Book Description
Use Cisco concentrators, routers, Cisco PIX and Cisco ASA security appliances, and remote access clients to build a complete VPN solution
- A complete resource for understanding VPN components and VPN design issues
- Learn how to employ state-of-the-art VPN connection types and implement complex VPN configurations on Cisco devices, including routers, Cisco PIX and Cisco ASA security appliances, concentrators, and remote access clients
- Discover troubleshooting tips and techniques from real-world scenarios based on the author’s vast field experience
- Filled with relevant configurations you can use immediately in your own network
With increased use of Internet connectivity and less reliance on private WAN networks, virtual private networks (VPNs) provide a much-needed secure method of transferring critical information. As Cisco Systems® integrates security and access features into routers, firewalls, clients, and concentrators, its solutions become ever more accessible to companies with networks of all sizes. The Complete Cisco VPN Configuration Guide contains detailed explanations of all Cisco® VPN products, describing how to set up IPsec and Secure Sockets Layer (SSL) connections on any type of Cisco device, including concentrators, clients, routers, or Cisco PIX® and Cisco ASA security appliances. With copious configuration examples and troubleshooting scenarios, it offers clear information on VPN implementation designs.
Part I, âVPNs,â introduces the topic of VPNs and discusses today’s main technologies, including IPsec. It also spends an entire chapter on SSL VPNs, the newest VPN technology and one that Cisco has placed particular emphasis on since 2003. Part II, âConcentrators,â provides detail on today’s concentrator products and covers site-to-site and remote-access connection types with attention on IPsec and WebVPN. Part III covers the Cisco VPN Client versions 3.x and 4.x along with the Cisco3002 Hardware Client. Cisco IOS® routers are the topic of Part IV, covering scalable VPNs with Dynamic Multipoint VPN, router certificate authorities, and router remote access solutions. Part V explains Cisco PIX and Cisco ASA security appliances and their roles in VPN connectivity, including remote access and site-to-site connections. In Part VI, a case study shows how a VPN solution is best implemented in the real world using a variety of Cisco VPN products in a sample network.
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Customer Reviews:
Bingo!.......2007-02-10
Well this book proved few things to me... Firstly VPN is not rocket science and secondly I havent seen any better book than this that Cisco press might have printed. IPSEC, GRE, SSL, L2TP, PPTP, WEBVPN were the term that used to give me nightmares. However this book was just perfect and 1 month of reading this book makes me very confident about the whole technology. I generally followed each chapter with real hands on and I wasnt bumped even once anywhere. I will seriously recommend this book to everyone, if VPN is what you want to learn, stop your search here! NOW!
Great if you like GUI applications, not if you use the CLI........2006-11-03
I was hoping that the book would spend more time on actual router configuration rather than use GUI-related products. It was difficult to divine the actual config while wading through page after page of screen-shots.
Excellent resource for security professionals.......2006-07-04
Richard Deal's book, The Complete Cisco VPN Configuration Guide, sets out to provide a comprehensive reference for networking professionals designing, deploying, and managing VPN solutions. This book covers the foundational information as well as step by step guides to configuring VPN solutions on Cisco VPN Concentrators, software and hardware clients, Cisco IOS routers, and Cisco PIX and ASA appliances.
The book is broken down into 6 parts: VPNs, Concentrators, Clients, IOS Routers, PIX Firewalls, and a Case Study. The VPN chapters provide the reader with an excellent foundation in VPNs. These chapters cover topics such as VPN types and topologies, technologies used to establish VPNs, as well as VPN implementations, such as IPsec, PPTP, L2TP, SSL. The next section focuses on the Cisco VPN Concentrators. Mr. Deal provides information on the Cisco 3000 series of VPN concentrators as well as the features of various software releases. The next few chapters focus on different deployment scenarios. These scenarios include remote access with IPsec, Remote access with PPTP, L2TP, and WebVPN (SSL), and site-to-site. The final chapters of the concentrator section cover management and troubleshooting. The next section covers software (Cisco and Microsoft) and hardware (Cisco) VPN clients. The fourth section focuses on Cisco IOS Routers. This section follows a similar layout to the concentrator section providing details about site-to-site and remote access VPN connections as well as a troubleshooting chapter at the end. It does highlight the differences in the configuration as well. As with the concentrators, Mr. Deal include specific product information. While helpful in dealing with existing equipment, it quickly will become obsolete as Cisco EOS/EOL equipment and software from these lists. It might have been more practical to provide URL references to Cisco's website. The fifth section covers VPN deployments with the Cisco PIX and ASA security appliances. Again, the layout is consistent with the IOS Router and Concentrator sections. The final section is a case study which brings together most of the concepts covered in the book.
This book is an excellent reference on VPNs. It should be in every networking professional's personal library who designs, deploys, and manages a VPN solution. The diagrams are clear and easy to follow. The troubleshooting chapters of each section provide excellent tools as well as common mistakes to help the networking professional deploy their solution successfully. The case study provides an invaluable example of a real world deployment. While the book is not advertised to be an exam preparation or certification guide, it could easily be used as a supplement towards those studies.
The Best Cisco VPN Configuration Book.......2006-02-25
Richard Deal's "The Complete Cisco VPN Configuration Guide" provides a complete step by step guide on how to configure VPN on Cisco Concentrators, software (including Windows VPN client) and hardware client, IOS routers, PIX and ASA security appliances.
The book also discusses what to look for to troubleshoot VPN connection, provides common real-life problems you will experience when setting up VPN and a case study at the end of the book to review all the concepts and configuration from previous chapters.
The book does an excellent job in informing when and why to select certain Cisco VPN products over others. It also provides up to date information on VPN configuration guide for PIX. Both PIX FOS 6.0 and 7.0 VPN configurations are discussed.
The book focuses about five chapters discussing concentrators. This is understandable as Cisco concentrators are more widely used for remote access than other Cisco VPN products. However, I would like to see the book to give equal weight to PIX and ASA appliances as more and more are adopting them as concentrators are gradually being phased out.
The book will be more complete if it mentions other VPN configuration features such as SDM for IOS routers, ASDM for PIX and ASA and VPN Router Management Center for Cisco Works. The author has omitted these due to space constraints since the book is already almost 1,000 pages.
In summary, this book will benefit any network administrators with intermediate to advance level of knowledge that need to use Cisco products for VPN implementation. This is the best "how-to" Cisco Press book for Cisco VPN and it fulfills its mission as a complete resource for understanding Cisco VPN implementation.
You might also want to check other Richard Deal's well written security book titled "Cisco Router Firewall Security".
A useful read for security professionals.......2006-01-30
A thorough and complete review of VPN technologies, as implemented in Cisco infrastructure, Deal's `The Complete Cisco VPN Configuration Guide', is arranged as a twenty three chapter step by step technology review and one chapter of bonus case studies.
The forty page Case study at the end of the book demonstrates the books material in a concise, simple and easy to follow way and its compactness will make it useful for an engineer who has general ideas about VPN , yet need to get a site running quickly. This chapter can be read without a full understanding of the remainder of the text, productively.
The rest of the text is arranged into five parts, viz., VPNs, Concentrators, Clients, IOS routers and PIX firewall. The first part being a good attempt at VPN technology review. The presentation of the technologies in the part, of five chapters is generic enough to appeal to a wide audience of security professionals. The arrangement of the subject into chapter one on VPN overview, Chapter two on fundamental VPN technologies, Chapter three on IPSec, four on PPTP and L2TP and five on SSL VPN , is one of the better classification and treatments of VPN technologies I have seen lately.
