"Network Security Fundamentals", Gert De Laet/Gert Schauwers, 2005,1-58705-167-2, U$50.00/C$73.00 %A Gert De Laet %A Gert Schauwers %C 800 East 96th Street, Indianapolis, IN 46240 %D 2005 %G 1-58705-167-2 %I Cisco Press %O U$50.00/C$73.00 email@example.com 800-382-3419 %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation) %P 454 p. %T "Network Security Fundamentals"
The introduction states that the intended audience is comprised of two groups: system administrators who are new to network security concepts, and managers who need guidance for product purchase and strategy decisions.
Part one is an introduction. Chapter one is supposed to be an overview of network security. It is a very short piece full of idiosyncratic definitions, isolated bits of security information, and with a set of extremely simplistic "reading check" type questions at the end. A few network security vulnerabilities (and, oddly, a discussion of buffer overflows) make up chapter two. Various security tools are listed in chapter three.
Part two should be about the diverse building blocks that go into making up a protective system or architecture, but it really isn't. Chapter four is a very spotty overview of cryptography, failing to address some significant concepts. A very limited explanation of security policy and its creation is in chapter five. (The sample policy provided, even within its limited scope, is rather thin.) Secure design, in chapter six, is possibly even worse: vague opinings and a sales pitch for the Cisco SAFE blueprint document.
Part five addresses specific security tools. Chapter seven looks at Web security by presenting certain security related settings for Windows systems and browsers. Router access configurations and the Cisco CBAC (Content-Based Access Control) content inspection and intrusion detection system (IDS) is outlined in chapter eight. Apparently more intent on selling Cisco products than educating readers, chapter nine does provide the basic information about different types of firewalls, but in a disorganized and confusing manner. Much the same approach is taken with IDSs in chapter ten. Chapter eleven describes two centralized remote authentication systems (RADIUS, Remote Authentication Dial-In User Service; and TACACS+, Terminal Access Controller Access Control System plus), but mostly in terms of packet types rather than functions. Virtual Private Network technologies are described in a disjointed manner in chapter twelve. A few aspects of public key infrastructure are presented in chapter thirteen, along with a great many screen shots of Windows dialogue boxes. The security, or insecurity, of wireless LANs is briefly reviewed in chapter fourteen. Chapter fifteen lists some auditing technologies.
Those who are not familiar with security would probably feel more so after reading this book, although some of the material is of questionable accuracy and even more debatable clarity. Managers might be a bit more aware of some of the issues involved in protection strategy and product choice, although at the risk of making some errors. On balance, this work is probably serviceable as a quick guide. The more accurate works of which I am aware are more demanding of the reader, and there are some "instant introductions" to network security that are considerably worse.
copyright Robert M. Slade, 2005 BKNTSCFD.RVW 20051127
====================== (quote inserted randomly by Pegasus Mailer) firstname.lastname@example.org email@example.com firstname.lastname@example.org Profanity: the linguistic crutch of the inarticulate.or