Customer Reviews

Network Security Technologies and Solutions (CCIE Professional Development Series)

5 star:		(7)
4 star:		(1)
3 star:		(2)
2 star:		(1)
1 star:		(0)

 

 

Depending on where you are in your career is how I'm going to rate this book. If you are somewhat new to security, especially in the Cisco world, this book is the book for you and deserves 5 stars. If you have been in the Cisco security world for several years, are looking to study for your CCSP or CCIE, this book is NOT for you and deserves 1 or 2 stars.

This book does a great job on going over much of the Cisco security portfolio. It goes over the Cisco firewalls, AAA, NAC solutions, IPS, MARS, VPNs, etc. It gives some basic configurations for most of these. Again, I said basic and for a lot of these I would go as far as to say MINIMAL.

Again, if you are looking for study material for some of the CCSP exams or CCIE, this book wont get you close. Those exams dive WAY deeper into the different technologies than what this book offers.

My real issue with the book is the top line in the title "CCIE professional developement". If I see this and I see its 700+ pages, I'm thinking a Jeff Doyle TCP/IP Vol content book. Nope, not even close. If the authors wanted to cover all the different technologies that they did, but consider this book a "CCIE developement", they should of split this book into two books and expanded GREATLY on the different technologies.

During the first 7 chapters the author gives overviews of security vulnerabilities and attack mitigations in the current networking world. When finer points are confusing, there is detailed explanation to make the problem clear. For example distinguishing between MAC spoofing and ARP spoofing. Each threat is outlined with a description, background, problems, and mitigation techniques using Cisco configuration. This is not just a theory book but manages to fit in useful configuration examples in almost every turn of the page. This is not a quick read: you will want to have a lab setup to practice on while you read.

Unlike many security discussions that make much of vulnerabilites that are highly unlikely or virtually impossible to pull off, the author clearly states when an attack is improbable, and not worth the effort to consider.

The second unit of the book focuses on identity and access management. I found the sections on layer 2 access control most useful. Particularly the use of 802.1x protocol with a RADIUS server. Something I am currently trying to implement in a network.

Part 3 is all about privacy and encryption and covers many ways to tunnel, hide, and encrypt data packets. The last sections are about Intrusion Detection and Security Management.

Perhaps one of the most helpful setions in the book are the guidelines for establishing a security policy and making it work in a real world environment. Chapter 25 walks you through starting with a security model that gives you a foundation for fleshing out your companies standards, guidelines and procedures so you will be ready for your next audit as well as the real security threats of today.

The book is surely a good reference and deals with many security topics,and is up to date.
Unfortunately many links provided are not working.
However it takes far more research on Internet to prepare for CCIE Security, and in some cases (such as Transparent Firewall or Multiple Contexts) to understand better, since they are very important and somehow too shortly addressed.

Yusef Bhaiji offers an extremely well written, easy to understand, highly descriptive solution to network security technologies and solutions from a Cisco network security stand point.
In addition to dividing the book into five parts mapping to Cisco security technologies and solutions: perimeter security, identity security and access management, data privacy, security monitoring, and security management, the book also offers a Best Practices Framework. This is accomplished by noting critical Regulatory compliance and Legislative Acts, such as GLBA - Gramm-Leach-Bliley Act, HIPAA - Health Insurance Portability and Accountability Act, SOX - Sarbanes-Oxley Act and the applicable Cisco solutions to each of these regulatory compliance and legislative acts in a clear, descriptive manner.
Specific attack vectors and mitigation techniques are described through vulnerability, threats, and exploits that are a very common threat to today's networks. In addition to describing the risk assessment, specific solutions and mitigation techniques are offered to offset these threats. A security incident response methodology discusses the specific steps which helps prepare for any security event.

Yusuf does a great job at putting together all the relevant material on network security technologies in one place - and all that with comes with an easy to read guide compiled nicely into relevant chapters/parts.

