Designing Network Security (2nd Edition) [Hardcover]

Merike Kaeo (Author)

Book Description

ISBN-10: 1587051176 | ISBN-13: 978-1587051173 | Publication Date: March 2004 | Edition: 2nd

A practical guide to creating a secure network infrastructure

• Understand basic cryptography and security technologies
• Identify the threats and common attacks to a network infrastructure
• Learn how to create a security policy
• Find out how to recover from a security breach
• Study specific implementation scenarios for securing your network environment
• Learn about advances in security technologies

Designing Network Security, Second Edition, is a practical guide designed to help you understand the fundamentals of securing your corporate network infrastructure. This book takes a comprehensive look at underlying security technologies, the process of creating a security policy, and the practical requirements necessary to implement a corporate security policy.

You will gain a thorough understanding of basic cryptography, the most widely deployed security technologies, and key emerging security technologies. You will be able to guide the architecture and implementation of a security policy for a corporate environment by knowing possible threats and vulnerabilities and understanding the steps required to perform a risk management assessment. Through the use of specific configuration examples, you will learn about the features required in network infrastructure equipment to implement the given security policy, including securing the internal corporate infrastructure, Internet access, and the remote access environment.

This new edition includes coverage of new security features including SSH on routers, switches, and the PIX(r) Firewall; enhancements to L2TP and IPSec; Cisco(r) LEAP for wireless networks; digital certificates; advanced AAA functionality; and Cisco Intrusion Detection System features and products. Additional practical examples include current security trends using VPN, wireless, and VoIP networking examples.

This book is part of the Networking Technology Series from Cisco Press(r), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Editorial Reviews

From the Back Cover

A practical guide to creating a secure network infrastructure

• Understand basic cryptography and security technologies
• Identify the threats and common attacks to a network infrastructure
• Learn how to create a security policy
• Find out how to recover from a security breach
• Study specific implementation scenarios for securing your network environment
• Learn about advances in security technologies

Designing Network Security, Second Edition, is a practical guide designed to help you understand the fundamentals of securing your corporate network infrastructure. This book takes a comprehensive look at underlying security technologies, the process of creating a security policy, and the practical requirements necessary to implement a corporate security policy.

You will gain a thorough understanding of basic cryptography, the most widely deployed security technologies, and key emerging security technologies. You will be able to guide the architecture and implementation of a security policy for a corporate environment by knowing possible threats and vulnerabilities and understanding the steps required to perform a risk management assessment. Through the use of specific configuration examples, you will learn about the features required in network infrastructure equipment to implement the given security policy, including securing the internal corporate infrastructure, Internet access, and the remote access environment.

This new edition includes coverage of new security features including SSH on routers, switches, and the PIX(r) Firewall; enhancements to L2TP and IPSec; Cisco(r) LEAP for wireless networks; digital certificates; advanced AAA functionality; and Cisco Intrusion Detection System features and products. Additional practical examples include current security trends using VPN, wireless, and VoIP networking examples.

This book is part of the Networking Technology Series from Cisco Press(r), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

About the Author

Merike Kaeo, CCIE No. 1287, is currently a consultant focusing primarily on security-related products and network design solutions. She has been in the networking industry more than 15 years, starting out at the National Institutes of Health in Bethesda, MD, from 1988 to 1993, designing and implementing the original FDDI backbone for the NIH campus using Cisco routers. From 1993 to 2000, Merike was employed by Cisco Systems, Inc., where she worked primarily on technical issues relating to router performance, network routing protocols, network design, and network security. She was a lead member of the Cisco security initiative, has acted as a technical advisor for security startup companies, and has been an instructor and speaker in a variety of security-related conferences. Merike received her BSEE from Rutgers University in 1987 and completed her MSEE degree from George Washington University in 1998.

Product Details

• Hardcover: 768 pages
• Publisher: Cisco Press; 2nd edition (March 2004)
• Language: English
• ISBN-10: 1587051176
• ISBN-13: 978-1587051173
• Product Dimensions: 9.2 x 7.6 x 2 inches
• Shipping Weight: 3.3 pounds
• Average Customer Review: 4.3 out of 5 stars  See all reviews (17 customer reviews)
• Amazon Best Sellers Rank: #1,083,372 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

14 of 14 people found the following review helpful:

4.0 out of 5 stars Strong on Security - Weak on Cisco, January 8, 2000

By 

John B. Harlow - See all my reviews

This review is from: Designing Network Security (Hardcover)

Excellent overview of network security issues. Covers almost all threats, protocols and safeguards in a concise manner. One of the books that should be read for CISSP preparation.

Bogs down when it gets to Cisco specific configurations. As a CCIE, even I find that books of this type provide only the tip of the iceberg when it comes to the complexity of Cisco configurations.

14 of 14 people found the following review helpful:

5.0 out of 5 stars Good Book to prepare for the MCNS examination, September 12, 1999

By A Customer

This review is from: Designing Network Security (Hardcover)

Exam 640-442 is the Security Specialistization for people who have attained their CCNP certification. Excellent coverage of AAA, TACACS+, RADIUS, PIX, 3DES, DMZ as well as IPSEC and CBAC. This is alot of material to be discussed in one book. Cisco provides a CD ROM with this same material for $250.00, this is a much better deal. If you want to enhance your knowledge of access-lists, reflexive access-lists etc. this is the book for you. Merike did her homework on this material, I completed many of the configurations presented in the book, they were accurate.

10 of 10 people found the following review helpful:

2.0 out of 5 stars Mixed Bag, October 30, 2000

By 

Fruitcake - See all my reviews

Amazon Verified Purchase

This review is from: Designing Network Security (Hardcover)

Up through Chapter 7, this book presents a fairly good overview of information security in general, network security basics, cryptography, and a good measure of "security philosophy" as well. It reads pretty well and there are relatively few inconsistencies, until...

From Chapter 8 onwards, there are lots of mistakes (my personal favorite is a botched explanation of TCP proxies on page 248) and many cases of examples not matching the explanatory text. And when it comes to enabling TACACS+ on routers, some sections of this book directly contradict Cisco's "IOS 12 Network Security" book.

All in all, a decent reference for Cisco routers & firewalls, but you might want to supplement it with something more substantial. The O'Reilly books and Cheswick/Bellovin come to mind...