Customer Reviews

Network Security Principles and Practices (CCIE Professional Development)

5 star:		(16)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

This book is very well written and covers everything you need to pass the Security part of your CCIE security lab. You will still need to study your routing and switching because that is 50% of the lab.

Jeremy

CCIE (R/S, Security

Very, VERY good. The IPSec chapter alone is worth the book, and the AAA chapters are _great_. Saadat has been able to explain in a great technical level and very clearly subjects which you're going to find in your day to day work - if working with Cisco and security. But not only that: chapters about IPSec, RADIUS, TACACS, are of value even if you do not use Cisco gear.

Missing from the book: a better chapter on NAT, PPTP. Saadat should write the 2nd edition adding those two topics, updating the IDS section, IPSec (including NAT-T), maybe add a little something about SSL VPNs, PIX 7.0 ? The section on ISP security could also benefit from a refresher (CoPP, uRPF?)

4.5 starts because it shows it age - otherwise, 5 stars for sure.

This is simply the best book for SecurIE's or security specialist's that I have ever read, the depth to which Mr Malik goes into and its accuracy are astounding.

It reads very well but also makes great reference material, and his explanation of IPsec and IKE has got rid of my 'numb feeling' from reading other books.

I cannot recommend this book enough!

CiscoPress's "Network Security Principles and Practices" by Malik is truly an awesome work. The book weighs in at over 750 pages, and not a page is wasted. The book is split up over multiple sections (Intro to Network Security, Building Security into the Network, Firewalls, VPNs, IDS, AAA and ISP Security). I have found this book of value as I pursue my CCIE Routing & Switchng lab and to better enhance my basic understanding of Cisco's vision towards network security. I also used this book to prepare for my CCSP and CISSP studies.

Practically on every page is either a diagram or detailed configuration explaining the subject at hand. In particular, the configuration examples are extremely helpful as the configs, themselves, are appended with detailed notes of their syntax. Chapter 13, IPSec, is probably the best one-chapter discussion on Cisco's implementation of IPSec and VPN I have found anywhere (and I have over 50 CiscoPress books). Another testament to it's superb level of expertise is the few and far between typos or errors that I have found.

One item to note - you will need to block off a few weeks (or months) to fully understand and appreciate the value of this book. I reference this book often, as I find information in this book I cannot find documented or presented the same way in other books.

I give this book 5 pings out of 5:
!!!!!

Very clear explanations of the core security technologies. The author doesn't shy away from the hard subjects, and makes them quite accessible. The IPSec chapter is the best explanation of the subject I have seen anywhere.

I used this book to pass the CCIE security written exam, and highly recommend it. It is also a very good reference for practicing consultants and network security architects.

Not only for exam preparation, this book is for every Cisco lover. Covers a lot of stuff, took me over 2 months to finish but I feel way more knowledgeable now.

This is one of the first books I read for anyone preparing for CCIE Security. I found this book to be very comprehensive in its approach. The author has combined all the network security technologies in one book and now this is tough. It starts with an Introduction and then builds on that. It covers the whole nine yards VPN's Firewalls, IDS, Access Control. The Troubleshooting part of the book is very helpul to working professionals as it starts with troubleshooting NAT and then covers everything from Firewalls (PIX and IOS), VPN's, IDS and AAA. A lot of issues can be resolved just using this part of the book. I recommend this book as it will surely help everyone looking for everthing about security. This book is a must read for professionals pursuing the CCSP and CCIE Security Certifications.
Niloufer Tamboly, CISSP

Many people criticize Cisco Press titles as being bound versions of the documentation that is freely available on their website. To a certain extent, I agree with that and I suppose you could say some of the same things about this book. However, this has been the most reliable and thorough title in my technical library, bar none. Like other Cisco titles, this book does suffer from minor technical mistakes and editing oversights but this does not overshadow the incredible wealth of information contained in this book. If you're looking for a comprehensive reference on Cisco network security (fundamental concepts and advanced topics), detailed discussions of IPSec and case studies to illustrate the concepts, this is your book. And, even though this book is targeted toward CCIE professional development, I found it very useful in filling in some of the gaps for lower level certifications (as I found myself preparing for the CSS1/CCSP after the tests had been updated, but not the self-study materials). If you do any work with Cisco security equipment, especially in the areas of firewalls and VPNs, you should probably have this book. It will save you a mess of time by keeping you off Cisco's website or off the phone with TAC. Really, I can't say enough good things about this title.

I am not one to read a book only to get a certification: I want to understand what's going on under the hood of all the processes operating on the network and systems I'm working on. That's a pretty tall order, and I'll probably never get all the way there. But this book is a significant help for those who think like I do.

It really does cover the gamut of network security - fundamentals, network design, devices (routers, switches, firewalls, IDS), access control, VPNs and tunneling at Layer 2, some service provider-specific problems, and troubleshooting. It does not cover host-specific items, like OS or application tradeoffs, the merits of different patching regimes, etc. Frankly, those topics depend too much on why those applications and systems are present. And, as it stands, this is a big enough book, covering plenty of territory, and covering a lot of it in depth.

As one example of the depth you can expect to find here, consider IKE establishing an IPSec SA between two peers. The discussion starts with the relationships among IKE's constituent parts (ISAKMP, SKEME, and Oakley), and how each contributes to the process. Next there is a substantial discussion of the two major steps in establishing an SA between the peers, including the advantages and disadvantages of Main Mode vs. Aggressive Mode during the first step. This is followed by the details of the actual messages exchanged at each point in the whole process, including the packet structures involved. There is also a good discussion of how the Diffie-Hellman Algorithm is used to create the session key without exposing it to anyone except the two peers. Finally, there's a discussion of the use of digital signatures vs. pre-shared keys for authentication, and encrypted nonces. All told, the discussion of this one aspect of VPNs covers 36 pages. When you've finished, you will understand exactly what happens during the creation of an IPSec VPN.

That level of detail is typical of the coverage once you get beyond the first two chapters. Those cover some basics, just to be sure you have those fresh in your mind as you start digging into the details.

I did notice a few minor errors (things like the spelling of the famous hacker's name - it's Kevin Mitnick, not Kevin Metnick), but those were really very few and far between. As an author, I know that there will always be a few items that get by everyone, including the editors and proofreaders. There are far fewer in this book than in any book of comparable size (700+ pages) that I've read in a long, long time.

Because the coverage in this book is so deep as well as broad, don't plan to read it in a few days. You'll find yourself chasing things by checking the RFCs, looking again at the network's design, and so on. But if you are looking into network security, whether it's just to know more or because you're getting certified, this book is a good one to read. If you're working on Cisco's Security CCIE, it's a must read. Either way, I highly recommend it - it's five stars all the way.

I have read quite a number of Cisco Press Titles and several books on Computer Security. Saadats's book is in the same class as some of the best I have read.

As a practising Network engineer with more than six years of Enterprise wide network and System management, this is one book, I wish I had read much earlier.

Its a great resource for every category of Personnel working with networks. The First Part gives you a good overview of the issues and the details become juicier with each passing chapter. No matter what level of expertise you have, you're bound to find some use for this book, and for the CCIE -Security folks out there (current and aspiring), this is surely one of the must haves, from a writer who knows what he's writing about.