Reviews & Interviews

The VIRL Book – A Guide to Cisco’s Virtual Internet Routing Lab (Cisco Lab)

2016-10-25T19:14:47+11:00

Cisco’s Virtual Internet Routing Lab (VIRL) is a network simulation tool developed by Cisco that allows engineers, certification candidates and network architects to create their own Cisco Lab using the latest Cisco IOS devices such as Routers, Catalyst or Nexus switches, ASA Firewall appliances and more.

Read Jack Wang's Introduction to Cisco VIRL article to find out more information about the product

Being a fairly new but extremely promising product it’s quickly becoming the standard tool for Cisco Lab simulations. Managing and operating Cisco VIRL might have its challenges, especially for those new to the virtualization world, but one of the biggest problems has been the lack of dedicated online resources for VIRL management leaving a lot of unanswered questions on how to use VIRL for different types of simulations, how to build topologies, how to fine tune them etc.

The recent publication of “The VIRL Book’ by Jack Wang has changed the game for VIRL users. Tasks outlined above plus a lot more are now becoming easier to handle, helping users manage their VIRL server in an effective and easy to understand way.

The introduction to VIRL has been well crafted by Jack as he addressed each and every aspect of VIRL, why one should opt for VIRL, what VIRL can offer and how it different from other simulation tools.

This unique title addresses all possible aspects of VIRL and has been written to satisfy even the most demanding users seeking to create complex network simulations. Key topics covered include:

Planning the VIRL Installation
Installing VIRL
Creating your first simulation
Basic operation & best practices,
Understanding the anatomy of VIRL
External Connectivity to the world
Advanced features
Use VIRL for certifications
Running 3^rd party virtual machines
Sample Network Topologies

The Planning the VIRL Installation section walks through the various VIRL installation options, be it a virtual machine, bare metal installation or on the cloud, what kind of hardware suits the VIRL installation. This makes life easier for VIRL users to ensure they are planning well and selecting the right hardware for their VIRL installation.

Figure 1. Understanding the Cisco VIRL work-flow

The Installing VIRL section is quite engaging as Jack walks through the installation of VIRL on various virtual platforms such as VMware vSphere ESXI, VMWare Fusion, VMWare Workstation, Bare-Metal and on the cloud. All these installations are described simple steps and with great illustrations. The troubleshooting part happens to be the cream of this section as it dives into small details such as bios settings and more, proving how attentive the author is to simplifying troubleshooting.

The Creating your first simulation section is a very helpful section as it goes though in depth about how to create a simulation, comparison of Design mode and Simulation mode, generating initial configurations etc. This section really helped us to understand VIRL in depth and especially how to create a simulation with auto configurations.

The External connectivity to the world section helps the user open up to a new world of virtualization and lab simulations. Jack really mastered this section and simplified the concepts of FLAT network and SNAT network while at the same time dealing with issues like how to add 3^rd party virtual machines into VIRL. The Palo Alto Firewall integration happens to be our favorite.

To summarize, this title is a must guide for all Cisco VIRL users as it deals with every aspect of VIRL and we believe this not only simplifies the use of the product but also helps users understand how far they can go with it. Jack’s hard work and insights are visible in every section of the book and we believe it’s not an easy task to come out with such a great title. We certainly congratulate Jack. This is a title that should not be missing from any Cisco VIRL user’s library.

Cisco Press Review for “Cisco Firepower and Advanced Malware Protection Live Lessons” Video Series

2016-10-02T19:12:29+11:00

Title:            Cisco Firepower & Advanced Malware Protection Live Lessons
Authors:        Omar Santos
ISBN-10: 0-13-446874-0
Publisher:     Cisco Press
Published:    June 22, 2016
Edition:         1st Edition
Language:    English

The “Cisco Firepower and Advanced Malware Protection Live Lessons” video series by Omar Santos is the icing on the cake for someone who wants to start their journey of Cisco Next-Generation Network Security. This video series contains eight lessons on the following topics:

Lesson 1: Fundamentals of Cisco Next-Generation Network Security

Lesson 2: Introduction and Design of Cisco ASA with FirePOWER Services

Lesson 3: Configuring Cisco ASA with FirePOWER Services

Lesson 4: Cisco AMP for Networks

Lesson 5: Cisco AMP for Endpoints

Lesson 6: Cisco AMP for Content Security

Lesson 7: Configuring and Troubleshooting the Cisco Next-Generation IPS Appliances

Lesson 8: Firepower Management Center

Lesson 1 deals with the fundamentals of Cisco Next-Generation Network Security products, like security threats, Cisco ASA Next-Generation Firewalls, FirePOWER Modules, Next-Generation Intrusion Prevention Systems, Advanced Malware Protection (AMP), Email Security, Web Security, Cisco ISE, Cisco Meraki Cloud Solutions and much more. Omar Santos has done an exceptional job creating short videos, which are a maximum of 12 minutes, he really built up the series with a very informative introduction dealing with the security threats the industry is currently facing, the emergence of Internet of Things (IOT) and its impact and the challenges of detecting threats.

Lesson 2 deals with the design aspects of the ASA FirePOWER Service module, how it can be deployed in production networks, how High-Availability (HA) works, how ASA FirePOWER services can be deployed at the Internet Edge and the VPN scenarios it supports. The modules in this lesson are very brief and provide an overview. If someone were looking for in-depth information they must refer to Cisco documentation.

Lesson 3 is the most important lesson of the series as it deals with the initial setup of the Cisco ASA FirePOWER Module in Cisco ASA 5585-X and Cisco ASA 5500-X appliances, also Omar demonstrates how Cisco ASA redirects traffic to the Cisco ASA FirePOWER module and he concludes the lesson with basic troubleshooting steps.

Lessons 4, 5 and 6 are dedicated to Cisco AMP for networks, endpoints and content security. Omar walks through an introduction to AMP, each lesson deals with various options, it’s a good overview of AMP and he’s done a commendable job keeping it flowing smoothly. Cisco AMP for endpoint is quite interesting as Omar articulates the info in a much easier way and the demonstrations are good to watch.

The best part of this video series is the Lesson that deals with the configuration of Cisco ASA with FirePOWER services, in a very brief way Omar shows the necessary steps for the successful deployment in the Cisco ASA 5585-X and Cisco ASA 5500-X platform.

The great thing about Cisco Press is that it ensures one doesn’t need to hunt for reference or study materials, it always has very informative products in the form of videos and books. You can download these videos and watch them at your own pace.

To conclude, the video series is really good to watch as it deals with various topics of Cisco Next-Generation Security products in less than 13 minutes, the language used is quite simple and easy to understand, however, this video series could do with more live demonstrations especially a demonstration on how to reimage the ASA appliances to install the Cisco FirePOWER module.

This is a highly recommended product especially for engineers interested in better understanding how Cisco’s Next-Generation security products operate and more specifically the Cisco FirePOWER services, Cisco AMP and advanced threat detection & protection.

Cisco CCNP Routing & Switching v2.0 – Official Cert Guide Library Review (Route 300-101, Switch 300-115 & Tshoot 300-135)

2015-06-01T16:18:41+10:00

Title:          Cisco CCNP Routing & Switching v2.0 – Official Cert Guide Library
Authors:    Kevin Wallace, David Hucaby, Raymond Lacoste
ISBN-13:    978-1-58720-663-4
Publisher: Cisco Press
Published: December 23rd, 2014
Edition:      1st Edition
Language: English

Reviewer: Chris Partsenidis

The Cisco CCNP Routing and Switching (CCNP R&S) certification is the most popular Cisco Professional series certification at the moment, requiring candidates sit and pass three professional level exams: Route 300-101, Switch 300-115 & Tshoot 300-135.

The Cisco Press CCNP R&S v2.0 Official Cert Guide Library has been updated to reflect the latest CCNP R&S curriculum updates (2014) and is perhaps the only comprehensive study guide out there, that guarantees to help you pass all three exams on your first try, saving money, time and unwanted disappointments – and ‘no’ - this is not a sales pitch as I personally used the library for my recently acquired CCNP R&S certification! I’ll be writing about my CCNP R&S certification path experience very soon on Firewall.cx.

The CCNP R&S v2 Library has been written by three well-known CCIE veteran engineers (Kevin Wallace, David Hucaby, Raymond Lacoste) and with the help and care of Cisco Press, they’ve managed to produce the best CCNP R&S study guide out there. While the CCNP R&S Library is aimed for CCNP certification candidates – it can also serve as a great reference guide for those seeking to increase their knowledge on advanced networking topics, technologies and improve their troubleshooting skills.

The Cisco Press CCNP R&S v2 Library is not just a simple update to the previous study guide. Key topics for each of the three exams are now clearer than ever, with plentiful examples, great diagrams, finer presentation and analysis.

The CCNP Route exam (300-101) emphasizes on a number of technologies and features that are also reflected in the ROUTE study guide book. IPv6 (dual-stack), EIGRP IPv6 & OSPF IPv6, RIPng (RIP IPv6), NAT (IPv4 & IPv6), VPN Concepts (DMVPN and Easy VPN), are amongst the list of ‘hot’ topics covered in ROUTE book. Similarly the CCNP Switch exam (300-115) emphasizes, amongst other topics, on Cisco StackWise, Virtual Switching Service (VSS) and Advanced Spanning Tree Protocol implementations – all of which are covered extensively in the SWITCH book.

Each of the three books is accompanied by a CD, containing over 200 practice questions (per CD) that are designed to help prepare the candidate for the real exam. Additional material on each CD includes memory table exercises and answer keys, a generous amount of videos, plus a study planner tool – that’s pretty much everything you’ll need for a successful preparation and achieving the ultimate goal: passing each exam.

Using the CCNP R&S v2 Library to help me prepare for each CCNP exam was the best thing I did after making the decision to pursue the CCNP certification. Now it’s proudly sitting amongst my other study guides and used occasionally when I need a refresh on complex networking topics.

GFI’s LANGUARD Update – The Most Trusted Patch Management Tool & Vulnerability Scanner Just Got Better!

2014-06-11T20:56:55+10:00

GFI’s LanGuard is one of the world’s most popular and trusted patch management & vulnerability scanner products designed to effectively monitor and manage networks of any size. IT Administrators, Network Engineers and IT Managers who have worked with Languard would surely agree that the above statement is no exaggeration.

Readers who haven’t heard or worked with GFI’s LanGuard product should definitely visit our LanGuard 2014 product review and read about the features this unique network security product offers and download their free copy.

GFI recently released an update to LanGuard, taking the product to a whole new level by providing new key-features that have caught us by surprise.

Following is a short list of them:

Mobile device scanning: customers can audit mobile devices that connect to Office 365, Google Apps and Apple Profile Manager.
Expanded vulnerability assessment for network devices: GFI LanGuard 2014 R2 offers vulnerability assessment of routers, printers and switches from the following vendors: Cisco, 3Com, Dell, SonicWALL, Juniper Networks, NETGEAR, Nortel, Alcatel, IBM and Linksys.
CIPA compliance reports: CIPA compliance reports: additional reporting to ensure US schools and libraries adhere to the Children’s Internet Protection Act (CIPA). GFI LanGuard has now dedicated compliance reports for 11 security regulations and standards, including PCI DSS, HIPAA, SOX and PSN CoCo.
Support for Fedora: Fedora is 7th Linux distribution supported by LanGuard for automatic patch management
Chinese Localization: GFI LanGuard 2014 R2 is now also available in Chinese Traditional and Simplified versions.

One of the features we loved was the incredible support of Cisco products. With its latest release, GFI LanGuard supports over 1500 different Cisco products ranging from routers (including the newer ISR Gen 2), Catalyst switches (Layer2 & Layer3 switches), Cisco Nexus switches, Cisco Firewalls (PIX & ASA Series), VPN Gateways, Wireless Access points, IPS & IDS Sensors, Voice Gateways and much more!

CCIE Collaboration Quick Reference Review

2014-05-20T16:59:41+10:00

Title:            CCIE Collaboration Quick Reference
Authors:        Akhil Behl
ASIN:     B00KDIM9FI
Publisher:      Cisco Press
Published: May 16, 2014
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

This ebook has been designed for a specific target audience, as the title of the book suggests, hence it cannot be alleged that it is not suitable for all levels of Cisco expertise. Furthermore, since it is a quick reference, there is no scope for something like poetic licence. As a quick reference, it achieves the two key aims:

1) Provide precise information

2) Do it in a structured format

And eliminate any complexity or ambiguity on the subject matter by adhering to these two key aims.

Readers of this review have to bear in mind that the review is not about the content/subject matter and its technical accuracy. This has already been achieved by the technical reviewer, as mentioned in the formative sections of the ebook. This review is all about how effectively the ebook manages to deliver key information to its users.

So, to follow up on that dictum, it would be wise to scan through how the material has been laid out.

It revolves around the Cisco Unified Communication (UC) workspace service infrastructure and explains what it stands for and how it delivers what it promises. So the first few chapters are all about the deployment of this service. Quality of Service (QoS) follows deployment. This chapter is dedicated entirely towards ensuring the network infrastructure will provide the classification of policies and scheduling for multiple network traffic classes.

The next chapter is Telephony Standards and Protocols. This chapter talks about the various voice based protocols and their respective criteria. These include analog, digital and fax communication protocols.

