Publisher: Prentice Hall PTR
Last year in an interview for ZDNet, computer security expert Bruce Schneier said: "I think we're finally past the era where people believe in magic security dust, that all they need to do is buy the right set of products and their network will be imbued with the property of "secure." Security is a process. It's a journey." This is exactly what this book is all about as Allan Liska teaches you the best practices to secure your network. Read on to see what you can expect from this book.
About the author
Allan Liska is a Security Engineer with Symantec's Enterprise Security Services division. Prior to that Mr. Liska spent six years at WorldCom, where he served as a network architect for WorldCom's hosting division. He is also a CISSP who has written about network management, administration, and Web-server security.
Inside the book
At the very beginning Liska lays down the basics as he defines the scope of network security and illustrates its various types. He underlines the importance of a good security policy no matter how small your organization is. Throughout this chapter you see references to the CIO and the author notes that depending on the size and structure of your company, the duties described may be handled by the CTO or an IT manager. Now you know the targeted audience of this book.
As we move on, the author provides some introductory information about the security model - the framework within which the security policy is developed. Here you obtain an understanding on how to choose the appropriate security model for your company, identify infrastructure vulnerabilities, and more.
Next the author gets down and dirty as he explains several types of attacks. Illustrated here are sniffing, scanning, rootkits, distributed denial of service (DDoS) attacks and a bit on viruses and worms. Popular tools introduced here include Ethereal, Nmap and Ettercap. In order to maximize the amount of delivered knowledge, Liska notes some resources you can use to keep up with security issues.
Chapter four brings you closer to issues related to routing as the author writes about access lists, disabling unused services, securing routing protocols, changing default passwords, and more. This part of the book is filled with details, Liska even mentions physical security and backs-up the material with various figures that aid you in the understanding of the presented topics.
What follows is a discussion on switching where you learn all about those security measures you should have implemented a long time ago. Here you get to know more about multilayer switching, MAC addressing, creating static ARP table entries, etc. This is another good example of taking care of all the parts of your network as switches tend to be neglected when it comes to security.
Liska continues by giving an overview of the authentication, authorization and accounting (AAA) framework. AAA is important since every network device that allows remote access and is not a workstation can fall under AAA policies. The following topics of discussion are remote access and VPNs where you learn, among other things, about IP VPN security, dial-in security access as well as DSL and cable VPN security.
Wireless networks are growing in popularity so no wonder there's material about them in this book. Over some 30 pages the author discusses wireless wide area networks and wireless local area networks. Noted here are the security weaknesses and the AirSnort tool. Chapter ten contains information on firewalls and intrusion detection systems, an excellent perimeter protection combination. Liska notes that many still rely on these two devices as sole means of protection which is, naturally, terribly wrong. Before moving on to learn about server security, you read a bit about the perimeter network - the DMZ. As regards server security, the author illustrates new server security, mail server security and backups.
The book continues with two chapters, one dedicated to DNS security and the other to workstation security. DNS is an essential service but also very prone to security breaches. Liska provides you with the five basic principles of securing DNS. Workstation security is addressed with some general guidelines, physical security issues, and more.
The following chapter is all about managing network security. As the author notes, until now you've learned many best practices, now it's time to see how you can monitor and enforce the security policy already in place. Liska underlines the importance of proper training for both end users and administrators and lists some of the common mistakes that are likely to occur.
Monitoring and logging are presented in two separate chapters. The author depicts the value of proper monitoring and keeping of logs. Monitoring is not important only to prevent attacks but also to ensure the availability of all the devices on the network. The last chapter in the book is about action. As much as you secure your network, there's always a possibility of someone successfully attacking it so you better be prepared to respond to an attack and this chapter will help you get ready.
My 2 cents
Despite the title of the book that may seem a bit intimidating and mislead the reader into thinking that this is a college-type of a book, the language used here is very geek friendly. This book is not of the hands-on training type but excels in providing a solid foundation necessary to build a secure network from all aspects.
You may have noticed that the author covers a myriad of topics and he's unable to satisfy your thirst for in-depth knowledge for every topic in its entirety since that would require a separate book for every chapter. Liska managed to select the most important facts about each topic and pack them into this book. I can only recommend this book, it indeed is excellent reading material that will certainly take you forward when thinking about security.