Cisco Router Firewall Security

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $5.91
Usually ships in 1-2 business days
(Save 91%)
Other sellers (Paperback)
  • All (4) from $5.91   
  • New (1) from $47.26   
  • Used (3) from $5.91   

Overview

Harden perimeter routers with Cisco firewall functionality and features to ensure network security

  • Detect and prevent denial of service (DoS) attacks with TCP Intercept, Context-Based Access Control (CBAC), and rate-limiting techniques
  • Use Network-Based Application Recognition (NBAR) to detect and filter unwanted and malicious traffic
  • Use router authentication to prevent spoofing and routing attacks
  • Activate basic Cisco IOS filtering features like standard, extended, timed, lock-and-key, and reflexive ACLs to block various types of security threats and attacks, such as spoofing, DoS, Trojan horses, and worms
  • Use black hole routing, policy routing, and Reverse Path Forwarding (RPF) to protect against spoofing attacks
  • Apply stateful filtering of traffic with CBAC, including dynamic port mapping
  • Use Authentication Proxy (AP) for user authentication
  • Perform address translation with NAT, PAT, load distribution, and other methods
  • Implement stateful NAT (SNAT) for redundancy
  • Use Intrusion Detection System (IDS) to protect against basic types of attacks
  • Obtain how-to instructions on basic logging and learn to easily interpret results
  • Apply IPSec to provide secure connectivity for site-to-site and remote access connections
  • Read about many, many more features of the IOS firewall for mastery of router security

The Cisco IOS firewall offers you the feature-rich functionality that you've come to expect from best-of-breed firewalls: address translation, authentication, encryption, stateful filtering, failover, URL content filtering, ACLs, NBAR, and many others. Cisco Router Firewall Security teaches you how to use the Cisco IOS firewall to enhance the security of your perimeter routers and, along the way, take advantage of the flexibility and scalability that is part of the Cisco IOS Software package.

Each chapter in Cisco Router Firewall Security addresses an important component of perimeter router security. Author Richard Deal explains the advantages and disadvantages of all key security features to help you understand when they should be used and includes examples from his personal consulting experience to illustrate critical issues and security pitfalls. A detailed case study is included at the end of the book, which illustrates best practices and specific information on how to implement Cisco router security features.

Whether you are looking to learn about firewall security or seeking how-to techniques to enhance security in your Cisco routers, Cisco Router Firewall Security is your complete reference for securing the perimeter of your network.

This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Read More Show Less

Product Details

  • ISBN-13: 9781587051753
  • Publisher: Cisco Press
  • Publication date: 7/22/2004
  • Series: Networking Technology Series
  • Edition description: New Edition
  • Pages: 870
  • Product dimensions: 7.53 (w) x 9.16 (h) x 1.89 (d)

Meet the Author

Richard A. Deal has 18 years experience in the computing and networking industry including networking, training, systems administration, and programming. In addition to a B.S. in mathematics and computer science from Grove City College, Richard holds many certifications from Cisco, including the CCNP and CCSP(tm) certifications. For the past seven years, Richard has operated his own company, The Deal Group, Inc., in Orlando, Florida.

Read More Show Less

Table of Contents

Introduction.

I. SECURITY OVERVIEW AND FIREWALLS.

1. Security Threats.

Planning for Security.

Diverse Platforms.

Security Goals.

Causes of Security Problems.

Policy Definitions.

Computer Technologies.

Equipment Configurations.

Types of Security Threats.

External and Internal Threats.

Unstructured and Structured Threats.

Categories of Threats.

Reconnaissance Attacks.

Access Attacks.

Denial of Service Attacks.

Security Solutions.

Designing a Security Solution.

The Cisco Security Wheel.

Security Checklist.

Additional Information.

Summary.

2. Introduction to Firewalls.

Firewall Overview.

Definition of a Firewall.

Firewall Protection.

Controlling Traffic and the OSI Reference Model.

OSI Reference Model Overview.

