Publisher: Cisco Press
Cisco Systems is a huge organization and their products are used in a huge number of companies around the globe. Besides the general networking equipment, Cisco is well known for their line of security products including the Cisco PIX Firewall, Cisco IOS Firewall, Cisco Secure Scanner, Cisco Secure Policy Manager, Cisco Secure Intrusion Detection System and Cisco Secure Access Control Server. All of these security products are thoroughly covered within several Cisco training courses and various Cisco Press publications. The book I am reviewing today holds information on the mentioned security products and gives an overview of the complete Cisco security solutions product line.
About the authors
Andrew G. Mason, CCIE #7144, CCDP, CSS-1, is the CEO of three UK-based companies: Mason Technologies, CCStudy.com (resource site for Cisco Certification), and Boxing Orange. Andrew has 11 years experience in the networking industry and is currently consulting for the largest ISP in the UK. He is involved in the design and implementation of complex secure hosted solutions utilizing products from the Cisco Secure family. Andrew also holds CCSA, A+, Network+, CNA, and MCSE+Internet certifications.
An interview with Andrew G. Mason is available here.
Mark Newcomb, CCNP, CCDP, is the owner and lead Security Engineer for Secure Networks in Spokane, Wash. Mark has more than 20 years experience in the networking industry, focusing on the financial and medical industries. Mark is a frequent contributor and reviewer for Cisco Press books.
Inside the book
As expected, the book starts with an overview of network security basics. The authors define the common Internet attacks an organization can be threatened with. These include packet sniffing, IP address spoofing, mapping via port scans, Denial of Service attacks, application layer attacks, trojan horses and other malware pests. Following the common threats, reader is introduced with an overview of TCP/IP and the security issues surrounding it. A closer look is given to the sample SYN Flood attack (land.c) and a Ping attack (smurf). The introduction ends with a one page blurb on the process of creating a security policy. The "Basic Cisco Router Security" chapter guides the readers through the basic configurations needed for creating a secure environment in the organization's network. The part detailing on access lists provides an easily understandable view on their setup and usage. Diagrams and logical flow charts help the novice users understand the logics behind deny and permit functions of access lists.
The second part of the book contains the core information the book discusses - Cisco Secure Product Family. The key elements of the Cisco Security Solution include:
- Identity - element concerned with the identity of the authorized system users
- Perimeter security - the ways authorized user can create a secure access to the network applications and services
- Secure connectivity - protecting the sensitive communication in the corporate network
- Security monitoring - process of measuring the system or network integrity
- Security management - centrally managing and distributing the policies
Cisco Secure Intrusion Detection Systems (CDIDS) related chapter starts with an overview on intrusion detection in general. Both IDS types, host-based and network-based intrusion detection systems, are covered within this section. Authors notes that CSIDS comprises three components - Sensor, Post Office Protocol and the Director, which is a focal point of every Cisco Secure Intrusion Detection. The chapter is concluded with a look at some configuration options for Cisco PIX Firewall and Cisco IOS based Intrusion Detection Systems. If you are interested in Cisco IDS, I suggest that you take a look at the "Cisco Secure Intrusion Detection System" publication. The fourth key element of the Cisco Security Solution, Security monitoring is represented within chapter seven that discusses Cisco Secure Scanner. The last two products, covered with about 50 pages each, are Cisco Secure Policy Manager and Cisco Secure Access Control Server.
After the authors went through all the products contained within Cisco Secure product line, in the last chapter of the book titled "Internet Security Situations", he provides an overview on the commonly used Internet services and the attacks that can be deployed against these services.
This book is intended for network engineers and network designers responsible for the corporate Internet connection or the installation of the Cisco Secure products. On the other hand, the book should be of interest to networking staff members interested in Cisco's security products as well as anyone who would like to get an overview on how these products work and what should an organization expect from their setup. This is yet another well written and information filled Cisco Press publication, that should introduce you to the whole Cisco Security package.