A practical guide to creating a secure network infrastructure

• Understand basic cryptography and security technologies
• Identify the threats and common attacks to a network infrastructure
• Learn how to create a security policy
• Find out how to recover from a security breach
• Study specific implementation scenarios for securing your network environment
• Learn about advances in security technologies

Designing Network Security, Second Edition, is a practical guide designed to help you understand the fundamentals of securing your corporate network infrastructure. This book takes a comprehensive look at underlying security technologies, the process of creating a security policy, and the practical requirements necessary to implement a corporate security policy.

You will gain a thorough understanding of basic cryptography, the most widely deployed security technologies, and key emerging security technologies. You will be able to guide the architecture and implementation of a security policy for a corporate environment by knowing possible threats and vulnerabilities and understanding the steps required to perform a risk management assessment. Through the use of specific configuration examples, you will learn about the features required in network infrastructure equipment to implement the given security policy, including securing the internal corporate infrastructure, Internet access, and the remote access environment.

This new edition includes coverage of new security features including SSH on routers, switches, and the PIX(r) Firewall; enhancements to L2TP and IPSec; Cisco(r) LEAP for wireless networks; digital certificates; advanced AAA functionality; and Cisco Intrusion Detection System features and products. Additional practical examples include current security trends using VPN, wireless, and VoIP networking examples.

This book is part of the Networking Technology Series from Cisco Press(r), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Average Customer Review: ( 17 customer reviews )
Write an online review and share your thoughts with other customers.

Bogs down when it gets to Cisco specific configurations. As a CCIE, even I find that books of this type provide only the tip of the iceberg when it comes to the complexity of Cisco configurations.

14 of 14 found the following review helpful:

Good Book to prepare for the MCNS examinationSep 12, 1999

Exam 640-442 is the Security Specialistization for people who have attained their CCNP certification. Excellent coverage of AAA, TACACS+, RADIUS, PIX, 3DES, DMZ as well as IPSEC and CBAC. This is alot of material to be discussed in one book. Cisco provides a CD ROM with this same material for $250.00, this is a much better deal. If you want to enhance your knowledge of access-lists, reflexive access-lists etc. this is the book for you. Merike did her homework on this material, I completed many of the configurations presented in the book, they were accurate.

10 of 10 found the following review helpful:

Mixed BagOct 30, 2000
By Fruitcake
Up through Chapter 7, this book presents a fairly good overview of information security in general, network security basics, cryptography, and a good measure of "security philosophy" as well. It reads pretty well and there are relatively few inconsistencies, until...

From Chapter 8 onwards, there are lots of mistakes (my personal favorite is a botched explanation of TCP proxies on page 248) and many cases of examples not matching the explanatory text. And when it comes to enabling TACACS+ on routers, some sections of this book directly contradict Cisco's "IOS 12 Network Security" book.

All in all, a decent reference for Cisco routers & firewalls, but you might want to supplement it with something more substantial. The O'Reilly books and Cheswick/Bellovin come to mind...

3 of 3 found the following review helpful:

A complete survey of network security and moreMay 12, 2004
By Stephen Northcutt
This is a big book, 745 pages, a bit about almost every topic in information security. The advantage of a book like this is that if you want to know three paragraphs about a security term that you are not familiar with, you can find it. The disadvantage of these survey type books is that they do not usually give you enough information to do anything.

Though there are some spots especially in the first few chapters where this happens, Merike Kaeo, the author, quickly succeeds in making this a book that goes beyond telling the reader about things and begins to share how to do things on Cisco equipment which is far more valuable. If you are a Cisco network engineer or administrator and are interested in learning more about information security this is probably a good book for you. I think this book would also benefit a manager or someone with purely theoretical information security knowledge that wants to be able ask technical people pragmatic questions.

The Voice over IP chapter was one of the clearest explanations I have seen, however a bit more of a warning about security, changing standards and interoperability would have been appreciated.

When work begins on 3rd edition, I would suggest more focus on using routing and switching technology to segment the internal network so a worm infection does not take down the entire facility. In general user VLANS to not need to talk to other user VLANS, they only need to communicate with servers.

My favorite part of the book is Appendix D, somehow I had never seen Rob Thomas paper on DDOS.

3 of 3 found the following review helpful:

Best book I've read on SecurityAug 10, 1999

I really enjoyed reading this book. Lot's of information pertaining to PIX, Access-lists, Distribute Lists, IPsec. Every angle was covered, I compared to the Cisco 12.0 Ios Network Security book, this one had more detail. Which is difficult considering how much is covered with Cisco documentation. If you've read the articles pertaining to Cisco's investment in the Security market, you've got to have this book. This book is the security what Halibi's book is to BGP.

See all 17 customer reviews on Amazon.com