Security Sage's Guide to Hardening the Network Infrastructure

I have been searching for this book for quite some time. There are so many books (too many) telling me how to secure my web-site, my OS, my databases, etc. but this is the first book that instructs, explains and coaches us to secure the very infrastructure that allows all of these networked components to function.

This book covers a lot of ground; providing valuable information in easily-digestible chunks like 'tools & traps', and 'Notes from the Underground' that provide perspective to the pitfalls of failing to take adequate care in implementing our network infrastructures.

The writing is witty, intelligent and doesn't condescend. I would feel quite comfortable giving this to my non-technical Executive to read.

This book is money well spent! Bravo!

Rating:
Summary: Excellent!
Review: Every sys admin should read this.
Every network admin should read this.

Microsoft should read this :)

Seriously, great book, w/ great info!

Rating:
Summary: A must have for network engineer
Review: I am a network engineer with over 10 years of experience, my book shelf is filled with networking books and I found this one to be among the best.
Its a well organized book that cover all aspect of network security, it takes you step by step to security your infrastructures.
The book gives you a comprehensive picture of the network architecture, devices and protocols, at same time offers hands-on and practical guidance to help you secure your network.

If you are serious about protecting your network, this is a must have.
Strongly recommended!!!.

Rating:
Summary: Disappointing lack of original material and command syntax
Review: This is a tough review to write, since I worked with the lead authors and series editor at Foundstone, and I'm mentioned by name on p. 384. "Security Sage's Guide to Hardening the Network Infrastructure" (HTNI) is mainly a collection of advice given in other security books, packaged with brochure-like commercial product descriptions. Much of the technical defensive recommendations lack the command-level syntax to put that advice into practical use. I was excited by the table of contents, but disappointed once I finished the book. I can't recommend HTNI unless your library doesn't already address essential networking and security techniques.

Let me first address comments by earlier reviewers. Some liked the "Notes from the Underground." These "notes" seem out of place when they bear titles like "Novell and Ethernet Frame Types" or "Types of Ethernet" (both ch 7); they belong in standard networking texts. Another reviewer said "the writing is witty, intelligent and doesn't condescend." I disagree after reading this sentence on p. 141: "Add to this the fact that Microsoft is certainly the 'black sheep' of the security world and you end up with one disaster of a firewall product." Another gem appears on p. 322, regarding SOHO switches: "And while you're at your favorite hardware vendor getting the switches, pick us up a pack of beef jerky." That isn't "witty" -- it's an unnecessary slam on small offices who can't fork over "half a million dollars" in switching gear (see p. 321) but need Internet access nevertheless.

Another reviewer liked the "hands-on and practical guidance." This is where the book is weakest. Why does an entire chapter on router security (ch 5) not provide any command syntax at all for securing a Cisco router? While ch 8 gives a few helpful commands, it is hardly comprehensive. For example, SSH is mentioned as a secure management protocol, but setup instructions for IOS are missing. Instead of providing product screen shots with little informational content, the authors should show how to "harden the network infrastructure" as readers expect.

HTNI's coordinating author needed to apply greater consistency to the text, since it bears the signs of being written by several independent authors. For example, some network diagrams are fairly clear, while others use completely different symbols and are not easy to follow. Some figures convey useful ideas, like the logical network layouts in ch 10, while ch 3's figure 3.8 shows two Pix firewalls connected by a cable. Do we need to see this figure to understand how to link two firewalls for sharing redundancy tables? Speaking of redundancy, topics covered in one section are often repeated elsewhere; too many contributors felt compelled to explain firewall variations or the OSI model. Some of the Web links were also incorrect, with "ntomap" in ch 2 attributed to NAI (rather than NT Objectives) and my own Web site given a ".org" TLD instead of ".com".

I did find some aspects of HTNI useful. I liked the stories about asset criticality in ch 1. I thought the advice, albeit lacking implementation-level details, was sound overall. The authors seemed to cover competitors to their own Foundstone brands fairly, although their products got more screen shots. I also liked the "mini case studies" in ch 7 addressing switch deployment.

