objectives on the new Cisco Pix certification exam, making this book the perfect study guide in addition to professional reference.
* Umer Khan's first book "Cisco Security Specialist's Guide to PIX Firewall" has been the #1 market leading Cisco Pix book since it was published in 2002.
Customer Reviews:
Good Reference book.......2006-11-10
This is a good reference book if you are using version 7 or below of the Pix firewall. Most of the syntax is geared for v7. There are a few slight deferences in v6.3 command syntax that aren't covered. IE generating keys for ssh use.
Overall the book seems to cover all the basics and the more advanced topics like failover configurations and firewall contexts (virtual firewalls).
It should serve well as a Pix certification resource although I haven't used it as such.
Tons of mistakes.......2006-01-23
This book is full of errors and mistakes. Most of these occur in the examples of commands. For example, at the bottom of page 131 the author explains how to use the "static" command to create a NAT mapping between an internal server and a server on the DMZ. Here is what it says....
The following configuration translates the real IP address of the internal database server (192.168.1.10) to an address accessible by the DMZ Web server (172.16.1.10):
PIX1(config)# static (inside, dmz) 10.1.1.10 172.168.1.10 netmask 255.255.255.255 0 0
What??? Look at the IP's used in the command. Completely different than what the author just described. These are the kind of mistakes this book is full of. I can overlook one or two, but I'm about 25% through the book and have encountered about 8 of these.
Poor production quality, but some useful info........2005-11-28
Anyone who has ever deployed a network and talked to a Cisco sales representative is probably familiar with the PIX device. Anyone who has ever used one knows that there are hundreds of commands and combinations available to them, and it's easy to get lost. A book like Cisco PIX Firewalls by Charles Riley, Umer Khan, Michael Sweeney, along with Thorsten Behrens, Brian Browne, Daniel Klingerman, and Ido Dubrawsky can help you navigate this powerful feature set.
While the Cisco PIX product, which actually refers to a device product line and its associated operating system, isn't open source, there is a full set of documentation available on the Cisco web site. You can look up commands and even many common tasks which can help you achieve your goal. So, a big question in my review of this book is "Does Cisco PIX Firewalls offer substantially more than these freely available documents?"
The book is not divided into any major sections, but follows a simple path. Provide an overview of the product, some of the basic functionality, and then move on to a task based approach of solutions. These include failover, VPN, IPv6, content inspection, and management with the newly designed ASDM product. This organization works pretty well.
A generic overview of security, security policy, and how firewalls play a role in that is covered in Chapter 1. The overview is very brief, and the authors seem to have included it for completeness only. If you're looking at a book on the PIX firewall, chances are you're familiar with what a firewall does in part. My only big complaint about this chapter is that some of the figures on NAT and PAT are confusing because they use RFC1918 address space (private address space) on both sides of the device. When they talk about how this is used internally and then use it externally, it gets confusing to remember which network is which. Sadly, this network structure continues into other chapters, perpetuating the confusion.
In chapter 2 you get an overview of the PIX software and hardware lines. Sadly, this chapter is a bit muddled. While the overview itself covers all the right bases, at times some additional material would have been helpful. Supplementing text descriptions with a simple picture would be nice, so that people could know at a glace which device they're looking at (ie a PIX 506E vs a 525). A software and hardware matrix would have been helpful, too, to reduce the confusion you get with Cisco's myriad of configurations. In several places, the one letter abbreviations from the output is not explained, including the firewall states and routing output. And finally, this appears to be common in this book, there's an inconsistency in bolding which text is input and which is output. The "bold is input, normal is output" convention is not always obeyed. These may sound like nits, but consistency helps with clarity, and at times the material is muddled.
Overall, there are some real strengths in the book, and a few weaknesses as well. One example of a real gem is the case study in chapter 3, showing a featured network and the associated PIX configuration. This lets you see how you would outline your goals and then achieve them using the PIX feature set and commands. This example was well written and useful. The breakdown of commands as new, existing, or deprecated is also quite useful given that the book covers a major new release, 7.0. The coverage of the new ASDM feature, which provides a GUI management interface to the PIX software, is pretty good. With that chapter, and chapter 9 covering management, you should be up and running in no time at all. The same goes for the new content inspection feature, covered in chapter 5. While it's brief, it contains a lot of useful information that you'll need to enable features. What's missing from that, though, is any serious overview of the problems the prior version of the feature, the 'fixup' command, caused in the past and if the new inspection feature suffers those same problems. Finally, the chapters on virtual private networking and failover are succinct but enough to get you started with a basic running configuration.
Sometimes there are real stinkers, though. Some of the formatting makes getting information out of the output difficult. Word wrap and oddities really detract from the quality of the material in those places. Many of the figures can be unclear due to the quantity of information they try and present. Here, two figures may have been useful instead of one fully packed figure. The book has a few errors in it, too, which may have been the result of a speedy printing cycle. Figure 2.3, for example, shows an incorrect TCP header. I suspect many of the errors, inconsistencies and other problems in it are due to two reasons. First, the publisher wanted to get this book out quickly to match the release of PIX 7.0 as closely as possible. Secondly, the number of contributing authors (6 authors and a technical editor) made a cohesive writing style and their edits difficult to choreograph completely.
