Customer Reviews

22
Cisco Firewalls (Networking Technology: Security)
Format: PaperbackChange
Price:$59.49+Free shipping with Amazon Prime
Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

14 of 14 people found the following review helpful
on August 2, 2011
While reading the news on net-security.org, I found a review that I believe may be useful to other readers (it really reflects my impressions of the book):

[...] (by Zeljka Zorz).

"There used to be a time when firewalls were considered a full proof solution for protecting networks, and that time is long gone. History has taught us there are no silver bullets
when it comes to computer and information security, but firewalls are still a great and versatile tool in the hands of those who know how to use them effectively. "Cisco Firewalls"
will tell you how.
[...]
The theory behind this book is that the reader should learn what every firewall feature brings to the table so that he could make an informed and correct decision when dealing with his own firewall situation.

In order to do that, the author covers both ASA-centric and IOS-based firewall deployments, and addresses the motivations for the use of features of each of those two types clearly.

The chapter on additional protection mechanisms is very interesting, and so are those that deal with application inspection and that of voice protocols.

It's helpful to point out at this point that advanced users are welcome to skip through chapters, but others should stick to the order given to them by the author, since many of the chapter build on the knowledge introduced in the previous one(s).

The most important thing about this book is that the it's chock full of meaningful and handy examples. This is not a simple handbook - it aims at making the reader think for himself, and make the connection between theory and practice easy and natural.

The last three chapters deal with how IP multicast tasks and the introduction of the IPv6 standard influence the choices on firewall features, and the book ends with a chapter that deals with security design. It is not overly comprehensive, and here is definitely where I could have enjoyed reading more about how new trends like mobility and cloud computing affect the notion of using firewall to protect the future borderless network. But, perhaps that is a subject for another book.

Final thoughts
This book is a must read for everyone who is charged with designing, implementing and deploying firewall solutions, and especially if they are Cisco's.
The author has had the interesting notion of using troubleshooting tools to help show how the various firewall features work, so that, in fact, troubleshooting is "performed"
throughout the book instead of at the end - and you'll be grateful for that"
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
15 of 16 people found the following review helpful
on June 21, 2011
If you are looking for a single reference on Cisco Firewalls that goes from design to deployment, this is the book for you.

It starts out with the basics of firewalling (the non-experts will appreciate), but gradually adds on new security aspects, with a lot of practical examples and configurations that provide a link with the theory. I didn't have a deep knowledge of Routing, Bridging, Multicast, VoIP or IPv6, but it was not a problem, as the author has included a good overview of those. The progression from example to example, chapter to chapter, is very logical and the book leads you from the basics to a very advanced level . Not a surprise since the author states that he has a passion for Mathematics.

Some chapters that deserve specific mention:

Chapter 4: Presents the tools that will be used in every chapter to illustrate the concepts

Chapter 5: Excellent introduction to IP Routing. Basic theory behind RIP, OSPF and EIGRP is covered. Not just a bunch of configuration commands.

Chapter 6: Network Virtualization is discussed at the architecture level with many of its typical components (VLANs, VRFs, virtual contexts) being assigned in very interesting use cases.

Chapter 8: ASA NAT (a difficult topic) is analyzed in detail. The way in which the author demonstrated the NAT precedence rules was very creative.

Chapter 9: Although CBAC is not anymore the recommend choice for IOS Firewalling, it is good to see it there. I still have some older routers that do not support ZFW.

Chapter 10: I like the way in which the building blocks of a Zone-based policy are put together. The examples are very instructive.

Chapter 11: Nice review of concepts such as Anti-spoofing, IP Options handling, IP Fragmentation and how they pertain to Firewalling

Chapter 12: Very good demonstration of Layer 7 inspection concepts (CBAC, ZFW, ASA)

Chapter 13: After presenting a quick taxonomy of the Voice Protocols, the author clearly shows why this set of protocols deserve special treatment. H.323, SIP, Skinny, MGCP are covered. And I finally understood TLS-Proxy and Phone-proxy features.

Chapter 14: Nice differentiation between "to the firewall" and "through the firewall" access control and good discussion about the appropriate authentication protocol for each case.

Chapter 15: Multicast. Good introduction. Interesting approach of using IOS and ASA and showing the perspective of each product.

Chapter 16: Good introduction to IPv6 and good summary of supported firewall features

Chapter 17: I do like this chapter. Very nice some to see recurring questions answered. How to take the most advantage of Firewall/IPS combination ? What are the filtering resources available for tunneled traffic ? Also presents design options for Firewall and SLB in a Data Center environment.