Overall book is divided into five parts, and information is presented in a manner that it serves both novice and advanced readers.

a few things can be improved in a later edition, e.g.., a)allocation of breadths to the newer areas (more on zone-based FW than CBAC) and b) less repetitiveness around the subject matter (ie, overlap with other cisco titles).

All in all, a great title and highly recommended for network security professional at all levels!

I suspected that this book may be a tough ask before actually starting to read it. I mean, how can one book claim to cover all the topics listed in its TOC in the detail required. The CCNP/CCSP requires four books to cover ASA, IOS, IPS and VPN technologies but this book tries to cover all these topics and more in one book at CCIE level.

This books really comes no where close to what I would personally expect is the depth of udnerstanding a candidate would need to undertake the CCIE written and lab exams. At very best, it should be used as a guide or list as to what to go and conduct further research into elsewhere in preparation for undertaking the CCIE.

I think the goal with this book was flawed from the outset. There is simply not enough pages in a book to expect to cover all the things listed in the TOC at CCIE level. Maybe this book should drop the "CCIE Professional Development Series" from the title so as to give readers a better impression of its usefulness. I find myself continually refering to my CCNP/CCSP books for better explanations and more detail than what is found in this book.

Another issue I have with this book is that while I am looking for further information on the topics it often skims over, I regularly find very similiar if not the same sentences and paragraphs on Cisco's site or other sites. Basically, from what I have read, the content of this book can generally be found on the internet, mostly in the introductory paragraphs of the technology overview pages on Cisco's website. And while on Cisco's website, you would be able to get more detailed information anyway.

I don't blame the writer of this book for the lack of depth. I think the idea of creating such a book to begin with, with the title it has, was pure marketing. The writer could not do anything but give the topics within the book the brief overview he has. To write with the depth implied by the title would mean a book three or four times the size.

My suggestion would be to take a view the TOC of this book and then find other, more specific books covering each topic listed so as to be able to get a deeper understanding of the CCIE subject matter as this book will not give you CCIE understanding of the topics covered.

This book is ok as a reference, but I would recommend it only as an introduction or guide - perhaps to give an idea of the topics that you might encounter on CCIE written, and which could be the basis of further research of your own. I agree with the previous review that said the book is too brief in many sections - some sections (esp. in Chapter 3) provide minimal value.

I am also very annoyed with the number of basic errors in this book. The technical reviewers have done a truly lousy job here.
Here's some of the most basic I have found in the just the first couple of chapters.

1. Page 25 - Class D addresses first byte range 224-247.
2. Page 27 - RFC1918 Class B range 172.16.0.0 through 172.32.255.255

I am amazed at how Cisco can let such fundamental gaffes like this out in a book targeted to CCIEs.
Neither of these are currently corrected in the errata on the [...] site either.

"During the rebootubf (sic) process" on Page 59 - I understand that typos can be missed but I wonder if the reviewers from Cisco have actually read this paragraph!

For me the book does provide some value in CCIE preparation, but for books priced around $60 I would have hoped the completeness, accuracy and quality would have been a lot higher. Perhaps later editions of the book will correct these issues (I have the Mar 2008 printing).

This book is an excellent security reference, possessing both great scope and great depth, which is difficult to achieve in one book for such a large field.

The structure is very good, starting with an overview of security, providing the objectives of it, the reason behind it, the 'Why'. This is followed by the 'How' where it gives clear and concise overviews and explanations of the multitude of technologies complete with configuration examples and good use of diagrams and screenshots. Every chapter has a very helpful list of references for even more information. Advanced topics such as Network Admission Control (NAC), Security Monitoring and Correlation (MARS), and Attack Vectors and Mitigation are covered. Finally the book closes with the business side including security management, explanation of policies, frameworks, governance and the myriad of regulations.

As part of my preparation for the CCIE Security Written exam, I read this book and found it to be invaluable. I highly recommend this book for not just for CCIE preparation but for all levels of readers looking for one of the best books on network security.