Firewalls and the OSI Reference Model.

Firewall Categories.

Packet-Filtering Firewalls.

Stateful Firewalls.

Application Gateway Firewalls.

Address-Translation Firewalls.

Host-Based Firewalls.

Hybrid Firewalls.

Firewalls and Other Services.

Firewall Design.

Design Guidelines.

DMZ.

Components.

Component Placement.

Firewall Implementation.

Firewall Administration and Management.

Cisco IOS Security.

Cisco IOS Uses.

Cisco IOS Security Features.

Cisco IOS Devices and Their Uses.

When to Use a Cisco IOS Firewall.

Summary.

II. MANAGING ACCESS TO ROUTERS.

3. Accessing a Router.

Types of Authentication.

No Password Authentication.

Static Password Authentication.

Aging Password Authentication.

One-Time Password Authentication.

Token Card Services.

Methods of User EXEC Access.

Local Access: Console and Auxiliary.

Remote Access.

Privileged EXEC Access.

Passwords.

Privilege Levels.

Other Access Items.

Encrypting Passwords.

Banners.

Example Configuration.

Summary.

4. Disabling Unnecessary Services.

Disabling Global Services.

Cisco Discovery Protocol.

TCP and UDP Small Servers.

Finger.

IdentD.

IP Source Routing.

FTP and TFTP.

HTTP.

SNMP.

Name Resolution.

BootP.

DHCP.

PAD.

Configuration Autoloading.

Disabling Interface Services.

CDP on Insecure Interfaces.

Proxy ARP.

Directed Broadcasts.

ICMP Messages.

Maintenance Operation Protocol.

VTYs.

Unused Interfaces.

Manual Configuration Example of Disabling Services on a Perimeter Router.

AutoSecure.

Securing Planes.

AutoSecure Configuration.

Summary.

5. Authentication, Authorization, and Accounting.

AAA Overview.

AAA Functions.

Enabling AAA.

Security Protocols.

Authentication.

Methods of Authentication.

Authentication Configuration.

Authentication Troubleshooting.

Authentication Example.

Authorization.

Methods of Authorization.

Authorization Configuration.

Authorization Troubleshooting.

Authorization Example.

Accounting.

Methods of Accounting.

Accounting Configuration.

Accounting Troubleshooting.

Accounting Example.

Secure Copy.

Preparation for SCP.

SCP Configuration.

SCP Troubleshooting.

SCP Example.

Summary.

III. NONSTATEFUL FILTERING TECHNOLOGIES.

6. Access List Introduction.

Access List Overview.

ACLs and Filtering.

Types of ACLs.

Processing ACLs.

Basic ACL Configuration.

Creating ACLs.

Activating ACLs.

Editing ACLs.

Wildcard Masks.

Converting a Subnet Mask to a Wildcard Mask.

Wildcard Mask Mistakes.

Summary.

7. Basic Access Lists.

Types of ACLs.

Standard ACLs.

Extended ACLs.

ACL Verification.

Fragments and Extended ACLs.

Timed ACLs.

Additional ACL Features.

ACL Remarks.

Logging Updates.

IP Accounting and ACLs.

Turbo ACLs.

Sequenced ACLs.

Protection Against Attacks.

Bogon Blocking and Spoofing.

DoS and Distributed DoS Attacks.

Simple Reconnaissance Attacks.

Distributed DoS Attacks.

Trojan Horses.

Worms.

Blocking Unnecessary Services.

An Uphill Battle.

Instant-Messenger Products.

File Sharing: Peer-to-Peer Products.

Summary.

IV. STATEFUL AND ADVANCED FILTERING TECHNOLOGIES.

8. Reflexive Access Lists.

Overview of Reflexive ACLs.

Extended Versus Reflexive ACLs.

Reflexive ACLs in Action.

Limitations of Reflexive ACLs.

Configuring Reflexive ACLs.

Interface Selection.

Configuration Commands.

