Customer Reviews

Cisco ASA and PIX Firewall Handbook

5 star:		(11)
4 star:		(3)
3 star:		(3)
2 star:		(0)
1 star:		(0)

 

 

This book is very helpful for PIX firewalls, but is mislabeled for ASA. There is very little on the ASA product. Usually just a mention of command differences between ASA and PIX. If you are looking for a book on ASA do not buy this book.

CiscoPress's "Cisco ASA and PIX Firewall Handbook" by David Hucaby is a great resource at configuring and supporting Cisco Firewalls (PIXs). I have read through many book on securing Cisco firewalls (see my reviews for earlier books), and I believe this book does the best job at demonstrating the abilities of Cisco's stateful firewall. I did not read the book page-for-page, as the book starts out with three detailed chapters to bring rookie admins up to speed, quickly (chapters 1-3).

I have been administering Cisco PIXs since around 2001 and have plenty of experience with configuring and administering Cisco's earlier PIX OSs (5.x & 6.x). This book does a superb job at bringing me up to speed on the latest commands for the 7.x while still providing the full body of commands for earlier OSs. When in the field and administering a PIX and, probably in a situation where the Internet is not up to check Cisco's website, this is the only book I need to bring along.

In particular:
* Chapter 6 provides the most up-to-date description of the different types of NAT employed (Static, Policy, Identity, Exception, & PAT) and configuration examples of each.
* Chapter 7 - Failover - this chapter was really the first chapter I referenced on a regular basis. When Cisco updated the OS to 7.0, the functionality of failover was greatly improved. This chapter does a great job at documenting the new options as well as including material on the older failover options. Couple with Chapter 8 on load balancing.
* Chapter 10 - Monitoring the Firewall - the book demonstrates the power and flexibility of the updated packet capture features.

I did find some minor typos/editorial mistakes but nothing too grave. One topic this book is sorely lacking is VPN coverage (the author readily acknowledges this). Overall, I believe this book is a superb resource for a firewall admin or a candidate for the CCSP or CCIE Security. I'm usually not too fond of CiscoPress's Firewall books, but this book is definitely a welcome addition.

I give this book 5 pings out of 5:
!!!!!

This book is exactly what I was looking for. It gives a detailed breakdown of the original technologies as well as the ins and outs of the new features of 7.0. I like this book more than the others that I have read in the past. From the first page of the first chapter you are reading worthwhile material. Not the definition of a firewall, or the layers of the OSI model, or even the layout of Cisco's certification trail. This is good detailed information, in an easy to read format with excellent examples from start to finish. The comparisons of "how it's done on 6.3 and now on 7.0" are great as well.

Awesome book!

Cisco ASA and PIX Firewall Handbook (ISBN 1-58705-158-3) by David Hucaby is an intermediate to advanced level book on Cisco firewalls. It primarily concentrates on the Cisco PIX firewall (which now apparently is becoming known as Cisco security appliance) but also provides coverage of the Firewall Services Module (found in Cisco's high end switches) and the IOS software firewall. Simply put, the author does a superb job of presenting a complex and broad subject in relatively easy-to-understand terms. Nevertheless, if you do not have any experience with Cisco firewalls, this book is not for you. Rather it is meant for someone who has been working with PIX firewalls but wants to gain a better and more in-depth understanding of the subject matter with an eye towards how to get something done - hence the term "handbook" in the title of the book.

If you're sitting at a bookstore browsing through a number of books on PIX firewall trying to decide which one to buy, skim through chapter 3 in this book. If you're really pressed for time, read through the coverage of VLAN hopping and firewall topology considerations in this chapter. If you're still not impressed by level of knowledge that the author brings to the table, either you already know so much that you don't need this book (and probably should think about writing one yourself if you're half-way-decent in conveying your ideas) or the material is too advanced for you and you'd be better off getting an introductory book on the topic. For an average network security engineer responsible for maintaining the Cisco firewall series of appliances, the material presented in this book is invaluable (and up-to-date).

