"Network Security Fundamentals", Gert De Laet/Gert Schauwers, 2005,
%A Gert De Laet
%A Gert Schauwers
%C 800 East 96th Street, Indianapolis, IN 46240
%I Cisco Press
%O U$50.00/C$73.00 feedback@...
%O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 454 p.
%T "Network Security Fundamentals"
The introduction states that the intended audience is comprised of two
groups: system administrators who are new to network security
concepts, and managers who need guidance for product purchase and
Part one is an introduction. Chapter one is supposed to be an
overview of network security. It is a very short piece full of
idiosyncratic definitions, isolated bits of security information, and
with a set of extremely simplistic "reading check" type questions at
the end. A few network security vulnerabilities (and, oddly, a
discussion of buffer overflows) make up chapter two. Various security
tools are listed in chapter three.
Part two should be about the diverse building blocks that go into
making up a protective system or architecture, but it really isn't.
Chapter four is a very spotty overview of cryptography, failing to
address some significant concepts. A very limited explanation of
security policy and its creation is in chapter five. (The sample
policy provided, even within its limited scope, is rather thin.)
Secure design, in chapter six, is possibly even worse: vague opinings
and a sales pitch for the Cisco SAFE blueprint document.
Part five addresses specific security tools. Chapter seven looks at
Web security by presenting certain security related settings for
Windows systems and browsers. Router access configurations and the
Cisco CBAC (Content-Based Access Control) content inspection and
intrusion detection system (IDS) is outlined in chapter eight.
Apparently more intent on selling Cisco products than educating
readers, chapter nine does provide the basic information about
different types of firewalls, but in a disorganized and confusing
manner. Much the same approach is taken with IDSs in chapter ten.
Chapter eleven describes two centralized remote authentication systems
(RADIUS, Remote Authentication Dial-In User Service; and TACACS+,
Terminal Access Controller Access Control System plus), but mostly in
terms of packet types rather than functions. Virtual Private Network
technologies are described in a disjointed manner in chapter twelve.
A few aspects of public key infrastructure are presented in chapter
thirteen, along with a great many screen shots of Windows dialogue
boxes. The security, or insecurity, of wireless LANs is briefly
reviewed in chapter fourteen. Chapter fifteen lists some auditing
Those who are not familiar with security would probably feel more so
after reading this book, although some of the material is of
questionable accuracy and even more debatable clarity. Managers might
be a bit more aware of some of the issues involved in protection
strategy and product choice, although at the risk of making some
errors. On balance, this work is probably serviceable as a quick
guide. The more accurate works of which I am aware are more demanding
of the reader, and there are some "instant introductions" to network
security that are considerably worse.
copyright Robert M. Slade, 2005 BKNTSCFD.RVW 20051127
rslade@... slade@... rslade@...
It is the test of a good religion whether you can joke about it.
- G. K. Chesterton
Where does the idea come from that if what we are doing is fun,
it can't be God's will? The God who made giraffes has a sense of
humor. Make no mistake about that. - Catherine Marshall