It starts with the basic overview of network security, OSI layer and the infamous Cisco security wheel. The next chapter explains IP address classes, subnet masks and access control list (ACL) in a short and concise manner. However, the explanation for IPv6 comes short as it is only 5 sentences long with a note to go to http://www.cisco.com/go/ipv6 for more details. The book describes the access control functions and types well although I doubt that many of us will use distributed time based ACL or Receive ACL for high end routers quite often.

The book does a very good job in explaining the security features for switches, IOS firewalls and firewall appliance in the following chapters. Some basic but essential security features like DHCP snooping, Dynamic ARP inspection, and Spanning Tree features are clearly described with some brief configuration examples. Network address translation, security context, failover and IP routing are illustrated well. It also very briefly mentions new features in software version 8.0 like EIGRP and AnyConnect VPN client. It should at least dedicate more explanations on these new features.

The next chapter for Cisco Secure ACS, 802.1x, wireless security and NAC will be overwhelming for beginners as it tries to cover a massive amount of information in five brief chapters.

The best part for this book is the data privacy section that covers solution architecture and configuration and deployment scenarios for IPSec VPN, Dynamic Multipoint VPN, Group Encrypted transport VPN, SSL VPN and MPLS VPN. Readers will probably spend more time understanding these than the rest of the remaining chapters.

The remaining chapters are for intrusion prevention system (IPS), Cisco Security Agent (CSA), Cisco Security Monitoring, Analysis and Response System (CS-MARS), Cisco Security Manager (CSM), and Cisco Guard DDoS Mitigation. The basic theory, concepts and deployment guide for each of these appliances and software will help readers to understand how each product should be used to mitigate certain security risks.

The information in the book seems disjointed since the author divides the book into several parts making all these technologies in their separate entities while in fact many complement each other. The authors need to provide one more chapter to integrate most of these technologies together and present them in overall network security design to fulfill Cisco Self-Defending Network solution.

.

The last chapter is for security regulation compliance. The author needs to include this since all of these security technologies are mostly implemented to meet the regulatory compliance. This chapter will certainly put network administrator like me to fall asleep in 5 minutes. I rather have the author to dedicate more pages for the VPN topics.

I am usually skeptical on any books that try to cover everything as they usually come short. However, the author does try hard to incorporate all these security technologies with easy to understand explanation and reference links in each chapter. I rate this book 5 out of 5 starts for its vast and diverse amount of information it covers while still keeping them easy to understand and concise. That is not an easy feat to accomplish.

Bhaiji, begins by introducing you to the principles of network security, security models, a basic overview of security standards, policies, and the network security framework. Then, the author describes the capability to perform traffic filtering using access control lists. The author also covers some of the most common techniques used for device hardening and securing management access for routers, firewall appliances, and the intrusion prevention system appliance. He continues by covering port-level security controls at Layer 2 and security features and best practices available on the switch. Then, the author introduces the software-based IOS firewall features, including the legacy Context-Based Access Control and the newly introduced Zone-Based Policy Firewall feature available on the router. Next, he provides comprehensive coverage of firewall operating systems, software features and capabilities. The author continues by providing mitigation techniques for a wide range of attacks at Layer 2 and Layer 3. Then, he covers details of the authentication, authorization, and accounting framework and implementation of AAA technology. He continues by highlighting the common use of ACS software functions and features. Next, the author introduces common two-factor mechanisms. He also covers the Cisco trust and identity management solution based on the Identity-Based Networking Services technique. Then, the author provides an overview of wireless LAN and details of securing WLAN networks. He continues by showing you how to implement the Cisco NAC appliance solution as well as the NAC-L3-IP, NAC-L2-IP, and NAC-L2-802.1x solutions. Then, the author gives a basic overview of the various cryptographic algorithms, including hash algorithms, symmetric key, and asymmetric key algorithms. Next, he covers a wide range of IPsec VPN solutions. The author continues by showing you how to implement various types of DMVPN hub-and-spoke and spoke-to-spoke solutions. Then, he covers the innovative tunnel-less VPN approach to provide data security. He also covers the newly introduced Cisco AnyConnect VPN. Next, the author shows you how to implement Layer 2 and Layer 3-based MPLS VPN solutions. Finally, he covers regulatory compliance and legislative acts including GLBA, HIPAA and SOX.

This most excellent book serves as a valuable resource for candidates preparing for the CCIE Security certification exam that covers topics from the new blueprints. Perhaps more importantly, this great book serves as reference for any networking professional managing or considering exploring and implementing Cisco network security solutions and technologies.

Many authors attempt to cover a wide area of technologies and wind up losing organization of their presentation of the topics. I find Yusuf’s organization to be excellent and flowed very well making this an easy read. In fact, considering how many topics this book covers I am amazed at just how well it is organized, which is better than many of the technology-specific books I have read over the years. I become very annoyed with having to go back to reference past topics time and again but I did not find that I had to do that with this book and was able to continue going forward along with the topics.

I also found that this book gets right to the point. Yusuf didn’t pack a lot of fluff and filler into the material. Instead you get right into the meat of the topics. Keep in mind that if you are looking for a thorough reference to take you from the very beginning of a specific topic then this book is not for you. This book is part of the “CCIE Professional Development” series and as such assumes you have at least some pre-existing knowledge in these areas. With this in mind, I find this an excellent study guide as well as a real-world reference for various areas of Cisco security.

Perhaps one of the most unique and possibly useful chapters of this book is the non-Cisco material. For example the section covering security policies is invaluable. As a consultant I see client after client without a corporate security policy and in this day and age that’s trouble waiting to happen. This section discusses the value of such a policy and how to begin developing it. Another area within this chapter contains information on various regulatory compliance mandates, such as HIPPA and SOX. While this info is readily available elsewhere, Yusuf neatly summarizes the various regulations, including who is mandated to comply, penalties for not doing so and the various Cisco solutions used for compliance.

I found this book to be excellent.

The structure is very good, starting with an overview of security, providing the objectives of it, the reason behind it, the ‘Why’. This is followed by the ‘How’ where it gives clear and concise overviews and explanations of the multitude of technologies complete with configuration examples and good use of diagrams and screenshots. Every chapter has a very helpful list of references for even more information. Advanced topics such as Network Admission Control (NAC), Security Monitoring and Correlation (MARS), and Attack Vectors and Mitigation are covered. Finally the book closes with the business side including security management, explanation of policies, frameworks, governance and the myriad of regulations.

As part of my preparation for the CCIE Security Written exam, I read this book and found it to be invaluable. I highly recommend this book for not just for CCIE preparation but for all levels of readers looking for one of the best books on network security.