Authors: Sean Convery.
Hardcover, 792 pages
Publisher: Cisco Press
Publication Date: 2004-04-29
Edition: 2nd

Reviews :

   

Expert guidance on designing secure networks

• Understand security best practices and how to take advantage of the networking gear you already have
• Review designs for campus, edge, and teleworker networks of varying sizes
• Learn design considerations for device hardening, Layer 2 and Layer 3 security issues, denial of service, IPsec VPNs, and network identity
• Understand security design considerations for common applications such as DNS, mail, and web
• Identify the key security roles and placement issues for network security elements such as firewalls, intrusion detection systems, VPN gateways, content filtering, as well as for traditional network infrastructure devices such as routers and switches
• Learn 10 critical steps to designing a security system for your network
• Examine secure network management designs that allow your management communications to be secure while still maintaining maximum utility
• Try your hand at security design with three included case studies
• Benefit from the experience of the principal architect of the original Cisco Systems SAFE Security Blueprint

Written by the principal architect of the original Cisco Systems SAFE Security Blueprint, Network Security Architectures is your comprehensive how-to guide to designing and implementing a secure network. Whether your background is security or networking, you can use this book to learn how to bridge the gap between a highly available, efficient network and one that strives to maximize security. The included secure network design techniques focus on making network and security technologies work together as a unified system rather than as isolated systems deployed in an ad-hoc way.

Beginning where other security books leave off, Network Security Architectures shows you how the various technologies that make up a security system can be used together to improve your network's security. The technologies and best practices you'll find within are not restricted to a single vendor but broadly apply to virtually any network system. This book discusses the whys and hows of security, from threats and counter measures to how to set up your security policy to mesh with your network architecture. After learning detailed security best practices covering everything from Layer 2 security to e-commerce design, you'll see how to apply the best practices to your network and learn to design your own security system to incorporate the requirements of your security policy. You'll review detailed designs that deal with today's threats through applying defense-in-depth techniques and work through case studies to find out how to modify the designs to address the unique considerations found in your network.

Whether you are a network or security engineer, Network Security Architectures will become your primary reference for designing and building a secure network.

This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

...

    Network security is finally getting the attention it's long deserved, with organizations devoting time and money to the problem and more than a few independent consultants peddling their services in the area. Network security, though, is hard to do right, largely because it's not concerned with making the network do something (like connect the head office to the factory), but with making it not do something (allow access to an ill-defined community of malefactors). Network Security Architectures explains the generally accepted design practices that make networks as resistant as possible to damage and invasion.

Relatively little of this book is concerned with software configuration details, and it's generally not a paean to Cisco Systems products. Rather, this is a design guide, advising that it's usually best to put the proxy server inside the firewall and often a good idea to put IP phones on a private (RFC 1918) address range. Sean Convery--he wrote one of Cisco's standard security white papers--diligently explains why his advice is as it is, and how anticipated evolutions in technology might change design decisions. He makes clear that network security is an evolving discipline, but in this book documents the state of the art very well. Read this, then keep up with the latest on the Web sites, and you'll be in great shape to keep your networks safe. --David Wall

Topics covered: How to design data networks (including those that carry voice over IP) to be as inherently secure as possible. Threat assessment, device hardening, safe routing, VPNs, and the specific risks and requirements of applications (such as email) are covered. Detailed designs appear for common situations, such as securing telecommuter connections and tightening security on a corporate campus....

Authors: Michael Hyatt.
Hardcover, 279 pages
Publisher: Regnery Publishing, Inc.
Publication Date: 2001-03-25


Reviews :

    This book is a report of how the government, industry, individuals, and interest groups have access to personal information about you. The book contains valuable information that will help you get around Big Brother....

Authors: David Mackey.
Paperback, 440 pages
Publisher: Course Technology
Publication Date: 2003-04-02
Edition: 1

Reviews :

    Web Security, the newest title from the Web Warrior Series, and an integral text in Cengage Learning Course Technology’s new Security-focused line of books, is an advanced text designed to educate the Webmaster of the technologies, terms and processes related to Internet security. Designed for the student who has a command of administering web technologies, Web Security will give Webmasters the ability to make informed, practical, and responsible decisions concerning the security of their Web sites. In addition, this book will provide the right knowledge, practice questions, and tips to help students pass the CIW Security Professional (1D0-470) exam....