VPN concentrators are the core Cisco VPN infrastructure, and they get a fair treatment with ample configuration examples in the second part. Chapter 6, the first chapter in this section provides a broad treatment of the concentrator products available and the rest of section is devoted to concentrator configuration and troubleshooting.
I am almost tempted to question why the author decided to devote a whole section of three chapters of more than one fifty pages, to VPN client software, but my experience with users and administrators alike, who have demonstrated some clumsiness with various VPN client solutions, refrained me. This indeed is a clear and concise guide that administrators can use a basis for developing an in-house user manual. It covers the Cisco VPN client software, the Microsoft VPN dialer software, the Cisco 3200 hardware client, but misses out on some alternative solutions. There was no talk of SSH VPN clients, such as putty, in this section as there were none on non-traditional, but evolving VPN solutions including secure remote desktop solutions.
Cisco's integration of almost all its security technologies in IOS is demonstrated again in section four. This section discusses router capabilities and demonstrates them with some configuration examples. Another major Cisco Security technology, the PIX, which also serves as one the more popular Cisco VPN concentrator in deployment, is also given a fair treatment in this text.
In all, this is a good text for newbie's and intermediate network or infrastructure professionals. A useful read for security professionals, and maybe a valuable resource for Cisco security certification aspirants. But don't loose your Cisco documentation manual, or your Cisco Technology handbooks yet.
Customer Reviews:
Best Java Security Book for J2EE and Web Services........2007-09-23
This is a great book - by far the best security design book for Java and J2EE (including Java SE 6 and Java EE 5) I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but much more than that - I see it as a collection of valuable suggestions and examples on how to choose security mechanisms and use them in J2EE applications and web services. Moreover, it tells you what the bestpractices, pitfalls and tradeoffs are for each design pattern option you take. Particularly, You will find this book as an ideal companion for CORE J2EE PATTERNS - Deepak Alur et al, which is my favorite for designing J2EE applications.
This book is as close to size of a pillow and I do understand why the authors gave only code snippets for selected examples instead of full implementation. The case study is just right, it discusses the scenario and how to incorporate the patterns right in to the application design..which is just right for a Java developer who is involved with Java enterprise applications and web services. The best practices and security checklist detailed in this book - helps a lot during development and when you want to deploy a J2EE application/web service in production.
Having said that, I prefer this book as a must-have for any serious Java developer/designer/architect who wants to build Security from understanding basics of WHAT and know WHY you should architect your J2EE system in a particular way using best practices (a long list) and not just HOW. Ultimately you will find this book as an onestop reference for building security in J2EE applications and web services.
Java security made easy. Excellent title worth investing on........2007-09-18
If you ever want to understand about security and its role in the development of J2EE enterprise-level applications, then you should consider buying this book from your local bookstore.
The authors have done an excellent job in explaining the basics of security as it applies to the most common business practices, as well as deliver intricate details on the inner workings of the Java platform security architecture. Even though this book covers in its majority Java technologies, you don't have to be a Java developer or architect to appreciate it.
The book is divided in 7 major parts:
Part 1: Introduction and Basics of Security
Part 2: Java Security Architecture and Technologies
Part 3: Web Services Security and Identity Management
Part 4: Security Design Methodology, Patterns, and Reality Checks
Part 5: Design Strategies and Best Practices
Part 6: Putting it all together
Part 7: Personal Identification using Smart Cards and Biometrics
Parts 1-5 provide reams of detail about the fundamentals of security, the J2EE security architecture, and the technologies used to enable Web services security. In addition, there is a comprehensive explanation of patterns and practices for J2EE developers, as well as design strategies and best practices for securing J2EE Web components and web-based applications.
Web developers might want to pay special attention to Part 3 of the book because it gives an insight on fortifying Web services, authenticating and authorizing end users, and applying the latest cryptographic techniques. XML is described in detail as the encoding for messages between parties using a Web Service.
Note that this book does not explain the specific JAVA APIs needed for basic J2EE application development. Twenty-three proven security architectural patterns are discussed and presented through several realistic scenarios, covering architecture and implementation and presenting detailed sample code.
Part 6 of the book describes how to use this newly acquired knowledge in the implementation of real-world security scenarios.
Finally, we found the last part of this book as the most intriguing. It provides an in-depth coverage on Personal Identification using Smart Cards and Biometrics, their role in physical and logical access control, and the different technologies used in their implementation. Best practices and common pitfalls that might arise when implementing security using smart cards and biometrics are also discussed.
Overall we believe this is excellent book for the security enthusiast who wants to build robust end-to-end security into J2EE enterprise applications.
Excellenet book for Java Security architects.......2007-07-22
Like any Sun core book, this "reference" manual is cut above the rest. Personally I use it more as a reference manual helping me to understand and design security requirements for a project.
The reference book of the java security.......2007-07-19
A fantastic book that each java developer should have. Today, the security is becoming a real requirement of each java based enterprise application, and this book, in my opinion, represents the best reference. It is a very exhaustive and complete book for both beginner and advanced levels.
I don't think this is an awesome book.......2007-05-09
I am amazed by the 5 star ratings everybody has given this book! And I have implemented several enterprise level security implementations/integrations supporting hundres of thousands of users.
In my opinion, this book is really feeding the buzzwords frenzy of security domain. It certainly "talks the talk", but can it "walk the talk"?
I can think of numerous glaring examples where the book falls short. To name a few:
- Smart Cards (lots of power point and management level sales fluff here)
- JAAS (I have seen it being described much better in fewer words)
- SAML (huh?)
I think the book does a below average job of providing practical information. Even the content does not flow very smoothly and coherently.
Average customer rating:
- Great book to learn Cisco's implementation of IPSec - not just for CCIEs
- Lucid, clear, and useful
- To be added to your 'essentials' list of books
- A must read for Cisco Security Certifications
- Best ever book from Cisco
|
Network Security Principles and Practices (CCIE Professional Development)
Saadat Malik
Manufacturer: Cisco Press
ProductGroup: Book
Binding: Hardcover
 General
| Architecture
| Professional & Technical
| Subjects
| Books
Privacy
| Business & Culture
| Computers & Internet
| Subjects
| Books
Computer Design
| Microprocessors & System Design
| Hardware
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
Networks
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
CCIE
| Exams
| Certification Central
| Computers & Internet
| Subjects
| Books
Cisco
| Publisher
| Certification Central
| Computers & Internet
| Subjects
| Books
General
| Certification Central
| Computers & Internet
| Subjects
| Books
General
| Computers & Internet
| Subjects
| Books
General & Reference
| Technology
| Science
| Subjects
| Books
General
| Arts & Photography
| Subjects
| Books
General
| E-commerce
| Industries & Professions
| Business & Investing
| Subjects
| Books
Look Inside Business Books
| Trip
| Specialty Stores
| Books
Look Inside Computer Books
| Trip
| Specialty Stores
| Books
Look Inside Science Books
| Trip
| Specialty Stores
| Books
All Titles
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Arts & Photography
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Business & Investing
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Computers & Internet
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Professional
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Science
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Similar Items:
-
Network Security Architectures
-
CCIE Security Exam Certification Guide (CCIE Self-Study) (2nd Edition) (Exam Certification Guide)
-
CCIE Security Practice Labs (CCIE Self-Study) (Practical Studies)
-
Routing TCP/IP, Volume II (CCIE Professional Development)
-
Routing TCP/IP, Volume 1 (2nd Edition) (CCIE Professional Development)
ASIN: 1587050250 |
Book Description
Expert solutions for securing network infrastructures and VPNs
- Build security into the network by defining zones, implementing secure routing protocol designs, and building safe LAN switching environments
- Understand the inner workings of the Cisco PIX Firewall and analyze in-depth Cisco PIX Firewall and Cisco IOS Firewall features and concepts
- Understand what VPNs are and how they are implemented with protocols such as GRE, L2TP, and IPSec
- Gain a packet-level understanding of the IPSec suite of protocols, its associated encryption and hashing functions, and authentication techniques
- Learn how network attacks can be categorized and how the Cisco IDS is designed and can be set upto protect against them
- Control network access by learning how AAA fits into the Cisco security model and by implementing RADIUS and TACACS+ protocols
- Provision service provider security using ACLs, NBAR, and CAR to identify and control attacks
- Identify and resolve common implementation failures by evaluating real-world troubleshooting scenarios
As organizations increase their dependence on networks for core business processes and increase access to remote sites and mobile workers via virtual private networks (VPNs), network security becomes more and more critical. In today's networked era, information is an organization's most valuable resource. Lack of customer, partner, and employee access to e-commerce and data servers can impact both revenue and productivity. Even so, most networks do not have the proper degree of security. Network Security Principles and Practices provides an in-depth understanding of the policies, products, and expertise that brings organization to this extremely complex topic and boosts your confidence in the performance and integrity of your network systems and services. Written by a CCIE engineer who participated in the development of the CCIE Security exams, Network Security Principles and Practices is the first book that provides a comprehensive review of topics important to achieving CCIE Security certification.