Reflexive ACL Examples.

Summary.

9. Context-Based Access Control.

Cisco IOS Firewall Features.

CBAC Functions.

Filtering Traffic.

Inspecting Traffic.

Detecting Intrusions.

Generating Alerts and Audits.

Operation of CBAC.

Basic Operation.

CBAC Enhancements over RACLs.

Supported Protocols for CBAC.

RTSP Applications.

H.323 Applications.

Skinny Support.

SIP Support.

CBAC Performance.

Throughput Improvement Feature.

Connections Per Second Improvement Feature.

CPU Utilization Improvement Feature.

CBAC Limitations.

CBAC Configuration.

Step 1: Interface Selection.

Step 2: ACL Configuration.

Step 3: Global Timeouts.

Step 4: Port Application Mapping.

Step 5: Inspection Rules.

Step 6: Inspection Activation.

Step 7: Troubleshooting CBAC.

CBAC Removal.

CBAC Examples.

Summary.

10. Filtering Web and Application Traffic.

Java Applets.

Java Inspection.

Java Blocking .

Java Blocking Example.

URL Filtering.

Operation of URL Filtering.

Advantages and Limitations of URL Filtering.

URL Filtering Implementation.

URL Filtering Verification.

URL Filtering Example.

Network-Based Application Recognition.

Components of QoS.

NBAR and Classification.

NBAR Restrictions and Limitations.

Basic NBAR Configuration.

NBAR Verification.

NBAR Examples.

Summary.

V. ADDRESS TRANSLATION AND FIREWALLS.

11. Address Translation.

Address Translation Overview.

Private Addresses.

Address Translation.

How Address Translation Works.

Terms Used in Address Translation.

Performing Address Translation.

Limitations of Address Translation.

Address Translation Configuration.

Configuration of NAT.

Configuration of PAT.

Configuration of Port Address Redirection.

Dealing with Overlapping Addresses.

Configuration of Traffic Distribution.

Configuration of Translation Limits.

Verifying and Troubleshooting Address Translation.

NAT and CBAC Example.

Summary.

12. Address Translation Issues.

Embedded Addressing Information.

Problem with Embedding Addressing Information.

Supported Protocols and Applications.

Nonstandard Port Numbers.

Controlling Address Translation.

Using ACLs.

Using Route Maps: Dynamic Translations.

Using Route Maps: Static Translations.

Address Translation and Redundancy.

Static NAT Redundancy with HSRP.

Stateful Address Translation Failover.

Traffic Distribution with Server Load Balancing.

SLB Process.

SLB Advantages and Limitations.

SLB Configuration.

SLB Verification.

SLB Example.

Summary.

VI. MANAGING ACCESS THROUGH ROUTERS.

13. Lock-and-Key Access Lists.

Lock-and-Key Overview.

Lock-and-Key and Normal ACLs.

When to Use Lock-and-Key.

Lock-and-Key Benefits.

Lock-and-Key Process.

Lock-and-Key Configuration.

Configuration Steps.

Allowing Remote Administration Access.

Verification and Troubleshooting.

Lock-and-Key Example.

Summary.

14. Authentication Proxy.

Introduction to AP.

AP Features.

AP Process.

AP Usage.

Limitations of AP.

AP Configuration.

Configuring AAA on Your Router.

Configuring AAA on Your Server.

Preparing for HTTP or HTTPS.

Configuring AP Policies.

Tuning AP.

Protecting Against Access Attacks.

Verifying and Troubleshooting AP.

show Commands.

clear Commands.

debug Commands.

AP Examples.

Simple AP Example.

Complex AP Example: CBAC and NAT.

Summary.

15. Routing Protocol Protection.

Static and Black Hole Routing.

Static Routes.

Null Routes.

Policy-Based Routing.

Interior Gateway Protocol Security.

Authentication.

RIPv2.

EIGRP.

OSPF.

IS-IS.

Other Tools.

HSRP.