From this point onwards the reference material concentrates purely on the Cisco Unified Communication platform. It discusses the relevant subsections of CUCM in the following line-up:

Cisco Unified Communications Manager
Cisco Unified Communications Security
Cisco Unity Connection
Cisco Unified Instant Messaging and Presence
Cisco Unified Contact Centre Express
Cisco IOS Unified Communications Applications &
Cisco Collaboration Network Management

In conclusion, what we need to prove or disprove are the key aims of a quick reference:

Does it provide precise information? - The answer is Yes. It does so due to the virtue that it is a reference guide. Information has to be precise as it would be used in situations where credibility or validity won't be questioned.

Does it do the above in a structured manner? - The answer is Yes. The layout of the chapters in its current form helps to achieve that. The trajectory of the discussion through the material ensures it as well.

Does it eliminate any complexity and ambiguity? - The answer again is Yes. This is a technical reference material and not a philosophical debate penned down for the benefit of its readers. The approach of the author is very simplistic. It follows the natural order of events from understanding the concept, deploying the technology and ensuring quality of the services, to managing the technology to provide a robust efficient workspace environment.

In addition to the above proof it needs to be mentioned that, since it is an eBook, users will find it easy to use it from various mobile platforms like tablets or smart phones. It wouldn’t be easy to carry around a 315 page reference guide, even if it was printed on both sides of the paper!

For its target audience, this eBook will live up to its readers expectations and is highly recommended for anyone pursuing the CCIE Collaboration or CCNP Voice certification.

CCIE Collaboration Quick Reference Exam Guide

2014-04-29T14:00:00+10:00

Title:             CCIE Collaboration Quick Reference
Authors:        Akhil Behl
ISBN-10(13): 0-13-384596-6
Publisher:      Cisco Press
Published:    May 2014
Edition:          1st Edition
Language:      English

This title addresses the current CCIE Collaboration exam from both written and lab exam perspective. The title helps CCIE aspirants to achieve CCIE Collaboration certification and excel in their professional career. The ebook is now available for pre-order and is scheduled for release on 16 May 2014.

Here’s the excerpt from Cisco Press website:

CCIE Collaboration Quick Reference provides you with detailed information, highlighting the key topics on the latest CCIE Collaboration v1.0 exam. This fact-filled Quick Reference allows you to get all-important information at a glance, helping you to focus your study on areas of weakness and to enhance memory retention of important concepts. With this book as your guide, you will review and reinforce your knowledge of and experience with collaboration solutions integration and operation, configuration, and troubleshooting in complex networks. You will also review the challenges of video, mobility, and presence as the foundation for workplace collaboration solutions. Topics covered include Cisco collaboration infrastructure, telephony standards and protocols, Cisco Unified Communications Manager (CUCM), Cisco IOS UC applications and features, Quality of Service and Security in Cisco collaboration solutions, Cisco Unity Connection, Cisco Unified Contact Center Express, and Cisco Unified IM and Presence.

This book provides a comprehensive final review for candidates taking the CCIE Collaboration v1.0 exam. It steps through exam objectives one-by-one, providing concise and accurate review for all topics. Using this book, exam candidates will be able to easily and effectively review test objectives without having to wade through numerous books and documents for relevant content for final review.

Table of Contents

Chapter 1 Cisco Collaboration Infrastructure
Chapter 2 Understanding Quality of Service
Chapter 3 Telephony Standards and Protocols
Chapter 4 Cisco Unified Communications Manager
Chapter 5 Cisco Unified Communications Security
Chapter 6 Cisco Unity Connection
Chapter 7 Cisco Unified IM Presence
Chapter 8 Cisco Unified Contact Center Express
Chapter 9 Cisco IOS UC Applications
Chapter 10 Cisco Collaboration Network Management

Click here to read Firewall.cx's review

If you are considering sitting for your CCIE Collaboration exam, then this is perhaps one of the most valuable resources you'll need to get your hands on!

The Business Case For Network Security

2014-02-09T22:02:58+11:00

Title:            The Business Case For Network Security
Authors:        Catherine Paquet, Warren Saxe
ISBN-10(13): 1587201216
Publisher:      Cisco Press
Published: December 23, 2004
Edition:         1st Edition
Language:     English

Ever wished you grabbed a network security title off the shelf and found it to be comprehensive enough, covering hot topics such as security policies, risk management, top-level attacks and security threats in a non-technical manner, but without compromising quality and important information?

If so, then this is your book.

Catherine Paquet, Warren Saxe and Cisco Press have managed to produce what seems to be more than just ‘another fine title'.

The Business Case For Network Security is a book aimed at people.

The book is well written using simple English language, allowing people of all levels to clearly understand the topics analysed. The target audience would seem to be people in a managerial position or network professionals who require basic understanding of network threats, security measures, risk assessment tools etc., without getting into the details required by a programmer or security auditor.

So what's covered?

The book has 3 main sections:

• Vulnerabilities and Technologies

• Human and Financial Issues

• Policies and Future

Vulnerabilities and Technologies

The first section is certainly a favourite!

It starts by introducing the reader to the world of security by exposing the damage caused by exploits and hackers in general.

Continuing with a small yet effective analysis of ‘the hacker', where they come from, how they are categorised, the authors then move into the popular topic ‘categories of attacks'. Here are just a few illustrated and well documented attacks outlined in the book:

Buffer Overflow and Bandwidth Consumption
Domain Name Hijacking
Mail Bomb
Distributed Denial of Service Attack
Footprinting
Eavesdropping
Password Attack

Even the new wireless attacks are included here, along with the famous ‘Social Engineering Tactics'!

The authors take the reader through ways to protect a network from these types of attacks. Virus protection, traffic filtering, encryption, content filtering, assessment and auditing are a few of the methods and tactics analysed.

Human and Financial Issues

The second section is where this wonderful book starts to really move away from your everyday security book. It discusses in detail how company managers are able to ‘secure' their network by enforcing policies and providing strict guidelines to their employees.

This is a topic many books fail to cover in the detail required. Some don't mention it at all. If you consider that the ‘human factor' still remains the greatest threat of all, then you'll understand how important this topic is. The book does a great job by not only fully covering the topic, but also providing useful information to help managers start thinking and acting accordingly.

A generous 130 pages are devoted to this section and here are a few of the topics discussed:

Securing the Organization: Equipment and Access
Managing the Availability and Integrity of Operations
Mobilizing the Human Element: Creating a Secure Culture
Determining Rules and Defining Compliance
Ensuring a Successful Security Policy Approach
Involving the Board
Recognizing the Goals of the Corporation
Outlining Methods IT Managers Can Use to Engage the Organization
Risk Aversion and Security Topologies
Return on Prevention: Investing in Capital Assets

We don't want to tell you all the topics, but from this sample you get the idea. Guidelines for creating policies is not something you'll find easy and most IT Managers end up turning to security companies to provide them with the information contained in this book!

Policies and Future

The last section of the book extends the policies to provide more sophisticated technical ‘hands-on' policies. These polices are the key elements your engineers (or you) will use to ensure your security systems and network(s) are safeguarded from the prying eyes of hackers.

The reader is given an understanding of the purposes of the various policies available and how they can be implemented. Physical security policies, access-control policies, VPN and encryption policies, Data sensitivity, retention and ethics policies are just a few.

The authors make it clear that ‘Security is a Living Process' and describe methodology required to ensure you're not caught off-guard by uninvited guests.

Overall the book gets the thumbs up, and is highly recommended to IT Managers, networking professionals and business executives seeking to asses their organisations risks and introduce mechanisms to protect their investments, data and integrity.

This book is a goldmine of vital information, so get out there and grab yourself a copy – you surely won't regret it!

Firewalls and Internet Security: Repelling the Wily Hacker

2014-02-09T22:02:58+11:00

Title:         Firewalls and Internet Security: Repelling the Wily Hacker
Authors:        William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin
ISBN-10(13): 020163466X
Publisher:      Addison-Wesley Professional
Published: March 6, 2003
Edition:         2nd Edition
Language:     English

Yet another worthwhile book for us all in the IT industry!

Addison-Wesley in cooperation with William Cheskwick, Steven Bellovin and Aviel Rubin have produced yet another well-researched publication. This book is all about Internet security, firewalls, VPNs and much more, all of which are hot topics and renowned buzzwords within today's IT industry.

In the first chapter, the authors express their view on network security and demonstrate the different methods an Administrator can use in order to secure their network(s). This is carried out by categorizing security into Host-Based and Perimeter security.

The second and third chapters are approximately 50 pages covering basic protocols, including IPv6, DNS, FTP, SNMP, NTP, RPC-based protocols and a several more like the famous NAT. The chapters are concluded with a summary on wireless security.

The next five chapters (chapter 4 to 8 inclusive), analyze various attacks used against networks and server operating systems in an attempt to exploit them. There is a wealth of information concerning hacking, allowing the reader to enter the mind of a hacker in terms of what they think and how they proceed to meet their goal.

One complete chapter is dedicated to various password tactics in which one can ensure that a hacker's life is made more difficult should they attempt to break into a few accounts using well-known methods related to password guessing. CHAP, PAP, Radius and PKI are also analyzed.

Chapter 9 to 12 are dedicated to Firewalls and VPNs which, in passing, happen to be my favourite chapters. They offer an in-depth analysis of the Firewall concept, packet filtering, application-level filtering and circuit level gateways. It proceeds with information about the filtering services, giving detailed examples on how one could use IPChains to create a simple or complex set of rules to efficiently block/permit packets entering in and out the network. This is perhaps the only downside to this informative book, where IPTables would have been beneficial to include, since people rarely use IPchains these days.

Lastly, chapter 12 talks about VPNs, their encryption methods, and considers both their weaknesses and advantages.

In addition to this, the book continues with several more chapters covering general questions that may arise for the reader, such as intranet routing, administration security and intrusion detection systems.

Towards the end, the authors talk about their personal experiences with people trying to hack into their companies and, as a result, explain the step- by- step process of how they managed to fight them and secure their networks. These pages are simply a goldmine for anyone interested in this area.

In summary, I'd say that the book is well worth its money and would suggest it to anyone interested in network security and firewalls. I am certain they won't be disappointed simply because the book has a lot to offer.

CCENT - CCNA 640-802 Official Certification Library 3rd Edition

2014-02-09T22:02:58+11:00

Title:         CCENT - CCNA 640-802 Official Certification Library 3rd Edition
Authors:        Wendell Odom
ISBN-10(13): 1-58720-438-X
Publisher:      Cisco Press
Published: December 10th, 2011
Edition:         3rd Edition
Language:     English

I have always wanted to review a book in which I wouldn’t have to use terms like ‘not for the beginners’, ‘power users only’, ‘not the for non – initiated’. People will find it quite hard to believe but the titles I am about to discuss, is more than capable of taking a complete novice to a much more competent level. Networking is a vast, expanding field and for someone who has no prior knowledge and experience, the titles are a great platform to embark on that journey of learning.

I will go through this review, in the same trajectory I went through in my mind as I read through the material, and how they appealed to me. I will talk holistically about both titles at the same time, as apart from the subject matter differing for the obvious reasons, they both have the same merits in terms of style, delivery and impact.

Salient Features

I must agree, the hard bound books can be a bit daunting to look at when you take them out of the equally hard bound box. But then one must appreciate the accomplishment of the writer when you go through the material itself. The books are quite sturdy and if any topic should frustrate you, both these books can take a fair amount of beating. But I would advise, it is better to take a deep breath, go away and try to tackle it another day. I find this technique, much better than nursing an injured wrist or even knuckles, while trying to punch them in frustration.

When I started learning about networks a long time ago, I didn’t have either of these titles as an aid. And now that I have, I can straightaway know what I was missing out on. I have been in lectures and seminars, where people did their level best to make things complicated and scare me away.

I should have spared myself from all that hassle and just sat down with these books instead. For those of you, who feel the same, don’t feel left out. Grab these titles with both hands (and both feet, if you’re feeling that enthusiastic). I cannot guarantee you will become next to demi – gods in Cisco, but I can assure you, that you won’t regret it.

We sometimes forget the purpose of a book, the moment there is an exam or assessment at the end of a piece of text/material. The content of the book(s) become irrelevant. The book becomes a means to an end or in this case the certification. The objective changes, from learning, to obtaining a badge. I cannot emphasise enough, how important it is to understand and conceptualise the topics in your head, in comparison to memorising the content and throwing it up in an exam. These books are a foundation to a journey which is both rewarding and prestigious.

The writer has gone to great lengths to ensure the books serve this purpose. I’m not denying the fact that there is an exam that you would want to pass. And this is another area these books excel in as well. I have frankly, never seen a more structures, and lucid explanation on exam preparation. The writer gives you the road map for this. But my personal opinion is, once you travel on that road and near your destination, you will be so engrossed and immersed in the journey itself, the destination would just be another milestone you pass by. I bet you, you won’t stop at just a CCNA!

Worth mentioning are some features like ‘Do I already know this?’ (DIAKT) quiz. I remember getting frustrated when I would get this wrong. But I later realised that I’m not meant to know it all. If I did, why was I reading these books in the first place? The objective is to teach, if I have learnt it already, what’s the use of walking into the classrooms? On the flip side, I also realised that if I did get all the DIAKT questions right, it still made good sense of going through the chapters anyway. Nothing clears your vision than a dose of re-vision!

