Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Network Security Auditing

samzenpus posted more than 2 years ago | from the protect-ya-neck dept.

Book Reviews 23

brothke writes "Network Security Auditing is touted as the complete guide to auditing security, measuring risk, and promoting compliance. The book lives up to its promise and is a comprehensive reference to all things network security audit related." Read below for the rest of Ben's review.At almost 450 pages, the book covers all of the key areas around network security that is of relevance to those working in information security. As a Cisco Press title, written by a Cisco technical solutions architect, the book naturally has a heavy Cisco slant to it. Nonetheless, it is still an excellence reference even for those not working in a Cisco environment. While the first 3 chapters of the book provide an overview that is great even for a security newbie, the overall style of the book is highly technical and comprehensive.

Chapters 1-3 provide an introduction to the principles of auditing, information security and the law, and governance, frameworks and standards. Each chapter is backed with a significant amount of information and the reader is presented with a thorough overview of the concepts.

Chapter 3 does a good job of providing the reader with the details of current frameworks and standards, including PCI DSS, ITIL, ISO 17799/27001 and others. Author Chris Jackson does a good job of explaining the differences between them and where they are best used. Given this is a Cisco-centric book, he also shows how the various Cisco security products can be integrated for such regulatory and standards support.

Throughout the book, the author makes excellent use of many auditing checklists for each area that can be used to quickly ascertain the level of security audit compliance.

Chapter 6 is perhaps the best chapter in the book on the topic of Policy, Compliance and Management, and the author provides an exceptionally good overview of the need for auditing security policies. This is a critical area as far too many organizations create an initial set of information security policies, but subsequently never take the time to go back and see if they are indeed effective and providing the necessary levels of data protection.

Jackson notes that accessing the effectiveness of a policy requires the auditor to look at the policy from the viewpoint of those who will interpreting its meaning. A well intentioned policy might recommend a particular course of action, but unless specific actions are required, there is little an organization can expect the policy to actually accomplish to help the organization protect its data assets if it is misinterpreted.

The chapter suggests that the auditor ask questions such as: is the policy implementable, enforceable, easy to understand, based on risk, in line with business objectives, cost effective, effectively communicated and more. If these criteria are not well-defined and delineated, then the policies will exist in text only, offering little information security protection to the organization.

Jackson also writes of the need to measure how well policies are implemented as part of a security assessment. He suggested using a maturity model as a way to gauge if the organization is in its evolution towards fully integrating security into its business process or if it already has a formal integration process in place.

In chapter 8 on Perimeter Intrusion Prevention, Jackson writes that protecting a network perimeter used to be a relatively easy task. All an organization would have to do is stick a firewall on its Internet connection, lock down the unused ports and monitor activity. But in most corporate networks today, the perimeter has been significantly collapsed. If you compound that with increased connectivity, third-party access, and more; and then bring in advanced persistent threats into the equation, it is no longer a simple endeavor to protect a network.

Chapter 8 provides detailed framework on how to perform a perimeter design review and assessment. As part of the overall review, the chapter details other aspects of the assessment including the need for reviews of the logical and physical architectures, in addition to a review of the firewall. Jackson also lists a large number of security tools that can be used to during an audit.

Chapter 11 covers endpoint protection with a focus on the end-user. Jackson notes that users never cease to amaze with their abilities to disappoint by opening suspicious file attachments, running untrusted Facebook applications, and much more. The book notes that organizations today face significantly higher levels of risk from endpoint security breaches than ever before due to our highly mobile and connected workforce.

The chapter details an endpoint protection operational control review that can be used to assess the organizations processes for identifying threats and performing proactive management of endpoint devices. While the chapter is quite Cisco-centric, with references to the Cisco SIO (Security Intelligence Operations) and a number of other Cisco products, the chapter does provide a good overview of the fundamentals of endpoint protection and how to do it the right way.

Overall, Network Security Auditing is highly technical and detailed reference that makes for an excellent primary reference on the fundamental of information security. With ample amounts of checklist, coding references, detailed diagrams and just the right amount of screen shots, it makes an excellent guide that any member of an IT or security group should find quite informative.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Network Security Auditing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


hymenical counsel to meet for biblical review (-1)

Anonymous Coward | more than 2 years ago | (#35932714)

it's just not in there. other possibly fictitious dogmas are also being reviewed in contemplation of revoking the chosen ones' holycosters self-appointed earth based deitical rulership over us, citing deception & unnatural death generation as grounds for their dismissal to the abyss, forming in mebotuh.

Has anyone thought to... (1)

wbav (223901) | more than 2 years ago | (#35932768)

Send a copy to Sony?