BGP Security.

Reverse-Path Forwarding (Unicast Traffic).

RPF Process.

RPF Usage.

RPF Limitations.

RPF Configuration.

RPF Verification.

Unicast RPF Example.

Summary.

VII. DETECTING AND PREVENTING ATTACKS.

16. Intrusion-Detection System.

IDS Introduction.

IDS Implementations.

IDS Solutions.

IDS Concerns.

IDS Signatures.

Cisco Router IDS Solution.

Signature Support.

Router IDS Process.

Memory and Performance Issues.

IDS Configuration.

Step 1: Initialization Configuration.

Step 2: Logging and PostOffice Configuration.

Step 3: Audit Rule Configuration and Activation.

IDS Verification.

IDS Example.

Summary.

17. DoS Protection.

Detecting DoS Attacks.

Common Attacks.

Symptoms of Attacks.

Examining CPU Utilization to Detect DoS Attacks.

Using ACLs to Detect DoS Attacks.

Using NetFlow to Detect DoS Attacks.

CEF Switching.

TCP Intercept.

TCP SYN Flood Attacks.

TCP Intercept Modes.

TCP Intercept Configuration and Verification.

CBAC and DoS Attacks.

Timeouts and Thresholds.

CBAC DoS Prevention Verification.

CBAC Example Configuration.

Rate Limiting.

ICMP Rate Limiting.

CAR.

NBAR.

Summary.

18. Logging Events.

Basic Logging.

Log Message Format.

Basic Logging Configuration.

Logging Destinations.

Other Logging Commands.

Logging Verification.

Logging and Error Counts.

Time and Date and the Cisco IOS.

Router Time Sources.

Manual Time and Date Configuration.

Network Time Protocol Overview.

Router Client Configuration for NTP.

Router Server Configuration for NTP.

NTP Security.

Other NTP Commands.

NTP Verification.

NTP Configuration Example.

Embedded Syslog Manager.

ESM Overview.

ESM Filter Modules.

Introduction to ESM Setup and Configuration.

Additional Logging Information.

What to Look For.

Additional Tools.

Summary.

VIII. VIRTUAL PRIVATE NETWORKS.

19. IPSec Site-to-Site Connections.

IPSec Preparation.

Basic Tasks.

External ACL.

IKE Phase 1: Management Connection.

Enabling ISAKMP/IKE.

Defining IKE Phase 1 Policies.

IKE Phase 1 Peer Authentication.

Identity Type.

Authentication with Preshared Keys.

Authentication with RSA Encrypted Nonces.

Authentication with Certificates.

IKE Phase 2: Data Connection.

Step 1: Building a Crypto ACL.

Step 2: Creating a Transform Set.

Step 3: Creating a Crypto Map.

Step 4: Activating a Crypto Map.

Step 5: Verifying a Crypto Map Configuration.

IPSec Connection Troubleshooting.

Examining SAs.

Using debug Commands.

Clearing Connections.

L2L Example.

Summary.

20. IPSec Remote-Access Connections.

Remote Access Overview.

EasyVPN Introduction.

EasyVPN IPSec Support.

EasyVPN Features.

IPSec Remote-Access Connection Process.

Step 1: The EVC Initiates an IPSec Connection.

Step 2: The EVC Sends the IKE Phase 1 Policies.

Step 3: The EVS Accepts an IKE Phase 1 Policy.

Step 4: The EVS Authenticates the User.

Step 5: The EVS Performs IKE Mode Config.

Step 6: The EVS Handles Routing with RRI.

Step 7: The IPSec Devices Build the Data Connections.

IPSec Remote-Access EVS Setup.

Configuration Process.

Task 1: Authentication Policies.

Task 2: Group Policies.

Task 3: IKE Phase 1 Policies.

Task 4: Dynamic Crypto Maps.

Task 5: Static Crypto Map.

Task 6: Remote-Access Verification.

IPSec Remote Access Example.

Summary.