I came to HTNI after reading a five-star Syngress book on Ethereal, and I'm looking forward to their new book on Snort 2.1. I thought Erik Birkholz's "Special Ops" (another Syngress book) was excellent, and placed it on my recommended reading list. Other Foundstone-supported books like "Hacking Exposed," "Incident Response," or "Anti-Hacker Tool Kit" are great reads. HTNI is full of ideas, but they are either old news or lacking the command-level syntax to implement them in the reader's enterprise. A second edition of HTNI would be a winner if thoroughly scrubbed and suitably enhanced by actionable advice.

Rating:
Summary: Disappointing lack of original material and command syntax
Review: This is a tough review to write, since I worked with the lead authors and series editor at Foundstone, and I'm mentioned by name on p. 384. "Security Sage's Guide to Hardening the Network Infrastructure" (HTNI) is mainly a collection of advice given in other security books, packaged with brochure-like commercial product descriptions. Much of the technical defensive recommendations lack the command-level syntax to put that advice into practical use. I was excited by the table of contents, but disappointed once I finished the book. I can't recommend HTNI unless your library doesn't already address essential networking and security techniques.

Let me first address comments by earlier reviewers. Some liked the "Notes from the Underground." These "notes" seem out of place when they bear titles like "Novell and Ethernet Frame Types" or "Types of Ethernet" (both ch 7); they belong in standard networking texts. Another reviewer said "the writing is witty, intelligent and doesn't condescend." I disagree after reading this sentence on p. 141: "Add to this the fact that Microsoft is certainly the 'black sheep' of the security world and you end up with one disaster of a firewall product." Another gem appears on p. 322, regarding SOHO switches: "And while you're at your favorite hardware vendor getting the switches, pick us up a pack of beef jerky." That isn't "witty" -- it's an unnecessary slam on small offices who can't fork over "half a million dollars" in switching gear (see p. 321) but need Internet access nevertheless.

Another reviewer liked the "hands-on and practical guidance." This is where the book is weakest. Why does an entire chapter on router security (ch 5) not provide any command syntax at all for securing a Cisco router? While ch 8 gives a few helpful commands, it is hardly comprehensive. For example, SSH is mentioned as a secure management protocol, but setup instructions for IOS are missing. Instead of providing product screen shots with little informational content, the authors should show how to "harden the network infrastructure" as readers expect.

HTNI's coordinating author needed to apply greater consistency to the text, since it bears the signs of being written by several independent authors. For example, some network diagrams are fairly clear, while others use completely different symbols and are not easy to follow. Some figures convey useful ideas, like the logical network layouts in ch 10, while ch 3's figure 3.8 shows two Pix firewalls connected by a cable. Do we need to see this figure to understand how to link two firewalls for sharing redundancy tables? Speaking of redundancy, topics covered in one section are often repeated elsewhere; too many contributors felt compelled to explain firewall variations or the OSI model. Some of the Web links were also incorrect, with "ntomap" in ch 2 attributed to NAI (rather than NT Objectives) and my own Web site given a ".org" TLD instead of ".com".

I did find some aspects of HTNI useful. I liked the stories about asset criticality in ch 1. I thought the advice, albeit lacking implementation-level details, was sound overall. The authors seemed to cover competitors to their own Foundstone brands fairly, although their products got more screen shots. I also liked the "mini case studies" in ch 7 addressing switch deployment.

I came to HTNI after reading a five-star Syngress book on Ethereal, and I'm looking forward to their new book on Snort 2.1. I thought Erik Birkholz's "Special Ops" (another Syngress book) was excellent, and placed it on my recommended reading list. Other Foundstone-supported books like "Hacking Exposed," "Incident Response," or "Anti-Hacker Tool Kit" are great reads. HTNI is full of ideas, but they are either old news or lacking the command-level syntax to implement them in the reader's enterprise. A second edition of HTNI would be a winner if thoroughly scrubbed and suitably enhanced by actionable advice.