Of course the material is not always revelatory throughout the book. There are sections which present information that most Cisco admins would already know. But nevertheless the author uses certain stylistic practices which are most helpful in understanding the differences between various areas of coverage. For example, for every command presented in the book, the author makes it a point to lay out the syntax for PIX v. 6.3, PIX v. 7.0 and FWSM next to each other. Further, whenever necessary, the author highlights the additional functionality found in version 7.0 and how it differs from version 6.3 in the PIX firewall. For example, the coverage of FW contexts (virtual FWs), new in version 7.0, is covered in sufficient detail - enough so that the administrator can actually implement it in his/her environment if needed. (By the way, this section is a good illustration of the author's knowledge about the inner workings of the Cisco firewalls and provides for an enlightening look at how traffic actually passes through the FW.)

In all fairness, I must point out that I was little disappointed in not finding any coverage of VPN tunnels in managing/administering the FWs. There is hardly any coverage given to the topic of remotely managing FWs (on the outside interface) while (IMHO) it happens to be a critical element of any FW administration scheme. Even though the author refers the reader to another book (Cisco IPSec VPN Handbook) for coverage of VPN functionality, I feel that the topic of FW management is simply not complete without discussing remote management - and tunneling is necessary when management has to be done from the outside. Nevertheless, I hope that the author can take this into consideration if a decision is ever made to issue a second edition.

Overall, this is a must-have book for any Network Security Engineer working with Cisco FWs. I highly recommend it and look forward to reading other books by this author.

This book begins by taking the stance of 'yesterday you couldn't spell firewall engineer, now you are one.' It starts off with this is what a firewall is and this is why you need one up through each step along the way to a very secure system.

The author is a lead network engineer for the University of Kentucky. It's clear that so far as a firewall is concerned, he's been there and done that. His description of what is done/examined/checked about incoming packets before passing them through the firewall is the best I've ever seen. Unlike so many computer books, his introductory chapters tell you the 'this is what we are trying to do here' before getting down to the type this in kind of commands.

This book is based on Cisco hardware and the Cisco philosophy of how a firewall should be implemented. If it is your job to handle a Cisco firewall of any type I recommend this book. It concentrates on ASA and PIX (Version 7), if you have (or are getting) one of them this book should be considered mandatory.

I recently read the book titled "Cisco ASA and PIX Firewall Handbook" by David Hucaby. ISBN: 1587051583. I've been working with Cisco PIX firewall's for several years and while they are fairly straight forward to configure the basic function of the system, some of the more robust features of the product can be complex in concept. This is certainly the case when considering all of the new features of the PIX 7.0 code.
This title does an outstanding job at bridging the information gap for the old crusties that have used PIX for years. Each section is laid out to explain and contrast how each feature is configured for the Cisco PIX, the new Adaptive Security Appliance, and the Firewall Switch Module and for the IOS Firewall code. It has everything you should and need to know to administer the equipment effectively. There is little fluff or filler in these pages. Mostly straight to the point configuration examples that allow the readers to maximize their time getting work done.
I was really excited when I saw that Cisco Press was coming out with a title that covers the new Cisco ASA (Adaptive Security Appliance). My excitement quickly turned to confusion when I started reading through the title. Aside from the great documentation on the PIX, FWSM and FW IOS, it's very difficult to identify what information pertains to the Adaptive Security Appliance. I'm still not clear why this book claims to include information on the ASA. It's either ignorance on my part or there is not enough content in the book to justify the title. This observation in no way takes away from the book rich information regarding the FWSM 2.x, PIX 6.x and PIX 7.x. Since the title was published not long after the PIX 7.0 code was released, I wonder if it was too soon to cover a topic so new in a book. The author however, covers the main features of 7.0 very well and it's extremely helpful to have this handbook for those transitioning to the new PIX 7.0 code.
I think this title is best suited for any person that administers Cisco security devices like the Cisco PIX, the FWSM or running Cisco Firewall IOS in their environment. The title covers more detail that what the Cisco on-line (CCO) has to offer in most cases. The title picks up where the product command reference and configuration examples leave off. Certainly a must have title for any security administrator to have in order to ensure that the equipment is leveraged to it's maximum potential and to minimize mis-configurations that may contribute to increased exposure or unintended security risks.
There aren't many diagrams in the book; however there are diagrams where they serve best. Most of the book in centered on the CLI configuration of the equipment. Administrators that rely or use the web interface to configure these devices won't see much supporting information on the web interface. In my opinion, that's a good thing, because administrators should know what's going on under the covers of any GUI interface for independency and security reasons.
Some of the sections that I found the most beneficial where the sections that cover the new features like Transparent Firewall Mode, Active-Active Failover and Using Security Contexts to Make Virtual Firewalls. These are all new features that have a lot a benefit. When learning something new, it's always good to get as much information about the subject as possible. It helps to formulate a solid understanding of the new topic.
All-in-All this is a great title worthy of the Cisco Press legacy. The author has done a great job covering all the essentials in one easy to grab title.