I also liked the ‘Note’ sections which are well placed all over each and every chapter. Whenever it said ‘Note’, you do make a mental note of it. Then they tend to get imprinted in your memory for ever. This was immensely helpful and rewarding at times, especially in terms of the CCNA exam.

If the 1500 plus pages doesn’t quench your thirst, there are 2 DVDs to devour on. They contain loads of practice sessions, scenarios, and videos to learn from.

All the chapters in both books follow a very logical rhythm and they have been sub – divided into optimum sized chunks to enable maximum comprehension for all types of readers. The quantity of aids i.e. figures, images, schematics, tables and diagrams are quite exhaustive and enhance the ease of comprehension. Apart from the subject matter put down in simple words, each and every image, does paint a thousand words themselves!

Summary

In conclusion, I would sum it up by saying that both books individually and together, form a very rewarding learning tool. Even when you have finished reading both of them, and passed your certification, you will tend to go back to them every now and them for a refresher. They also serve the purpose of a good reference guide. This is a solid foundation for anyone who wants to climb the ladder in networking, become a professional and gain knowledge in core Cisco products. Not the mention, they are so effective in introducing an amateur to the world of networking. Certain people might argue that there are so many other books that might serve the same purpose in varying degree of success.

My opinion is that, these books not only are a stepping stone for networking, but also a great tool in obtaining a professional qualification. I would recommend these titles, and the certification itself for anyone who wants to have a career in networking.

If I was asked to point out something that was missing from these books, the only thing I could possibly say, would be a reference to Cisco’s recommended CCNA Network Academy website, www.Firewall.cx :)

The Ruby Way

2014-02-09T22:02:58+11:00

Title:               The Ruby Way
Authors:           Hal Fulton
ISBN-10(13): 0672328844
Publisher:         Addison-Wesley Professional
Publication date: November 4, 2006
Edition:            2nd Edition
Language:        English

Ruby is best described as an object-oriented language, and is very similar to Smalltalk. Overall, the book is well written and contains useful examples throughout.

However, I feel the first point worth stating is that if you're new to Ruby then this book is not for you. Whilst it does cover Ruby in depth, it is aimed at the developer who has already mastered the basics of the Ruby language. Although readers who are familiar with Object orientated development may be able to grasp the concepts described in the first chapter, there are a number of alternative books that better suit the beginner.

That said, this is a highly comprehensive book. Each section is broken down into logical sections with detailed explanation and code examples, allowing the reader to develop code while they make their way through the book. Each chapter breaks down the core libraries into manageable sections starting with strings, regular expressions, time functions and progressing on to other, more complex areas such as threads, socket programming and distribution of code.

The book seems to lack depth in the basic areas of Ruby development, my main complaint being that structure and syntax are not covered sufficiently for the beginner. Some readers may be able to "read around" this subject, using tutorials or another beginner's guide, however, this defeats the point of buying a book that suggests it is suitable for beginners.

Section 1.5 (training your intuition) is, without a doubt, the section most readers will find beneficial. Providing an easy layout covering syntax issues, case conditions and a useful section relating to "rubyisms", such as differences between subclasses / inheritance and the "singleton" classes and iteration within Ruby. This section includes a vast amount of code examples allowing the user to flick straight to it in order to get real world examples.

Overall rating

I would recommend this book only if you were planning to purchase 2 or 3 beginner books. As an insight into the various libraries and books the book works very well, helping the user quickly grasp the concepts. Rating of this book needs to be performed from two perspectives: The "Ruby newbie" and "Ruby beginner".

Ruby Newbies

Whilst most OOP developers would be able to pick up this book and use it to learn, newcomers would definitely find this hard going. I would recommend “Programming Ruby: The Pragmatic Programmer's Guide, Second Edition” for new developers and OOP developers with no Ruby exposure.

Ruby beginner

This book will serve as a good reference point throughout your Ruby development lifetime, and you will find yourself referring to it time and time again. Teaching you Ruby one concept at a time helps the beginner grasp the basics without having to delve into chapters of "Hello World" based applications.

Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

2014-02-09T22:02:58+11:00

Title:            Best Practices & Strategies for J2EE, Web Services & Identity Management
Authors:        Christopher Steel, Ramesh Nagappan, Ray Lai
ISBN-10(13): 0131463071
Publisher:      Prentice Hall
Published:     October 24, 2005
Edition:      1st Edition
Language:     English

If you ever want to understand about security and its role in the development of J2EE enterprise-level applications, then you should consider buying this book from your local bookstore.

The authors have done an excellent job in explaining the basics of security as it applies to the most common business practices, as well as deliver intricate details on the inner workings of the Java platform security architecture. Even though this book covers in its majority Java technologies, you don't have to be a Java developer or architect to appreciate it.

The book is divided in 7 major parts:

Part 1: Introduction and Basics of Security

Part 2: Java Security Architecture and Technologies

Part 3: Web Services Security and Identity Management

Part 4: Security Design Methodology, Patterns, and Reality Checks

Part 5: Design Strategies and Best Practices

Part 6: Putting it all together

Part 7: Personal Identification using Smart Cards and Biometrics

Parts 1-5 provide reams of detail about the fundamentals of security, the J2EE security architecture, and the technologies used to enable Web services security. In addition, there is a comprehensive explanation of patterns and practices for J2EE developers, as well as design strategies and best practices for securing J2EE Web components and web-based applications.

Web developers might want to pay special attention to Part 3 of the book because it gives an insight on fortifying Web services, authenticating and authorizing end users, and applying the latest cryptographic techniques. XML is described in detail as the encoding for messages between parties using a Web Service.

Note that this book does not explain the specific JAVA APIs needed for basic J2EE application development. Twenty-three proven security architectural patterns are discussed and presented through several realistic scenarios, covering architecture and implementation and presenting detailed sample code.

Part 6 of the book describes how to use this newly acquired knowledge in the implementation of real-world security scenarios.

Finally, we found the last part of this book as the most intriguing. It provides an in-depth coverage on Personal Identification using Smart Cards and Biometrics, their role in physical and logical access control, and the different technologies used in their implementation. Best practices and common pitfalls that might arise when implementing security using smart cards and biometrics are also discussed.

Overall we believe this is excellent book for the security enthusiast who wants to build robust end-to-end security into J2EE enterprise applications.

Linux Starter Kit

2014-02-09T22:02:58+11:00

Title:            Linux Starter Kit
Authors:        Emmett Dulaney
ISBN-10(13): 0672328879
Publisher:      Sams
Published:     June 8, 2006
Edition:         1st Edition
Language:     English

If you ever want to understand about security and its role in the development of J2EE enterprise-level applications, then you should consider buying this book from your local bookstore.

The book is divided in 7 major parts:

Part 1: Introduction and Basics of Security

Part 2: Java Security Architecture and Technologies

Part 3: Web Services Security and Identity Management

Part 4: Security Design Methodology, Patterns, and Reality Checks

Part 5: Design Strategies and Best Practices

Part 6: Putting it all together

Part 7: Personal Identification using Smart Cards and Biometrics

Part 6 of the book describes how to use this newly acquired knowledge in the implementation of real-world security scenarios.

Overall we believe this is excellent book for the security enthusiast who wants to build robust end-to-end security into J2EE enterprise applications.

Red Hat Fedora 5 Unleashed

2014-02-09T22:02:58+11:00

Title:            Red Hat Fedora 5 Unleashed
Authors:        Paul Hudson, Andrew Hudson
ISBN-10(13): 067232847X
Publisher:      Sams
Published:     May 29, 2006
Edition:         1st Edition
Language:     English

As the title suggests, this is a book about the latest release of Fedora Core linux distribution. Thanks to it's correct approach however, it would be accurate to claim that this is a book that can train you appropriately in the ways of Linux Operating System using Fedora Core distribution as a reference, instead of being just an other shallow distribution-specific manual.
GNU/Linux (usually refered to as simply "Linux") is a completely free Operating System that can be used for a wide variety of tasks. Fedora is a community-driven distribution of Linux, sponsored by Red Hat, one of the leading and oldest organizations in the field.

Unlike what many people think, Linux is not a specialized OS that can only be found as part of network infrastructures. Through the last 15 years, it has evolved to a modern general-purpose OS that can be used for almost any task you can think of: from office workstations, to WAN backbone routers, and even for few that you propably hadn't considered, like voice machines, PBX, televisions, compact multimedia devices and much more!

Most importantly, Linux' software for such applications has reached production-level quality, is free to use, modify and redistribute and supports every open standard. Also, it performs well on commodity hardware, even old Personal Computers that cost less than 50$ can be more than enough for most jobs.

As one would expect however, an operating system of such flexibility unavoidly has a certain degree of complexity in it's roots, and configuring it appropriatelly can prove challenging even to experienced users and IT profesionals. Official software documentation, while detailed, many times seems too strictly specific for a user that lacks the technological context to comprehent it, especially in complex tasks where the tight collaboration of more than one pieces of software is required.

This is where "Fedora Core 5 Unleashed" comes. It is essentially a training guide written with the completely inexperienced user in mind, however it also manages to extend it's information to an advanced level for most of the subjects.

The "Unleashed" book series from SAMS is known for it's thoroughness and detailed coverage of each topic. Fedora Core 5 Unleashed, counting 6 well-balanced parts in more than 1000 pages, stands up to this legacy. Each part contains numerous Chapters, in the end of each chapter, there is a reference section, containing links to web resources for related subjects. This is a very good idea that increases the book's value. The same applies for the gray tags that mark each chapter on the side of the book, making browsing each part easy, and the comprehensive appendix in the end which contains a thematic index of all the material based on keywords.

Inside the book there is also a DVD containing the complete Fedora Core 5 linux distribution, so that you can get started right away.

The material covered is organized as following:

Part I of the book is the introductory part. It covers the procedure of installation, some of the fundamental information about Linux and especially Fedora and some basic configuration instructions, so that everyone can have a fully functional system before continuing with the rest of the book.

Part 2 is dedicated to the use of Linux as personal desktop and office workstation. It provides information about available office, multimedia and leisure applications and documents in detail the graphical environment. All users that intend to use linux as desktop will want to read this.

Part 3 focuses on system administration. Most of the concepts and facilities of Linux are described here, so everyone should read it carefully.

Part 4 describes the possibilities of a linux machine serving data in a network. All popular types of services (mail, databases, dns, proxy, filesharing, etc) are described in detail, both in theory and in implementation. This is primarily important to System Administrators that will use Linux as part of a network infrastructure.

Part 5 is a fairly detailed introduction to programming in Linux. More specifically, there is a basic tutorial on PERL, PYTHON and PHP, enough to get you started with those languages. There is also a chapter dedicated to C/C++ and available Integrated Development Environment applications. Developers and powerusers will be interested in this part, since scripting greatly enhances the functionality of the system in many scenarios.

Part 6, finally, offers practical advice for a wide variety of subjects, like security, performance tuning and troubleshooting. This is an all-around chapter that can help everyone, regardless of how they intend to use Linux.

In each part, advanced users will find some very cool ideas and pieces of important information they'd been missing. Inexperienced users will also find themselves on their way to becoming geeks, without losing track at any point, thanks to the plentiful explanations, examples, references and ilustrative tables.

The fact that absolutelly no previous knowledge is required for someone to follow the book means the only real requirement would be an interest to familiarize with the great Operating System called Linux. Fedora Core distribution along with Fedora Core 5 Unleashed book, provide a great training package for anyone to achieve this efficiently.

Securing Cisco IP Telephony Networks

2014-02-09T22:02:58+11:00

Title:            Securing Cisco IP Telephony Networks
Authors:        Akhil Behl
ISBN-10(13): 1587142953
Publisher:      Cisco Press
Published:     September 10, 2012
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

The days of staring at a mess of wires under the desk coming out of a PSTN Master Socket are truly over. The advent of VoIP has broken the stranglehold of a telephone cable and the network has finally taken over. I would not say that IP Telephony has revolutionised the telephony sector. That momentous transition happened years ago. We currently are going through a phase where it is common to have IP Telephony integrated into any enterprise and network administrators are actively implementing security measures and policies to it. Network security is of paramount importance and IP Telephony is not to be left behind. The fact is that Cisco, the market leader in network technology, also happens to be leading the IP Telephony field. Hence it has rightly decided that establishing robust security architecture is core to Cisco IP Telephony.

The latest Cisco title addresses the aforementioned issue promptly and efficiently. Whenever a technology becomes efficient, scalable and portable and is seen as an improvement on the incumbent technology, it is deemed indispensable. From that moment it also becomes a point of failure that can cripple a business because it has now inherited security vulnerabilities and threats. The same can be said about Cisco IP Telephony. What this books aims to achieve is, and I quote, “to explain an End-to-End IP Telephony Security approach and architecture…” And I assure you, this title does plenty of justice to that aim. So let’s dig deeper into the way this book deals with the issues and how it tackles security policies, principles and their respective implementations.

Note: Users can also read our interview of the author Akhil Behl at the following url:
Interview: Akhil Behl Double CCIE (Voice & Security) #19564

Salient Features

In the introductory section of ‘Who should read this book?’, it is touted that “anyone who is interested in Cisco IP Telephony and network security” should be reading this book. Even though I would not wholly reject this point, I would prefer people reading this title have some form of experience in IP Telephony, especially Cisco products. Things become easier to comprehend. That should not mean that I am restricting the readership, it only means that this is not strictly a beginner’s guide on IP Telephony itself. However I would definitely put this book down as a reference and as a guide for IP Telephony security.