Authors: Jesper M. Johansson.
Paperback, 750 pages
Publisher: Microsoft Press
Publication Date: 2008-03-10


Reviews :

    Get the definitive reference for planning and implementing security features in Windows Server 2008 with expert insights from Microsoft Most Valuable Professionals (MVPs) and the Windows Server Security Team at Microsoft. This official Microsoft RESOURCE KIT delivers the in-depth, technical information and tools you need to help protect your Windows® based clients, server roles, networks, and Internet services. Leading security experts explain how to plan and implement comprehensive security with special emphasis on new Windows security tools, security objects, security services, user authentication and access control, network security, application security, Windows Firewall, Active Directory® security, group policy, auditing, and patch management. The kit also provides best practices based on real-world implementations. You also get must-have tools, scripts, templates, and other key job aids, including an eBook of the entire RESOURCE KIT on CD.

Key Book Benefits

Definitive technical information and expert insights straight from the Windows Server Security Team and leading Microsoft MVPs

Provides in-depth information that every Windows administrator needs to know about helping protect Windows-based environments

Includes best practices from real-world implementations

CD includes additional job aids, including tools, scripts, and a fully searchable version of the entire RESOURCE KIT book

Q&A with Jesper M. Johansson, author of Windows Server 2008 Security Resource Kit

The credentials of the contributors to Windows Server 2008 Security Resource Kit are quite impressive. How important was it to assemble such a group for this title?

In my opinion, it was necessary. Server products are necessarily complex, and security, by its very nature, requires a very broad understanding of the product. Developing that understanding in a single person is possible, but very time consuming and still does not lead to the breadth of perspective that you find in a group of people. No single person can truly understand both what it is like to implement Active Directory in a 50,000 seat organization, and how to run a 50-seat small business network long-term, and neither of them is probably going to also be one of the world's foremost experts on implementing public key cryptography infrastructures. By putting together this world-wide team of experts (representing four countries on three continents) we were able to produce a resource that had far more depth and breadth of knowledge than would otherwise have been possible, and you get the expertise of 12 of the foremost experts on Windows Security in a single package.

What extras are available on the Resource Kit CD?

First, you get a bonus chapter on Rights Management Services, as well as an electronic copy of the entire book. I am very excited about the electronic copy because it provides a searchable way to read the book. These types of books are always used as references and being able to search it is very valuable.

You also get some tools that may come in handy for managing servers. Scripting Guru Ed Wilson wrote some custom PowerShell scripts specifically for this book to manage user accounts and other security related aspects of your deployment. In addition, I wrote a couple of tools for the book. One is my password generator, which I first made available several years ago. It enables you to manage unique administrator account passwords and service account passwords on hundreds or thousands of servers on a network. I also included my elevation tools, which allow you to launch an elevated instance of Windows Explorer, as well as elevating any command you want from the command line. Having worked with User Account Control (UAC) daily for about two years I find that one of the biggest impediments to running under UAC is the multiple prompts you get when you perform many file operations. As an administrator, that is a very common task. Elevating Windows Explorer lets you do those operations with a single elevation prompt, and still leave UAC turned on.

Comparing the two programs, what are some of the fundamental differences between Windows Server 2008 and Windows Server 2003?

To me, the biggest difference is the fact that while Windows Server 2003 was built under the security best practices of 2002, Windows Server 2008 incorporates all the secure development practices Microsoft learned in the five years since. The field of secure software development has progressed immensely between 2002 and 2007, and incorporating them will make Windows Server 2008 much more able to stand up to the threats we will see in the next five years. By the way, it is with a heavy heart that I say that, as I worked hard on security in Windows Server 2003, but it is true.