Overall, Cisco PIX Firewalls has some value to it, covering new PIX 7.0 features clearly and skillfully. Unfortunately, it suffers from some production problems and errors which weaken it's strength and rating. Syngress also has four eBooks available with this book, one of which covers PIX migrations with earlier versions. While this wont replace the official Cisco documentation, it augments it nicely and, for some of the features covered, surpasses the Cisco documentation. If you're looking at deploying a Cisco PIX soon or upgrading from 6.x to 7.0, you should pick up this book.
May be used as either a classroom text or a PIX work reference.......2005-09-05
If it sounds familiar, that's because Cisco PIX Firewalls: Configure, Manage, & Troubleshoot updates a prior popular edition for Cisco PIX version 7.0, providing the same popular format along with new chapters on how to migrate to 7.0 with minimum hassle. From application inspection function charts and access control lists for ASA uses to configuring a virtual HTTP and adding solutions to common problems, Cisco PIX Firewalls may be used as either a classroom text or a PIX work reference.
Syngress - Cisco PIX Firewalls.......2005-08-15
This book explains PIX 5xx models with IOS version 7.0
I purchuase PIX 501, then I find on web: The PIX 501, PIX 506E, and PIX 520 security appliances are not supported in software Version 7.0, but when you register this book at Syngress you can download Complete E-Book for PIX Software 6.x
This is my first contact with PIX, and this book helped me to manage firewall quite nice.
Average customer rating:
- Best Book on Cisco Pix Firewalls
- Very Useful book
- Good Resource
- Great book
- Great PIX book
|
Cisco Security Specialist's Guide to PIX Firewall
Umer Khan ,
Vitaly Osipov ,
Mike Sweeney , and
Woody Weaver
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback
Privacy
| Business & Culture
| Computers & Internet
| Subjects
| Books
Bridges & Routers
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
General
| Certification Central
| Computers & Internet
| Subjects
| Books
General
| Computers & Internet
| Subjects
| Books
General
| Operating Systems
| Computers & Internet
| Subjects
| Books
Firewalls
| Security & Encryption
| Computers & Internet
| Subjects
| Books
General
| E-commerce
| Industries & Professions
| Business & Investing
| Subjects
| Books
Look Inside Business Books
| Trip
| Specialty Stores
| Books
Look Inside Computer Books
| Trip
| Specialty Stores
| Books
All Amazon Upgrade
| Amazon Upgrade
| Stores
| Books
Business & Investing
| Amazon Upgrade
| Stores
| Books
Computers & Internet
| Amazon Upgrade
| Stores
| Books
Similar Items:
-
Cisco(R) PIX (TM) Firewalls
-
Cisco ASA and PIX Firewall Handbook
-
Cisco PIX Firewalls: Configure, Manage, & Troubleshoot
-
The Complete Cisco VPN Configuration Guide (Networking Technology)
-
Cisco Cookbook
ASIN: 1931836639 |
Book Description
Cisco Security Specialist's Guide to PIX Firewall immerses the reader in the highly complicated subject of firewall implementation, deployment, configuration, and administration. This guide will instruct the reader on the necessary information to pass the CSPFA exam including protocols, hardware, software, troubleshooting and more.
Cisco Security Specialist's Guide to PIX Firewall introduces the basic concepts of attack, explains the networking principals necessary to effectively implement and deploy a PIX firewall, covers the hardware and software components of the device, provides multiple configurations and administration examples, and fully describes the unique line syntax native to PIX firewall configuration and administration.
Ø Coverage of the Latest Versions of PIX Firewalls. This book includes coverage of the latest additions to the PIX Firewall family including the CiscoSecure PIX Firewall (PIX) Software Release 6.0.
Ø Must-have desk reference for the serious security professional. In addition to the foundation information and dedicated text focused on the exam objectives for the CSPFA, this book offers real-world administration and configuration support. This book will not only help readers pass the exam; it will continue to assist them with their duties on a daily basis.
Ø Firewall administration guides? Syngress wrote the book. Syngress has demonstrated a proficiency to answer the market need for quality information pertaining to firewall administration guides. Configuring ISA Server 2000: Building Firewalls for Windows 2000 (ISBN: 1-928994-29-6) and Checkpoint Next Generation Security Administration (ISBN: 1-928994-74-1) are currently best sellers in the security market.
Download Description
Demystifying the task of implementing, configuring, and administering Cisco's PIX firewall appliances, Cisco Security Specialist's Guide to PIX Firewall delivers a total solution both for managing these widely used devices and for passing the challenging Cisco Secure PIX Firewall Advanced Exam (9E0-571), a prerequisite for gaining prestigious Cisco Security Specialist 1 certification. Packed with insider tips and techniques on protocols, hardware and software components, troubleshooting and more, this powerful advisor illustrates attack concepts, explains must-know networking principles for optimizing and integrating PIX firewalls, sets forth real-world configuration and administration examples, and helps users master Cisco's infamous command line interface.
Customer Reviews:
Best Book on Cisco Pix Firewalls.......2006-11-03
I bought this book for reference rather than than study use, but it has served its purpose well. First, this book provides decent coverage of Cisco Pixes. Brief overviews are provided of key technical concepts - enough that you can understand what exactly you're configuring. Secondly, the book provides excellent example configurations, even going so far as to step you through basic software setup. (i.e. A step-by-step guide to setting up the integrated PPTP Windows 2000 VPN client, including screenshots). Finally, it provides some of the best coverage of Cisco Pixes that I've found outside of Cisco's website.
