Mr. Kaeo realized a good job in order to applying security concept throught practical examples. Designing Network Security resume and apply ideas about corporate security which enhance practicioner and academic review his own security models look for different alternatives in changing world of Technology. Rating: 4 / 5

This is a highly informative book. Will be more beneficial if you’ve had prior knowledge of computer security. Rating: 5 / 5

Merike Kaeo’s Designing Network Security, second edition, by Cisco Press is an easy to read volume with generous emphasis on the roles of planning and careful design in corporate information security strategy. The book draws its examples from Cisco Security platform appliances and software.

Organized into three parts (ignoring the appendix) of four chapters each, the book progresses from description of various security concepts and technologies to security policy and planning, culminating in basic implementation scenarios. Of important consideration are the many case studies and configuration examples spruced throughout the volume.

Part I starts with the first chapter on Cryptography, which concentrates on several contemporary cryptographic schemes. This is a good introduction to the topic for newbies and non-cryptographers. It provides clear context for many of the cryptographic schemes in us in many Cisco appliances and used in other parts of the book. Access Control, Public Key and Identity Management where all given diligent attention and their applicability in real networks explored at the end of part I.

Part II develops the concepts and issues in corporate information security management from Enterprise Security Threat profiles in chapter 5, through considerations for site security, policy development and implementation and incidence management in chapter 8. I find this section as perhaps the most useful given the dilemma many organizations face today in developing comprehensive and holistic response to the ever growing threats to information and consequently much of their business infrastructure. This Section should also provide succor to security professionals grappling with the idea of developing a security policy and incident response procedure for their organizations. The case study on an educational institution is quit simplistic but in all provides some context for the complex task of policy development. This section like the other two is also well commented with advice and useful example scenarios.

The implementation Chapter is a bonus for Information Security Professionals working in predominantly Cisco environment. The section includes many easily adaptable real life configuration examples for many of the current Cisco appliances using IOS version 12.2 and later. Included are example configuration for routers, firewall, access control servers and Cisco IDS modules. Of course, most, if not all Cisco press text have their share of configuration examples using Cisco technologies, but the organization of this material brings much of the critical solutions into clear perspective.

I got the book a few weeks after getting my CISSP certification and will recommend it as a good read for CISSP candidates even though it is a vendor specific volume, much of the discussion and theoretical underpinning of the text are relevant for a multi-vendor, homogenous security environment that the CISSP addresses. I have read several CCIE-Security specific texts and reviewed the requirements for the Exam. This volume is a sure buy for CCIE-Security candidates.

This is a technical book for intermediate to expert level security and networking professionals, but more importantly it is an excellent desk reference for any information security consultant. Rating: 4 / 5

I started reading this book because of the title, i.e., “Designing Network Security”, and of course, the “Cisco” name. This book needs to be re-vamped and Cisco Press should release a third edition. There are so many typographical errors, errors in the figures and in the configuration examples, that it falls far short of what I’ve come to expect from Cisco Press. Yet…, this reader recommends buying the book because it encompasses all of the basic material in designing security into your network.

It became evident throughout several of the initial chapters (at least to this reader) that there was more than one author involved in the writing of the book. There was such a difference in writing style and the structure of the material from section to section, that it was oftentimes distracting. It made this reader wish that the same author (of the well-written sections) actually wrote all sections.

This reader found it inordinately important that the first chapters be complete, concise, and very explanatory with lots of examples of the discussed topics, e.g., cryptography, hash functions, Data Link Layer protocols, and security protocols. As these topics are very much the basis to understanding why and how security is implemented, it should have behooved the editors to ensure the topics were thoroughly covered.

Chapter 1 starts out with the author stating that the intent was to provide the reader “with a precursory understanding” of basic cryptography. Unfortunately, this reader believes that the “precursory understanding” left MUCH to be desired. Had the author discussed the different algorithms and hash functions more than just “basically”, the reader would glean the necessary understanding of “basic” cryptography and how it’s employed in the security protocols. Only through multiple examples can the author ensure that the reader really understands the “basics”. This reader recommends that future readers go to outside sources to really read up on “basic cryptography” before continuing with the book.