The typical hallmarks of a Cisco publication are all present in this title. The entire book is neatly partitioned into 4 major sections. I will do my best to present these chapters. I don’t really have a hard job to do here, as the chapters speak for themselves.

Part I

In Part I, the first couple of chapters introduce the concepts of the nature of IP Telephony security and the need to secure the associated infrastructure. The working components of Cisco IP Telephony are explained, especially the elements that can be secured, along with the necessary methodology of securing those key elements. Then we delve into the issues of risk assessment, strategies, and the cost of implementing those assessments and strategies. This part is rounded off with a conclusive discussion on the IP Telephony Security Framework.

Part II

In Part II, the issue of network security in terms of IP Telephony is addressed in terms of various types of threats and the respective policies and procedures that would make a more robust and protected network infrastructure. Various types of threats are discussed and are immediately followed up with their “mitigation techniques”. Best and leading practices for such techniques are discussed extensively throughout these sections. Just when I was wondering if there was any hardware oriented security methods that might be part of this title, I was introduced to the well known ASA devices being used as firewalls. What this book effectively does is show us how to best use the features of the ASA firewall to deliver IP Telephony security. This is well explained under the term of ‘perimeter security’. It is highly commendable how the firewall technologies are brilliantly explained in easy flowing terms.

Part III

In Part III we are introduced to the software side of this whole security infrastructure. This is where readers will be made aware of the well known Cisco UCM (Unified Communication Manager), and how best to use its capabilities to secure the IP Telephony network. Features like Cisco Unity and how you can secure it from threats like eavesdropping, toll fraud and account hijacking amongst other threats. Special emphasis is put on the knowhow of ensuring protection to the softphone clients. A section is dedicated entirely to toll fraud and how to implement secure conferencing and securing voice media. This is all about the Cisco IOS Voice Gateway, the strategies and methodologies for monitoring it. We also get a view into the Cisco Voice Gatekeeper, and Cisco Unified Border Element. This is a critical element in ensuring safeguards against threats that the IP Telephony can be exposed to when interacting with third party organisations.

Other important software platforms discussed are the Cisco Unified communications Manager Express and Cisco Unity Express Security, which also forms an integral part of the security infrastructure. The issues of ring fencing end points of IP Phones, both wired and wireless, are discussed extensively, along with the penultimate chapter dedicated to the softphone, Cisco IP Communicator.

This bring us to the last part, Part IV.

Part IV

This is all about network management and application management. Several types of network management are displayed, along with the wide spectrum of their corresponding protocols. This section is all about sustainability and efficiency. We have examples, processes and methods for implementing a robust and secure management. The concluding section deals with the Security Event Management System, for logs and event aggregation.

Summary

This is a well rounded book for all security issues and their remedial techniques for IP Telephony. As I said before, this is both a reference and a guide. As more and more enterprises move into the arena of IP Telephony, Cisco IP Telephony solutions become a natural choice. This book will therefore help them to establish a robust, safe and secure IP Telephone network that can adapt to all security threats and keep the infrastructure secure. So for all IP Telephony administrators, this is a no brainer. The title delivers its aims flawlessly and is an asset to any network administrator who picks it up and implements its security methods and procedures.

Cisco LAN Switching (CCIE Professional Development Series)

2014-02-09T22:02:58+11:00

Title:            Cisco LAN Switching (CCIE Professional Development Series)
Authors:        Kennedy Clark, Kevin Hamilton
ISBN-10(13): 1578700949
Publisher:      Cisco Press
Published: August 26, 1999
Edition:         1st Edition
Language:     English

Reviewer: John Korakis

If “Routing TCP/IP Vol 1 & 2” by Jeff Doyle and Jennifer Carroll is considered the bible of Routing, this book should definitely be considered the bible of LAN Switching.

The authors cover a wide spectrum of technologies in great detail, combining technical with easy to read writing. Theory, explanation and examples are smoothly integrated into the text, making complex technical issues fun to read and easy to understand. The fair amount of humor used aims in that direction too.

The only disadvantage of this book is its age. Published in 1999, it naturally lacks information regarding technologies created and adopted in more recent years such as the newer versions of Spanning Tree, while it covers outdated subjects such as Token Ring and Cat OS CLI. However, things have not changed that much in the LAN Switching field since then and learning some history never harmed anyone.

The book is organized in six parts which contain a total of eighteen chapters.

Foundational Issues

Part I (chapters 1 to 5) is called “Foundational Issues”. This part describes the technologies upon which the rest of the subjects described in the book are based.

Chapter 1, “Desktop Technologies” covers Ethernet (Legacy, Fast Ethernet, Gigabit Ethernet) and Token Ring.

Chapter 2 covers some ways of “Segmenting LANs”.

Chapter 3 is about “Bridging Technologies”, in particular Transparent Bridging, Token Ring Bridging and Token Ring Switching.

Chapter 4, “Configuring the Catalyst” explores general Catalyst configuration issues using detailed command examples. This chapter’s configuration examples, as well as the vast majority of them throughout this book, are based on the so called Cat OS CLI, which is seldom used nowadays. It is worth noting, however, that anyone who has used the native IOS CLI used on the more recent Catalysts should be able to recognize the similarities with the good old Cat OS.

Chapter 5, finally, covers “VLANs”.

Spanning Tree

Part II (chapters 6 and 7) is dedicated to “Spanning Tree”. These two are among the best (if not the best of all) chapters ever written in a networking book. They simply contain everything about Spanning Tree.

Chapter 6, “Understanding Spanning Tree”.

Chapter 7, “Advanced Spanning Tree”.

Trunking

Part III (chapters 8 to 10) covers “Trunking”.

Chapter 8, “Trunking Technologies and Applications” describes Ethernet Trunks, FDDI Trunks and ATM Trunks, as well as some Trunking Options.

Chapter 9, “Trunking with LAN Emulation” begins with a brief ATM tutorial and continues with explaining ATM LAN Emulation (LANE). The LANE part begins with the amusing skit “Let’s go to the LANE Bar”, attempting to describe this complex technology in an original and fun way.

Chapter 10, “Trunking with Multiprotocol over ATM” explains MPOA. No skit this time!

Advanced Features

Part IV (chapters 11 to 13) introduce some “Advanced Features”.

Chapter 11, “Layer 3 Switching” covers Router-on-a-Stick, RSM, MLS, HSRP and Integration between Routing and Bridging.

Chapter 12, “VLAN Trunking Protocol”, covers Cisco’s VTP theory and configuration.

Chapter 13, “Multicast and Broadcast services” is about CGMP, IGMP, IGMP Snooping and Broadcast Suppression.

Part V (chapters 14 to 18), “Real-World Campus Design and Implementation”.

Chapter 14, “Campus Design Models” contains some theory regarding Campus Design.

Chapter 15, “Campus Design Implementation” contains advice and best practices on implementing all the previously described technologies in the book.

Chapter 16, “Troubleshooting” introduces a couple of troubleshooting philosophies and tools.

Chapter 17, “Case Studies: Implementing Switches” covers two real-world design examples with sample configurations.

Chapter 18, “Catalyst 6000 Technology” describes the Catalyst 6000/6500 switches technology and introduces the Native IOS Mode Configuration, found in today’s Catalysts.

Summary

Cisco LAN Switching is mainly focused on Network Engineers looking for a quality reference book on LAN Switching or preparing for the CCIE certification. However, it could be extremely useful to anyone looking for expert level knowledge on Layer 2 LAN technologies.

Although the book is Cisco oriented, many of the subjects covered are open industry standards, making it a great choice for literally everybody.

Cisco Express Forwarding

2014-02-09T22:02:58+11:00

Title:            Cisco Express Forwarding
Authors:        Nakia Stringfield , Russ White, Stacia McKee
ISBN-10(13): 1587052369
Publisher:      Cisco Press
Published: May 4, 2007
Edition:         1st Edition
Language:     English

Normally a book review shouldn't start with a warning, well this one does: This book is not for everyone. There's a huge number of Cisco books available, many of them dealing with the same technology (routing, switching), some more in-depth than others, and some dedicated to a specific technology.

Some people don't know that many packets in a router are switched from an input interface to an output interface. This means that the main CPU of a router is not directly, or is less, involved in the forwarding of a packet. Initially all packets traversing a router were process switched, this had some serious performance issues. So Cisco came up with the idea to cache information to the interface processors. This was the birth of fast switching.

Somewhere in the 90's Cisco realized that Fast Switching had its limitations, and a new switching technology was developed which led to CEF (Cisco Express Forwarding). This has become the default switching method in almost all Cisco routers. This book deals with this exclusively.

The book has two parts, one dealing with understanding, configuring and troubleshooting (4 chapters), and the second part (3 chapters) has some CEF case studies.

Chapter 1 deals mainly with the architecture of a router and has some very detailed information about how memory, buffers and interfaces relate to each other.

Chapters 2 and 3 deal with understanding of and enhancements to the original CEF implementations. These two chapters have many show commands to clarify CEF.

Chapter 4 has an IP connectivity troubleshooting example in which CEF can help you to understand the problem, an excellent chapter.

Chapter 5 describes CEF on a Cat6500, which is hardware based, and the differences when troubleshooting CEF on a Cat6500.

Chapter 6 is all about load sharing with CEF. This, for me, is the best chapter of this book. It gives you real world configurations and problems and shows how CEF plays a role in load sharing. Excellent!

Chapter 7 deals with CEF in an MPLS VPN environment. Together with chapter 6 it provides really useful information; information you can apply directly in your network.

In the beginning I mentioned that this book is not for everyone - let me clarify that.

Most people know how to drive a car: use the key to start the engine and off you go, sometimes you have to fill it up. For most people this is enough. Then there are people who understand some of the lights on the dashboard and how to take action on these. But only a few people really understand how a car works, and are capable of dealing with any mechanical problem that might occur.

In the same manner, this book will provide the insight required to understand how CEF truly works inside Cisco's routers and switches.

This book can promote you to the elite; it is the last piece of the puzzle that will tell exactly how packets are moved inside a router.

SDN and OpenFlow for Beginners with Hands-on Labs

2014-02-09T22:02:58+11:00

Title:            SDN and OpenFlow for Beginners with Hands-on Labs
Authors:        Vivek Tiwari
ISBN-10(13): B00EZE46D4
Publisher:      Amazon Digital Services, Inc.
Published: 4th September 2013
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

Software Defined Network, or SDN, as a concept, is quite new in the networking world (at least for me). What it essentially means is that through SDN, management and control of a network is decoupled from a strict hardware architecture and handed over to a software application.

This new eBook, from author Vivek Tiwari, is a technical overview of SDN, its meaning, concepts, working principle and, finally, a glimpse of its future.

In a broad sense, this book is a brief glimpse of the author's journey to becoming familiarised with SDN, its impact and its future.

As well as imparting knowledge, it helps us avoid hours of online searches by providing a consolidated approach towards concepts and technology, and a thorough understanding of SDN via hands on experience through labs.

I had initial doubts about reading an eBook. I am old school when it comes to books. I need the reassuring feel of the weight in my hands, the uninhibited freedom of moving through the pages, but since I have read a few titles by the same author, I thought I should give this eBook a chance.

The book consists of two parts, Part 1 deals with the theory and concepts, Part 2 deals with the hands on experience of SDN.

Part 1 - The Theory

Lets start with what we encounter in part 1.

The obvious approach of core concept explanation precedes critical analysis of this new trend. We come across the history lesson followed by a quick overview of the most important terms that are essential to grasp the concepts of SDN.

Readers should not be dissuaded by the number of chapters (23 in total), as I observed later that every chapter included is essential.

Chapters 1 to 4 set the foundation of SDN and then open up the discussion for Openflow. As explained by the author, Openflow is the protocol that intertwines with the architecture which is SDN.

Chapters 6 and 7 go though the concepts of Openflow and demonstrate its capabilities. This is followed by a brief synopsis of the different versions of this new protocol.

Once Openflow has been dealt with, the author starts making a case for SDN by extolling its advantages. Even though the chapter on this topic is quite small, each point discussed under this banner is quite concise and relevant. Individually each reason stated makes its own case depending on the nature of SDN deployment.

There are several scenarios explained in subsequent chapters where SDN can be deployed. These include infrastructures like enterprise networks, service provider, wan and datacentres.

What follows the case studies is quite interesting. By now the reader must be intrigued thinking of the future of all network hardware providers, once the network itself can be virtualised. The author provides the involvement of salient players in the network hardware market, e.g. Cisco, juniper etc. This discussion also includes key network users like Google and Facebook, users for whom the network is regarded as the main computing platform.

The author then opens up the field for a very candid and interesting topic. This is where he weighs out the feasibility of SDN itself, while performing a critical analysis. He tries to prove or disprove whether it is hype or the imminent future.

The future is then discussed in chapter 16. This is of course the author’s predictions. However, after reading it, I felt more in agreement with it than against it. I have a strong feeling that the author has made a valid point. The outcome of SDN and the future of network are intertwined and fundamentally inseparable.

Part 2 - Hands-on Experience With Labs

The second part, as mentioned earlier, is all about the hands on experience of SDN. The author lists the requirements before the SDN theory can be put to action. All of this is discussed in chapter 17. Then from chapter 18 to chapter 23 we not only get a ringside view of SDN in action, but also indulge in being part of the excitement of practising SDN as well.