There is only one thing I would have liked to see included in this book: A basic configuration example for those who want to use the Cisco Pix as a termination point for Cisco VPN Client connections. For THAT, I had to go hunting for information on Cisco's website. Thus far, this is my only complaint about the book.
I can whole-heartedly recommend this book for anybody who needs a good reference on setting up, configuring, and managing Pix firewalls.
Very Useful book.......2005-10-26
I got this book to configure a Cisco Secure ACS with VPN clients, and i reached my goal. And you can get many other topics in a cookbook style. You can read the technical information or only take ideas from examples. Excellent PIX firewall book.
Good Resource.......2005-08-19
This book well and truly paid for itself after the first couple of chapters. We found a number of areas where our setup was wrong and this book provided a very indepth look at the PIX product and enabled us to fix this easily and quickly. Good book for all users.
Great book.......2005-04-14
Excellent book, everything you want to know about the Pix. Very thorough, topics are explaned well, in great detail and with good examples. This is the best Pix book on the market that I know of.
Great PIX book.......2005-02-07
If you use PIX, get this book, it has a LOT of great info.
Amazon.com
Simply put, Cisco Secure PIX Firewalls fills a market need. No other book on the market covers Cisco firewall hardware to the extent this one does. Indeed, no other book covers the Cisco Secure PIX products exclusively. Regardless of whether you aspire to earn a Cisco security certification or take the Cisco Secure PIX Firewall Advanced (CSPFA) class for which this is the official textbook, you'll benefit from the authors' treatment of their subject. Relatively little of their work is straight documentation of commands and procedures, though there's enough of that to make this book a good reference. Much more attention goes to typical PIX engineering problems, which the authors use as a context for explaining the more mechanical aspects of IOS syntax and configuration files.
There's a fair amount of background information for each covered topic. In the chapter on IPSec, for example, you'll find definitions of key terms and concepts (like RSA signatures and the Diffie-Hellman protocol) and comments on the relative strengths of many of them. Once that's out of the way, the necessary configuration is presented as a series of tasks, many of which include procedures in which some steps involve hands-on work (doing something at the command line) and others center on decisions to be made and policies to be established. Tables of relevant commands, arguments, and options back the steps where they're appropriate. --David Wall
Topics covered: This book deals specifically with the Cisco Secure PIX 506, 515, 520, 525, and 535 units. With respect to those firewalls, the authors show how to configure address translation, accounting, logging, IPSec (virtual private networks--VPNs--particularly), authentication, and SNMP and DHCP services. This is comprehensive Cisco Secure PIX documentation for installers and administrators (and also for hackers, so pay attention).
Book Description
Reduce the threat of network attacks with an authorized self-study guide
One of the primary components of any organization's security policy is the implementation and maintenance of firewalls. Firewalls are network devices residing at the perimeter of corporate networks that protect internal networks from intrusion by the outside world. The integrated hardware/software PIX Firewall series delivers high security without impacting network performance while scaling to meet the entire range of customer requirements.
Based on the official instructor-led training course (Cisco Secure PIX Firewall Advanced-CSPFA), Cisco Secure PIX Firewalls teaches you the skills needed to describe, configure, verify, and manage the PIX Firewall product family and the Cisco IOS(r) Firewall feature set. Starting with a discussion of hacking methodologies and internal and external threats, this book opens by describing the Cisco Security Wheel, emphasizing network security as a continuous process. The authors then familiarize you with the characteristics of the various PIX models and examine upgrade tasks. This book covers basic installation details, as well as how to enable more advanced features and access control. In addition, this book details management and monitoring with PIX Syslog services and the PIX AAA subsystem. You also learn to configure the PIX Failover mechanism, IPSec on the PIX, and the Cisco IOS Firewall feature set. The appendixes provide helpful references, including configuring PIX intrusion detection features, SNMP management support, DHCP client and server, Secure Shell Protocol (SSH) connection, and dozens of security-related resources.
Whether you are preparing for the Cisco Security Specialist 1 certification or simply want to understand and make the most efficient use of PIX Firewalls, Cisco Secure PIX Firewalls provides you with a complete solution for planning, deploying, and managing PIX Firewall protected networks.
- Prepare for the Cisco Security Specialist 1 PIX exam with the official CSPFA self-study guide
- Understand the physical characteristics of PIX models 506, 515, 520, 525, and 535, including LED information and port and slot numbering
- Upgrade PIX OS code, perform password recovery, and install feature licenses
- Configure IPSec Phase I and Phase II Security Associations
- Configure Cisco routers to perform Context Based Access Control (CBAC)
- Examine the many operating features of the PIX, such as Cut-Through Proxy, Advanced Protocol Handling, Attack Guards, and the Adaptive Security Algorithm (ASA)
- Learn the ins and outs of address translation and access control
- Install the Cisco Secure ACS server and configure corresponding services on the PIX to authenticate and authorize users and services
- Understand attack guards such as Syn Flood, Fragmentation, AAA, DNS, and Mail
- Examine the workings of the PIX failover mechanism and learn the difference between failover, stateful failover, interface testing, and the failover poll
David W. Chapman Jr., CCNP(r), CCDP(r), CSS-1, is a Cisco Security Instructor with Global Knowledge. As Course Director for the Cisco Secure PIX Firewall course, David is charged with maintaining the integrity and quality of the course offering and mentoring instructors new to the course.