Network Security Principles and Practices is a comprehensive guide to network security threats and the policies and tools developed specifically to combat those threats. Taking a practical, applied approach to building security into networks, the book shows you how to build secure network architectures from the ground up. Security aspects of routing protocols, Layer 2 threats, and switch security features are all analyzed. A comprehensive treatment of VPNs and IPSec is presented in extensive packet-by-packet detail. The book takes a behind-the-scenes look at how the Cisco PIX(r) Firewall actually works, presenting many difficult-to-understand and new Cisco PIX Firewall and Cisco IOS® Firewall concepts. The book launches into a discussion of intrusion detection systems (IDS) by analyzing and breaking down modern-day network attacks, describing how an IDS deals with those threats in general, and elaborating on the Cisco implementation of IDS. The book also discusses AAA, RADIUS, and TACACS+ and their usage with some of the newer security implementations such as VPNs and proxy authentication. A complete section devoted to service provider techniques for enhancing customer security and providing support in the event of an attack is also included. Finally, the book concludes with a section dedicated to discussing tried-and-tested troubleshooting tools and techniques that are not only invaluable to candidates working toward their CCIE Security lab exam but also to the security network administrator running the operations of a network on a daily basis.
Customer Reviews:
Great book to learn Cisco's implementation of IPSec - not just for CCIEs.......2006-02-03
CiscoPress's "Network Security Principles and Practices" by Malik is truly an awesome work. The book weighs in at over 750 pages, and not a page is wasted. The book is split up over multiple sections (Intro to Network Security, Building Security into the Network, Firewalls, VPNs, IDS, AAA and ISP Security). I have found this book of value as I pursue my CCIE Routing & Switchng lab and to better enhance my basic understanding of Cisco's vision towards network security. I also used this book to prepare for my CCSP and CISSP studies.
Practically on every page is either a diagram or detailed configuration explaining the subject at hand. In particular, the configuration examples are extremely helpful as the configs, themselves, are appended with detailed notes of their syntax. Chapter 13, IPSec, is probably the best one-chapter discussion on Cisco's implementation of IPSec and VPN I have found anywhere (and I have over 50 CiscoPress books). Another testament to it's superb level of expertise is the few and far between typos or errors that I have found.
One item to note - you will need to block off a few weeks (or months) to fully understand and appreciate the value of this book. I reference this book often, as I find information in this book I cannot find documented or presented the same way in other books.
I give this book 5 pings out of 5:
!!!!!
Lucid, clear, and useful.......2005-08-19
Very clear explanations of the core security technologies. The author doesn't shy away from the hard subjects, and makes them quite accessible. The IPSec chapter is the best explanation of the subject I have seen anywhere.
I used this book to pass the CCIE security written exam, and highly recommend it. It is also a very good reference for practicing consultants and network security architects.
To be added to your 'essentials' list of books.......2005-06-09
Very, VERY good. The IPSec chapter alone is worth the book, and the AAA chapters are _great_. Saadat has been able to explain in a great technical level and very clearly subjects which you're going to find in your day to day work - if working with Cisco and security. But not only that: chapters about IPSec, RADIUS, TACACS, are of value even if you do not use Cisco gear.
Missing from the book: a better chapter on NAT, PPTP. Saadat should write the 2nd edition adding those two topics, updating the IDS section, IPSec (including NAT-T), maybe add a little something about SSL VPNs, PIX 7.0 ? The section on ISP security could also benefit from a refresher (CoPP, uRPF?)
4.5 starts because it shows it age - otherwise, 5 stars for sure.
A must read for Cisco Security Certifications.......2005-04-26
This is one of the first books I read for anyone preparing for CCIE Security. I found this book to be very comprehensive in its approach. The author has combined all the network security technologies in one book and now this is tough. It starts with an Introduction and then builds on that. It covers the whole nine yards VPN's Firewalls, IDS, Access Control. The Troubleshooting part of the book is very helpul to working professionals as it starts with troubleshooting NAT and then covers everything from Firewalls (PIX and IOS), VPN's, IDS and AAA. A lot of issues can be resolved just using this part of the book. I recommend this book as it will surely help everyone looking for everthing about security. This book is a must read for professionals pursuing the CCSP and CCIE Security Certifications.
Niloufer Tamboly, CISSP
Best ever book from Cisco.......2004-09-18
Not only for exam preparation, this book is for every Cisco lover. Covers a lot of stuff, took me over 2 months to finish but I feel way more knowledgeable now.
Customer Reviews:
super.......2007-03-08
Thanks a lot, we are very happy to have this book in our library!
I learned a lot.......2006-11-15
This is a solid book and a detailed read. I was on the fence about giving it 4 or 5 stars; if I could I'd give it 4.5. While it didn't blow my socks off, I would suggest it to anybody interested in security monitoring in general. In terms of monitoring internal threats specifically it also has some useful information.
Excellent Book .......2006-07-20
Richard Bejtlich done great job again. Tao of Network security and this one are best companion. Well written. Extrusion topic is mostly companies preferred to spend budget or time and ignore. Although NSM methodologies are repeated but fun to read again. Traffic threat assessment, designing defensive network, and incident response are well written,
Excellent Book!.......2006-07-16
I have had the pleasure of reading Extrusion Detection: Security Monitoring for Internal Intrusions by Richard Bejtlich. Richard Bejtlich picks up where he last left off with his first book Tao of Network Security Monitor: Beyond Intrusion Detection. His new book deals with a subject that many businesses don't wish to think about, and what over 50% of attacks come from, Security breaches that come from the inside an organization. It is very unfortunate that this fact was not taken into consideration in Microsoft's XP SP2 firewall.
Richard starts with a short review of network definitions. One concept I really like is the Defensible Network which he states is not necessarily a secure network, "quite accurate".
Richard includes a listing networking monitoring tools with where you can go to obtain them; Full Content Data, Session Data, and Statistical.
This book includes good illustrations, explained pieces of code (more toward the second half of the book), and includes pictures of familiar hardware.
A new definition for me was "the sink hole", that redirects unknown traffic away from the customers.