The author does a decent job of discussing the supporting transport protocols (tcp or udp), and she lists of all of the listening ports. Too many books leave it to the reader to find out the port numbers on their own. Having it all in one book gives the reader a great reference manual. I noticed that the author spent a lot of time discussing some subjects, but very little time discussing others. For example, when discussing SHTTP, the author states that “In practice, SHTTP has achieved limited use.” This reader would have appreciated several examples of how SHTTP, and other briefly discussed subjects/protocols, are/were deployed even though their use was only limited. These types of discussions maintain the reader’s interest, and improve the likelihood that the book will be read in its entirety. Part of writing for an audience is keeping the audience’s interest. The author clearly explains the difference between application layer security protocols, transport layer security protocols, and security protocols found in other layers. Finally, this reader understands the difference between SHTTP and HTTPS.

The author gave a very good explanation of L2F protocol, but it would have enhanced the reading had the author made comparisons with the PPP protocol. And — as this reader read each section, the suspicion surfaced that two different people wrote the different Layer 2 Protocol sections.

Though the figures were helpful, there were several with errors, and most importantly, the reader could benefit from even more figures. Most of the protocol-implementation descriptions left too much of the physical details out of their descriptions, e.g., the actual physical architecture should have been depicted as well as an example of the frame formats. This reader went to a personal library to re-discover frame formats in order to be able to decipher what the author wanted to relate. MOST readers have never been exposed to the hardware and need more graphic illustrations of the physical architecture/topology in order to understand. If this is the author’s 2nd Edition, one hopes that she does another revision and gets out a cleaner and more detailed 3rd edition.

I will give the author kudos in giving a great explanation of IPsec. In reading this section, and sections covering other security-protocol implementations, the reader really needs to have basic cryptography concepts down. In this manner, one can follow the author through some VERY difficult-to-grasp concepts.

As the author covers security concepts that are deployed (or under development) in routing updates, it behooves the reader to have a good solid background in routing protocols. The author gives a brief description of how each routing protocol is implemented (without security), but to understand this section, this reader recommends that future readers read up on routing protocols in other Cisco Press books.

The author presented a broad overview of Common Network Security Susceptibilities; in doing so, she did a good job of compiling a concise list with good generic definitions.

There were a few boring — put-you-to-sleep — chapters, such as Site Security Policy, Implementing Corporate Security Policy, and Incident Handling, but…, they were important to cover. And if this is the first time that a reader will be exposed to this type of information, the author does an admirable job of presenting it.

The latter chapters are of great interest to most Network Administrators. These chapters cover exactly how to go about securing the network from external and internal threats. They example remote access security implementations, VoIP security, and wireless security. If for no other reason, buy this book for the latter chapters. More examples would have been greatly appreciated, but one understands that it’s impossible to give an example for every conceivable network topology. This reader therefore recommends — even though at the onset of this review there were several negative comments — to buy and read this book. So much is compacted into this book that one can only wish that there were less errors. Though distracting to read at times, one will only benefit from buying and reading this book from beginning to end.

Rating: 4 / 5

Merike Kaeo has been a network security professional with Cisco Systems, Inc for over 10 years. As a CCIE and a member of IEEE and IETF Kaeo has a tremendous amount of knowledge and experience to share on the subject.

The first of the book provide an overview of the core “Security Fundamentals”. Each chapter delves a little deeper as the author talks about various aspects of network security including encryption, authentication, PKI, wireless security and more.

Beyond that Kaeo discusses the prevailing environment and what sorts of threats exist currently. Aimed more at infosec managers than administrators it provides a good look at common attack methods and things to consider when implementing network security. These first two sections combined also provide a wealth of information to help those aspiring to pass the CISSP or other security certification exams.

The last part of the book is primarily Cisco-centric. That isn’t necessarily a bad thing since so many businesses rely on Cisco hardware for their network infrastructure. It certainly won’t hurt your career in information security to be well-versed in Cisco technology.

The book is long- almost 800 pages. But, Kaeo manages to keep it moving and give the reader the information they need without getting bogged down being boring or too wordy. The figures and diagrams included help the reader to comprehend the concepts and topics presented.

This is a very good book with tons of useful information.

(…) Rating: 4 / 5