Andy Fox, CCSI(tm), CCNA(r), CCDA(r), CSS-1 is a Certified Cisco Systems Instructor with Global Knowledge. Andy has been teaching Cisco Certified Classes for more than five years and is the Course Director for the Managing Cisco Network Security course.
Customer Reviews:
Slender book tries to teach all about PIX.......2006-02-01
David Chapman and Andy Fox's `Cisco Secure PIX Firewalls' book covers PIX IOS through 6.0. The book is of value if one is working on a PIX IOS that still utilizes `conduit' commands rather than access-control lists. The book is slender and mostly displays configurations that can be found on the Cisco website. What I did like was `The Six Basic Commands for Cisco Pix Firewall Configuation' on page 56. Over the next several pages, the authors pound into your head the value of these 6 commands (nameif, interface, ip address, NAT, global and route).
I give this book 3 pings out of 5:
!!..!
Fair.......2004-06-26
This book must have been written before access-lists were implemented into PIX OS because it does not cover that. It covers conduits, which Cisco has replaced with access-lists. Also, the book contains a lot of command syntax and it's my impression that I could have got the same information by going through the PIX documentation on Cisco's site. This may have been a good book a while ago but I don't really recommend it at this point because it's outdated. I also find myself refering to it sometimes and always go back to online documentation to find what I need.
The Power of the PIX.......2003-11-18
The Editors of this book have done a fairly good job at explaining what "powers" the PIX Firewall possesses. This book is a great starting point for those of us who are learning the PIX and have very little experience with it. However, there are some portions of this book where experience will allow you to more thoroughly understand the concepts. The beginning of this book explains the types of PIX hardware that are available and best suited to a company's needs. It also breaks down the PIX models to the component level, giving you an understanding of the hardware configuration.
The first few chapters give a very good understanding of how to configure a PIX firewall from scratch. You would be able to get a PIX up and running in a matter of minutes, albeit it would not be as secure as it could be. Of course a company's security needs will dictate how the PIX will be implemented. Descriptions of commands and their uses are given and explained, but there are some sections of this book that requires some experience with the PIX for it to make sense. The section on password recovery is a very important one as people come in and out of tech positions all the time and passwords are always changed in the process. However, to the inexperienced reader, how would one know what software version you are running if you cannot get into the firewall? The authors do not explain how you would find out this information. If we are trying to do a password recovery, we more than likely are not able to get into the PIX to find out what software version we are running to begin with. Like I stated earlier, this may be an answer of experience. It may boot up and show the software version. For those of us who do not have access to a PIX or the relevant experience, it would be helpful for the authors to delve deeper and give us an explanation.
After getting through the first few chapters of basic commands on the PIX, it moves into the heavy duty security and authorization features of the PIX. Now we're getting into the nitty gritty of the firewall. Understanding of security features are explained in detail. AAA, VPN, and IPSec are emphasized in the latter chapters of the book. Authentication, Authorization, and Accounting is used to determine who a person is that is accessing the network. This security feature keeps out people who should not have access to your network. The VPN functionality of the PIX keeps you from having to purchase extra hardware or software. IPSec is explained and heavily used in the encryption of pertinent data that passes through the firewall. The book also explains the many different algorithms of encryption available for use with IPSec.
Now you may be thinking, "So what if my PIX were to fail"? The book explains the failover aspects of the PIX very well. Of course, you would have to be lucky enough to have two PIX firewalls on hand. I had no problems understanding the process of what happens when/if a component were to fail. The self-troubleshooting aspects of the PIX prior to failover are discussed as well. Any beginner reading this book would have a thorough understanding of how to setup a redundant firewall.
All in all, this book was well written and informative. It is easy enough for a beginner to pick up and understand. The notes in the book are great for possible scenarios that may arise in implementation. The examples are easy to follow, but the addition of a PIX simulation software would have made the steps more enjoyable. This book is a good starting point for those of you who are interested in Network Security and are pursuing a certification path in that direction. On a scale of 1-5, I give this book a 4. It was easy to read and to understand. I would definitely read titles from these authors again.
Great Book to get your PIX up and running........2003-08-05
Bought this book and a PIX 525 at the same time, and although I had worked with Cisco routers before I found this book indispensable. I still use it as a reference for any configuration changes I make to the PIX. It may not go into the depth on some items, i.e. VPN or IDS, but it give a good overview of all the things it will take to get your PIX up and running fast.
Limited but concise.......2003-06-24
I used this book to teach the matter to a group of novices, and I can say that it accomplished its mission. It gave to the students the backgroud they needed to undertand the technology, while orienting them through some basic hands-on labs. There are topics for which they needed further reference, specially when I came to ACS and VPNs.
Naturally, it wasn't made as an exam preparation reference (at least it is what I find out), though it has some knowledge assessment questions that help in the learning process.
If you are new to PIX Firewalls, this could be a good starting point.