This book is a good read and a very good book to keep in one's reference library. I will be obtaining Richard Bejtlich's Tao of Network Security Monitor: Beyond Intrusion Detection and I suspect this will be just as good.
nice usages of a sink hole.......2006-04-06
This book is a fine complement to Bejtlich's Tao of Network Security Monitoring. At first, one might think there would be considerable overlap between the two. After all, both concern crackers attacking a company's network that sits on the Internet. Yet the author takes pains to point out key differences. Tao was about an external attacker going at your servers, where these might be web or database [or other types of] servers.
The current text describes a qualitatively different game. Where a typical scenario might be one of your users, at her machine which is inside your network, surfing the Web. An attacker might try to target bugs in her browser, in order to install malware on her machine. This malware might then surveil that machine and others on the network, and hence ring home to the attacker's website. So extrusion detection involves at the very least defending your client machines, instead of your servers.
Bejtlich gives detailed examples of how to use various tools, typically open source, to monitor your internal traffic, looking for tell tale signs of extrusion.
Along the way, there is a nice description of two ways to use a sink hole. One is by an ISP, who is facing a Denial of Service attack against one of its customer's addresses. For this, a sink hole can be configured to divert those incoming packets, and protect the ISP's other customers. In a recent book, "Internet Denial of Service" by Mirkovic et al, various anti-DoS methods were cited, and this usage of a sink hole is an excellent example of another such method. While DoS is not an internal attack, it is still a very serious problem, and it is helpful to see a clear description of how to use a sink hole against it.
The other method of using a sink hole involves configuring it to attract traffic from internal machines that have been subverted. Here, this is entirely in keeping with the book's remit.
Average customer rating:
- Cisco Security for Network Architecture
- Network Security Architectures Review Must Have
- Recommended for professional infosec architects
- Network Security Design Must Have
|
Network Security Architectures
Sean Convery
Manufacturer: Cisco Press
ProductGroup: Book
Binding: Hardcover
Privacy
| Business & Culture
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
Networks
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
Cisco
| Publisher
| Certification Central
| Computers & Internet
| Subjects
| Books
General
| Certification Central
| Computers & Internet
| Subjects
| Books
General
| Computers & Internet
| Subjects
| Books
Design & Architecture
| Hardware
| Computers & Internet
| Subjects
| Books
General
| E-commerce
| Industries & Professions
| Business & Investing
| Subjects
| Books
Look Inside Business Books
| Trip
| Specialty Stores
| Books
Look Inside Computer Books
| Trip
| Specialty Stores
| Books
All Titles
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Business & Investing
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Computers & Internet
| Qualifying Textbooks - Fall 2007
| Stores
| Books
Similar Items:
-
Network Security Fundamentals
-
Inside Network Perimeter Security (2nd Edition) (Inside)
-
Network Security Principles and Practices (CCIE Professional Development)
-
Designing Network Security, Second Edition
-
Network Intrusion Detection (3rd Edition)
ASIN: 158705115X |
Amazon.com
Network security is finally getting the attention it's long deserved, with organizations devoting time and money to the problem and more than a few independent consultants peddling their services in the area. Network security, though, is hard to do right, largely because it's not concerned with making the network do something (like connect the head office to the factory), but with making it not do something (allow access to an ill-defined community of malefactors). Network Security Architectures explains the generally accepted design practices that make networks as resistant as possible to damage and invasion.
Relatively little of this book is concerned with software configuration details, and it's generally not a paean to Cisco Systems products. Rather, this is a design guide, advising that it's usually best to put the proxy server inside the firewall and often a good idea to put IP phones on a private (RFC 1918) address range. Sean Convery--he wrote one of Cisco's standard security white papers--diligently explains why his advice is as it is, and how anticipated evolutions in technology might change design decisions. He makes clear that network security is an evolving discipline, but in this book documents the state of the art very well. Read this, then keep up with the latest on the Web sites, and you'll be in great shape to keep your networks safe. --David Wall
Topics covered: How to design data networks (including those that carry voice over IP) to be as inherently secure as possible. Threat assessment, device hardening, safe routing, VPNs, and the specific risks and requirements of applications (such as email) are covered. Detailed designs appear for common situations, such as securing telecommuter connections and tightening security on a corporate campus.
Book Description
Expert guidance on designing secure networks
- Understand security best practices and how to take advantage of the networking gear you already have
- Review designs for campus, edge, and teleworker networks of varying sizes
- Learn design considerations for device hardening, Layer 2 and Layer 3 security issues, denial of service, IPsec VPNs, and network identity
- Understand security design considerations for common applications such as DNS, mail, and web
- Identify the key security roles and placement issues for network security elements such as firewalls, intrusion detection systems, VPN gateways, content filtering, as well as for traditional network infrastructure devices such as routers and switches
- Learn 10 critical steps to designing a security system for your network
- Examine secure network management designs that allow your management communications to be secure while still maintaining maximum utility
- Try your hand at security design with three included case studies
- Benefit from the experience of the principal architect of the original Cisco Systems SAFE Security Blueprint
Written by the principal architect of the original Cisco Systems SAFE Security Blueprint,
Network Security Architectures is your comprehensive how-to guide to designing and implementing a secure network. Whether your background is security or networking, you can use this book to learn how to bridge the gap between a highly available, efficient network and one that strives to maximize security. The included secure network design techniques focus on making network and security technologies work together as a unified system rather than as isolated systems deployed in an ad-hoc way.
Beginning where other security books leave off,
Network Security Architectures shows you how the various technologies that make up a security system can be used together to improve your network's security. The technologies and best practices you'll find within are not restricted to a single vendor but broadly apply to virtually any network system. This book discusses the whys and hows of security, from threats and counter measures to how to set up your security policy to mesh with your network architecture. After learning detailed security best practices covering everything from Layer 2 security to e-commerce design, you'll see how to apply the best practices to your network and learn to design your own security system to incorporate the requirements of your security policy. You'll review detailed designs that deal with today's threats through applying defense-in-depth techniques and work through case studies to find out how to modify the designs to address the unique considerations found in your network.
Whether you are a network or security engineer,
Network Security Architectures will become your primary reference for designing and building a secure network.
This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Customer Reviews:
Cisco Security for Network Architecture.......2004-12-03
Welcome to the twenty-first century in the world of computers and networking. With more issues occurring that have negative affects on the environment that information technologists work in, the knowledge of information security is slowly becoming critical. Sean Convery presents a detailed guide into the world of designing a secure network environment. Within "Network Security Architecture", Sean delves into the whys, the hows, and most importantly the cause and effect. As you examine the table of contents alone, it becomes clear that he has spent a great deal of time researching and detailing numerous different components of a network environment that have to be examined and considered for proper network security.
A close look at the book's table of contents will point out different areas that any Network Engineering individual from the Junior Administrator to the Senior Architect needs to be knowledgeable in. Sean examines policy, threats and the technologies available, he details how to harden devices and describes items that need to be considered in designing either new networks or enhancing existing ones. For these reasons alone this book is necessary for anyone that manages any portion of a computer network. This book offers far more than an education of network security. It is clearly designed not only to educate individuals, but provide a single reference for all network security areas as well.
Like many Cisco Press books, "Network Security Architectures" chapters are divided into three sections --: an introduction, the body, and finally a summary. It is these summary sections that help the most. In For example, in Chapter 6 on pages 262 thru 264, the concept of Design Consideration is summarized with charts. Where individual summaries appear light or limited, the book enhances the information covered in a section called "Applied Knowledge". This section helps individuals quickly implement what is covered in extreme detail in the chapter. Don't just look at the summary and applied knowledge sections, because this would not do all the hard work Sean placed in the book justice. For instance, in Chapter 5 on Hardening Devices, Sean provides clear examples on how to configure devices for security and hardening. This topic alone has not similarly covered since O'Reilly's book on "Hardening Cisco Routers" and that one did not go to the level of how to configure the devices fully.
