Authors: Andrew G. Mason and Mark J. Newcomb
Pages: 495
Publisher: Cisco Press
ISBN: 1587050161



Introduction

Cisco Systems is a huge organization and their products are used in a huge number of companies around the globe. Besides the general networking equipment, Cisco is well known for their line of security products including the Cisco PIX Firewall, Cisco IOS Firewall, Cisco Secure Scanner, Cisco Secure Policy Manager, Cisco Secure Intrusion Detection System and Cisco Secure Access Control Server. All of these security products are thoroughly covered within several Cisco training courses and various Cisco Press publications. The book I am reviewing today holds information on the mentioned security products and gives an overview of the complete Cisco security solutions product line.

About the authors

Andrew G. Mason, CCIE #7144, CCDP, CSS-1, is the CEO of three UK-based companies: Mason Technologies, CCStudy.com (resource site for Cisco Certification), and Boxing Orange. Andrew has 11 years experience in the networking industry and is currently consulting for the largest ISP in the UK. He is involved in the design and implementation of complex secure hosted solutions utilizing products from the Cisco Secure family. Andrew also holds CCSA, A+, Network+, CNA, and MCSE+Internet certifications.

An interview with Andrew G. Mason is available here.

Mark Newcomb, CCNP, CCDP, is the owner and lead Security Engineer for Secure Networks in Spokane, Wash. Mark has more than 20 years experience in the networking industry, focusing on the financial and medical industries. Mark is a frequent contributor and reviewer for Cisco Press books.

Inside the book

As expected, the book starts with an overview of network security basics. The authors define the common Internet attacks an organization can be threatened with. These include packet sniffing, IP address spoofing, mapping via port scans, Denial of Service attacks, application layer attacks, trojan horses and other malware pests. Following the common threats, reader is introduced with an overview of TCP/IP and the security issues surrounding it. A closer look is given to the sample SYN Flood attack (land.c) and a Ping attack (smurf). The introduction ends with a one page blurb on the process of creating a security policy. The "Basic Cisco Router Security" chapter guides the readers through the basic configurations needed for creating a secure environment in the organization's network. The part detailing on access lists provides an easily understandable view on their setup and usage. Diagrams and logical flow charts help the novice users understand the logics behind deny and permit functions of access lists.

The second part of the book contains the core information the book discusses - Cisco Secure Product Family. The key elements of the Cisco Security Solution include:

• Identity - element concerned with the identity of the authorized system users
• Perimeter security - the ways authorized user can create a secure access to the network applications and services
• Secure connectivity - protecting the sensitive communication in the corporate network
• Security monitoring - process of measuring the system or network integrity
• Security management - centrally managing and distributing the policies

After introducing the readers with Cisco Systems' perspective on security solutions, authors talk about the key Cisco Secure products. Each of the products receives a fair share of exposure in the book and is decently covered from every perspective (installation, configuration and usage). Cisco PIX Firewall's purpose, other then routing, is to deny unrequested outside traffic to the Local Area Network and to form a secure Virtual Private Network connection. As Mr. Mason is also the author of "Cisco Secure Virtual Private Networks" publication, he presents a nice scope on building VPN with several options including combination of IPSec and manual keys, Point to Point Tunneling Protocol and preshared keys. PIX-to-PIX connection is also mentioned with the appropriate diagrams and access list entries. Cisco IOS Firewall chapter explores the features of this Cisco IOS add-on and talks about the product's configuration options. The interesting part of this chapter is the extended coverage of the previous Access List section. Dynamic, Time-Based and Reflexive access lists receive a chapter spotlight and are accompanied with the appropriate code snippets and diagrams.

Cisco Secure Intrusion Detection Systems (CDIDS) related chapter starts with an overview on intrusion detection in general. Both IDS types, host-based and network-based intrusion detection systems, are covered within this section. Authors notes that CSIDS comprises three components - Sensor, Post Office Protocol and the Director, which is a focal point of every Cisco Secure Intrusion Detection. The chapter is concluded with a look at some configuration options for Cisco PIX Firewall and Cisco IOS based Intrusion Detection Systems. If you are interested in Cisco IDS, I suggest that you take a look at the "Cisco Secure Intrusion Detection System" publication. The fourth key element of the Cisco Security Solution, Security monitoring is represented within chapter seven that discusses Cisco Secure Scanner. The last two products, covered with about 50 pages each, are Cisco Secure Policy Manager and Cisco Secure Access Control Server.

After the authors went through all the products contained within Cisco Secure product line, in the last chapter of the book titled "Internet Security Situations", he provides an overview on the commonly used Internet services and the attacks that can be deployed against these services.

My opinion

This book is intended for network engineers and network designers responsible for the corporate Internet connection or the installation of the Cisco Secure products. On the other hand, the book should be of interest to networking staff members interested in Cisco's security products as well as anyone who would like to get an overview on how these products work and what should an organization expect from their setup. This is yet another well written and information filled Cisco Press publication, that should introduce you to the whole Cisco Security package.