Book Description
Cisco authorized self-study book for CCSP 642-521 foundation learning
- Gain proficiency with new features of PIX Firewall version 6.3, including OSPF, 802.1Q VLANs, NAT-T, and more
- Learn the ins and outs of the PIX product family and its complete feature set
- Use the PIX Device Manager (PDM) 3.0 to configure and manage the PIX Firewall
- Use advanced techniques to control traffic on your network using ACLs (access control lists), content filtering, and object groups
- Improve security using PIX Firewall attack guards, intrusion detection, and shunning features
- Learn about techniques and security considerations for configuring OSPF on PIX Firewall version 6.3
- Configure scalable site-to-site and client remote access VPNs using the PIX Firewall version 6.3
- Configure high-availability solutions using stateful and LAN-based failover techniques
- Use logical interfaces and 802.1Q trunks to scale your PIX Firewall implementation
-
- Configure the PIX Firewall Services Module (FWSM)
The use of firewalls-devices residing at the network perimeter to protect against intrusion-is an essential building block to even the most basic security program. Cisco Systems has continued the support and development of the PIX OS to provide networks top-notch security while maintaining compatibility with the latest standards and protocols. Now offered in many models, the PIX Firewall is perfectly suited to meet the requirements of small offices (501 model), medium to large businesses (506E, 515E, and 525 models), and large enterprise and service provider customers (525 and 535 models and the Firewall Services Module). CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, offers in-depth configuration and deployment information for this popular and versatile firewall solution.
CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, teaches you the skills needed to configure and operate the PIX Firewall product family. Chapter overviews bring you quickly up to speed and help you get to work right away. Lab exercises and scenario-based solutions allow you to adapt configurations to your network for rapid implementation, helping you make the most of your PIX Firewall. Chapter-ending review questions test your knowledge. PIX Device Manager (PDM) configuration procedures are presented to complement extensive coverage of traditional CLI commands.
Whether you are looking for a reference guide on working with the various PIX Firewall models or seeking a study tool for the CSPFA 642-521 exam, CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, supports your effective use of the PIX Firewall.
CCSP Self-Study: Cisco Secure PIX Firewall Advanced (CSPFA), Second Edition, is part of a recommended learning path from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
This volume is in the Certification Self-Study Series offered by Cisco Press. Books in this series provide officially developed training solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.
Customer Reviews:
The Labs don't work!.......2005-11-12
I purchased this book to prepare Cisco's 642-521 certification exam on the PIX firewall. There is alot of useful information and the book is pretty thorough. However, I got a couple of PIX's and tried to go through all the labs which follow the chapters. Not everything is covered. Chapter 10 on Routing has no labs at all. Almost no lab works as written. Mostly there are small errors like using a hostname which has not been mapped to an IP address. Some are pretty extreme. For example, the labs in Chapter 16 try to connect servers on remote lans without setting up either routing or NAT. The also do nothing to allow the IPsec traffic through the firewall. There is an access list created for NAT in step 2 but it is never applied to anything. Missing from the solution are the statements:
nat (inside) 0 access-list nonat
sysopt connection permit-ipsec
route outside 10.0.2.0 255.255.255.0 192.168.2.1
It works once you add these commands, but they are also missing from the errata on the ciscopress web site. That includes several pages of corrections to the text without any corrections to the labs.
If the labs had worked, I would have given it five stars, but since they don't, it only gets three. This seems to be a common problem with Cisco Press. The extreme worst case is CCNP Practical Studies: Routing. That is a whole book of just routing labs but again, hardly any work as written.
CCSP SELF-STUDY: Cisco Secure PIX Firewall Advanced.......2004-03-11
Overall, this is a very good intermediate level text on Cisco firewalls. It is not for the beginning networker. Having an understanding of topics such as VLANS, access lists, NAT, PAT, and routing protocols is a prerequisite, if one wants to utilize the text to its fullest potential. With this understanding, this book becomes a powerful reference on setting up a Cisco PIX firewall. It walks one through the necessary steps of configuring a firewall in various different networking environments. The scenarios provided in the text can be adapted for most small to medium-sized networks. As one continues reading, the level and depth of material gets progressively more difficult. This increased difficulty may appeal to the advanced networker. Topics in this category include VPNs, attack guards, and enterprise management will not make sense to the novice, but add value and depth to the text.
Simply put, this book is a good reference and study aide on the topic of PIX firewalls. It is worth reading, if you are interested in learning basic topics or even some advanced ones. What you get from this book totally depends on the amount of time and work you put into reading and/or studying the text. This book will remain on my shelf as a valuable reference as I could not find much to fault.
Good Reference.......2004-02-18
I grabbed the book as I got in to a project where I needed to configure Failover PIX system. Given no prior experience with PIX, this book was very handy. However, I still had to consult Cisco website for useful and up-to-date information for PPTP, MPPE, etc.
Amazon.com
It's a tough market these days for network consultants, but the one commodity there's lots of is fear. There's loads of stuff to be scared of. Which means that canny network experts can get some work by offering to protect computer networks from unauthorized access. It's best to earn a certification before you go touting yourself for work, though. Cisco Systems' Cisco Secure PIX Firewall Advanced (CSPFA) rating is a good vendor-specific one, and is sure to help get you in the door for security work at places with lots of Cisco equipment. CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide brings you up to speed on the PIX firewall line, with emphasis on the coverage of the CSPFA exam.
Like the other books in the Cisco Press certification line, this one reads like an instructor's lecture, albeit frequently supplemented by reference material (command documentation, for example). The authors begin with material that should be familiar to a Cisco Certified Network Associate (CCNA) or anyone else with basic network grounding, and build from there into the more specialized areas of VPNs, NAT, and access-control lists as they pertain to PIX environments. As always, you'll learn more if you have a testbed PIX firewall on which to try the procedures that appear in the text (the companion CD-ROM holds no simulator, only a quiz program), but this book gives test candidate a great base from which to work. --David Wall
Topics covered: The stated objectives of the two CSPFA exams, one of which candidates must pass in order to earn the Cisco Secure PIX Firewall Advanced (CSPFA) certification. The two exams are 9E0-111 (soon to be retired) and 642-521. Coverage includes PIX firewall installation and configuration, as well as techniques for adding such services as remote access management, virtual private networks (VPNs), network address translation (NAT, and accounting features.
