Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Network Security Fundamentals Review by Jeremy NeeDLE
A good start, but weak on Layer-2 defenses
First of all, let me state that this review is primarily in context of Cisco's 642-552 exam, since as of this writing, this is really the only book on their Recommended Reading for this particular exam. There are no Exam Certification series from Cisco for this specific exam, which is the foundation of their CCSP and Security Specialization certifications.
What is good about this title is coverage of security policy, vpn's, ids, firewalls, wireless, and PKI. Good introduction, and decent configuration examples. Certainly enough to get even a neophyte up and running.
So what is this title missing?
#1 SDM [Security Device Manager] configuration examples & exercises. Chances are if you're a newbie, you're going to be much more comfortable using the Browser-based GUI rather than the IOS Command Line. Additionally ALL the simulations for the 552 exam are based around SDM configuration. I would recommend you download SDM documentation from Cisco's website if you're planning on taking the 642-552 exam.
#2 There is inadequate coverage of common Layer 2 attacks, and the defense mechanisms to subvert them. For example, no explanation or examples are given on configuring Port Security which protects against MAC Spoofing, MAC Flooding, ARP Spoofing, and flooding the CAM table. And that is BASIC SWITCH SECURITY that is relatively easy to implement. Furthermore, there should also be discussions of IP Source Guard, VLAN Hopping, and Dynamic ARP Inspection. I HIGHLY recommend you search on Cisco's site about these features & configuring them.
#3 CBAC explanation is fairly unclear. Students will be confused by the fact that they named the ip inspect rules as "BLOCK" and "ALLOW" and associate each one w/ a traffic direction [ingress/egress respectively], when really these names do not accurately describe the behavior of CBAC
#4 Pg 174 "A software based firewall is only as secure as the operating system it relies on...Appliance based firewalls, such as NetScreen or PIX, do not have that vulnerability" ARE YOU KIDDING ME? IOS is still SOFTWARE. All...ALL...software can be exploited. See Hacking Cisco. Certainly it is harder, yes, but it is STILL susceptible application-layer attacks and buffer overflows.