As is customary the concluding section of the book contains appendices, providing more support information about SDN, related softwares, projects etc., which only enhance the understanding of SDN.

After reading the book and being enlightened about SDN, I must say I am more than intrigued about this new concept. I will be watching the progress of it very closely and, who knows, I might end up jumping onto the SDN bandwagon very soon. It would be a folly not to do so. I presume key stakeholders in network based institutions and vendors are already getting involved to a great depth.

Summary

This book certainly succeeds in arousing a great amount of interest in not just SDN but how this is probably going the shape the future of the network as a whole. I would recommend this book to all CTO and CEOs who are looking to move with the times and embrace technology. SDN is here to stay, and this book is a very good platform to start getting acclimatised with it. The book is a good initiation of SDN, which might, or should I say will definitely, end up being a game changer in our future.

VMware vSphere 5 Building a Virtual Datacenter (VMware Press Technology)

2014-02-09T22:02:58+11:00

Title:            VMware vSphere 5 - Building a Virtual Datacenter
Authors:        Eric Maillé, René-François Mennecier
ISBN-10(13): 0321832213
Publisher:      VMware Press
Published: August 30, 2012
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

These are challenging times for every industry and especially for IT. Every day IT managers are facing an uphill task to deliver a high level of service against the mounting odds of cost and shrinking budgets. Virtualisation is able to address all such issues and give added benefits of modernising the infrastructure.

VMware has been the trend setter in everything to do with virtualisation. Some of the key aspects it delivers are cost reduction, improved SLA, flexibility, operation efficiency, automation and standardisation. This publication from VMware Press uses VMware vSphere 5 to demonstrate how, as an IT Manager, one can use this in a datacentre environment. Full credit goes to both authors who have taken care to carry out a full analysis of all the product in their entirety, ensuring readers would be able to derive the full benefits.

The book starts from the standpoint of the physical infrastructure and takes the journey through migration into a fully managed virtual datacentre.

Following the hallmark of all VMware Press publication, this title starts with an introduction to all the issues that most datacentres face. It goes on to unravel the various functions and features of vSphere 5 and explains how it helps to overcome those issues. We are given a quick tour of the various phases of migration in the formative chapters. Further on, the entire vSphere 5 and its components are described in great detail.

Then it moves on to explore the storage side of a datacentre. Various storage options i.e. local, centralised, networked, are visited. A qualitative analysis has been done so that a datacentre manager can make an informed decision about which one to adopt. The virtual machine file system or VMFS is of particular interest, as this would be something very new and revolutionary for all datacentres.

Then it goes on to discuss the actual implementation of virtualisation on servers and its associated networking. We are given a ringside view of what a hypervisor is and how, through ESXi (a VMware hypervisor), a virtual environment is managed. Important issues like managing the network and applications like SQL, Exchange, SAP, etc are also discussed from a deployment and management point of view.

Key services provided by a datacentre are availability and disaster recovery. The title now talks about how, by using vSphere 5, we can implement a very high level of availability and deliver a business continuity in a scenario of any failure. This is in essence one of the key factors that can make or break the reputation of any datacentre.

In a port disaster recovery situation backups are of utmost importance. This book explains this need, the objectives and its impact in a clear and concise way. Various methods of performing backups have been explored together with a troubleshooting section.

Now that we have a fair idea of what vSphere 5 is and what it has to offer in terms of virtualisation, the books starts explaining how to actually implement it. This obviously includes installation, configuration and connection methods. Once that is confirmed, it shows how to manage the virtual environment.

The penultimate chapter is a brilliant case study that goes through the various phases of a virtualisation project. This can literally be used as a trajectory or a project plan by a datacentre manager who wants to migrate into the virtualisation environment.

Conclusion

I am an ardent follower of VMware products and vSphere 5 is one of the most used tools in all of my virtualisation projects. This has nothing to do with blind faith or brand loyalty emanating from no discernible reason. I have found all VMware products very reliable and efficient. They are easy to use and help in utilising the features to derive maximum benefits. This book is a testimony to my claims, and I would recommend this title as a ‘how to’ guide or manual for a datacentre manager who genuinely wants to improve efficiency (both commercial and operational) and reliability.

Automating vSphere with VMware vCentre Orchestrator

2014-02-09T22:02:58+11:00

Title:            Automating vSphere with VMware vCentre Orchestrator
Authors:        Cody Bunch
ISBN-10(13): 0321799917
Publisher:      VMware Press
Published: March 2012
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

Virtualisation has completely revolutionised the entire IT industry in terms of deployment and maintenance of the IT infrastructure. Driven by the pressure of delivering robust, redundant and reliable IT infrastructure, and by the ability to manage them more efficiently and effectively in terms of cost, administrators have consistently migrated to more and more virtualised environments. This has enabled them to consolidate infrastructures and their corresponding workloads, and dramatically reduced cost for IT operations.

Needless to say, VMware has taken a major lead into the world of virtualisation. I would attribute VMware as not only the trend setters in the world of virtualisation but also an extremely deterministic element in the IT industry. More and more core IT service providers are moving towards a virtualisation environment prescribed by VMware and using their tools and services to do so as well. VMware has become a ‘must have’ for many successful data centres. What has benefitted users is not only VMware’s plethora of tools available, but their range of printed materials that users can utilise to effectively manage their VMware infrastructure.

Before talking about this book, a word of caution for the non – initiated. This is not a beginner’s text, neither it is something that will help you if you have no prior exposure to the world of virtualisation, let alone any VMware product. I would however strongly recommend going through VMware’s other materials which deal with concepts and tools used, which will build a good foundation before you start with this one. But I must add this. It’s in your best interest to reach this title itself, and now let me tell you exactly why.

To begin with, I was impressed with the informal style of the writer’s delivery. Sometimes this makes or breaks a book’s popularity. Virtualisation is no mean subject, and it can become confusing at times. But the writer’s style has ensured that the content is presented in a very lucid way without compromising the reader’s ability to grasp the matter. Core technical books can become a chore to read through, thanks to a writer’s inability to explain things in a simple way. This cannot be said for this book, which is a welcome change.

Equally impressive was the structure of the content, and how it was divided into distinct parts and chapters. Essentially there are three major parts:

Part I: Introduction, installation, and Configuration

Part II: Working with vCentre Orchestrator

Part III: Real World Use Cases (I loved the name of the company – Amazing Smoothies)

Now let’s dig a bit deeper into those individual part themselves.

Part I: Introduction, Installation & Configuration

In Part I, we are introduced into the vCentre Orchestrator itself (I’ll address it as vCO henceforth). This section deals with the ‘What, Why, Who, When’ and most importantly, the ‘How To’ of vCO. Every ‘What, Why…’ has been fully explained, which makes your decision making regarding vCO implementation, extremely easy. I personally liked the ‘Note’ section which helped in making the core understanding process easier. The chapters dealing with installation showed the pros and cons at every step depending on how you want your installation to be. The various installation flavours were introduced and there is a nice walkthrough of an entire installation process. In the Configuration section, the book does a good job of bringing a vCO install into operational status. The writer has done a good job at this, as in the hands of an amateur, this could have turned really messy.

Part II: Working With vCentre Orchestrator

In Part II, we are shown the ‘moving parts’ inside the vCO architecture. As mentioned before as a word of caution, it is important the reader has prior knowledge of VMware products and virtualisation itself. This is where your knowledge will have a role to play. It is crucial for the reader’s benefit that they understand how the vCO interacts with other components of the entire VMware based infrastructure on which vCO itself is being deployed. As explained throughout this section, there are namely 6 parts, which are Actions, Packages, Web Views, Resources, Plug-in and Workflows. Out of these 6, only Plug-in and Workflows have dedicated chapters which has a more detailed explanation. After going through these chapters, I felt perhaps the book could have consisted of dedicated chapters to the rest of the ‘moving parts’ and not just the 2 out of 6. Also worthy of mention is that knowing Java scripting and the concepts of API is beneficial. Concepts like reusability of functions and methods come handy over here.

Part III: Real World Use Cases

Part III is my favourite part, not only because of the name of the company, but because, and I quote the author, “…I’ve found it easier to show folks technical concepts within a real world framework”. Again, for the non – initiated, note of caution, as this part makes the assumption about your familiarity with vSphere and concepts of snapshots. Knowledge of Java scripting comes to play a significant role. The chapters are laid out in neat, coherent, and consistent order. It is a good example of how vCO is used from ground up to optimise the IT infrastructure in VMware. The processes of implementation, deployment, maintenance and decommissioning have been simplified. Particularly useful was the chapter where future expansion of clusters of hosts and shared storage was explained.

The Appendix does a good job of explaining features like Onyx which compensates where the knowledge of Java Scripting is lacking. There is a good troubleshooting and debugging section. Also worth mentioning is the quickfire explanation of the vCO vApp and the VIX plug-in which was used in Part III.

Summary

Overall, it’s an easy read, and I would recommend this to anyone who’s currently working with VMware and wants to optimise their VMware implementation.

Global IPv6 Strategies

2014-02-09T22:02:58+11:00

Title:            Global IPv6 Strategies
Authors:        Patrick Grossetete, Ciprian P. Popoviciu, Fred Wettling
ISBN-10(13): 1587053438
Publisher:      Cisco Press
Published: May 25, 2008
Edition:         1st Edition
Language:     English

IPv6 adoption doesn't really mean much to most people or organizations today, even though we've all heard at some point that IPv4 IP addresses are being depleted rapidly, the problem is not yet that evident.

In all honesty, we had our doubts about this Cisco Press title, but the first 30 (out of a total of 400) pages put things into perspective. The title helps you clearly understand what IPv6 is all about. Its approach is brilliant – with the handful of real statistics and examples it provides, you will realize that IPv6 is not about a new breakthrough or trend but a solution to an uprising problem.

The fact is that the global network, aka ‘Internet', relies on a 30 year old protocol originally developed for a much smaller network. The growth of the Internet was unforeseeable, as were the problems to be encountered. The experts agree that the IPv4 addressing space will be completely depleted by the year 2015.

Global IPv6 Strategies kicks off with an analysis of this depletion, providing accurate information and a unique methodology, suddenly you are aware of the impact and significance of this problem. It then tackles the myths and realities of IPv4 and IPv6. Does IPv6 really offer enhanced security compared to IPv4? What about Quality of Service (QoS) and improved routing abilities of the new protocol? These questions are all demystified, along with many more, making clear that which IPv6 can and cannot offer.

Analysis of the IPv6 adoption strategies of governments and businesses all over the world is also covered, showing the actions governments have taken to research the necessity and adoption methodology of IPv6.

A brief chapter is devoted to the new services that will emerge from the IPv6 evolution in many sectors such as the educational, entertainment, business and many more.

The rest of the book is an eye opener - Real example case studies of IPv6 adoption. These case studies show IPv6 planning in the context of the business, operational and technical realities of actual organizations.

The structure the book uses for the case studies are intended to help the readers identify similarities between their environments & IT goals and those of the organizations covered in the case studies.

The structure followed in each case study is as follows:

- Company profile. Overview of the company profile and scope of its business network and IT profile, overview of the IT environment and the way it supports the business goals of the organization.

- IP infrastructure characteristics. Overview of the IP aspects of the environment, listing any challenges experienced or envisaged.

- Perspective on IPv6. Presents the organization's perspective on IPv6 as a technology, and the IPv6 adoption trends within its market space.

- The case for IPv6. Combines the perspective on IPv6 covered earlier in the book, with the early or late adoption position considered by the organization.

- IPv6 planning and implementation. The case made for IPv6 adoption shapes the adoption strategy and its implementation. Determining factors that must be considered.

Global IPv6 Strategies is not a highly technical title. It won't analyse technical perspectives of the IPv6 protocol, but it will give you the necessary knowledge to help you see the importance of the protocol, which will also help you make unavoidable important business decisions in the near future.

Network Management: Accounting & Performance Strategies

2014-02-09T22:02:58+11:00

Title:            Network Management: Accounting & Performance Strategies
Authors:        Benoit Claise, Ralf Wolter
ISBN-10(13): 1587051982
Publisher:      Cisco Press
Published: June 30, 2007
Edition:         1st Edition
Language:     English

Network Management is crucial in the successful operation of a network. Over the years Network Management has changed dramatically. Early Management systems were nothing more than a process of pinging an IP address, when you missed a ping there could be something wrong! Now we want to know what is wrong and preferable be warned before something goes wrong. And wouldn't it be nice or even required to see who or what is eating up our bandwidth or to have proof that we get the bandwidth we pay for? All these requirements have led to many protocols and standards over the years. Here is a book that organizes all this, brilliantly.

The book is organized in three sections that I would describe as follows: Part I, The theory, Part II, The tools, Part III, How we can use these tools in different scenarios.