Book Description
Official self-study test preparation guide for the Cisco CSPFA 642-521 exam
Coverage of the CSPFA topics enables you to fill your knowledge gaps before the exam date. You'll learn about:
- The comprehensive line of Cisco PIX Firewall products and the technology and features central to each one
- Transport protocols, Network Address Translation (NAT), and Port Address Translation (PAT)
- Reporting, tool use, and administration using Firewall MC
- Using access control lists and URL filtering
- Attack guards and intrusion detection
- Cisco Firewall Services Module (FWSM) deployment and configuration
- Concepts and configurations that support failovers
- Enabling a secure virtual private network (VPN)
- Using Cisco PIX Device Manager to configure a firewall and create VPNs
Becoming a CCSP distinguishes you as part of an exclusive group of experts, ready to take on today's most challenging security tasks. Administration of the Cisco PIX Firewall is a difficult and complex task, critical for protecting a network. Whether you are seeking a PIX-focused certification or the full-fledged CCSP certification, learning what you need to know to pass the Cisco Secure PIX Firewall Advanced (CSPFA) exam will qualify you to keep your company's network safe while meeting business needs.
Each chapter of the
CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition, tests your knowledge of the exam subjects through features such as quizzes, sections that detail exam topics to master, and summary sections that highlight essential subjects for quick reference and review. Because experienced IT professionals agree that the most demanding portion of their jobs is troubleshooting, the final section of this book includes scenarios dedicated to troubleshooting Cisco PIX Firewall configuration. This includes a description of the problem, a portion of the system configuration, debug output, and suggestions to help you resolve the issue. The companion CD-ROM's customizable testing engine enables you to take practice exams that mimic the real testing environment, focus on particular topic areas, randomize answers for reusability, track your progress, and refer to the electronic text for review.
CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition, is part of a recommended learning path from Cisco Systems that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
Companion CD-ROM
This companion CD-ROM contains a test bank with more than 100 practice exam questions unique to this book.
CD-ROM test engine powered by www.boson.com. Boson Software is a Cisco Learning Partner.
This volume is part of the Exam Certification Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.
Customer Reviews:
This book was worthless..........2005-04-21
Just took the exam and passed - barely. If I hadn't taken the actual Cisco training class I would have failed and this book would have been the prime reason. The exam was MUCH more in depth on a NUMBER of areas that the book did not even being to go deeper then about a paragraph into, if at all. This book was poorly written, difficult to use, the examples were horrible and it CERTAINLY WAS NO USE FOR EXAM PREP - DO NOT BUY THIS BOOK.
The Pix FOS is already pretty unfriendly (compared to IOS) and a book that didn't just show you the help output and then break the option into tables (which looked lifted from CCO) would have been a big help - you know, something with actual explanations of how things are configured an such. This book was nowhere near this and a real disappointment, especially since it's a "Cisco Press" book. What the book turned out to be is was a hack job that was poorly put together, inaccurate, and useless for exam prep - which is horrible since it is marketed as a CCSP "self study guide." There were even examples that were wrong within the book.
BEWARE.
-Calvin
Fair at best, very poor practice exam.......2004-04-12
The study guide is only moderately valuable, and sometimes confusing. Worse, the practice exam is sometimes blatantly incorrect.
Example: What kind of protocol is easiest to spoof?
Possible answers: UDP, TCP, ICMP, All protocols, or DNS
The "correct" answer is "TCP is the more difficult to spoof..."
I've found a few other errors, making the practice test virtually useless. In the example, the given answer is correct for a different question. In some cases, the answer is actually wrong for the question.
I'm disappointed that an "official" study guide from Cisco Press has so many issues.
Don't waste your time.......2004-03-05
I can't add much to the comments already posted here, except to support the view that this book is a waste of time and money. It will NOT help you pass the exam. Even if it covered all the material (in my estimation, it omits ~20% of the required curriculum), it still simply copies or paraphrases the (free) Cisco Configuration and Command Reference guides.
At best it's a waste of money, at worst it will give you a false sense of what is required for the exam.
Incomplete and Replete with Errors.......2004-02-17
The previous reviewer's comment that it's better than nothing is pretty accurate. The book is not organized with the exam objectives in mind, and it appears to have undergone no quality control checks whatsoever. To call some of these mistakes typographical errors is graciously optimistic.
Even the accompanying practice exam was flawed. About 10 minutes into it I got a question whose "correct" answer logically contradicted the parameters of question itself. I'll never know how good or bad the remainder of the exam was, because I immediately uninstalled the program in disgust.
My biggest complaint, however, is that too much material covered on the exam is missing from the book. Sure, the book will get you throught he basics of setting up a PIX firewall, but topics such as the Firewall Services Module, the CiscoWorks Firewall Management Console, and the Auto Update Server are conspicuously absent. And these topics were prevalent on the exam.
