Security Sage's Guide to Hardening the Network Infrastructure
by Andres, Steven and Brian Kenyon
ISBN 1-931836-01-9. 512 pages. $59.95. Index
Reviewed by Robert Bruen September 20, 2004
If you already understand how networks are put together and yours works well, but you haven't been all that concerned about securing it, then this is a worthwhile book. Each of the components has more to it than simple configuration and maintenance rules, and they require some more understanding of detailed functions and how the outside world sees the network. Reacting to the sploit of the day is not enough; it helps if you can set up things to protect generally against problems.
For example, firewalls are pretty common. They get configured to allow some things in and keep other things out, but perhaps the firewall itself as a target did not occur to you. What kind of attacks are possible, what has been seen and what do you do about it? A firewall is subject to attacks from inside as well as denial of service attacks. However there are specific attacks that might not be so obvious because they are possible only on a specific vendor's firewall. Some of the these known attacks and defenses are explained.
The authors show a real sense of humor throughout the book, and that humor helps one digest an otherwise serious topic. The book also has numerous figures that are so important when trying to discuss networks, but there are not extraneous, distracting graphics. They follow an outline for each chapter which includes a checklist, a summary, links and mailing lists plus a few other sections. It gives the busy reader a chance to take a quick look to see if the chapter will be useful at that moment. If you are a teacher of networks and/or security, the end of chapter material is helpful. There are no questions or lab assignments, but the presentation style is helpful, although the book was not intended to be a textbook.
The chapter on network switching contains a lot of basic material about networks, which would serve as a good introduction to networks or as supplementary material. The security aspects are somewhat limited, covering techniques such as password protection and turning off unnecessary features. That the chapter helps to set up the following chapter which covers defending switches and routers. Here we are given standard attacks, like spoofing, denial of service, and buffer overflows. The chapter is short and to the point.
If "Hardening the Network Infrastructure" used within the right context, it is a useful and helpful book. There are numerous products, both commercial and free, which are evaluated, as well as FAQs, notes and pointers. The attack explanations are brief. If one were to use the checklist approach to hardening a network, the book would be successful. If one expects detailed attack explanation, then disappointment would ensue.