When I first selected this book, I was expecting material rather specific to CCIE Security preparation. What I found after reading it, however was that it not only covered CCIE Security preparation but CCIE R/S preparation as well as many real-world security topics.

Many authors attempt to cover a wide area of technologies and wind up losing organization of their presentation of the topics. I find Yusuf's organization to be excellent and flowed very well making this an easy read. In fact, considering how many topics this book covers I am amazed at just how well it is organized, which is better than many of the technology-specific books I have read over the years. I become very annoyed with having to go back to reference past topics time and again but I did not find that I had to do that with this book and was able to continue going forward along with the topics.

I also found that this book gets right to the point. Yusuf didn't pack a lot of fluff and filler into the material. Instead you get right into the meat of the topics. Keep in mind that if you are looking for a thorough reference to take you from the very beginning of a specific topic then this book is not for you. This book is part of the "CCIE Professional Development" series and as such assumes you have at least some pre-existing knowledge in these areas. With this in mind, I find this an excellent study guide as well as a real-world reference for various areas of Cisco security.

Perhaps one of the most unique and possibly useful chapters of this book is the non-Cisco material. For example the section covering security policies is invaluable. As a consultant I see client after client without a corporate security policy and in this day and age that's trouble waiting to happen. This section discusses the value of such a policy and how to begin developing it. Another area within this chapter contains information on various regulatory compliance mandates, such as HIPPA and SOX. While this info is readily available elsewhere, Yusuf neatly summarizes the various regulations, including who is mandated to comply, penalties for not doing so and the various Cisco solutions used for compliance.

I found this book to be excellent.

Are you a network engineer or a security engineer, consultant, or a candidate pursuing security certifications. If you are, then this book is for you! Author Yusuf Bhaiji, has done an outstanding job of writing a primary reference book that will help you design and build a secure network.

Bhaiji, begins by introducing you to the principles of network security, security models, a basic overview of security standards, policies, and the network security framework. Then, the author describes the capability to perform traffic filtering using access control lists. The author also covers some of the most common techniques used for device hardening and securing management access for routers, firewall appliances, and the intrusion prevention system appliance. He continues by covering port-level security controls at Layer 2 and security features and best practices available on the switch. Then, the author introduces the software-based IOS firewall features, including the legacy Context-Based Access Control and the newly introduced Zone-Based Policy Firewall feature available on the router. Next, he provides comprehensive coverage of firewall operating systems, software features and capabilities. The author continues by providing mitigation techniques for a wide range of attacks at Layer 2 and Layer 3. Then, he covers details of the authentication, authorization, and accounting framework and implementation of AAA technology. He continues by highlighting the common use of ACS software functions and features. Next, the author introduces common two-factor mechanisms. He also covers the Cisco trust and identity management solution based on the Identity-Based Networking Services technique. Then, the author provides an overview of wireless LAN and details of securing WLAN networks. He continues by showing you how to implement the Cisco NAC appliance solution as well as the NAC-L3-IP, NAC-L2-IP, and NAC-L2-802.1x solutions. Then, the author gives a basic overview of the various cryptographic algorithms, including hash algorithms, symmetric key, and asymmetric key algorithms. Next, he covers a wide range of IPsec VPN solutions. The author continues by showing you how to implement various types of DMVPN hub-and-spoke and spoke-to-spoke solutions. Then, he covers the innovative tunnel-less VPN approach to provide data security. He also covers the newly introduced Cisco AnyConnect VPN. Next, the author shows you how to implement Layer 2 and Layer 3-based MPLS VPN solutions. Finally, he covers regulatory compliance and legislative acts including GLBA, HIPAA and SOX.

This most excellent book serves as a valuable resource for candidates preparing for the CCIE Security certification exam that covers topics from the new blueprints. Perhaps more importantly, this great book serves as reference for any networking professional managing or considering exploring and implementing Cisco network security solutions and technologies.