With that said, I did pass the exam on the first attempt. But it was thanks to some of the other practice exams and source materials that I was able to make up for the deficiencies and errors in this book. Had I taken this book as gospel, I have no doubt that I would have failed.
I need these study guide books to get me through the CCSP certification, but I am certainly going to avoid anything else by these two authors if possible. Frankly, I'm not sure they understand how some of these technologies (e.g., VPN protocols) really work. They certainly haven't explained them well to me.
Fair Reference... Poor Study Guide.......2004-01-19
CCSP Cisco Secure PIX Firewall Advanced - Exam Certification Guide by: Greg Bastien and Christian Abera Degu is a good source for anyone that is interested in setting up and configuring a Cisco PIX. I found page after page of useful information without all the unnecessary filler introduced by other authors.
If you have no experience with a Cisco PIX this book is a good start. It can help you select the proper model for your needs. Each model has different features that may or may not be important to your use. The differences are outline in a model by model summary followed by a complete comparison chart of the all the models.
Once you select your model you will need the basics to get going. The authors do a great job of covering the commands that you will need to get started. Examples highlight the usage, which helps when there are multiple arguments available for a single command.
As you progress through the book the subject matter increases in complexity, but the authors keep you informed. Cicso has built in the power to their operating system, but unleashing that power needs some explaining. The advanced commands are helpful since there are times when difficult configurations push us to the test. Having the insight to the power and proper use of certain commands and configurations help us overcome these obstacles.
I was impressed with the scenarios provided in the end. I like the way that the authors challenged me with their configurations and tested my skill and understanding. Their explanations have helped me to reconsider and change my configuration and setup to provide for a more secure network, which is something that we all need these days.
On the book's negative side I found quite a few errors in spelling and grammar. It seems to have been poorly proofread. I found the word "network" spelled "netowrk." How does that get by? My spellchecker corrected it for me, but somehow this made it passed the spellchecker used by the authors and was not caught by the proofreaders.
There are a few sections where I found some copy and paste errors. For example in the section regarding the Cisco 520, the body text reads "Cisco 515" in error. This leads to some confusion if you are not alert. It could easily lead you to believe the Cisco 515 can function the same as a Cisco 520, which is not always the case.
Another annoyance is the fact that some of the figures in the book do not use the same IP scheme as what is written in the text. It is as if the scenario or configuration was written and the figure was not updated to correspond, or vise versa. This makes it a little hard to follow along. I found it easier to correct the figure with a pen then to change the text.
Overall I feel that the book is a good reference guide, but does not make the cut for a study guide. There are too many errors that are distractions while studying. I should not need to hold a pen in my hand as I read along to make corrections. That is the job of proofreading.
Book Description
This is the only book available on building network DMZs, which are the cornerstone of any good enterprise security configuration. It covers market-leading products from Microsoft, Cisco, and Check Point.
One of the most complicated areas of network technology is designing, planning, implementing, and constantly maintaining a demilitarized zone (DMZ) segment. This book is divided into four logical parts. First the reader will learn the concepts and major design principles of all DMZs. Next the reader will learn how to configure the actual hardware that makes up DMZs for both newly constructed and existing networks. Next, the reader will learn how to securely populate the DMZs with systems and services. The last part of the book deals with troubleshooting, maintaining, testing, and implementing security on the DMZ.
· The only book published on Network DMZs on the components of securing enterprise networks
· This is the only book available on building network DMZs, which are the cornerstone of any good enterprise security configuration. It covers market-leading products from Microsoft, Cisco, and Check Point
· Provides detailed examples for building Enterprise DMZs from the ground up and retro-fitting existing infrastructures
Customer Reviews:
large, but not well executed.......2006-11-01
i used to install firewalls as a consultant, and i spent a lot of time looking at varius configurations. in the intervening years, i've had the chance to keep current and examine a number of firewall devices for new features, configurations, and also look at some of the changes new technologies (ie WiFi) have brought. all in all, i think i was was pretty well prepared to look at "Designing and Building Enterprise Dmzs" from the angle of someone who's a moderate level firewall user.
i think it's fair to say that i'm disappointed in this new volume from Syngress, for numerous reasons. but before i get to the nits and complaints, i'll start with what i did like.
the book is large, nearly 700 pages of text covering a number of major commercial firewall products, such as checkpoint, nokia, microsoft, cisco, juniper netscreen, and sun. i like th fact that the authors were ambitious (more on that later), you do wind up with a lot of information in a single volume. if you've read firewalls books before, like the canon from oreilly, then you know a lot about firewalls, but you've probably understood that things are changing. new technologies require new solutions, and new offerings have hit the market. firewalls are now more abundant, more feature filled, and this book does a good job of tackling these products with, often, a good attempt at key coverage.
what i also like about this book is that it's not only about technologies, it's about management and about network layouts. this book doesn't pretend that there's one network, but instead shows how various approaches for various needs can be applied. the authors try to show you how each product's features can support those requirements, and what technologies can be used to guard access or secure hosts in a DMZ. this isn't just a book about firewalls and products.
ok, on to the complaints. you know a book is bad when you spot errors such as a bad CIDR specification for RFC 1918 address space (table 1.4), lots of port lists, and a brief primer on "servers" an services buried deep in a chapter on security cisco routers (chapter 11, page 540). i suspect the last point is due to the numerous authors in the book and a failure to find a cohesive structure, but that's a major failing of the book. it doesn't find a consistent voice and doesn't provide consistent coverage of the topics.