As anyone that is familiar with Cisco Technology and Cisco Systems knows, they routinely publish various "SAFE" documents on topics. This book takes input from those documents, combining them with other both real world examples and theory to provide a greater combined presentation. Like any Cisco documentation this book can either be read in its entirety from cover to cover or only the sections that are needed now. But as you read the book you will realize that while "SAFE" documents focus on key issues, this book details not only the issues and the possible alternatives, but provides reasoning for implementing the recommendations in clear English. Convery's book is both an excellent resource and a great guide. Its ability to present both the Cisco and the real world philosophy on network architecture is critical for all that work in this arena.
As I mentioned previously Convery, uses the Cisco "SAFE" documents as guide points, but those are only detailed references. His book takes them to the next logical level and as such I could spend hours and pages detailing all the other reasons someone should acquiring a copy of this book, but the key reason I believe is that it is a clear consolidated source to design, implement and support a secure and highly available network. But the simple fact is in this day and age with more and more Viruses, Worms, Trojan horses, Network Probe attacks and numerous other problems in the growing Internet can anyone not afford to plan a "SMART" and "SAFE" network architecture? That is the real question that should drive someone to consider this book for there library and refer to it on a regular basis. I know I have already.
I highly recommend this excellent reference book for networking and security practitioners in any size environment. The investment will save time and money, even if only a few of the recommendations are implemented. You will find yourself referring to it frequently.
Network Security Architectures Review Must Have.......2004-08-03
Overall I give this book two thumbs up. Here are a few things I got out of this book:
Under the section titled "security policies and operations lifecycle", I found the introduction very helpful. I like the way the topics are broken down into business needs, risk analysis, security policy development, followed by the operations lifecycle that included information on system monitoring maintenance, compliance checking, and incident response.
Under the section titled "what is a security policy", I also found this section helpful and the simple statements describing a security policy as a formal statement of rules where people are given access to an organizations technology information assets, was very concise and understandable.
Under the section titled "security policy enforcement considerations", I found it interesting that this was broken into several different sections of real-time technology enforcement, passive technology assisted compliance checking, non-technical compliance checking, and contractual compliance checking. This little section made policy enforcement crystal clear while providing a practical outline for policy enforcement.
Another helpful feature of this book was on page 45 where an outline of best practice steps are given. These four steps to building a best practice for security provided a decent roadmap for developing a practical security policy.
Under the section "secure networking threats", the descriptions provided for the attack process and attacker types was very enlightening. I also found it interesting to read about the Script Kittie, Crackers, and Elite network attackers.
The section also described vulnerability types as software, hardware, configuration, policy, and usage, which I also found to be a great outline and organized structure for understanding where these vulnerabilities lie.
Also in this section of "secure networking threats" on the summary page on 115 I found the attack summary table with scoring to be a very ingenious tool. This table breaks down the following attack elements and rates them according to detection difficulty, ease-of-use, frequency, impact and, overall rating. The following attack elements were included in this table: Buffer overflow, Identity spoofing, war dialling/driving, virus/word/Trojan horse, direct access, remote control software, probe scan, rootkit, Sniffer, application floating, udp spoofing, rouge devices, Web applications, data scavenging, man in the middle, distributed denial of service, TCP spoofing, Arp redirection spoofing, TCP Syn flood, IP spoofing, IP redirection, Smurf, transport redirection, MAC Flooding, Mac spoofing, network manipulation, and STP redirection. All in all I felt this was a very comprehensive list.
In the section titled "general design considerations", this section provided a fantastic overview of how to control physical access to facilities and the different methods for doing so including lock and key access, key card access, and key card access with TurnStyle. The layer 2 security considerations section covered a great bit of detail concerning general Protocol considerations as well as the Cisco specific protocol considerations.
In the chapter "Identity design considerations" the descriptions were also very helpful and understandable. This section outlined the basic foundation Identity concepts describing the differences between device and user Identity. On page 324 a great outline of the chain of events for Identity and authentication, authorization, and accounting is outlined. This step-by-step explanation was very helpful in understanding this process.
In chapter 14 the "campus security design" section, a very good explanation of what campus networks are made up of was given on page 536. This portion of the book also describes the campus trust model and expected threats. The threat mitigation and Identity considerations were also outlined in a very simple to follow way.
On page 541 the network design considerations for the campus are very well outlined with layer 2 considerations including explanations of stateful versus stateless ACL's and L3 versus L4 Filtering.
Overall this book is exceptional in the way it describes complex information and breaks down this information into simple to understand concepts. The applied knowledge questions at the end of each chapter were also very helpful along with the appendix B where the answers to these questions can be found.
This book is an outstanding education tool as well as a reference bible for network security.
Recommended for professional infosec architects.......2004-06-26
This comprehensive textbook is ideal for information security architects tasked with designing secure networks, both as a teaching text and as a reference. It covers:
- Good practice network security design guidelines ('axioms')
- Purpose and definition of network security policies
- Good advice on designing the network security system (i.e. the overarching network security architecture into which individual network devices must fit) from the ground up (i.e. physical security to application security, OSI layers 1 to 7)
- Specific technical advice on configuring network devices for
security ('hardening')
- Technical descriptions of the vulnerabilities in network services, accompanied by advice on how to secure them
- Typical design considerations for network perimeter ('edge') security, internal network ('campus') security and remote access (teleworker) security
- Secure network management and network security management (compared and contrasted in 40 pages)
I appreciate the author's emphasis on architectural security design but he also succeeds in giving a reasonably comprehensive introduction to more specific elements of network security. This is not a hand-waving helicopter-overview of the topic but a far more substantial tome. At the same time, the clear writing style, simple diagrams and nuggets of practical advice make it an enjoyable read.
The book is liberally sprinkled with URLs to useful additional resources and the author maintains a website with up-to-date links and a sample chapter (www.seanconvery.com).
Each chapter concludes with exam-style review questions (with answers) and further questions intended to stimulate the reader to think about the material in their local organizational context. The topic almost inevitably involves loads of acronyms so thankfully a succinct glossary is included.
Three network security design examples (mini case studies) towards the end of the book demonstrate the techniques previously described. These are good for getting readers to practice thinking like a real network security architect.
Despite being published by Cisco Press, the book is not specifically about Cisco products. However, the examples and several of the security features are Cisco-specific. Given the market presence of Cisco, this is not a serious drawback but a little more balance would have added credibility (e.g. security vulnerabilities in LEAP, Cisco's wireless LAN authentication protocol, are not described but merely hinted-at).
All in all, this book has already proved its worth to me. I read it cover-to-cover in a couple of days and have already started using it as a reference. Recommended reading for those with a professional interest in information security architecture.
Network Security Design Must Have.......2004-06-02
I have read many books in the Cisco Press and this one is up there with the best in terms of practical use, technical depth and ease of reading. The author does a great job of laying out the book in a logical manner that is sure to help Security Architects take on the daunting task of network security design with a higher level of confidence. As a systems engineer responsible for large network designs, I have found this book to provide very good information for many scenarios, a multitude of good links to provide additional resources for discussed topics as well as out of scope topics, and also a good supplement for the backround knowledge required for the CCIE Security exam, for which I am currently preparing for. I consider this one as much a must have as Doyle for IP Routing or Clarke for LAN Switching.
Raymond Santini CCIE# 12315
Average customer rating:
- Excellent reference
- Fantastic!!!!!!!!!!! Review Guide - Mike Myers & Shon Harris !!!!!!!!