Part I has three chapters and counts for almost a third of the book. The information contained in these three chapters alone make buying the book worthwhile. Part I is vendor neutral and would be excellent reading for network managers to quickly acquire a detailed overview of standards and technologies. Chapter 1 describes the need for Accounting and Performance Management. Chapter 2 (Data Collection Methodology) describes the data you need to collect and the detail required, as well as how to collect the data and be sure of its integrity. This is the longest chapter in the book and one of my favorites. Chapter 3 deals with standards and definitions. This is the chapter with the most abbreviations J

Part II outlines the most common network management tools available on Cisco IOS devices and how to implement them. Here we find SNMP, RMON, IP Accounting, NetFlow, BGP Policy Accounting, AAA Accounting, NBAR, IP SLA. Each implementation has its own chapter and follows the same procedure: first an explanation of the feature and then how to configure it. Configuration takes up most of the chapter and is very detailed with examples and many show commands. I found this very useful. Chapter 12 (the last chapter in Part II) connects everything in tables - these tables have already proven very useful for me.

Part III (Assigning Technologies to Solutions) applies the tools from Part II to some real world scenarios like: Monitoring, Capacity Planning, Voice, Security and Billing scenarios. In each chapter the tools are identified that will help to achieve the goal.

Both authors are Cisco engineers specializing in accounting, performance and fault management and it shows! They really know their stuff!

In short, this is a very useful book; you learn and you apply what you have learned. What else could you wish for?

How to Break Web Software

2014-02-09T22:02:58+11:00

Title:            How to Break Web Software
Authors:        Mike Andrews, James A. Whittaker
ISBN-10(13): 0321369440
Publisher:      Addison-Wesley Professional
Published: February 12, 2006
Edition:         1st Edition
Language:     English

This is a focussed book with a single aim; to help you find and correct common vulnerabilities in web-based applications and website software.

Above all, this is a book to be used. The authors take a practical approach to each area of consideration, and the chapters are well structured to make it easy for you to get right to work. For each area they provide an informative overview followed by discussion of the vulnerabilities including numerous code snippets, examples and screen shots. Though rich in detail the writing style keeps you engaged and the sensible structure (when to apply the attack, how to perform it and how to protect against it) makes it easy to grasp the key points. There is no bias towards either Windows or Unix products on either the client or the server, and you won't need to be a scripting expert to put the authors' ideas into practice.

Chapter 1 explains the difference between web-based and traditional client-server systems and why a different approach is needed when testing.

Subsequent chapters cover the vulnerabilities:

- Gathering Information on the Target.

- Bypassing Client-Side Validation.

- State-Based Attacks, including Hidden Fields, Cookie poisoning and Session Hijacking.

- Data Attacks, including Cross-Site Scripting, SQL Injection and Directory Traversal.

- Language-Based Attacks, including Buffer Overflows.

- Server Attacks, including Stored Procedures, SQL Injection, Server Fingerprinting and Denial of Service.

- Authentication, including Weak Cryptography and Cross-Site Tracing.

- Privacy, including Caching, Cookies, Web Bugs, ActiveX Controls and Browser Help Objects.

- Web Services, including WSDL and XML attacks.

The book comes with an excellent companion CD containing a number of testing tools and a flawed website on which you can use the techniques you have learned to cement your knowledge. Both the tools and the vulnerabilities in the sample site are fully documented in two useful appendices.

All in all, a rich and well-focussed yet accessible introduction to a wide-ranging subject. If the security of web-based applications is your area, make room for this on your bookshelf.

Essential CheckPoint Firewall-1 NG

2014-02-09T22:02:58+11:00

Title:            Essential CheckPoint Firewall-1 NG
Authors:        Dameon D. Welch-Abernathy
ISBN-10(13): 0321180615
Publisher:      Addison-Wesley Professional
Published: January 31, 2004
Edition:         1st Edition
Language:     English

Now there's a definitive insider's guide to planning, installing, configuring, and maintaining the newest version of the world's #1 firewall: Check Point™ FireWall-1 Next Generation.

Leading Check Point support authority Dameon Welch-Abernathy (a.k.a. PhoneBoy) offers exclusive hands-on tips, techniques, checklists, and detailed sample configurations you can use right now to improve reliability, efficiency, and manageability in your Check Point environment. The author's previous Check Point FireWall-1 guide became an instant bestseller, earning the praise of security professionals worldwide.

This new book has been thoroughly revamped to reflect Check Point FireWall-1 NG's powerful new features, and it includes even more expert solutions from PhoneBoy's FireWall-1 FAQ, the Web's #1 independent Check Point support site. Whether you're a security/network architect, administrator, or manager, you'll find it indispensable.

Whether you're running FireWall-1 NG on UNIX or Windows platforms, this book brings together expert guidance for virtually every challenge you'll face: building your rulebase, logging and alerting, remote management, user authentication, inbound/outbound content restriction, managing NAT environments, building site-to-site VPNs with SecuRemote, even INSPECT programming.

Welch-Abernathy also covers high availability in detail, identifying proven solutions for the challenges of implementing multiple firewalls in parallel.

Open Source Network Administration

2014-02-09T22:02:58+11:00

Title:            Open Source Network Administration
Authors:        James M. Kretchmar
ISBN-10(13): 0130462101
Publisher:      Prentice Hall PTR
Published: September 22, 2003
Edition:         1st Edition
Language:     English

Open Source Network Adminstration is a collection of open source tools for streamlining and improving virtually every facet of network administration.

Every tool is described in detail, with easy instructions for retrieval, installation from source, configuration and real-world usage.

Coverage includes:

MRTG: Graph bandwidth and other router and network statistics

NEO: Unify the administration of SNMP switches, routers, and other devices

Flow-Tools: Collect and process crucial interface-level Cisco NetFlow traffic data

Oak: Collect and distill syslog messages from servers and network equipment, and automatically send trouble alerts

Sysmon and Nagios: Monitor network hardware and servers and notify administrators of problems

Build your own tools with Bourne Shell and Perl scripting language

In all, this book is a complete guide to monitoring your network and help troubleshoot problems that might occur. Its structure is extremly good and will certainly become any administrator's best friend!

TCP/IP Illustrated - Volume 1

2014-02-09T22:02:58+11:00

Title:            TCP/IP Illustrated, Vol. 1
Authors:        W. Stevens
ISBN-10(13): 0201633469
Publisher:      Addison-Wesley Professional
Published: January 10, 1994
Edition:         1st Edition
Language:     English

How can you tell that “TCP/IP Illustrated, Volume 1 – The Protocols” by Richard Stevens is the definitive book on TCP/IP?

Even after 10 years, this book, having been written in 1994, is still considered to be one of the top, if not the top, rated books on TCP/IP. Not only does this book deserve credit, but his companion book – “TCP/IP Illustrated, Volume 2 - The Implementation”, which came out in 1995, is also highly favored.

If you go to your friendly neighborhood bookstore, you are most likely to find this book on the shelf in the networking section.

Despite its early publication, and its lack of information on IPV6, it is very relevant today. I was once trying to find out why my protocol analyzer was always showing PSH and I was curious as to why it was used. In my other TCP/IP books, there was only about a line or two on the subject, whereas in “TCP/IP Illustrated, Volume 2- The Implementation”, there were a couple of pages of information to peruse. Similarly with the RST flag, the information was detailed regarding its use and easy to follow.

All the protocols are given a very thorough treatise TCP, IP, UDP, ARP, ICMP, FTP, SMTP, Telnet and Rlogon are among the protocols that are illustrated in great detail. All the required information that is relevant to know about these protocols is provided. The examples are first rate and easy to follow and they are in abundance. Do you want to know how keepalives work? How about an example, complete with instructions, on how to simulate a crash and the tcpdump output you can expect to see. There are 2 other examples, just in case you missed the point!

He is obviously a unix afficionado, having written a very popular - “Advanced Programming in the Unix Environment”. Even if you are not a Unix user, and I am not one myself, his use of unix tools for the examples are very easy to follow and easily translate to common windows networking tools. He takes great pains to make sure you understand his examples, which I find refreshing.

Believe me it's everything you have ever wanted to know about TCP/IP and then some. If I had to have only one book on the subject, this would be it. Regardless of the level of networking you find yourself at, you should get more than your times worth of information out of this book

Your CCNA Routing & Switching Exam Success Strategy: The Non-Technical Guidebook

2014-02-09T22:02:58+11:00

Title:            CCNA Routing & Switching Exam Success Strategy
Authors:        Vivek Tiwari & Dean Bahizad
ISBN-10(13): 1481162659
Publisher:      CreateSpace
Published: February 2013
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

For those of you who have read the review of the author’s “Your CCIE Lab Success Strategy”, Dean Bahizad and Vivek Tiwari don’t need any introduction. Their non technical guides have propelled many aspirants towards their Cisco goals while dispelling myths and fears they would have encountered on the way to success. Their current offering is no less informative and spectacular in literary value. Both being double CCIEs, the authors unravel their experiences of the first steps to their current status. Being a CCNA is the foundation of a career in networking, namely in handling Cisco based devices. This non technical guide enables novices and experts alike in taking the formative steps towards gaining their first certification, or retaining it.

Features

Before I start delving deeper into the chapters, I must mention something which immediately caught my attention. Being a trainee pilot and an aviation enthusiast, I was absolutely delighted to see that the authors chose analogies, examples, terms and phrases from flying an aircraft. I must admit, both aviation and networking are two fields which are very close to my heart, and to see such perfect symbiosis of these fields in terms of explanation was very refreshing.

The entire layout of the guide is done as if the reader is about to embark upon a flight. For me, this was one of the most exciting features. I could, on every step, recall and associate the analogies that were drawn to show resemblance between flying a plane and preparing for CCNA.

Just as a pilot would have to organise and perform several critical safety checks on the aircraft before flight, the authors explain how one must prepare in terms of budget, strategies, training plan and schedules. This guide allays all fears about CCNA myths and, even while admitting that achieving a CCNA is difficult, will manage to convince readers that it is not impossible. It talks about scenarios, categorising aspirants into groups based on their previous experiences in networking, and formulates a specific study plan for each group. And then it shows what the exam is going to throw at you when you are ready for the final phase.

Flying a plane only becomes easy when you know exactly what to do and when to do it. It’s all about preparation, checks on factors that are beyond your control, like weather etc., and then creating a flight plan which will take you to your destination. This guide treats the path to CCNA in that same format. But this similarity does not end here. The guide also confirms the fact that it is not only important to make a plan, but also to stick to it. It is quite analogous to sticking to a flight plan once you have it cleared with the air traffic controller. Any deviation has to be managed, controlled, and compensated for. Likewise, deviation from the study plan needs to be controlled and compensated as well.

The guide talks about how to manage obstacles, which are like turbulences encountered by a plane. Air turbulence is an imbalance which can quite easily disrupt the smooth flight. Any obstacle can disturb the flow of learning as well. So when you are flying, you make adjustments to the aircraft and tweak it, so that it can withstand this turbulent air and fly away to a much smoother atmosphere. Obstacles are there to challenge us, a way of telling us ‘Let’s see how resolute you are in your objectives’. Our response should always be in the form of overcoming them with ease, a way of showing that ‘You can’t stop me now’.

The guide says that a mentor is like an air traffic controller. I couldn’t agree more. Just like my air traffic controller would constantly remind me of my altitude, speed and direction, a mentor is a contact check and balance arrangement to ensure you are always on the right path.

The guide helps us embark on this flight to reach our CCNA, but then this flight has to be on time as well. You must set an estimated time of arrival, or ETA, for your exam. If you don’t set one, then you will run out of enthusiasm and that’s like running out of fuel. A schedule is not to be made and then forgotten, but to be adhered to. This helps in reaching that exam date with much ease. Depending on your experience, the guide encourages you to employ multiple choices in speed of preparation, very aptly named as MACH 1, MACH 2, or warp speed!!!

I found sheer perfection in similarities when this guide talks about how to use labs like flight simulators, or when it shows how to start preparing for a landing, as one would start preparing for the actual exam. I also firmly believe in a “healthy body for a sound mind”, a virtue which has been extolled several times in this book.

This guide is the perfect companion for someone who has to go through the different phases of preparation, examination and certification. When all of these phases are in place, and work in the right order, you can happily enjoy the fruits of your labour in the form of the CCNA certificate. That’s when you turn around and start planning your next flight, a CCNP perhaps?

Summary

I am currently preparing for renewing my own CCNA. This book could not have come to me at a better time. I went through the ‘What we did’ sections to gain an insight into how the authors themselves prepared. This was a wealth of knowledge in itself. The book ends on the note of how to spruce up your CV and prepare for the interview as well. This book could not have been better rounded in its approach. This guide is a must have for everyone who has their sights set on CCNA because it shows to how to prepare, take off and have a smooth landing. So when I renew my CCNA, and I am actually flying again, it would remind me of my journey to the certification. Hats off to both authors, they have presented another marvel again.

Optimizing Network Performance

2014-02-09T22:02:58+11:00

Title:            Optimizing Network Performance
Authors:        Matthew Syme, Philip Goldie
ISBN-10(13): 0131014684
Publisher:      Prentice Hall
Published: July 12, 2003
Edition:         1st Edition
Language:     English

If you are on the lookout for a book that is easy to read, without the extra technical details that few people can understand and covers a wide range of topics related to protocols, firewalls, general security and content switching, then this is your book.

The authors approach to each topic covered is simple and straight forward. The 10 chapters in total, prove adequate to leave you with a satisfying result and will ensure you get the most out of what it has to offer.

The order in which the chapters are analyzed is also very clever, starting from basic concepts, protocols in the lower layers of the OSI model, and then moving to the higher application layer protocols, routing, load balancing, security and finally VPNs and firewalls.