Rating:
Summary: The base knowledge you need to have for security
Review: This is the minimum every network administrator should know about network security and is an excellent guide for administrators at the intermediate level of security knowledge. One of the things I really liked about the book was that it not only tells the reader how to secure their network but also tells them how to test the system using specific techniques and tools. This includes footprinting a network with tools like whois and DNS interrogation, monitoring traffic, and sniffing. The other great feature of the book is that it includes vendor specific attacks and defenses - the things the vendor won't be telling you. Some of the vendors mentioned include Check Point, PIX, Microsoft ISA Server, NetScreen, and Novell.

The authors also examine routing devices and protocols, network management and security, IPSec, VPNs, and security software. In addition to the internal network considerations the authors look at the items on the edge of the local network. These items include network switches and routers, including attacks and defenses by brand. They complete the book with a good discussion of internal network design including the importance of firewall selection and placement, Intrusion Detection Systems, and segmentation. Security Sage's Guide to Hardening the Network Infrastructure is highly recommended for people interested more in how to secure a network than how to hack one as well as how to test that security.

Rating:
Summary: Excellent text for the 21st century network/security admins
Review: Todays's network administrator needs to be armed with more knowledge than just Microsoft GUI management skills. This text discusses firewalls, routers, switches and intrusion detection networks, their importance in the enterprise, and how to deploy them in a secure fashion.
While directed towards the large enterprise, this book can also help the small and mid size businesses to maintain a secure network.
My only reason for 4 stars is Chapter 4 on Firewall Attacks and Defenses. The conclusions at the end of the chapter are great, but I would have placed the chapter at the end or as an appendix.

Rating:
Summary: A book written from the trenches
Review: What distinguishes this book from the plethora of security books available these days is the fact that it combines in-depth tutorials on core networking technologies (such as switching and routing) with discussions on security-specific issues such as Access Control Lists, firewalls, Intrusion Detection systems and VPNs, to name a few.

If you are a network manager who wants to learn how to secure your network, this book is for you. If you are a security engineer specialized on application security and if you want to learn more about the core networking protocols of the Internet, this book is for you too.

I especially appreciated the "Notes from the underground", "Tools and tips" and "Checklist" section available in each chapter. These alone are well worth the price of the book.

Highly recommended !

Rating:
Summary: Plain English but not "Dummies"
Review: Why is it that when you need a good technical book it written way over your head or one of those "dummies" or "idiots guide" books? i'm not a rocket scientist but I graduated college and dont have time to read and re-read pages because they are written for other geeks to understand. whats great about the Sage guide is that it's not a "manual" -- it's like a conversation. the author talks to you like you are a human being and then when you're done you can do your job. other books (my boss bought me this one and the one with the bald biker gang guy on the cover) leave you with no "action" or thing that you can apply in real life. after reading this book, i immediately followed three of their suggestions and i have logs to prove that i've been stopping some attacks. Even better, our deputy director is now investigating buying vulnerability software for our unit based on the examples shown in the first part of the book. I think everyone that is looking to get a hold on the security of their own network needs to read this just once.

Rating:
Summary: Plain English but not "Dummies"
Review: Why is it that when you need a good technical book it written way over your head or one of those "dummies" or "idiots guide" books? i'm not a rocket scientist but I graduated college and dont have time to read and re-read pages because they are written for other geeks to understand. whats great about the Sage guide is that it's not a "manual" -- it's like a conversation. the author talks to you like you are a human being and then when you're done you can do your job. other books (my boss bought me this one and the one with the bald biker gang guy on the cover) leave you with no "action" or thing that you can apply in real life. after reading this book, i immediately followed three of their suggestions and i have logs to prove that i've been stopping some attacks. Even better, our deputy director is now investigating buying vulnerability software for our unit based on the examples shown in the first part of the book. I think everyone that is looking to get a hold on the security of their own network needs to read this just once.