some chapters spend more time reviewing marketing materials for products (ie the chapter on juniper netscreen devices, chapter 9) than on getting down to a real feature comparison. this is a real failure of this book. the authors have a chance to cover all major commercial firewalls out there in a clear and unified way, taking an approach that can unify solutions across all, and haven't done so. you wind up with inconsistent coverage and have difficulty in finding the same information in any of the chapters. it's very tough to have multiple authors writing a book, but the editors should have budgeted time to provide a cohesive voice or enforced coverage standards. the reader would have benefitted dramatically for that.
as is often the case with syngress books, the screenshots are too often poorly done. again, this seems to be a function of the chapter and, i'm presuming, the author (based on their stated strengths in the intro to the book). the chapters using web-based and UNIX tools are often filled with poor quality, full screen screenshots that are illegible due to the scaling. the chapters on windows-based tools often have only a small window as a screenshot, enabling better legibility. care needs to be taken for these sorts of things.
the quality of the writing is ok, but it could be better overall. again, a function of the authors, i think, and not a strong editing job. often the writing is not very clear or well organized, and overall the book suffers for it. there's some good info in here, but it's buried under unclear and poorly organized text.
you should look over this book carefully if you're thinking about buying it. this will probably target people in large, heterogeneous environments or people studying for exams. i doubt someone will have all of these technologies in their production environment. however, if you want to see a lot of different firewalls compared, this is worth looking at, but be cautious about buying it.
Book Description
Cisco ASA, PIX, and FWSM Firewall Handbook, Second Edition, is a guide for the most commonly implemented features of the popular Cisco® firewall security solutions. Fully updated to cover the latest firewall releases, this book helps you to quickly and easily configure, integrate, and manage the entire suite of Cisco firewall products, including ASA, PIX®, and the Catalyst® Firewall Services Module (FWSM).
Organized by families of features, this book helps you get up to speed quickly and efficiently on topics such as file management, building connectivity, controlling access, firewall management, increasing availability with failover, load balancing, logging, and verifying operation.
Sections are marked by shaded tabs for quick reference, and information on each feature is presented in a concise format, with background, configuration, and example components.
Whether you are looking for an introduction to the latest ASA, PIX, and FWSM devices or a complete reference for making the most out of your Cisco firewall deployments, Cisco ASA, PIX, and FWSM Firewall Handbook, Second Edition, helps you achieve maximum protection of your network resources.
âMany books on network security and firewalls settle for a discussion focused primarily on concepts and theory. This book, however, goes well beyond these topics. It covers in tremendous detail the information every network and security administrator needs to know when configuring and managing market-leading firewall products from Cisco.â
–Jason Nolet, Vice President of Engineering, Security Technology Group, Cisco
David Hucaby, CCIE® No. 4594, is a lead network engineer for the University of Kentucky, where he works with health-care networks based on the Cisco Catalyst, ASA, FWSM, and VPN product lines. He was one of the beta reviewers of the ASA 8.0 operating system software.
- Learn about the various firewall models, user interfaces, feature sets, and configuration methods
- Understand how a Cisco firewall inspects traffic
- Configure firewall interfaces, routing, IP addressing services, and IP multicast support
- Maintain security contexts and flash and configuration files, manage users, and monitor firewalls with SNMP
- Authenticate, authorize, and maintain accounting records for firewall users
- Control access through the firewall by implementing transparent and routed firewall modes, address translation, and traffic shunning
- Define security policies that identify and act on various types of traffic with the Modular Policy Framework
- Increase firewall availability with firewall failover operation
- Understand how firewall load balancing works
- Generate firewall activity logs and learn how to analyze the contents of the log
- Verify firewall operation and connectivity and observe data passing through a firewall
- Configure Security Services Modules, such as the Content Security Control (CSC) module and the Advanced Inspection Processor (AIP) module
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Networking: Security
Covers: Cisco ASA 8.0, PIX 6.3, and FWSM 3.2 version firewalls
$60.00 USA / $69.00 CAN
Books:
- Cisco Networking Academy Program Fundamentals of Wireless LANs Companion Guide
- CompTIA A+ Complete Fast Pass
- Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management (Core Series)
- CSS Pocket Reference (Pocket Reference (O'Reilly))
- Data Warehousing Fundamentals: A Comprehensive Guide for IT Professionals
- Digital Audio Essentials
- Digital Video Compression (with CD-ROM)
- Discrete Mathematics and Its Applications
- Dynamical Systems in Neuroscience: The Geometry of Excitability and Bursting (Computational Neuroscience)
- Eclipse (Twilight, Book 3)
Books Index
Books Home
Recommended Books
- Mariel Hemingway's Healthy Living from the Inside Out: Every Woman's Guide to Real Beauty, Renewed E
- History: Fiction or Science
- Aleks Users Guide
- Exit Wounds: A Novel of Suspense
- Designing Forms for Microsoft Office InfoPath and Forms Services 2007
- History: Fiction or Science
- History: Fiction or Science
- Financial Accounting: An Integrated Statements Approach
- Dynamic Modelling of Stochastic Demand for Manufacturing Employment
- Kaddish for a Child Not Born
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (Networking Technology)
Securing Your Business with Cisco ASA and PIX Firewalls (Networking Technology)
Cisco Field Manual: Catalyst Switch Configuration
Cisco Field Manual: Router Configuration