I have made a special place on my shelf for Hucaby's ASA and Pix Handbook. It will be there for a while. And not just collecting dust. This book is a good first stop for questions about configuration and troubleshooting.

One thing I loved about this book right away was that it provides a side-by-side comparison between PIX 6.X and 7.X commands. This is pefect for someone like me who configures and works with both versions of firewalls, but not on a daily basis.

There are so many new features ( and changes to existing ones) in Pix 7.0, it's pretty hard to keep track of it all. Most concepts are covered in detail and include when a new feature is used and the corresponding configuration commands. For example, the topic of Security Contexts is given a great deal of coverage (30+ pages). Other featuers such as QoS are more sparse (5 pages). Still, even in those 5 pages, I felt like I came away with a basic understanding of how and when to use that feature.

The section on firewall failover is worth the price of admission alone. It is comprehensive and again has side-by-side comparisions between 6.X and 7.X. It also points out a couple of the common gotchas such as how to properly upgrade a failover pair.

I recommend dog-earing Chapter 10 - the troubleshooting chapter. This chapter goes into checking firewall vital signs, watching data pass through the firewall and verifying connectivity. The explanations are thorough. The tips are memorable. It even goes into viewing packet captures for packet level debugging.

I did find it lacking in certain areas such as VPN configuration (I'm still looking for a good Cisco book on that). I rest of the book is so good I can certainly forgive him this omission. The book weighs in at 800 pages as is.

I bought this book thinking that this was the ASA/PIX Bible. Don't get me wrong the book is excellent but as can be expected from Cisco Press they over kill you with information and still manage to leave out crucial information. One of the most important functions of an ASA is creating VPN tunnels. This book mentions it in literally 3-7 words the entire book. I called and complained to Cisco but they told me that I was wrong because I had the wrong expectation of the book. They said if I want VPN stuff I needed to buy the ASA or PIX version of the Firewalls & VPN book. I guess Cisco thinks that I won't mind buying another over priced book. Outside of that from a security, general set up, advanced topics like ACL's, and advanced concepts like VLANs it is a decent book.

While the book was rather detailed in several areas, I was hoping it would be more detailed on the subject of VPN. While most of it is straight forward, configuring VPN on the 5520 was a pain. Someone reading this book should be from a large enterprise, using failover, etc. Someone from a small company that is not using these features might find it to be overkill, and start looking for other books to meet their specific needs.

I think author did a wonderful job filling in where other popular litrature about PIX left off. I read the CCSP book, and leared alot. This book filled in stuff that CCSP book just does not talk about. Not to knock the CCSP book; each auther can only fill in so much. It is a difficult decision on what to keep and what to leave off. I find the PIX and ASA book is very practical. If you want a good understanding of this platform, then you want this book as the pliers in your tool box of knowledge. Do not expect it to be swiss army tool though. I think author was especially considerate to the reader's needs to publish items that other litrature just does not cover. There is alot of good information. Nice pictures which addressed questions I had and even posted to some CCIE sites and there was no answer. Definately worth buying.