On specific chapters I read thoroughly, I wasn't able to detect any errors or incorrect information, which shows that there was obviously a lot of research done in order to produce this fine title.

This book is recommended for people who want a general overview of the subjects covered, with a hint of techinical details at certain points.

The Official VCP5 Certification Guide

2014-02-09T22:02:58+11:00

Title:            The Official VCP5 Certification Guide
Authors:        Bill Ferguson
ISBN-10(13): 0789749319
Publisher:      VMware Press
Published: August 26, 2012
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

The moment we find a book that gears us for a certification, straightaway we get into ‘I need to achieve’ mode. With it comes the urge to use shortcuts and randomly ignore things that you might think are irrelevant. I have said this before and I will say it again: a certification is just one milestone in the journey to attaining expertise, it is not the endgame. In spite of the fact that this book is written for the purpose of a certification, it does much more than that.

This is tailored to make you competent on vSphere 5. I would, however, tip my hat to the author for making that task much more manageable and entertaining. He has given careful attention to the goals and has kept the journey as simple as possible. I would not waste your time extolling the need for virtualisation. That is a well established fact. What this book does is prepare you to extract the best out of some really efficient virtualisation tools brought to us by VMware, which holds the position of being pathfinder in the virtualisation industry.

Salient Features

To ensure that the readers are not overwhelmed by the information the author has made some subjective assumptions, which are as follows:

This is not a ‘virtualisation for dummies’ book. You will need prior exposure/experience with virtualisation
You should have access to a vSphere 5 environment. Workstation 8 with the VMs will suffice.
You are looking to be the ‘One Ring to rule them all’ once you complete reading this book. The approach is ‘What is Important?’. You don’t become an overlord in VMware virtualisation, but I reckon this book will get you on that path pretty much!!
The author Mr. Ferguson says, and I quote, “My job is to know this material so well that I can make it easier for you to learn than it was for me to learn”. I couldn’t agree more. Time and again, I have implemented this same ethic when I have written tutorials or designed training courses.

The book has its own flow and order of chapters. This has been done diligently to maximise output in terms of learning.

There are 8 chapters to contend with and each chapter has a nice preamble of the topics it covers. That is followed by a Cisco style ‘Do I know this already?’ style quiz. This is among best practice in the field of writing books geared for any certification. The chapters are interspersed with Notes sections, which are repeated at the end of each chapter. Each chapter ends on a review and a questionnaire. This is a watertight arrangement when the goal is to make the learning more streamlined.

The first 3 chapters mainly deal with planning, installing and configuring the vCentre Server and the ESXi. I am throwing the jargon in as well assuming that by now you would know what an ESXi is i.e. a hypervisor. You also learn how to install and configure the network and storage side of vCentre.

Chapters 4 and 5 talk about the administration of the setup. Readers get a feel of how to manage all those VMs and the associated virtual applications. They get introduced to the concept of cloning and exporting VMs as well.

Further on, it is all about how to keep your VMs fit and healthy. The topics cover disaster recovery and failure management. Readers learn how to make lean, mean virtual machines that can pick themselves up should they stumble, and get going with minimum fuss.

Chapter 6 is like a biology lab running a dissection session. Instead of a specimen, you have the core components of vSphere opened up to give a better understanding of how they all work together to deliver a virtual environment. Once you conceptualise that, you can spot an issue and pre-empt a problem with a fix. Hence it is called ‘troubleshooting’, you spot a trouble and you virtually shoot it!!

Chapter 7 talks about the four major resources that are critical for a virtual system: CPU; memory; disk; and network. They need to be monitored and managed for any sign of stress or impending failure. Any problems need to be sorted out so that there is no adverse impact on the service level of the VMs.

Summary

I wanted to include Chapter 8 as part of the conclusion itself. Not just because it is obviously the last chapter. More so because by its own virtue, it ends the revision phase that highlights the key topics important from the certification point of view. Frankly I have not seen a final chapter more inspirational and motivating. It has a very positive appeal about itself. I relished the fact that the author does not try to work up the readers to a feverish pitch towards the exam. Instead, what he does is summed up perfectly by his own line, and I quote, “Let your mind relax, it’s not life and death after all”.

This is one of the few books, by my estimation, that has been written for the purpose of a certification but surpasses the objective by miles. It also carries, and quite easily at that, the label of being a reference guide and a ‘how to’ guide, even when the certification objective has been achieved. This is a must have for all VMware qualification aspirants who wish to further their career into the realms of virtualisation.

CCNP Security VPN 642-648 Official Cert Guide (2nd Edition)

2014-02-09T22:02:58+11:00

Title:            CCNP Security VPN 642-648 Official Cert Guide (2nd Edition)
Authors:        Howard Hooper
ISBN-10(13): 1587204479
Publisher:      Cisco Press
Published: July 2nd, 2012
Edition:         2nd Edition
Language:     English

Reviewer: Arani Mukherjee

The Cisco CCNP Security VPN title is aimed at network administrators, network security administrators, network architects and experienced network professionals who need to apply security principles and features to their networks. In the complex world of network security, it is a prerequisite to have an in-depth experience and understanding of networking before one can start applying security principles.

This book is a product of the Cisco VPN program which was geared towards remote-access and site-to-site VPN features and products. These features or products have been integrated into the Cisco ASA family of devices, associated softwares. As always this book serves the dual purpose of knowledge on one hand and primary text for the CCNP Security VPN certification on the other. So let’s take a round trip of the chapters and understand the key benefits of pursuing the certification and gathering the expertise.

Features

A word of caution before embarking on the trip: this book deals a lot with Cisco ASA devices, however, it should not be mistaken as a guide or a manual for the ASA family. The author has made a safe assumption that the reader already has adequate knowledge, experience and expertise on various types of Virtual Private Networks and the ASA architecture. If you don’t tick any of those boxes, look away now before you find yourself confused beyond recovery!!!

The book, being part of the Cisco family of technical documentation, obviously has the inherent DNA of its peers. So as a routine let me emphasise the presence of the usual feature winners like ‘Do I already know this?”, quizzes after each chapter, key topic pointers, note sections, and a very clear topical approach about the entire subject matter. Expect this from every Cisco publication. Any deviation from this approach and I would strongly recommend you check whether you are actually reading a genuine Cisco title.

The formative chapters do dedicate a sufficient amount to explaining the concept of VPN and their key benefits. As mentioned before, this publication uses the ASA family extensively (and yet it is not an ASA manual) and it serves the purpose of covering VPN methods and associated protocols supported by the ASA devices. One of the key objectives of a VPN is to allow remote access to resources and, for that to be managed securely, an administrator should be able to control access to such resources. This is where the concept of group policies and inheritance models come into play. Once these issues have been dealt with, the title comes to a close as far as conceptualisation of VPN technologies is concerned. From here onwards, the book starts dealing with implementation and deployment of various VPN solutions. Each VPN solution is discussed in depth in order to ensure the reader has no holes in their understanding.

The author has taken special care and explained every facet of VPN technologies. The approach is rather simplistic. Once a particular VPN type has been explained along with the circumstances under which such a VPN can be implemented, the author goes about how to deploy a vanilla version of such a VPN. Then comes a detailed explanation of some advanced techniques followed by customisation. This is then followed by a very important topic, one that deals with authentication and authorisation of users on that particular type of VPN. As an administrator, once you have established an all-singing, all-dancing VPN, you can start working on availability and performance aspects of the VPN. This treatment has been done for Clientless SSL VPN and AnyConnect Remote Access VPN.

Once the issue of allowing remote users access into network resources has been dealt with, it is time to ensure that users are not posing a security threat once they are connected to these resources. As a network administrator, you will have control over who connects to a network resource. You enforce that by deploying security, authentication and authorisation. What you must consider as part of your security objectives is how to manage devices that users are using to connect to the network resources via the VPN. The subsequent chapters deal with this issue. They discuss the concept of Cisco Secure Desktop, which has been built specifically for the purpose of providing a secure local environment while users access network resources. When a user has disconnected from that resource, any cached settings and credentials that were used can be cleared to prevent any replay or session-based attacks, or identity theft etc.

Up until now all discussion has been inside the arena of the VPN service provider. Nothing has been said about the clients who would be using the VPN technology to connect to the remote network and associated resources. From here onwards, the book starts dealing with that issue. Firstly, the good old Cisco VPN Client is discussed.

Topics covered are based on deploying, installation, setup and management of this software on the client side. The concept of the Easy VPN Solution has been introduced here as well. And here again, the author has followed the trajectory of explanation that starts from introduction → deployment → advanced techniques → customisation → authorisation → availability and performance. Topics related to implementation of VPN using ASA hardware are discussed along with IPSEC site-to-site VPN deployment. And again it follows the same path all the way to availability and performance. The regular exam-related resources are present as well i.e. Exam Preparation, Appendixes, CD media with memory tables etc, which is the last pitstop for this book.

Summary

Ensuring network security is a long and arduous journey and, with an increasing number of people going around with the intent on network disruption and jeopardising network resources, it is imperative that as a network administrator you ring fence what is valuable. This title, and the associated certification, is an essential tool for that very purpose. This not a beginner’s guide, the author has done a brilliant job of ensuring the concepts are clear and the understanding of the technologies is solid.

This is a ‘must have’ weapon in your arsenal of network security.

CCNP Security FIREWALL 642-618 Official Cert Guide

2014-02-09T22:02:58+11:00

Title:            CCNP Security FIREWALL 642-618 Official Cert Guide
Authors:        David Hucaby, Dave Garneau, Anthony Sequeira
ISBN-10(13): 1587142716
Publisher:      Cisco Press
Published: June 3rd 2012
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

Cisco CCNP Security Firewall is a one stop shop for all professionals who value their network security and give it their highest priority. It teaches you how to work and play with devices like the Cisco ASA family, and works as a definitive guide to all forms of network security features.

The publication is a master class in itself. Not only does it inform us about each Cisco ASA device, but also skilfully explains various types of network security flaws, weaknesses, points of security failures and attacks. Then it goes about explaining how such network security issues can be dealt with by showing a corresponding firewall feature to counter such risks. This publication carries all the other hallmarks of Cisco publications such as the ‘Do I already know this?” quiz after each chapter, key topic pointers, note sections and a very clear topical approach about the entire subject matter. So let’s dig in deep to understand what awaits us in the world of Cisco ASA family, and why CCNP in Security on Firewalls is a skill much needed by a network manager.

Features

As mentioned, the formative chapters of this publication are spent on explaining various network security flaws, weaknesses, points of security failures and attacks. But, before that, there is an introductory chapter on firewalls. Extensive explanations are given based on scenarios as to when, where and why it is imperative to preserve a network resource.

Our world is being steadily governed and managed by the use of IT and networks are becoming its backbone, which is why defending the integrity of a network and protecting data becomes so much more important. One should treat a network like one’s own home. Much care and effort goes into running of a home that houses a family. As a home owner you tend to implement every caution and protection possible to ensure that no harm comes to it or its occupants. The same goes for a network.

Cisco’s treatment of security issues for a network takes a very similar path. It explains how important your network is and then it shows how it can be attacked and breached. Finally it shows you how to effectively use various features of firewalls to protect against, and in turn prevent, such intrusions. It mainly bases the concepts on the ASA family of devices, hence readers will get to know how to communicate with such devices. Further on, they will learn how to do basic tasks and, by the end, be able to implement complex and more secure firewall features.

Much emphasis is given to the configuration of various types of ASA interfaces. It addresses the features of an ASA’s capability to provide IP addressing information to network nodes it is protecting i.e. working as a DHCP server or relay. Being a device itself, an ASA will need its own monitoring and management. Also any work or configuration or access to an ASA device will need its audit trail. All such issues are dealt with in depth. Features like NAT have been addressed in detail.

There is a quick overview of the concept of NAT itself, along with benefits and what’s required to implement this. And then finally it starts talking about one of the most important aspects of this title, how to control access by using an ASA device. This forms the core of Cisco ASA. There is an overview of access controls and access rules.

New concepts like Global ACL are introduced in this publication. Pass through analysis of traffic to ensure protocols are meeting criteria set in security policies for a particular network is another key issue that is explained. Another neat feature was the ability to control access and provide proxy services based on the identity of a user on the network.

Traffic handling and management by an ASA device is a very interesting topic, traffic prioritization and bandwidth control were the key issues discussed under this topic. I particularly found the chapters on firewall modes informative, not that I’m saying the others are not. Up until then I didn’t realise that ASAs could perform their functions in a non-transparent router-like mode, and a transparent bridge-like mode. But then the penultimate chapters started throwing in some high value trump cards like virtual firewall based on specific users, high availability, modules and special cards to deploy integrated services for entire organisations, and traffic analysis tools.

Once I had finished going through the chapters, my brain was buzzing at the thought of being able to implement some of these features on the next ASA I get my hands on. But then reality kicked in and it reminded me of the purpose of a certification that goes along with this publication, which cannot be ignored. At the end of the day, this book empowers you to deliver some killer punches to any network security threats, but only once you have proved to yourself, and of course to the Cisco certification community, that you are worth your CCNP in gold.

Summary

I was not let down by this publication. But I can’t remember a Cisco publication that didn’t deliver its objectives. As mentioned time and time again, networks are important to us and so is their security and integrity. It is in our best interest to ensure that they work in a safe environment. Intrusions, hacks and breaches are constant threats, we can surely implement features to stop them and prevent them.

