Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Image

Book Review: Network Security Auditing 23

brothke writes "Network Security Auditing is touted as the complete guide to auditing security, measuring risk, and promoting compliance. The book lives up to its promise and is a comprehensive reference to all things network security audit related." Read below for the rest of Ben's review.
Network Security Auditing
author Chris Jackson
pages 528
publisher Cisco Press
rating 9/10
reviewer Ben Rothke
ISBN 1587053527
summary Excellent highly technical and detailed reference
At almost 450 pages, the book covers all of the key areas around network security that is of relevance to those working in information security. As a Cisco Press title, written by a Cisco technical solutions architect, the book naturally has a heavy Cisco slant to it. Nonetheless, it is still an excellence reference even for those not working in a Cisco environment. While the first 3 chapters of the book provide an overview that is great even for a security newbie, the overall style of the book is highly technical and comprehensive.

Chapters 1-3 provide an introduction to the principles of auditing, information security and the law, and governance, frameworks and standards. Each chapter is backed with a significant amount of information and the reader is presented with a thorough overview of the concepts.

Chapter 3 does a good job of providing the reader with the details of current frameworks and standards, including PCI DSS, ITIL, ISO 17799/27001 and others. Author Chris Jackson does a good job of explaining the differences between them and where they are best used. Given this is a Cisco-centric book, he also shows how the various Cisco security products can be integrated for such regulatory and standards support.

Throughout the book, the author makes excellent use of many auditing checklists for each area that can be used to quickly ascertain the level of security audit compliance.

Chapter 6 is perhaps the best chapter in the book on the topic of Policy, Compliance and Management, and the author provides an exceptionally good overview of the need for auditing security policies. This is a critical area as far too many organizations create an initial set of information security policies, but subsequently never take the time to go back and see if they are indeed effective and providing the necessary levels of data protection.

Jackson notes that accessing the effectiveness of a policy requires the auditor to look at the policy from the viewpoint of those who will interpreting its meaning. A well intentioned policy might recommend a particular course of action, but unless specific actions are required, there is little an organization can expect the policy to actually accomplish to help the organization protect its data assets if it is misinterpreted.

The chapter suggests that the auditor ask questions such as: is the policy implementable, enforceable, easy to understand, based on risk, in line with business objectives, cost effective, effectively communicated and more. If these criteria are not well-defined and delineated, then the policies will exist in text only, offering little information security protection to the organization.

Jackson also writes of the need to measure how well policies are implemented as part of a security assessment. He suggested using a maturity model as a way to gauge if the organization is in its evolution towards fully integrating security into its business process or if it already has a formal integration process in place.

In chapter 8 on Perimeter Intrusion Prevention, Jackson writes that protecting a network perimeter used to be a relatively easy task. All an organization would have to do is stick a firewall on its Internet connection, lock down the unused ports and monitor activity. But in most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and more; and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network.

Chapter 8 provides detailed framework on how to perform a perimeter design review and assessment. As part of the overall review, the chapter details other aspects of the assessment including the need for reviews of the logical and physical architectures, in addition to a review of the firewall. Jackson also lists a large number of security tools that can be used to during an audit.

Chapter 11 covers endpoint protection with a focus on the end-user. Jackson notes that users never cease to amaze with their abilities to disappoint by opening suspicious file attachments, running untrusted Facebook applications, and much more. The book notes that organizations today face significantly higher levels of risk from endpoint security breaches than ever before due to our highly mobile and connected workforce.

The chapter details an endpoint protection operational control review that can be used to assess the organizations processes for identifying threats and performing proactive management of endpoint devices. While the chapter is quite Cisco-centric, with references to the Cisco SIO (Security Intelligence Operations) and a number of other Cisco products, the chapter does provide a good overview of the fundamentals of endpoint protection and how to do it the right way.

Overall, Network Security Auditing is highly technical and detailed reference that makes for an excellent primary reference on the fundamental of information security. With ample amounts of checklist, coding references, detailed diagrams and just the right amount of screen shots, it makes an excellent guide that any member of an IT or security group should find quite informative.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Network Security Auditing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

*

This discussion has been archived. No new comments can be posted.

Book Review: Network Security Auditing

Comments Filter:
  • Packt (Score:3, Insightful)

    by SeNtM ( 965176 ) on Monday April 25, 2011 @01:43PM (#35932688) Homepage
    My God, its not a review of a book published by Packt.
  • Send a copy to Sony?

    Sounds like they could use a copy.
  • by vlm ( 69642 )

    Does it discuss the continuous changes in the "information security and the law, and governance" areas?

    Are the book editions updated and released faster than the politicians and judges can make it obsolete?

  • by Anonymous Coward
    I own this book and I work in CompSec. Despite the summary it's just another piece of Cisco-centric trash. If you already study or work in IT Security you won't find much in here that you can't find elsewhere and in a much better form.
    • by Anonymous Coward

      Can you be more specific about the trash and submit some links or titles you find more valuable. Thanks!

    • besides a blindside bash of the book, do you have anything to back up your observation? you may own the book, BUT DID YOU READ THE BOOK? the reviewer seems to think there is good contents in the book, what do you see wrong? please say w/o blindsite comments
  • The following should cause most security researchers to raise a skeptical eyebrow:

    "Network Security Auditing is touted as the complete guide to auditing security, measuring risk, and promoting compliance. The book lives up to its promise and is a comprehensive reference to all things network security audit related."

    Emphasis mine.

    Seriously folks, nearly all security researchers know that even if a "complete guide" to security were written, it would almost immediately need to be amended. Security is a moving target, new topics of interest and new exploits are discovered nearly every day; Thus, as soon as this book was written another "security audit related" topic most likely needed to be added to the reference in order for it to "live up to its promise" of being a "comprehensive reference to all things network security audit related."

    By which I mean: It most likely has never lived up to the promise the review alludes to.

    Additionally, most experienced security researchers learn early on that there are exceptions to almost every rule, and to be very careful when speaking of absolutes in order to avoid making false statements especially concerning edge cases. Re-read what I've written for a demonstration. Statements that are worded in such absolute terms should be a red flag, tipping off security minded individuals that the statements are most likely false if not in a few instances, then in many of them...

    --
    Not even a 999 nonnillion bit encryption key is absolutely secure -- there's still a slim chance the attacker will guess correctly...

    • dude, mellow out..just cause the marketing people had marketed as a complete guide to auditing security, measuring risk, and promoting compliance does not mean that it is not a good read. No book is 100% complete, so get a grip. Yes, a book is obsolete to a degree by the time it is published. But that still meants that there is still a lot of good info. Don’t be so mean with your comments. lets see you write a book!!!!!
  • Hi, Just wanted to say this is a good book review about a good book. Why do all the comments have nothing to do with the book or the review? I am having that buck stop here!! Hope others step up to that plate. Mike

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...