- Great supplement to CISSP readings
- Excellant prep resource for the CISSP
- Good book to create a knowledge foundation
|
Mike Meyers' CISSP(R) Certification Passport
Shon Harris
Manufacturer: McGraw-Hill Osborne Media
ProductGroup: Book
Binding: Paperback
Osborne-McGraw-Hill
| Publisher
| Certification Central
| Computers & Internet
| Subjects
| Books
General
| Certification Central
| Computers & Internet
| Subjects
| Books
CISSP
| Exams
| Certification Central
| Computers & Internet
| Subjects
| Books
Network Security
| Networking
| Computers & Internet
| Subjects
| Books
Networks
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
General
| Networks, Protocols & APIs
| Networking
| Computers & Internet
| Subjects
| Books
Information Systems
| Software Engineering
| Computer Science
| Computers & Internet
| Subjects
| Books
General
| Computers & Internet
| Subjects
| Books
General
| Software
| Computers & Internet
| Subjects
| Books
Professional
| Test Guides - Graduate & Professional
| Education
| Reference
| Subjects
| Books
Management Tools
| Architectural Engineering
| McGraw-Hill Engineering Store
| McGraw-Hill
| By Publisher
| Books
Look Inside Computer Books
| Trip
| Specialty Stores
| Books
Look Inside Reference Books
| Trip
| Specialty Stores
| Books
jp-unknown1
| Specialty Stores
| Books
All Amazon Upgrade
| Amazon Upgrade
| Stores
| Books
Computers & Internet
| Amazon Upgrade
| Stores
| Books
Reference
| Amazon Upgrade
| Stores
| Books
Similar Items:
-
CISSP All-in-One Exam Guide, Third Edition (All-in-One)
-
CISSP For Dummies (For Dummies (Computer/Tech))
-
Official (ISC)2 Guide to the CISSP Exam
-
The CISSP Prep Guide: Gold Edition
-
Official (ISC)2 Guide to the CISSP CBK ((Isc)2 Press Series)
ASIN: 0072225785 |
Book Description
Mike Meyers, the industry expert on professional certification, and Shon Harris, author of the leading CISSP Certification Exam Guide, bring you this concise, affordable, and portable study tool for the CISSP certification exam. With an intensive focus on only what you need to know to pass this challenging exam plus access to an online practice test with 100 questions and explanations at www.examweb.com, this up to date CISSP Passport is your ticket to success on exam day. Topics covered include: Security Management Practices; Access Control; Security Models and Architecture; Physical Security; Telecommunications and Networking Security; Cryptography; Disaster Recovery and Business Continuity; Law, Investigation, and Ethics; Applications and Systems Development; Operations Security. The book also includes an appendix that provides information security career advice. This book offers the best, most concise review of the CISSP topics available.
Customer Reviews:
Excellent reference.......2007-05-13
Very easy to read, very informative. Overall, a very good book.
Thanks,
Robert
Fantastic!!!!!!!!!!! Review Guide - Mike Myers & Shon Harris !!!!!!!!.......2007-04-25
FANTASTIC MONTH BEFORE THE EXAM :
Mike Meyers' CISSP(R) Certification Passport
by Shon Harris
Read and comprehended all materials.
1. CISSP All-in-One Exam Guide, Third Edition (All-in-One)+ 800 Practice questions included.
2. The CISSP Prep Guide: by Ronald L. Krutz and Russell Dean Vines,
pluss 450 practice questions from BOSON.
3. Mike Meyers' CISSP(R) Certification Passport. 200 pages of solid core material, can carry around anywhere but contains a lot of tips to ace the exam.
4. Great site for free CISSP materilas and practice exam
[...].
Here's an eye-opener of a requirement!
In today's environment of emerging security threats, the U.S. Department of Defense has
recognized the critical need for highly-qualified, experienced information assurance
personnel.
To ensure a knowledgeable and skilled workforce the DoD has taken the necessary steps to
develop a directive that involves the credentialing and continuing education of all DoD
employees with privileged access to DoD information systems.
Specifically, the U.S. Department of Defense Directive 8570.1, signed in August of 2004,
requires every full- and part-time military service member, defense contractor, civilian and
foreign employee with privileged access to a DoD system, regardless of job series or
occupational specialty, to obtain a commercial certification credential that has been
accredited by the American National Standards Institute (ANSI).
The draft manual, 8570.1M, specifies that the Department of Defense requires approximately
110,000 identified Information Assurance professionals to be certified within a five year time
period. The Defense Information Assurance Program office has divided its Information
Assurance workforce into six defined categories (see chart below). The manual also specifies
the types of commercial information assurance credentials that qualify for each of the defined
Great supplement to CISSP readings.......2007-03-09
I am using this book in addition to Shon Harris' CISSP book, and the ISC2 CISSP manual. This book works well for me as a high-level reference book and as an easy-to-carry/easy-to-read reference book when traveling. A must have book for those studying for their CISSP, but not the only book you'll need for certification. Amazon also had the best price and FAST delivery. I wouldn't purchase my books anywhere else.
Excellant prep resource for the CISSP .......2007-03-05
This book takes the original Shon Harris book, and explaines the 10 domains from a higher point of view. I would fully recommend reading this book, along with reading the Risk Management and Access Control section of the Shon Harris book.
The test questions are pretty simple, thus I do not recommend relying soley on them. [...] The test questions [...] are all written by CISSP's and closely resenble the questions that will be on the exam.
Good book to create a knowledge foundation.......2007-01-24
This book is older and I think it is a little outdated for current CISSP exam. That being said if you don't use this book as your sole source of CISSP studying , it is a great book. I found this book very informative for the very basics of the of security. Mike Meyers' Certification Passport CISSP is a great starting point to build your knowledge foundation. I would recommend The CISSP Prep Guide: Gold Edition.
Book Description
Called "the leader in the Snort IDS book arms race" by Richard Bejtlich, top Amazon reviewer, this brand-new edition of the best-selling Snort book covers all the latest features of a major upgrade to the product and includes a bonus DVD with Snort 2.1 and other utilities.
Written by the same lead engineers of the Snort Development team, this will be the first book available on the major upgrade from Snort 2 to Snort 2.1 (in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0). Readers will be given invaluable insight into the code base of Snort, and in depth tutorials of complex installation, configuration, and troubleshooting scenarios. Snort has three primary uses: as a straight packet sniffer, a packet logger, or as a full-blown network intrusion detection system. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes. Snort uses a flexible rules language to describe traffic that it should collect or pass, a detection engine that utilizes a modular plug-in architecture, and a real-time alerting capability. A CD containing the latest version of Snort as well as other up-to-date Open Source security utilities will accompany the book.
Snort is a powerful Network Intrusion Detection System that can provide enterprise wide sensors to protect your computer assets from both internal and external attack.
* Completly updated and comprehensive coverage of snort 2.1
* Includes free CD with all the latest popular plug-ins
* Provides step-by-step instruction for installing, configuring and troubleshooting
Download Description
Written by the same lead engineers of the Snort Development team, this will be the first book available on the major upgrade from Snort 2 to Snort 2.1 (in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0).
Customer Reviews:
Snort 2.1.......2006-02-23
The information in this book was invalueable but sometimes it was hard to follow because it was poorly written
Good introductionto Snort.......2005-11-28
Snort 2.1 Intrusion Detection (2nd Edition) is useful as a general introduction to intrusion detection and Snort. If you already have a good understanding of IDS technology you may find the IDS discussion to be a bit general in nature. For someone who only wants to review the basic IDS principals quickly and without a great deal of extra detail the IDS coverage in this book is sufficient. Much of the information on Snort felt like a retelling of Snort Users Manual from the Snort web site. Part of this feeling may be due to the fact that members of the Snort development team who undoubtedly had a hand in the user's manual wrote this book. This book does go into more detail on some subjects than the Snort Users Manual. There is a good step by step set of instructions for installing Snort and associated software on either a Windows or a Linux system. Overall this book seems to be a pretty good overview of Snort for someone looking to use only one resource, but I do not see anything that is not also available in other documentation available.
