Book Review: Implementing Cisco IOS Network Security (IINS)

So I wrote up a review on the Cisco Press self-study guide for the 640-553 exam which I finished readuing this weekend & while double checking things I noticed that the 640-554 exam topics has already been announced last month with the self-study guide for 640-554 due to be published at the end of August, the new exams will follow on from the 1st of October.
The new book will again be authored by Catherine Paquet so I’m curious how much new content there will be in the new revision.

There are seven chapters in the current 640-553 book

  • Introduction to Network Security Principles
  • Perimeter Security
  • Network Security Using Cisco IOS Firewalls
  • Fundamentals of Cryptography
  • Site-to-Site VPNs
  • Network Security Using Cisco IOS IPS
  • LAN, SAN, Voice, and Endpoint Security Overview
  • Chapter 1, “Introduction to Network Security Principles” was the most tedious of the seven to read, a long drawn out chapter covering ethics, risk analysis, lots of charts, graphs & cost figures (I managed to get through the chapter by thinking of brass eye every time I came across one), marketing info on Ciscos “self-defending network” & buried amongst all that was some introductory info to different types of attack.

    Chapter 2, “Perimeter Security” covers getting setup (ACS Server on Windows, logging, AAA, views) more product line info & navigating SDM.

    Chapter 3, “Network Security Using Cisco IOS Firewalls” covers the fundamentals of firewalls, quiet a large portion of the chapter is on ACLs & configuring them which didn’t make sense as this is covered on ICND2, followed by a shorter section on configuring the zone based firewall via SDM & the firewall wizard.

    Chapter 4, “Fundamentals of Cryptography” was a good but contained some mistakes, like “DES is considered trustworthy” & “Cryptography researchers have scrutinized DES for nearly 35 years and have found no significant flaws”. These statements are wrong, the DES Cracker proved it in the late 90’s or perhaps this is what they were refering to by “because DES is based on simple mathematical functions, it can easily be implemented and accelerated in hardware”.

    Chapter 5, “Site-to-Site VPNs” was enjoyable & lead on from the foundation laid in the previous chapter, setup was also covered from the console this time.

    Chapter 6, “Network Security Using Cisco IOS IPS” covers the fundamentals on the theory side, how to configure it via SDM & more product intro. This chapter is available as a free sample for download.

    Chapter 7, “LAN, SAN, Voice, and Endpoint Security Overview” was 50/50, I enjoyed the SAN section because it was new to me, so there was new information to learn, the endpoint security section covered various attacks & vulnerabilities mixed up with product line info, the voice section was brief covering fundamentals, threats & defence, I didn’t find it very interesting. The chapter finished up with mitigating L2 attacks.

    I didn’t particularly enjoy this book, the first three chapters were pretty tedious to read but it got better in the later ones, overall it lacked flow & felt thrown together.
    It was also disappointing to see the use of TFTP being encouraged in a security book
    “The system that you choose should support TFTP to make it easy to transfer any resulting configuration files to the router” &
    “The added layer of MD5 protection is useful in environments in which the password crosses the network or is stored on a TFTP server”.
    The book is a combination of marketing material on the product line, some technical theory & mainly instructions to navigate the SDM though the console is covered here & there (main focus is SDM but that looks to change for the new exam to CPP).
    As self-study guides go I thought it was better than Stephen McQuerrys 2 books for the R&S CCNA. I’m looking forward to seeing how the CCNA Security book is, I really enjoyed reading Odoms CCNA books & though I’ve not read any of Kevin Wallaces books before, I found the video content he’s published on youtube very good so I’m looking forward to reading his book to prepare for the 640-553 exam.
    If the exam certification guides are generally on parr with Odoms books then in the future I think I will skip the self-study guides & move straight on to the exam certification guides.