IX. CASE STUDY.

21. Case Study.

Company Profile.

Corporate Office.

Branch Office.

Remote-Access Users.

Proposal.

Case Study Configuration.

Basic Configuration.

Unnecessary Services and SSH.

AAA.

Access Control Lists.

CBAC and Web Filtering.

Address Translation.

Routing.

Intrusion-Detection System.

Connection Attacks and CBAC.

Rate Limiting.

NTP and Syslog.

Site-to-Site VPN.

Remote-Access VPNs.

Summary.

Index.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 3 Customer Reviews
  • Anonymous

    Posted April 3, 2005

    Arm yourself--secure and defend your network!

    Cisco Router Firewall Security by Richard A. Deal is one firewall security book no networking professional should be without. The book begins with an overview on network security and firewalls, and continues with a showcase of Deal's extensive knowledge and experience configuring the Cisco IOS Firewall. Now, rather than re-inventing the wheel or relying on trial and error practices in configuring your Cisco IOS firewalls, you too can incorporate Deal's extensive Cisco Router Firewall Security expertise into your network security plan, or environment. In each chapter of the book, Deal walks you through best practice Cisco Router Firewall Security configuration as he explains and demonstrates, step-by-step, how to program the Cisco IOS Firewall feature set¿-from router security management to virtual private networking. Networking professionals having an intermediate to advanced knowledge of Cisco routers, or at least a Cisco CCNA certification will benefit immensely from reading and applying the Cisco IOS firewall security features discussed in the book. All concepts and examples, such as configuration command files, are clearly explained against the backdrop of example network illustrations and thus easy to follow. Deal reinforces each and every illustration with appropriate, well-executed discussions for you to follow as he pin-points the reasons for implementing, or applying, Cisco IOS firewall security and how best to configure it for maximum advantage. For networking professionals interested in pursuing a Cisco security certification, Cisco Router Firewall Security provides a wealth of tips, recommendations, considerations and cautions. While there is no CD-ROM included with the book, an abundance of configuration command file listings provide network administrators and engineers the opportunity of a virtual experience in the nuts-and-bolts of configuring Cisco IOS firewalls in a secure manner. Networking professionals will develop an unparalleled depth of understanding in best practice network security¿-such as properly securing the various modes and methods of accessing Cisco routers as well as the Cisco IOS firewall. On a scale of 1 ¿ 5, 5 being the highest, and in terms of usefulness and practical application, Cisco Router Firewall Security easily rates a 5. Network engineers and administrators will benefit immensely from this handbook of network security: from the illustrations showing where and why network security should be applied, the index which is strictly focused on cross-referencing network security topics, and the solid network security advice that reaches beyond Cisco-centric networking environments. Future books by Deal, as well as his previous book, PIX Firewalls, will undoubtedly prove to be excellent reading for the networking community at large seeking to increase the security of their networks and to ward off ever-increasing network attacks and intrusions. If shooting from the hip in dealing with network security issues is your stick, Cisco Router Firewall Security is the book for you. Cisco Router Firewall Security provides a smorgasbord of tried and tested network security process, procedure and application¿-providing a comprehensive set of tools and case study material that can be either adapted in whole or in part when making your case, or justifying, how you intend to protect or defend your network against attacks. Without question, you absolutely must add Deal's Cisco Router Firewall Security¿-a stellar treatise on both applied network security and applied firewall security¿-to your networking bookshelf. Arm yourself with the necessary knowledge, skills and practical application to secure and defend your network¿-and in essence your job¿-or else, you're fired!

