What do you think?
Rate this book
Network Security Architectures: Expert Guidance on Designing Secure Networks
A definitive how-to guide to the Cisco security blueprint examines a wide variety of security issues and concepts, furnishes a broad overview of the ins and outs of implementing a comprehensive security plan--from identifying security threats to defending a network--and discusses specific solutions to a variety of security problems. (Beginner)
739 pages, Hardcover
First published April 19, 2004
6 people are currently reading
34 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
April 13, 2021
Published in 2004, the book is not entirely fresh, but has aged well:
"In a departure from most Cisco Press books, the content in this book is largely v e n d o r n e u t r a l ." (P.xxxv), "This book doesn't focus too much on specific products from Cisco Systems or others [...] Instead, this book provides best practices and design principles that don't fundamentally change with each new release of a vendor's product." (P.670)
E.g., problems of asymmetric routing with state-aware security technology (traffic that uses a different path for its return that the original path of request, P.247).
"Although I've seen Mission Impossible once or twice, I'm hardly an expert in top-secret facility design. As such, this is far out of scope for this book." (P.659) Book includes a high-security case study, though.
"This is the wrong book to look at when you need detailed physical security guidelines." (P.655)
Single sign-on (SSO) "is not a realistic goal in today's networks and, as such, is not covered in this book. [...] The most likely option given today's AAA technology constraints is a [glued together, database-synchronized] mixed deployment" (P.331), covered in this book. Today, one trend is even towards zero sign-on (ZSO), replacing passwords with smartphones.
I will not summarize the contents of this 739-pages book, you can read it in the table of contents.
For Convery, network security is a "collection of network-connected devices, technologies, and best practices that work in c o m p l e m e n t a r y ways to provide security to information assets." (P.6).
Since 2004 mobile devices and "cloud computing" became much more present. Newer architectural ideas include software-defined networks (SDN) and "perimeter-less security" for less clearly defined network perimeters aka "zero trust" networks (Google's BeyondCorp, or "the fallacy of zero trust networks" video), mutual-TLS service meshes (transparently via reverse proxies as shown by Airbnb at the 35C3) and the same.
There are more security-as-a-service (SECaaS) businesses such as firewall-as-a-service (FWaaS).
I guess, however, that most of the existing networks still look like the ones described in this 2004-book. The pandemic and more home office may bring changes here.
As a textbook this one is very well organized, has many diagrams and tables, professional but plain language, and little bloat despite > 700 pages (there are some repeated analyses for different contexts, though).
Overall: a little dated but still useful.
"In a departure from most Cisco Press books, the content in this book is largely v e n d o r n e u t r a l ." (P.xxxv), "This book doesn't focus too much on specific products from Cisco Systems or others [...] Instead, this book provides best practices and design principles that don't fundamentally change with each new release of a vendor's product." (P.670)
E.g., problems of asymmetric routing with state-aware security technology (traffic that uses a different path for its return that the original path of request, P.247).
"Although I've seen Mission Impossible once or twice, I'm hardly an expert in top-secret facility design. As such, this is far out of scope for this book." (P.659) Book includes a high-security case study, though.
"This is the wrong book to look at when you need detailed physical security guidelines." (P.655)
Single sign-on (SSO) "is not a realistic goal in today's networks and, as such, is not covered in this book. [...] The most likely option given today's AAA technology constraints is a [glued together, database-synchronized] mixed deployment" (P.331), covered in this book. Today, one trend is even towards zero sign-on (ZSO), replacing passwords with smartphones.
I will not summarize the contents of this 739-pages book, you can read it in the table of contents.
For Convery, network security is a "collection of network-connected devices, technologies, and best practices that work in c o m p l e m e n t a r y ways to provide security to information assets." (P.6).
Since 2004 mobile devices and "cloud computing" became much more present. Newer architectural ideas include software-defined networks (SDN) and "perimeter-less security" for less clearly defined network perimeters aka "zero trust" networks (Google's BeyondCorp, or "the fallacy of zero trust networks" video), mutual-TLS service meshes (transparently via reverse proxies as shown by Airbnb at the 35C3) and the same.
There are more security-as-a-service (SECaaS) businesses such as firewall-as-a-service (FWaaS).
I guess, however, that most of the existing networks still look like the ones described in this 2004-book. The pandemic and more home office may bring changes here.
As a textbook this one is very well organized, has many diagrams and tables, professional but plain language, and little bloat despite > 700 pages (there are some repeated analyses for different contexts, though).
Overall: a little dated but still useful.
April 30, 2012
is was the other text used in my Excelsior graduate course on Communications Security. A good network security primer.
Displaying 1 - 2 of 2 reviews