Apart from the engineering process, the first thing people will notice is the completely new management model in Windows Server 2008. Instead of installing a lot of separate components, you now deploy roles to the server. This makes a lot of sense because the roles are what you bought the server to fill. By implementing that metaphor in the management tools the risk for misconfiguration is greatly reduced.

The new kernel features are also very important and will make a big difference for many. First, the new virtualization features are fundamentally going to change how we build and run data centers. The improvements in security, reliability, and performance in the kernel features, such as thread scheduling, and in the networking features, such as the new network file system, also are going to be valuable to many.

What do you feel is the biggest security oversight made by network admins?

Put a slightly different way, the area where I see the most room for improvement is in security posture management. Administrators are far too focused on vulnerabilities and on the types of "hardening" tweaks that were useful in the 1990s, when software shipped wide open by default. Today, those things are not nearly as important as it is to manage the security posture of your servers. Far too many administrators still believe in the perimeter and fail to recognize that just about every organizational network today is semi-hostile, at best. The biggest security oversight is not to analyze and manage the threats posed to servers by other actors on the network. The Security Resource Kit goes into depth in discussing what I refer to as Network Threat Modeling, as the analysis phase of Server and Domain Isolation – probably the most powerful security tool in the arsenal today. Yet, the proportion of networks that use these tools is infinitesimal.

What are your thoughts on the constant hype surrounding potential security flaws in Vista?

As I have written elsewhere (http://msinfluentials.com/blogs/jesper/archive/2008/01/24/do-vista-users-need-fewer-patches-than-xp-users.aspx) I fail to see any data backing up the argument. Certainly, there have been flaws in Vista – and anyone who expected it to be flawless was unrealistic – but the improvements are tremendous over Windows XP. Windows Vista has about half as many critical problems as Windows XP in the same time-frame. I'm not sure that it would have been reasonable to expect it to perform much better than that given how large and complex modern software is and how fast the security landscape is moving.

Therefore, I have to think that the reasons for the hype are something other than data. The popular press seems to operate on the assumption that complaining about Microsoft generates advertising revenue, and they are probably correct. The fact of the matter today is that a significant portion of the software industry, specifically the security portion, has built its business almost exclusively on selling software that purports to protect Microsoft's customers from Microsoft's screw-ups. It is simply terrifying to it, and a grave threat to its business model, that Microsoft should actually manage to produce software, and particularly operating systems, that are so secure they do not need most of the products that portion of the industry sells.

The popular press, being a largely advertising funded business, has happily latched on to this perception and boosted the unsubstantiated claims of Windows Vista's vulnerability to the benefit of their major advertisers. It is truly a sick eco-system that harms the customer in both the short and long term. The threats today, as I mentioned above, are trending toward the types of things that the security software industry cannot protect against. The new threats are against people, and the focus needs to shift to helping people make better security decisions and take responsibility for their own actions. Unfortunately, the current unsubstantiated hype about Windows Vista is not about protecting customers, it is about selling unnecessary security software and inculcating users and IT managers alike in the belief that they must buy third party software to run Windows safely; a belief that, with a few notable exceptions, such as anti-virus software, is falsified by the data. In fact, the hype has even lead to a huge growth industry in malicious, fake, security software. I have seen a lot of people lured by the hype into buying security software that is not security software at all, but simply malware in disguise. The average consumer, inundated with hype, is unable to make out what to really believe. This sick ecosystem is harmful and the press and the pundits are not helping, but only increasing the hype.

In your opinion, which network faces the biggest security risk today: the small office with multiple power users or large corporation with a large LUA base?