Snort is moving fast.......2005-03-08
At the time of this review, the latest version of Snort is 2.3. However, the newest books(about two out there) on Snort, including this one, only covers up to version 2.1. And according to the Product Description, "in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0". This pretty much means that this book is already out-dated, and it's printed in 2004, less than a year ago. This reminds me of when Linux was starting to get popular. Red Hat Linux went from version 6.2 to version 9.0 in just two years. Not to mention there are tons of books supposely dedicated to all those versions of Linux in the short two year period. Linux saved businesses a lot of money, and provided stability that MS Windows counterpart didn't. Snort will eventually replace or be at the same level as the current commercial Intrusion Detection Systems(IDS).
I think this time the publishers are smarter, and recognized the pattern from their Linux frenzy publishing experience, lol. The old Linux books litter the thousands of bookstore shelves with nobody buying, lol. That's why at the moment there are very few books on Snort.
Jay gets the job done.......2005-02-28
this is a great book on snort!!!!
Very, very valuable
A thorough and "user-friendly" introduction .......2004-08-07
Now in an updated and expanded second edition Snort 2.1 Intrusion Detection offers completely up-to-date information and instruction ranging from the basics of installation, preprocessor configuraton, and optimization of the Snort software system. Enhanced with an accompanying CD-ROM, Snort 2.1 Intrusion Detection combines explict instructions for applying the software along with a wealth of sample code, tips, tricks, and techniques, and the option to participate in the Snort mailing list. A thorough and "user-friendly" introduction to a software option tailored especially guarding privacy and integrity in the digital age
Book Description
This book contains simple and advanced scripting using both ESX and Linux commands to provide awesome virtual tools to automate administrative tasks of ESX Server.
This book will cover the native tools that VMware provides with ESX Server. It will then discuss in detail the different scripting APIs and how they can be leveraged to provide some very useful, practical and time saving tools to manage a virtual infrastructure. From virtual server provisioning to backups and everything in between, this book is a one stop shop for virtual tools.
* An essential guide to virtualisation using both Linux and ESX commands
* The companion Web site for book provides dozens for working scripts and tools presented in the book
* Maximise VMware's powerful scripting language to automate time consuming administrative tasks
Customer Reviews:
Great reference for developers and admins alike.......2007-05-13
While this book is not full of product information for administrators, it serves the purpose that it was intended for...showing you how to programmatically automate ESX and VirtualCenter tasks.
The book limits the use of shell scripts and command-line tools, opting more for object-oriented programming languages. A thorough walk-through of code for both ESX 2.5.x/VC 1.x as well as ESX 3.x/VC 2.x is included in the book, with samples in VB, C#, Perl, and Java. I particularly liked the explanation of the SDK web service architecture and the idiosyncrasies of consuming the web service with typical SOAP clients.
If you're thinking about creating custom software to interact with VMware products or you simply want to write custom scripts to ease administration, this is a great reference book for you!
was the time to short?.......2006-12-14
like nearly every VMware administrator or consultant I couldn't wait for the release of this book. After a delay to the first announcement of about 7 months I hoped to get a book including all news about VI3 too.
But the whole book seems to be a patchwork, mixing ESX2/VC1 and VI3 mostly without a comment at what version the reader is. It's quite obvious that some of authors have written their chapters at ESX 2 times without updating to ESX 3 like chapter 7 (backup).
Some of the chapters are really useless like the first kickstart chapter, which doesn't contain any news beside the manual, even rather the screenshots are from an old beta version I think and it's not mentioned that you must change a xml file to make the kickstart generator available.
Not one new esxcfg- commands of ESX3 is even mentioned!!! You are searching without success for the backup scripts like vcbmounter.
Most scripting example or tips can be found for several month or even years (like APC Powerchute installation) within the VMware forum.
Many people begin to use python or java for scripting VI3 - yes, you don't even find the letter j in the index!
The only fact I'm giving two stars instead of one are the scripting chapters for VB .net and the downloadable scripts from the syngress website if you own that book.
Amazon.com
An expert tour of security on the new Java 2 platform, Inside Java 2 Security will find an enthusiastic audience among advanced Java developers and system administrators. As the author notes during the general discussion on network security, safeguarding your system goes far beyond mere cryptography.
This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java.
Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the "big picture" as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2.
A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan
Book Description
"The book is of enormous consequence and potential value. The Java(TM) 2 Platform Security represents an advance of major proportions, and the information in this book is captured nowhere else." --Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab, author of Computer-Related Risks, and Moderator of the Risks Forum
"Profound! There are a large number of security pearls. I enjoyed and was very impressed by both the depth and breadth of the book." --Stephen Northcutt, Director of Research for Intrusion Detection and Response, SANS Institute
Inside the Java(TM) 2 Platform Security is the definitive and comprehensive guide to the Java security platform. Written by the Chief Java Security Architect at Sun, it provides a detailed look into the central workings of the Java(TM) security architecture and describes security tools and techniques for successful implementation.
This book features detailed descriptions of the many enhancements incorporated within the security architecture that underlies the Java 2 platform. It also provides a practical guide to the deployment of Java security, and shows how to customize, extend, and refine the core security architecture. For those new to the topic, the book includes an overview of computer and network security concepts and an explanation of the basic Java security model.
You will find detailed discussions on such specific topics as:
* The original Java sandbox security model * The new Java 2 Platform permission hierarchy * How Java security supports the secure loading of classes * Java 2 access control mechanisms * Policy configuration * Digital certificates * Security tools, including Key Store and Jar Signer * Secure Java programming techniques * Ways to customize the Java security architecture with new permission types * How to move legacy security code onto the Java(TM) 2 Platform
In addition, the book discusses techniques for preserving object security-such as signing, sealing, and guarding objects-and outlines the Java cryptography architecture. Throughout, the book points out common mistakes and contains numerous code examples demonstrating the usage of classes and methods.
With this complete and authoritative guide, you will gain a deeper understanding into how and why the Java security technology functions as it does, and will be better able to utilize its sophisticated security capabilities in the development of your applications.
Customer Reviews:
Good book - Needs a complete revision from J2SE 1.4.2 .......2006-03-22
This book is certainly gives good introduction to the fundamentals of Java security. For those new to Java security, there is also brief intro to security of the Java language and platform. The coverage on Java Security APIs are bit narrow and needs lot of update on JCE, JAAS, JSSE etc.
Frankly speaking this book is a bit obsolete and now it's for the authors to come out with a new edition including Java 5 and Java 6 !
Go and buy this book.......2003-10-06
If you are new to Java, then you shouldn't buy this book.
If you are new to security, then you shouldn't buy this book.
If you prefer loads of examples instead of dense and precise explanations, then you shouldn't buy this book.
If you are looking for a pictorial guide on Java security, then you would probably have to go somewhere else as well.
However...
If you know your Java basics,
If you like completeness,
If you like preciseness,
If you want to know why the APIs look the way they do,
If you take nothing for granted,
If you want an update on latest changes,
If you like things to be drawn in a historical perspective,
If you want a book that you can pick up and read a chapter without having to go through it in a linear way,
If you are serious about security,
In that case you should now pick up your coat, and run to the nearest bookstore to buy this book.