Sounds like they could use a copy.

Re:Has anyone thought to... (0)

Anonymous Coward | more than 2 years ago | (#35933000)

Aww shucks! That's the one I was missing!

I had it on my TODO list in my OtherOS .. then I coudn't access it anymore.

Changes? (1)

vlm (69642) | more than 2 years ago | (#35933038)

Does it discuss the continuous changes in the "information security and the law, and governance" areas?

Are the book editions updated and released faster than the politicians and judges can make it obsolete?

Cisco Trash (1)

Anonymous Coward | more than 2 years ago | (#35933896)

I own this book and I work in CompSec. Despite the summary it's just another piece of Cisco-centric trash. If you already study or work in IT Security you won't find much in here that you can't find elsewhere and in a much better form.

Re:Cisco Trash (0)

Anonymous Coward | more than 2 years ago | (#35934696)

and this much better form is where? Please back your trash talking with some references. Otherwise, ur just a troll.

Re:Cisco Trash (1)

Anonymous Coward | more than 2 years ago | (#35934720)

Can you be more specific about the trash and submit some links or titles you find more valuable. Thanks!

Re:Cisco Trash (0)

Anonymous Coward | more than 2 years ago | (#35938008)

The publisher is "Cisco Press", what were you expecting?

Re:Cisco Trash (1)

idontthinktwice (2084556) | more than 2 years ago | (#35961884)

dude, if I want info on cisco products, wouldn’t Cisco Press BE the book to read? If I want into on Juniper, then I read Juniper Press Books. If I want into on Checkpoint, then I read Checkpoint Press Books. Why do you knock publichsers of books you dont ever read or know about. That is soooooooo mean.

Re:Cisco Trash (1)

idontthinktwice (2084556) | more than 2 years ago | (#35961804)

besides a blindside bash of the book, do you have anything to back up your observation? you may own the book, BUT DID YOU READ THE BOOK? the reviewer seems to think there is good contents in the book, what do you see wrong? please say w/o blindsite comments

Re:Cisco Trash (0)

Anonymous Coward | more than 2 years ago | (#35966918)

your comment is trash

Not likely written by a security researcher. (2)

VortexCortex (1117377) | more than 2 years ago | (#35938766)

The following should cause most security researchers to raise a skeptical eyebrow:

"Network Security Auditing is touted as the complete guide to auditing security, measuring risk, and promoting compliance. The book lives up to its promise and is a comprehensive reference to all things network security audit related."

Emphasis mine.

Seriously folks, nearly all security researchers know that even if a "complete guide" to security were written, it would almost immediately need to be amended. Security is a moving target, new topics of interest and new exploits are discovered nearly every day; Thus, as soon as this book was written another "security audit related" topic most likely needed to be added to the reference in order for it to "live up to its promise" of being a "comprehensive reference to all things network security audit related."

By which I mean: It most likely has never lived up to the promise the review alludes to.

Additionally, most experienced security researchers learn early on that there are exceptions to almost every rule, and to be very careful when speaking of absolutes in order to avoid making false statements especially concerning edge cases. Re-read what I've written for a demonstration. Statements that are worded in such absolute terms should be a red flag, tipping off security minded individuals that the statements are most likely false if not in a few instances, then in many of them...

Not even a 999 nonnillion bit encryption key is absolutely secure -- there's still a slim chance the attacker will guess correctly...

Re:Not likely written by a security researcher. (1)

idontthinktwice (2084556) | more than 2 years ago | (#35961956)

dude, mellow out..just cause the marketing people had marketed as a complete guide to auditing security, measuring risk, and promoting compliance does not mean that it is not a good read. No book is 100% complete, so get a grip. Yes, a book is obsolete to a degree by the time it is published. But that still meants that there is still a lot of good info. Don’t be so mean with your comments. lets see you write a book!!!!!

Re:Not likely written by a security researcher. (0)

Anonymous Coward | more than 2 years ago | (#35966576)

And neither is your comment!!!

Book Review: Network Security Auditing (0)

Anonymous Coward | more than 2 years ago | (#35939170)

Thank you for this article. That’s all I can say. You most definitely have made this blog into something special. You clearly know what you are doing, you’ve covered so many bases.Thanks!
christian louboutin

A good book review about a good book (1)

idontthinktwice (2084556) | more than 2 years ago | (#35962040)

Hi, Just wanted to say this is a good book review about a good book. Why do all the comments have nothing to do with the book or the review? I am having that buck stop here!! Hope others step up to that plate. Mike

Re:A good book review about a good book (0)

Anonymous Coward | more than 2 years ago | (#35966040)

touche! i agfre

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account