I found this book very insightful and I am sure it will soon become a reference. And I have no doubt I will be referring to it very often. Highly recommended.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
11 of 12 people found the following review helpful
on July 4, 2011
I have been able to start reading the book and I can state that not only is this book written by a security specialist, but also by someone who truly understands the different contexts/environments in which a firewall can be placed. This is definitely a well-organized compendium with the foundations of network security and networking.

In my opinion, it has the following noteworthy points:

- Not just a collection of configuration recipes. This book is not simply about presenting configuration checklists and command explanations. The author presents the fundamental knowledge for each subject and he spices up each chapter with discussions over well-structured and realistic scenarios that will give the readers the capacity and tools to understand, recreate, design, troubleshoot and improve the networks they are in touch with.

- I am particularly fond of chapter 4. The idea of getting familiar with the firewall tools in an early chapter to illustrate "how stuff works" throughout the book, is really interesting. If you have this kind of knowledge it is certainly easier to employ each feature and avoid troubleshooting.

- Not one of those abstract and traditional what-a-firewall-is books. I found the author's approach to present the different purposes/roles that a firewall has really distinguishing. Surely, the reader will find the traditional subjects (e.g. packet filtering, stateful firewall) being covered, but the author takes these discussions to a higher level. With the hands-on labs presented in each chapter, it is possible to truly understand how things work. Moreover, the author talks about further features that firewalls have which are generally underrated. While reading this book, I have learned that a firewall can play important roles in voice, multicast and routing scenarios - with presented theory and discussed scenarios.

- Compendium with the foundations of network security and networking. Even though this is a Cisco labeled book, prospective buyers shouldn't think that its purpose is to just serve as a certification study guide or a configuration guide for Cisco Firewalls. This book dwells between the network security and computer networking realms. It presents valuable knowledge to those who either work with or are interested in either (or both) domains. Furthermore, readers don't need to be either a security specialist or a network guru to take full advantage of this book because the author makes it very easy and practical for anyone to follow the reading. Of course, the information presented is made concrete into Cisco Firewalls commands and how they work. But it could be easily extrapolated to other vendors. This must not be a negative aspect of this book.

- And for those who are dealing with PIX or ASA for a while, the chapters on NAT are a real treatise on the subject.

Very worth reading... Definitely !!!
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
6 of 6 people found the following review helpful
on August 12, 2011
Examples, Examples, Examples... But much more than configs !

It's very easy to perceive the author's commitment with illustrating the concepts and making

life easier with respect to understanding the operation of Firewall functionalities (doesn't matter

if you are dealing with CBAC, Zone-based Firewall or ASA).

Some remarkable points:

a) Chapter 4 is a must read for anyone that wants to understand Network Security

b) Chapter 6 goes far beyond Security Contexts and showcases the interactions between virtualization

components

c) Chapter 8 (NAT on ASA) and the appendix covering the NAT changes introduced by release 8.3 are indispensable.

ASA NAT has always been a challenge for any CCIE candidate and this book came to remove all the barriers.

d) Chapter 10: very organized way of teaching the Zone-based Firewall

e) Chapter 11: nice to see a review of topics such as IP Options, TTL, IP Fragmentation before getting into the discussion

about their security implications. Very creative use of Netflow to demonstrate what's going on.

f) Chapter 12: detailed coverage of Application Inspection capabilities (CBAC, Zone Firewall, ASA)

g) Chapter 13: impressive amount of Telephony protocols coverage. ASA "show" and "debug" commands are awesome and

provide very good visibility.

h) Chapter 17: Interesting discussions pertaining to Security design. First place where I found a good coverage of Firewall <> VPN

interactions. (How to protect traffic inside the tunnels, how NAT interferes with VPN, etc).

I have been working hard for quite a while on my prep to the lab, but the book made me much more confident that I could succeed.

Great work !!!
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
12 of 14 people found the following review helpful
on June 26, 2011
This book is a precious finding, and honestly I find the title very modest for what it really is. It's much more than "Cisco Firewalls" in 2 aspects.

First, it's not ASA-centric, as there is a huge amount of IOS-related information in parallel with ASA related info, facilitating the understanding of differences between products therefore helping to select the most suited solution for each environment.

Second, I found it very useful as Security professionals must protect various important networking topics without having to read a book on each topic. After an initial study on Routing and bridging, IP telephony, multicast, IPv6, etc (each in its separate chapter), Alexandre (the author) always analyses how the firewalls fits into any of these environments. Instead of a boring explanation of line by line commands, Alexandre clearly explains how the firewall works in every scenario. Such vision is specially important for project designs and configuration but also for troubleshooting.