The unmanaged networks. I have seen very well managed and very secure networks in both small and large organizations, and I have seen poorly managed and very insecure networks in both as well. It is not really a matter of size but of how much time and effort is put into the security aspects of it. One of the largest weaknesses seems to be training. Security today is about end-points. The attacks are against people far more prevalent than those against technology and vulnerabilities. We need to, as an industry, understand how to push the security out to the assets that we are trying to protect. In the past we have centralized security because it was a way to centralize management of security. The challenge now is to de-centralize security, while still permitting centralized management. This is a non-trivial task, but it must be done. As a starting point, I dare every IT manager to start analyzing the risks to his or her network, and specifically, what it is they want the network to be used for. Once you understand what it is you want the network to provide you have a chance to work on making it provide that and nothing else. To me, that is the most important thing we can do. A properly staffed IT group, with adequate training and resources to train its users, an organizational mandate to protect the organization's assets, and a keen understanding of the business they serve will build a network that is adequately secured regardless of the size of the network. Windows Server 2008 certainly provides some very powerful technologies to help you manage security in your network, but while that is a necessary component, it is insufficient by itself. At a very base level, it is about the people and the processes you have, more than about the technology. Technology will help, but it is just a tool that your people will implement using a process that helps or hurts....

Authors: Michael D. Bauer.
Paperback, 542 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2005-01-18
Edition: 2

Reviews :

    Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the Internet--and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell. Author Michael D. Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic. A number of new security topics have been added for this edition, including:

• Database security, with a focus on MySQL
• Using OpenLDAP for authentication
• An introduction to email encryption
• The Cyrus IMAP service, a popular mail delivery agent
• The vsftpd FTP server

Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system....

Authors: Himanshu Dwivedi.
Hardcover, 560 pages
Publisher: Addison-Wesley Professional
Publication Date: 2005-11-21


Reviews :

    The security of data, as shown by several recent high-profile cases, is weak. It is but a question of time before courts begin requiring more thorough steps to be taken--users and courts want data security. This book not only helps IT meet those growing needs, but shows the vendors where they need to improve. Regulations have highlighted an overlying issue of data protection. Data, whether it is financial data, non-public private information, or medical data, needs to be protected from unauthorized external and internal entities at all times. Much valuable data (i.e. customer and patient data) spends most of its lifetime in a storage device--not on computers, servers, or networks. Local failures and outside intruders can change, destroy, or compromise stored data even if the main network is secure: storage requires its own security. This book is a must read for IT personnel responsible for data security and security consultants who perform compliance audits at companies that use storage devices....

Authors: Mark Lewis.
Paperback, 1080 pages
Publisher: Cisco Press
Publication Date: 2006-04-22


Reviews :

   

A practical guide for comparing, designing, and deploying IPsec, MPLS Layer 3, L2TPv3, L2TPv2, AToM, and SSL virtual private networks

• Explore the major VPN technologies and their applications, design, and configurations on the Cisco IOS® Router, Cisco® ASA 5500 Series, and the Cisco VPN 3000 Series Concentrator platforms
• Compare the various VPN protocols and technologies, learn their advantages and disadvantages, and understand their real-world applications and methods of integration
• Find out how to design and implement Secure Socket Layer (SSL) VPNs, including consideration of clientless operation, the Cisco SSL VPN Client, the Cisco Secure Desktop, file and web server access, e-mail proxies, and port forwarding
• Learn how to deploy scalable and secure IPsec and L2TP remote access VPN designs, including consideration of authentication, encryption, split-tunneling, high availability, load-balancing, and NAT transparency
• Master scalable IPsec site-to-site VPN design and implementation including configuration of security protocols and policies, multiprotocol/ multicast traffic transport, NAT/PAT traversal, quality of service (QoS), Dynamic Multipoint VPNs (DMVPNs), and public key infrastructure (PKI)

Virtual private networks (VPNs) enable organizations to connect offices or other sites over the Internet or a service provider network and allow mobile or home-based users to enjoy the same level of productivity as those who are in the same physical location as the central network. However, with so many flavors of VPNs available, companies and providers are often hard pressed to identify, design, and deploy the VPN solutions that are most appropriate for their particular network architecture and service needs.

