Network Security Technologies and Solutions

This book gives an overview and brief run-through of all Cisco related security products, both from the hardware, software, and services side. It covers the ASA/FWSM, SecureACS, NAC, CSA, MARS, and technologies like NAT, MPLS, Spanning-Tree, VPN, and IPS.Some topics are covered in more detail than others; specifically I would say ACS and the IPS appliances are the most complete, however the book is very useful for getting a 2-10 page run down on any topic as it pertains to network security.

Depending on where you are in your career is how I'm going to rate this book. If you are somewhat new to security, especially in the Cisco world, this book is the book for you and deserves 5 stars. If you have been in the Cisco security world for several years, are looking to study for your CCSP or CCIE, this book is NOT for you and deserves 1 or 2 stars.This book does a great job on going over much of the Cisco security portfolio. It goes over the Cisco firewalls, AAA, NAC solutions, IPS, MARS, VPNs, etc. It gives some basic configurations for most of these. Again, I said basic and for a lot of these I would go as far as to say MINIMAL.Again, if you are looking for study material for some of the CCSP exams or CCIE, this book wont get you close. Those exams dive WAY deeper into the different technologies than what this book offers.My real issue with the book is the top line in the title "CCIE professional developement". If I see this and I see its 700+ pages, I'm thinking a Jeff Doyle TCP/IP Vol content book. Nope, not even close. If the authors wanted to cover all the different technologies that they did, but consider this book a "CCIE developement", they should of split this book into two books and expanded GREATLY on the different technologies.

When I first selected this book, I was expecting material rather specific to CCIE Security preparation. What I found after reading it, however was that it not only covered CCIE Security preparation but CCIE R/S preparation as well as many real-world security topics.Many authors attempt to cover a wide area of technologies and wind up losing organization of their presentation of the topics. I find Yusuf's organization to be excellent and flowed very well making this an easy read. In fact, considering how many topics this book covers I am amazed at just how well it is organized, which is better than many of the technology-specific books I have read over the years. I become very annoyed with having to go back to reference past topics time and again but I did not find that I had to do that with this book and was able to continue going forward along with the topics.I also found that this book gets right to the point. Yusuf didn't pack a lot of fluff and filler into the material. Instead you get right into the meat of the topics. Keep in mind that if you are looking for a thorough reference to take you from the very beginning of a specific topic then this book is not for you. This book is part of the "CCIE Professional Development" series and as such assumes you have at least some pre-existing knowledge in these areas. With this in mind, I find this an excellent study guide as well as a real-world reference for various areas of Cisco security.Perhaps one of the most unique and possibly useful chapters of this book is the non-Cisco material. For example the section covering security policies is invaluable. As a consultant I see client after client without a corporate security policy and in this day and age that's trouble waiting to happen. This section discusses the value of such a policy and how to begin developing it. Another area within this chapter contains information on various regulatory compliance mandates, such as HIPPA and SOX. While this info is readily available elsewhere, Yusuf neatly summarizes the various regulations, including who is mandated to comply, penalties for not doing so and the various Cisco solutions used for compliance.I found this book to be excellent.

During the first 7 chapters the author gives overviews of security vulnerabilities and attack mitigations in the current networking world. When finer points are confusing, there is detailed explanation to make the problem clear. For example distinguishing between MAC spoofing and ARP spoofing. Each threat is outlined with a description, background, problems, and mitigation techniques using Cisco configuration. This is not just a theory book but manages to fit in useful configuration examples in almost every turn of the page. This is not a quick read: you will want to have a lab setup to practice on while you read. Unlike many security discussions that make much of vulnerabilites that are highly unlikely or virtually impossible to pull off, the author clearly states when an attack is improbable, and not worth the effort to consider. The second unit of the book focuses on identity and access management. I found the sections on layer 2 access control most useful. Particularly the use of 802.1x protocol with a RADIUS server. Something I am currently trying to implement in a network. Part 3 is all about privacy and encryption and covers many ways to tunnel, hide, and encrypt data packets. The last sections are about Intrusion Detection and Security Management. Perhaps one of the most helpful setions in the book are the guidelines for establishing a security policy and making it work in a real world environment. Chapter 25 walks you through starting with a security model that gives you a foundation for fleshing out your companies standards, guidelines and procedures so you will be ready for your next audit as well as the real security threats of today.

Good one

One of the Best Book for studying Network Security.