It's specially easy to read and very practical. I'd strongly recommend with a 5 stars rating.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
9 of 10 people found the following review helpful
on July 26, 2011
This book is simply awesome! It starts with the concept of Security Policy, reviews Firewall categories and then transitions to Security design and deployment.
By reading the chapters, it's easy to detect that the book was created by someone that is experienced not only on Security but also on Networking. I do like the approach of understanding the networking protocols before you start the firewall configuration. The examples are very well thought out and really useful to achieve a good understanding of the features.
If you are preparing for Security CCIE, this title (in conjunction with the "All-in-one ASA" and the "IPv6 Security") must be part of your shelf. If you are new to Cisco Security, this is a very good starting point, and if you want to secure your voice network chapter 13 is the best documentation you can find in terms of voice and security (really nice mix of Security and Voice terms).
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
9 of 10 people found the following review helpful
on July 26, 2011
Simple...

I needed to update my security skills to the latest level, I needed to do it quick.

Saw this book recommended, so I bought it. I bought the kindle version.

Good decision!!!

Alexandre writes clearly and concisely. He explains things in understandable terms, and is a joy to read. He is also very approachable, and open to comments and questions.

I love this book.

It does exactly what it says, it teaches you security principles, and ASAs.

Go buy it NOW!!!

PS I am a veteran networking guy, and Senior Cisco Systems Instructor, I recommend this to all my contacts and students.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
8 of 9 people found the following review helpful
on July 8, 2011
By reading the book, it's easy to notice that the examples within each
chapter were very well planned and built on
an always increasing degree of complexity. This way you are able to
study each topic starting on the foundations and reaching
a very advanced level.
The tool set (packet-tracer, packet capture, ACLs, debugs, logs, etc)
is used all around to show features in action, which is a type
of knowledge very relevant for any candidate.

IOS Firewall functionality is covered in a great level of detail (CBAC
and ZFW). By the way, there are tons of ZFW models in the book
(including a very important discussion on chapter 10 about the right
way to integrate ZFW inspection with ACLs).
There are two chapters on application inspection (one being dedicated
to IP Telephony protocols).

Chapter 6 deals with virtualization arc hitecture. A real gem ! VLANs,
VRFs and Virtual Contexts are
grouped to produce both simple and complex virtualized scenarios. The
differences between ASA and FWSM
regarding the interconnection of contexts that have a common interface
was very well explained.

In chapter 16 (section "IPv6 Feader format") the author's states that:
"The fields contained in the header of a protocol tell a lot about its
operational capabilities
and flexibility. The way a packet with such a header is processed by
network elements
(hosts or routers) can also provide insight about potential protocol
vulnerabilities that, if
exploited, might lead to security issues. That's why it is important
to pay attention to
header elements whenever a new protocol is introduced."
I do like this perspective of understanding the protocols as a path to
better protection.
(Know yourself. Know the enemy...)

In summary :
- Very creative way of exemplifying concepts
- Very easy to follow
- GREAT BOOK ! A MUST !
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
8 of 9 people found the following review helpful
on June 30, 2011
This the is by far the best security book I've ever seen.

The book is written in a way that both Security and Network Architects, Experienced or not can benefit from the book and it's concepts.
concepts are discussed and carefully illustrated via meaningful examples. Even if you not using Cisco Firewalls it is a must read
The book relates theory and practice with a lot of real world scenarios and examples. The examples are very structured and complement the theoretical aspects making the reading very easy and pleasant. It also answer the how/where/why questions when deploying and integrating firewalls across different places in the network and its interactions with the Routing Protocols, IPv6, Voice Protocols and Virtualization.

Definably a very useful reference.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
5 of 5 people found the following review helpful
on July 19, 2011
The book has two interesting aspects that helps the reader to better understand the Cisco Firewalls, the author could align theory and practice with examples in a very deep details. This approach is perfect in order to consolidate Firewalls concepts and its applications in the real world.
I really liked how Alexandre consolidates in a single book virtualization applied in three different technology areas: network (VLANs and VRFs), security (ASA and FWSM contexts) and servers ("Firewalls and Virtual Machines"). This last part, explained on a chapter named "Firewall Interactions" specially shows how vibrant and broad the subject "Firewall" still is.

If you have to choose one book to learn about Cisco Firewalls this is definitely the one.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
     
 
Customers who viewed this also viewed


 
     

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.