The only thing I found odd in this book is the introduction into security, covering a discussion in general, and an overview of different types of security and access control models. The weird thing is that it introduces a lot of concepts, without actually refering to any of them in the chapters later on.
Required Reading for Java Security.......2003-08-04
The second edition is the most up-to-date Java security book for j2se v 1.4.x. A must-required reading for Java security platform written by Sun's Java security team. It describes the nuts and bolts in a readable language. Highly recommended.
Guardrails for JDK 1.2.......2003-07-29
If you are a Java developer, please read this book. It is complete in terms of the security hooks and accurate. It is a great book, deserving of five stars.
Not an easy read, but well worth the effort.......2002-01-04
I'm not surprised this book has drawn so many negative reviews. This book is indeed difficult to digest but then the Java Security model itself is rich, subtle and takes time to master. The book does an admirable job of explaining the motivation behind the complete overhaul of the Java 1.1 security architecture, the Java 2 security API design nuances, the flexibility of the fine-grained access-control model in Java 2 and how the backward compatibility concerns with code written with 1.1 style security checks were addressed in the new design. The book also has an intersting chapter addressing security needs of objects in transit (RMI) and a short chapter on cryptography, which anyway is a vast subject in its own right. The key chapters to read are the 3,4 and 5, especially for people who have some background in Java 2 security.
On the negative side, I have to say, the book is inconsistent in parts - I have trouble believing that Li Gong wrote the entire book himself. It's amazing to see chapters discussing at length how you install Java 2, change your CLASSPATH on different platforms etc. while in the same book elsewhere, you see terse, packed explanations about how the classloader hierarchy works in 1.2 or how the basic access control algorithm is extended for privileged operations and some very concise but useful discussions about possible design alternatives in the core library itself. The code samples are very insightful in that they illustrate the workings of some of the core library classes itself with the new security infrastrucure and not some toy samples. However, this also makes the book an unlikely candidate for gleaning ready to use code samples from, which means, if you are looking for how to's and not whys this is probably not the book for you, you might want to consider the Oreilly book.
For people well experienced in Java and OO design, if you want to learn insights about why the security apis are designed the way they are, you might well consider giving this book multiple reads. It's well worth the effort.
In short, this is a difficult but good book. Hopefully, in subsequent editions Li Gong would work on making it better, and also include more details on interesting new additions like JAAS etc.
Book Description
Cisco Network Admission Control
Volume I: NAC Framework Architecture and Design
A guide to endpoint compliance enforcement
Today, a variety of security challenges affect all businesses regardless of size and location. Companies face ongoing challenges with the fight against malware such as worms, viruses, and spyware. Today’s mobile workforce attach numerous devices to the corporate network that are harder to control from a security policy perspective. These host devices are often lacking antivirus updates and operating system patches, thus exposing the entire network to infection. As a result, worms and viruses continue to disrupt business, causing downtime and continual patching. Noncompliant servers and desktops are far too common and are difficult to detect and contain. Locating and isolating infected computers is time consuming and resource intensive.
Network Admission Control (NAC) uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats. NAC allows network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of and even remediate noncompliant devices.
Cisco Network Admission Control, Volume I, describes the NAC architecture and provides an in-depth technical description for each of the solution components. This book also provides design guidelines for enforcing network admission policies and describes how to handle NAC agentless hosts. As a technical primer, this book introduces you to the NAC Framework solution components and addresses the architecture behind NAC and the protocols that it follows so you can gain a complete understanding of its operation. Sample worksheets help you gather and organize requirements for designing a NAC solution.
Denise Helfrich is a technical program sales engineer that develops and supports global online labs for the World Wide Sales Force Development at Cisco®.
Lou Ronnau, CCIE® No. 1536, is a technical leader in the Applied Intelligence group of the Customer Assurance Security Practice at Cisco.
Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.
Paul Forbes is a technical marketing engineer in the Office of the CTO, within the Security Technology Group at Cisco.
- Understand how the various NAC components work together to defend your network
- Learn how NAC operates and identifies the types of information the NAC solution uses to make its admission decisions
- Examine how Cisco Trust Agent and NAC-enabled applications interoperate
- Evaluate the process by which a policy server determines and enforces a policy
- Understand how NAC works when implemented using NAC-L2-802.1X, NAC-L3-IP, and NAC-L2-IP
- Prepare, plan, design, implement, operate, and optimize a network admission control solution
This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.
Category: Cisco Press–Security
Covers: Network Admission Control
1587052415120506
Customer Reviews:
this book provides a comprehensive view of the Cisco NAC scheme.......2007-05-12
This book provides quite a good overview of the NAC technology as well as covers areas like market and deployment models. For someone new to NAC, this book will be a good introduction to the NAC technology and the various terminologies used. NAC, being still an evolving technology, this book addresses only one view of the NAC, and reader may refer to else where to get a more complete picture of the NAC. Also, this book covers the protocols and components used only at a high level, and specific details are missing in the description.
The Biggest Problems Come from Within.......2007-01-11
It is generally believed that the biggest problems in network security come from the outside, but only sometimes is this true. The biggest loses tend to come from the inside. The people inside your company or organization know more about what there is to steal, how to create the most damage, and furthermore may feel that they have a direct reason to be angry and wanting to cause deliberate damage.
The second part of the problem is that todays organizations may have huge networks with many different areas to be protected from many different kinds of people, coming into the systems from many areas withing the organization including other facilities, suppliers, customers, remote salesmen, travelling executives, etc.
Cisco NAC Architecture and Design, the first volume in this series covers the protocols, design concepts, networking structure - in general the higher level preliminary setup of the NAC.
This volume covers the nuts and bolts of the actual installation and management of the Cisco NAC and the integration of the NAC into other Cisco components such as: VPN, ASA, PIX and more.
Books:
- The Customer-Driven Company: Managerial Perspectives on QFD
- The Data Warehouse Toolkit: The Complete Guide to Dimensional Modeling (Second Edition)
- The Guru's Guide to Transact-SQL
- The Little SAS Book: A Primer, Third Edition
- The PMP Exam: How to Pass On Your First Try (Test Prep series)
- The Usability Engineering Lifecycle: A Practitioner's Handbook for User Interface Design (Interactive Technologies)
- The World Is Flat [Updated and Expanded]: A Brief History of the Twenty-first Century
- The Zen of CSS Design: Visual Enlightenment for the Web (Voices That Matter)
- Transport Modeling for Environmental Engineers and Scientists
- Ultimate Spider-Man Vol. 17: Clone Saga
Books Index
Books Home
Recommended Books
- Foundations of Financial Management Text + Educational Version of Market Insight + Time Value of Mon
- Cross-X: The Amazing True Story of How the Most Unlikely Team from the Most Unlikely of Places Overc
- Study Guide, Volume 2, Chapters 15-25 for use with Financial & Managerial Accounting: A Basis fo
- The Unruly Life of Woody Allen: A Biography
- Working Papers to Accompany Accounting, 21e Chapters 1-17 or Financial Accounting, 9e
- Christian Writers' Market Guide 2003
- A People's History of the Supreme Court: The Men and Women Whose Cases and Decisions Have Shaped Our
- Complete Guide to Tested Telephone Collection Techniques
- Unfunded Pension Systems: Ageing and Migration, Volume 264
- Zorro : The Masters Edition Vol. One
Cisco ASA and PIX Firewall Handbook
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance (Networking Technology)
IPSec VPN Design (Networking Technology)
Troubleshooting Virtual Private Networks (VPN) (Networking Technology)
Cisco Field Manual: Catalyst Switch Configuration
