[ISN] Book Review: Network Security Architectures by Sean Convery

From: InfoSec News (isn@private)
Date: Wed Jun 23 2004 - 04:00:08 PDT

  • Next message: InfoSec News: "[ISN] LayerOne Hacking Exposed"

    Forwarded from: Gary Hinson <gary@private>
    
    %T      Network Security Architectures - expert guidance on designing secure networks
    %A      Sean Convery CCIE
    %I      Cisco Press, IN, USA
    %D      April 2004
    %G      ISBN 158705115X
    %P      739 pages
    %O      $55 from www.amazon.com/exec/obidos/ASIN/158705115X/wwwnoticeborc-20
    
    This comprehensive textbook is ideal for information security
    architects tasked with designing secure networks, both as a teaching
    text and as a reference.  It covers:
    - Good practice network security design guidelines ('axioms') 
    - Purpose and definition of network security policies
    - Good advice on designing the ^—network security system (i.e. the
    overarching network security architecture into which individual 
    network devices must fit) from the ground up (i.e. physical security 
    to application security - OSI layers 1 to 7)
    
    - Specific technical advice on configuring network devices for 
    security ('hardening')
    - Technical descriptions of the vulnerabilities in network services,
    accompanied by advice on how to secure them
    - Typical design considerations for network perimeter ('edge') 
    security, internal network ('campus') security and remote access 
    (teleworker) security
    - Secure network management and network security management (compared
    and contrasted in 40 pages)
    
    I appreciate the author^“s emphasis on architectural security design
    but he also succeeds in giving a reasonably comprehensive introduction
    to more specific elements of network security.  This is not a
    hand-waving helicopter-overview of the topic but a far more
    substantial tome.  At the same time, the clear writing style, simple
    diagrams and nuggets of practical advice make it an enjoyable read.
    
    The book is liberally sprinkled with URLs to useful additional
    resources although I fear some of them will be out of date before this
    book is out of print (an accompanying reference website might have
    been useful, Cisco!).  Each chapter concludes with exam-style review
    questions (with answers) and further questions intended to stimulate
    the reader to think about the material in their local organizational
    context. The topic almost inevitably involves loads of acronyms so
    thankfully a succinct glossary is included.
    
    Three network security design examples (mini case studies) towards the
    end of the book demonstrate the techniques previously described.  
    These are good for getting readers to practice thinking like a network
    security architect.
    
    Despite being published by Cisco Press, the book is not specifically
    about Cisco products.  However, the examples and several of the
    security features are Cisco-specific.  Given the market presence of
    Cisco, this is not a serious drawback but a little more balance would
    have added credibility (e.g. security vulnerabilities in LEAP, Cisco's
    wireless LAN authentication protocol, are not described but merely
    hinted-at).
    
    All in all, this book has already proved its worth to me.  I read it
    cover-to-cover in a couple of days and have already started using it 
    as a reference.  Recommended reading for those with a professional
    interest in information security architecture.
    
    Copyright 2004, IsecT Ltd.  All rights reserved.
    
     
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)
    



    This archive was generated by hypermail 2b30 : Thu Jun 24 2004 - 05:11:08 PDT