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted March 18, 2005

    Securing the Edge

    The Cisco Press Book ¿Cisco Router Firewall Security¿ by Richard Deal while claiming to be for individuals or organizations ¿using a Cisco router as a perimeter firewall solution¿ is much more and I believe from that quote it was designed to be a reference guide for using routers to do just that: be a perimeter firewall for an organization. But what Richard Deal delivered is not only an excellent book on implementing a router as the firewall, but a detailed guide and approach to making any organizations routers secure and safe as they should be to develop a safe environment. To emphasis my comments on this thought you simply need to look at the break down of the chapters, like Chapter 4 ¿Disabling Unnecessary Services¿, and while this is important for any perimeter device, doing it in general on a router regardless of location helps to strength the environment and deliver a more secure network. Within the book Richard emphasizes that an individual can either read it cover to cover, or skip around and I agree that at sometimes reading cover to cover especially if you do not know a subject is an excellent approach, but with this one even not knowing and using it for the references offers is just as much benefit. Cause within the individual sections of the book there¿s enough information that you will not get lost as long as you have understanding of other Cisco devices like TACACS+ or general network concepts like RADIUS. Richard presents clear examples and details the steps to implement many of the book suggestions without much issue. I was able to take one of my lab routers and execute numerous of his examples without difficulty and still have the unit function as expected. While Cisco continues to publish new IOS code for their devices Richard spends a few minutes at different points like in Chapter 6 ¿Basic ACL Configuration¿ to highlight which version of IOS is needed to accomplish the issue being explained. Considering this feature does help to enhance the value of the book even further, but amongst my favorite chapters and section was Part VI ¿Managing Access through Routers¿ for he the book combined numerous prior items from Access Control List (ACL) configuration to routing protocols and authentication proxy using features like AAA with both TACACS+ and RADIUS. These configuration examples combined with Part VIII on ¿Virtual Private Networks (VPN)¿ only go to enhance each other. Yet as mentioned before the book was designed to allow individuals to either research a sub-set of the features in a router or the entire book itself. Thus in the middle of what appears to be two clear parts that would naturally fit together Part VI and VIII, Richard places Part VII on ¿Detecting and Preventing Attacks¿ demonstrates this feature covering areas of Intrusion Detection Systems, DoS Protection and Logging Events. The concept that attacks could come in any form, but commonly from external interaction is widely known. Seeing this section of the book only goes further to enforce and emphasis the importance of securing routers to protect the network. As anyone in the Information Technology industry is aware it is important to protect the environment and to say that this book could not help in that protection is a clear understatement. I believe that anyone from the ¿small business jack of all trade IT person¿ to the ¿corporate IT Network Specialist¿ could benefit in some manor from this book and the explanations and examples presented. If I was to say there was one thing I would do different on this book is of had it published in a hard bound cover cause Cisco Press has not often published a book that does not have a clear basis for use and this book is no except to that, thus I believe it would be a benefit and often used book of any network individuals library.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted January 9, 2005

    Access This Book!

    Cisco Router Firewall Security by Richard A. Deal delivers exactly what the title says: using a Cisco router for every possible perimeter security scenario. The book is written for someone who has at least an intermediate level knowledge of Cisco router and switching technologies. Advanced security consultants may want to go to Chapter 21, Case Study Configuration, and refer back to the previous chapters for more explanation when needed. However, those responsible for network security should read the entire book to be familiar with all of the latest security features that Cisco routers are capable of as well as a number of vulnerabilities that should be hardened, when possible. Deal fills in much of the lacunae of Cisco IOS configuration that are left out of certification handbooks. His sprinkling of many anecdotes from his personal experience makes the book immensely practical. For example, the author points out that Reflexive Access Control Lists can be used as a less expensive substitute for Content Based Access Control when filtering traffic for a few dozen users. Deal's book will prepare you to deal with special situations where company policy demands something different than what a firewall in a box solution offers. As he shows you how to accomplish Intrusion Detection, Content Filtering, Security Logging, Virtual Private Networking, Denial of Service Prevention, and Access Management solutions with Cisco routers, he points out when these features should be used with a router or dedicated equipment, like the PIX firewall. I give Deal 5 stars for the layout and structure, which includes notes, cautions, tables, and configurations. But what I found most valuable was his many real life illustrations from his consulting business.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 3 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)