I recently had the opportunity to read Network Security ...



Network Security Principles and Practices (CCIE Professional Development)

Reviewer Name: Katherine Gooding, Network Engineer

Reviewer Certification: CCNA

Rating: ***** out of *****

I recently had the opportunity to read Network Security Principles and Practices (ISBN: 1-58705-025-0) from Cisco Press CCIE Professional Development series.

I am a CCNA currently studying for the CCSP, however I am not interested only in putting more letters on my resume; I want to understand and apply the knowledge on the networks that I work on. I want to know bit-by-bit what happens when two peers negotiate a connection and especially how it can go wrong. Additionally, what tools can I use to detect problems and monitor the health of the network?

I appreciate that Malik respects and expects the reader’s understanding of basic networking concepts. I have too many books on the shelf that claim to cover advanced topics, yet they spend hundreds of pages explaining the basics of subnetting or binary to decimal conversion before they dive in to content promised by the title.

I am currently reading another book to prepare for the Securing Cisco IOS Networks exam (SECUR 642-501). While it adequately covers the “whats” and all of the topics required for the exam it does not always fill in the “whys.” Network Security Principles and Practices has helped to fill in the gaps.

Since the text is published by Cisco Press and is deigned to support the CCIE Security written exam, it is naturally Cisco-centric. However I would like to see coverage of more non-Cisco solutions such as Snort for IDS or possibly typical problems creating VPN tunnels between Cisco equipment non-Cisco equipment.

The organization of content within the chapters is logical and easy to navigate. Chapters are prefaced by an outline of the key topics and wrapped up with a summary and a set of review questions. Malik uses examples and drawings that are easy to understand and most illustrate common real-world scenarios.

The case studies at the end of many chapters were especially valuable to me. For example each of the case studies in the PIX chapter include a description of the case, a drawing of the network topology (including host & network addresses), and most importantly the device configuration annotated with Malik’s explanations. There is no need to look up the commands in another reference or to guess what concept in the chapter’s text the command addresses.

As one would expect from the manager of the Cisco VPN & Network Security groups, Malik’s sections for troubleshooting NAT, PIX Firewalls, IOS Firewalls, VPN’s, Intrusion Detection, and AAA are very thorough. Malik explains the IOS show and debug commands used for troubleshooting, as well as their output. Anyone responsible for NAT should make the NAT troubleshooting section mandatory reading for the Order of Operations and Common Problems and Resolutions sections.

Every page of Saadat Malik’s tome of Network Security has helped me to better understand security principles and best practices. This book will become a key text in my reference library not just for exam preparation, but also for daily network security administration. This text won’t collect any dust on my shelf. I rate it five out of five stars and I eagerly await new titles from Malik.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download