 

Comparing, Designing, and Deploying VPNs brings together the most popular VPN technologies for convenient reference. The book examines the real-world operation, application, design, and configuration of the following site-to-site VPNs: Layer 2 Tunneling Protocol version 3 (L2TPv3)-based Layer 2 VPNs (L2VPN); Any Transport over MPLS (AToM)-based L2VPN; MPLS Layer 3-based VPNs; and IP Security (IPsec)-based VPNs. The book covers the same details for the following remote access VPNs: Layer 2 Tunneling Protocol version 2 (L2TPv2) VPNs; L2TPv3 VPNs; IPsec-based VPNs; and Secure Socket Layer (SSL) VPNs. Through the operation, application, and configuration details offered in each chapter, you’ll learn how to compare and contrast the numerous types of VPN technologies, enabling you to consider all relevant VPN deployment options and select the VPN technologies that are most appropriate for your network.

 

Comparing, Designing, and Deploying VPNs begins with an introduction of the types of VPNs available. Subsequent chapters begin with an overview of the technology, followed by an examination of deployment pros and cons that you can use to determine if the particular VPN technology is appropriate for your network. Detailed discussion of design, deployment, and configuration make up the heart of each chapter. Appendix A offers insight into two multipoint emulated LAN services that can be deployed over a MAN or WAN: Virtual Private LAN Service (VPLS) and IP-only Private LAN Service (IPLS).

 

If you are a network architect, network engineer, network administrator, an IT manager, or CIO involved in selecting, designing, deploying, and supporting VPNs, you’ll find Comparing, Designing, and Deploying VPNs to be an indispensable reference.

 

This book is part of the Cisco Press® Networking Technology Series, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

 

...

Authors: Gregory F. Treverton.
Paperback, 288 pages
Publisher: Cambridge University Press
Publication Date: 2003-03-03


Reviews :

    In a bold and penetrating study, Gregory Treverton, former Vice Chair of the National Intelligence Council and Senate investigator, offers his insider's views on how intelligence gathering and analysis must change. Treverton suggests why intelligence needs to be contrarian and attentive to the longer term. Believing that it is important to tap expertise outside government to solve intelligence problems, he argues that involving colleagues in the academy, think tanks, and Wall Street befits the changed role of government from doer to convener, mediator, and coalition-builder. Hb ISBN (2001): 0-521-58096-X...

Authors: Linda Volonino. Stephen R. Robinson.
Paperback, 256 pages
Publisher: Prentice Hall
Publication Date: 2003-09-12
Edition: United States Ed

Reviews :

   

This book provides professionals with the necessary managerial, technical, and legal background to support investment decisions in security technology. It discusses security from the perspective of hackers (i.e., technology issues and defenses) and lawyers (i.e., legal issues and defenses). This cross-disciplinary book is designed to help users quickly become current on what has become a fundamental business issue. This book covers the entire range of best security practices—obtaining senior management commitment, defining information security goals and policies, transforming those goals into a strategy for monitoring intrusions and compliance, and understanding legal implications. Topics also include computer crime, electronic evidence, cyber terrorism, and computer forensics. For professionals in information systems, financial accounting, human resources, health care, legal policy, and law. Because neither technical nor legal expertise is necessary to understand the concepts and issues presented, this book can be required reading for everyone as part of an enterprise-wide computer security awareness program.

...

Authors: Russ Rogers. Greg Miles. Ed Fuller. Ted Dykstra.
Paperback, 448 pages
Publisher: Syngress
Publication Date: 2004-01-01
Edition: 1st

Reviews :

    The National Security Agency's INFOSEC Assessment Methodology (IAM) provides guidelines for performing an analysis of how information is handled within an organization: looking at the systems that store, transfer, and process information. It also analyzes the impact to an organization if there is a loss of integrity, confidentiality, or availability. This book shows how to do a complete security assessment based on the NSA's guidelines. This book focuses on providing a detailed organizational information technology security assessment using case studies. The Methodology used for the assessment is based on the National Security Agency's (NSA) INFOSEC Assessment Methodology (IAM). Examples will be given dealing with issues related to military organizations, medical issues, critical infrastructure (power generation, etc.). The book is intended to provide an educational and entertaining analysis of an organization, showing the steps of the assessment and the challenges faced during it. It will also provide examples, sample templates, and sample deliverables that readers can take with them to help them be better prepared and make the methodology easier to implement. ...