Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Designing and Building Enterprise DMZs", Ido Dubrawsky et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKDBEDMZ.RVW 20061223 Designing and Building Enterprise DMZs , Ido Dubrawsky et al, 2006, 1-59749-100-4, U$59.95/C$77.95 %E Ido Dubrawsky %C 800 Hingham
    Message 1 of 1 , Feb 5, 2007
      BKDBEDMZ.RVW 20061223

      "Designing and Building Enterprise DMZs", Ido Dubrawsky et al, 2006,
      1-59749-100-4, U$59.95/C$77.95
      %E Ido Dubrawsky
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2006
      %G 1-59749-100-4
      %I Syngress Media, Inc.
      %O U$59.95/C$77.95 781-681-5151 fax: 781-681-3585 www.syngress.com
      %O http://www.amazon.com/exec/obidos/ASIN/1597491004/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597491004/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 714 p.
      %T "Designing and Building Enterprise DMZs"

      Chapter one does outline some basic DMZ (DeMilitarized Zone) concepts
      and design, but is vague and verbose, with many large (in page size)
      and simplistic (in terms of information content) illustrations with
      little detail and minimal differences between them. (Figures 1.5 and
      1.6 are, in fact, identical, even though they purport to show
      different topologies.) Windows DMZ design, in chapter two, is both
      too broad (it discusses very general aspects of planning for a DMZ
      setup) and too detailed (the text almost immediately jumps into the
      specifics of particular outside hardware to be purchased for an
      isolated example) to be of practical use. Much the same is true of
      chapter three, which is based on Sun's Solaris operating system.

      Chapter four lists wireless network attacks and some security
      technologies, but doesn't really deal with DMZ aspects, and chapter
      five, purportedly about implementing wireless DMZs, just has lots of
      screenshots for installing various products.

      Chapter six starts a section of the book cataloguing various firewall
      products. In this case it is Cisco's PIX and ASA systems, and
      discusses unit specifications, licensing, and some Cisco commands.
      Chapters seven through ten, respectively about Checkpoint,
      SecurePlatform and Nokia, NetScreen, and ISA Server 2005, basically
      contain screenshots for installation and configuration.

      Chapter eleven, entitled "DMZ Router and Switch Security," would have
      been a good place to deliberate on security considerations of the
      different routing protocols, but only suggests hardening routers and
      switches. VPN (Virtual Private Network) topologies and products are
      noted in chapter twelve, with almost no mention of DMZs at all. The
      standard advice for building MS Windows bastion hosts is in chapter
      thirteen. We are told to remove unnecessary services (without being
      told which are necessary), to rename the administrator account
      (although nobody mentions that the renamed account can still be
      determined), and the text recommends using Terminal Services (even
      though this service is widely considered to be a security risk). Most
      of the material is about how to use the configuration utilities,
      rather than suggestions on the settings themselves. Much the same
      type and level of advice is given in chapter fourteen, in regard to

      Ultimately, while there is content in the work that can be helpful in
      terms of security, there is relatively little that actually relates to
      DMZ concepts, design, use, or protection.

      copyright Robert M. Slade, 2006 BKDBEDMZ.RVW 20061223

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      What about the main thing in life, all its riddles? If you want,
      I'll spell it out for you right now. Do not pursue what is
      illusory--property and position: all that is gained at the
      expense of your nerves decade after decade, and is confiscated
      in one fell night. Live with a steady superiority over life--
      don't be afraid of misfortune, and do not yearn after happiness;
      it is, after all, all the same: the bitter doesn't last forever,
      and the sweet never fills the cup to overflowing. It is enough
      if you don't freeze in the cold, and if thirst and hunger don't
      claw at your insides. If your back isn't broken, if your feet
      can walk, if both arms can bend, if both eyes see, and if both
      ears hear, then whom should you envy? And why? Our envy of
      others devours us most of all. Rub your eyes and purify your
      heart--and prize above all else in the world those who love you
      and who wish you well. Do not hurt them or scold them, and never
      part from any of them in anger; after all, you simply do not
      know: it might be your last act before your arrest, and that will
      be how you are imprinted in their memory!
      - The Gulag Archipelago, Solzhenitsyn
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.