One sure way to fulfil that requirement is to put the subject matter of this publication to good use. A CCNP is a valuable certification, but a CCNP done under the Security banner with Firewalls is more valuable still. This review ends with two key phrases – the certification is very much needed, and the publication is highly recommended for that purpose.

Your CCIE Lab Success Strategy: The Non-Technical Guidebook

2014-02-09T22:02:58+11:00

Title:            Your CCIE Lab Success Strategy: The Non-Technical Guidebook
Authors:        Vivek Tiwari & Dean Bahizad
ISBN-10(13): 1470103168
Publisher:      CreateSpace
Published: March 2nd 2012
Edition:         1st Edition
Language:     English

Reviewer: Arani Mukherjee

This is a review of a guide book, a non technical guide which travels through various aspects of preparing for a CCIE. Achieving a CCIE is no mean feat and, I must admit, it is my ambition to do so one day. After reviewing this book I know exactly what I am going for and I know exactly what to expect. This book has a very balanced approach towards anything and everything that is involved in gaining a CCIE. I must give full credit to the authors for making this book an easy read and insightful.

Features

While going through it, I liked a quote which goes like this: “…if you have a huge task which is outside your comfort zone, you need to break it down into smaller manageable chunks”. It instantly reminded me of something my father once told me: “A goal sometimes is too big, and at times might tend to be a bit vague. What you need to do is to break it down into small, achievable objectives.” I found this theory being practised throughout the entire text. This is most refreshing about this book.

At the beginning, the authors describe certain scenarios where people tend to get sidetracked or even discouraged while pursuing CCIE. I immediately identified with one of them, even though the target was not CCIE itself. The mere fact that most CCIE aspirants will be able to relate to at least one of the scenarios makes this book very appealing.

Through life’s various experiences I have learnt that there are two ways of doing anything, the easy way and the right way. CCIE doesn’t have an easy way. Let’s all unanimously agree on that. So all we are left with is the right way. And this book is textual proof of that.

Certain aspects of this book really got me thinking. I loved the analogy of achieving CCIE being akin to transforming from a trained doctor to a neurosurgeon. What better way to say that a CCIE is elite.

Most chapters (and there are 37 of them in total) have a ‘What We did’ section at the end. Feel free to take lessons from what the writers went through while they went about conquering their quest for CCIE.

One of my favourite chapters is no. 9 – “Set a clear Prize for Success”. Perhaps I might think of some examples of prizes to add to the list of cruises, vacations, bikes or watches when I finally manage to conquer this milestone.

Of the several underlined phrases in this book, one that will remain with me for the rest of my life is “… fuel the fire of intention, and propel yourself towards the position of your desire”. Perhaps this is applicable to not only a CCIE, but many other things in life.

The book makes a valid point about knowing one’s own learning technique. This is quite crucial when preparing for something like CCIE and it helps you to make the most of any type of training material available.

This book comes with advice on how to keep healthy while preparing for CCIE. I haven’t personally seen a single book til now which shows how you need a healthy body to have a healthy mind. Who doesn’t want to be ‘a CCIE with six pack abs’?

The chapters on ‘Do’s’ and ‘Don’t’s’ were particularly enlightening. They were quite objective and would apply to most aspirants.

The timeline strategies in the penultimate chapters are quite exceptional. I absolutely loved the naming of the various timelines and I wouldn’t dare give it away in this review, lest it diminishes this book’s charm in any way.

Summary

This book is clearly inspirational, motivational and, if I might also add, therapeutic. It is a roadmap. Stories, guidelines, personal anecdotes and experiences form part of an essential structure which will not only inspire you, but also help you in your CCIE quest. It makes a very important point about successes and failures. Not only is it important to enjoy your successes, but it is more important to manage your failures. This book does a wonderful job of giving an insight into both aspects.

The authors have done a great service to one and all by writing this book. When I mentioned earlier in this section that this book is therapeutic, I am not being too generous in my compliments. Once any reader has gone through this book he or she will understand that my claim is justified. When I finally arrive at the juncture in my life when I need to prepare for CCIE, I know exactly what to add to the repertoire of study materials.

CCNA Wireless Official Exam Certification Guide (CCNA IUWNE 640-721)

2014-02-09T22:02:58+11:00

Title:            CCNA Wireless Official Exam Certification Guide (CCNA IUWNE 640-721)
Authors:        Brandon James Carroll
ISBN-10(13): 1587202115
Publisher:      Cisco Press
Published: November 2, 2008
Edition:         1st Edition
Language:     English

Being a Firewall.cx reviewer has its perks, but even we were excited to get hold of the official Cisco source book for the new CCNA Wireless exam. Because both the book and exam are new it would be hard to review one without the other, so one of us duly went out and used the book to pass the exam. Only on Firewall.cx will you find such dedication…

Overall the book is worthy of its name; it's a solid and reliable textbook and is everything you'd expect from Cisco Press. What you might not expect, however, is that it's also surprisingly readable and will be just as useful to those wanting a comprehensive overview of wireless networking as those on the certification trail.

The topics covered are:

• Understand WLAN fundamentals:

• 802.11a/b/g protocols covered in depth

• Bluetooth, WiMAX, ZigBee, cordless phone are covered briefly.

• Wireless regulatory bodies, standards and certifications (FCC, ETSI, 802.11a/b/g/n, WiFi Alliance)

• WLAN RF principles (antenna types, RF gain/loss, EIRP, refraction, reflection, ETC

• Install a basic Cisco wireless LAN

• Cisco Unified Wireless Network architecture

• Cisco Mobility Express Wireless architecture

• Configure a WLAN controller and access points WLC: ports, interfaces, WLANs, NTP, CLI and Web UI, CLI wizard, LAG AP: Channel, Power

• Install Wireless Clients on various operating systems

• Windows, Linux, MAC

• Using ADU, ASTU and diagnostics tools with Cisco wireless LAN adapters

• Implement basic WLAN Security

• Operate basic WCS (Wireless Control System)

• Conduct basic WLAN Maintenance and Troubleshooting.

The writer builds your knowledge from the ground up, in the right direction most of the time, and doesn't leap off into the world of Cisco equipment until chapter 10. The book is filled with useful diagrams and illustrations; you can hardly find 3 or 4 consecutive pages without a figure. There are also pictures of the Cisco devices to illustrate what you might see in the real world. This is useful because this sort of high-end kit is not frequently available in small businesses or homes.

A case in point is the Cisco Unified Wireless Network (CUWN). Most engineers deal with autonomous or stand-alone access points whereas with CUWN all the APs in an organization are controlled remotely through a unified management system. When done correctly this makes it a breeze to manage tens if not hundreds of APs, but you're unlikely to be able to pull this together for hands-on experience in your personal Cisco lab.

For the exam there is a lot of software/hardware like this that you need to know but might struggle to get hold of. This is where this book's illustrations and step-by-step walkthroughs really help. The author says: “The newer Cisco certification exams have adopted a style of testing that essentially says, “If you do not know how to do it, you will not pass this exam.” This means that most of the questions on the certification exam require you to deduce the answer through reasoning or configuration rather than just memorization of facts, figures, or syntax from a book" . The book addresses this very well by using real-life scenarios.

The book is sensibly structured and easy to use. It describes the goals of the exam and the way to conquer it, with strategies for exam preparation in both the introduction and at the end. Each chapter starts with a “Do I know this already?” quiz so that advanced users can easily skip to the next chapter and find their level within the material. And key topics are highlighted, which helps when you want a final review before the exam.

The included CD comes with exam simulation software and well over 200 questions. This is an absolute must because the more questions you tackle, the greater the chance you'll pass. It's worth mentioning that our reviewer found the exam a little new and immature in places so this practice will serve you well.

In conclusion, this book will definitely help you achieve certification, also it's a good buy if you just want to understand wireless networking in theory and practice. There are a few typos and editorial slips but not many and, given the scope and newness of the title, this is a very good first outing that can only get better with future editions.

We have no hesitation in giving it a well-deserved 4 out of 5 and we can assure you it won't be sitting idle on our bookshelves. If you're serious about wireless networking, make room for it on yours.

CCNA Practice Questions (Exam 640-802)

2014-02-09T22:02:58+11:00

Title:            CCNA Practice Questions (Exam 640-802)
Authors:        Jeremy Cioara
ISBN-10(13): 0789737140
Publisher:      Cisco Press
Published: April 13, 2008
Edition:         3rd Edition
Language:     English

Writing a book to help you prepare for and pass an exam is no easy task but the author and publishers have done a fine job here. Don't be misled by the title – you can find practice questions in a variety of places but when you begin to use this book you realize that you have something more than just questions and answers.

The first extra appears the moment you turn back the front cover; a CCNA cram sheet usefully printed on stiff card which you can tear out and take with you for those last nervous minutes in the exam centre. Nicely laid out and grouped under logical headings are all the facts you need to have in your short-term memory before your date with destiny. There are no subnetting cheats or tables however; if you're reliant on these you'll need to add them yourself.

Another gem can be found at the foot of the page containing the publisher's blurb that nobody ever reads. If you're a Safari fan, you'll find here the access codes to get 45 days of unrestricted online access to the book absolutely free. Choose your start date wisely and you could really benefit from this as you study.

In the book itself you find not one but two contents lists. The first and shortest of these shows which sections relate to each part of the CCNA syllabus. That's right; although the book gives you everything you need to sit the 640-802 combined exam you can also use it to prepare for each of the twin exams 640-822 and 640-816 without studying unnecessary material. The second contents list breaks the material out into chapters.

The chapter structure is excellent with thoughtful design and layout to help you access the material efficiently. Each chapter begins with an overview of the subject area followed by the questions themselves. These are written to make you think about the material and test your understanding while still requiring multiple-choice answers. You'll also find screenshots, sample output and exhibits (diagrams) as you would in the exam. The author has done a good job of including the kind of phrasing and underlying Cisco mentality you are going to come across in the exam; this is valuable as it teaches you to think in the right way to score those all-important marks.

For each question the right-hand margin offers links to both a quick answer and a detailed answer; the former for checking your score and the latter for when you got it wrong and want to know why. We checked a sample of questions across the book and found without exception the questions to be fair and the answers lucid and correct. However we did find one typographical error which sent us screaming to the Detailed Answer section to find out what was going on. In case you buy the book, and I still recommend you do, beware the lower case ‘b' in Question 9 on Page 6. But to put this in context, we're still awarding the coveted Firewall.cx 5/5 score.

Given the author's evident concern to help you pass it came as no surprise to find an exam simulator inside the back cover. The CD included is from MeasureUp and can be used in study mode or as a simulated 640-802 exam. This is a good product in its own right, and there's a coupon code on their advertising page to give you 20% off a further purchase.

Taking everything together, this is a really good book and one we have no hesitation in recommending. If you're studying for CCNA we're confident it will more than repay your investment.

CCNA Preparation Library

2014-02-09T22:02:58+11:00

Title:            CCNA Preparation Library
Authors:        Stephen McQuerry
ISBN-10(13): 1587054647
Publisher:      Cisco Press
Published: March 28, 2008
Edition:         7th Edition
Language:     English

I've recently had the chance to use and review the Authorised Self Study Guide CCNA and here are my thoughts/views.

Initially, on seeing the pack arrive on my desk, I was filled with dread. Here were two books about Cisco equipment that I had to read through, and which would theoretically give me all the skills I need to undertake the exam, which is quite a tall order, and I don't like doing exams and would rather just learn by using (and breaking) the equipment. So, imagine my surprise when I started to read the first book, and discovered that it wasn't as scary as I thought.

The first book in the set in designed around the ICND1 part of the exam. I opened the book and was very glad to see that the lessons started “right at the beginning” The book works on the idea that you have never done any computer network stuff before and takes you step by step through the basics. One of the things I enjoyed about the initial part of the book was that it didn't just “jump right in” but took time to explain the history of what it was teaching to help you understand more. As the book progressed I came to enjoy the history lessons, and the light and easy reading style of the book. Throughout the book, all the little acronyms are turned into “beginners speak” so you don't get lost in the terminology.

I found the progression of chapter in the book to be very clever. Before you move on to the next chapter, you will have covered quite thoroughly everything you need to understand the concept of the chapter. However, to make sure you have, they provide test questions at the end of each chapter. I have to admit that having got some of the answers wrong, I've gone back and re-read the section concerned. The one thing I feel would have been a nice addition would have been some software. My colleague had the chance to review the Exam Cram Study book and that has a simulated test/learning environment CD. I feel this might have been a good addition to the Lab Books, but maybe next time.

The further into the book you get, obviously the more technical it gets. At this point, I'd have started to get worried and “run away”. However, the book still managed to keep a light and easy style, thus making the difficult technical stuff easy to understand. One of the great things I found about the books is that sometimes there are concepts and ideas that you just can't read.

The people writing these books have obviously had occasions like that, and to resolve this, they put lots of pictures, screen shots etc. To me this was a blessing; there were occasions where the concept just didn't make any sense to me. However, the diagrams and screenshots made up for that. I found some of the diagrams and tables so useful that I've made my own version of them and now have them on and around my desk to help keep the ideas fresh in my mind.

One of the other benefits we can't miss to mention about the book, is the popular 'Safari Service'. No it's not something you do in a Landrover in the desert somewhere far off land. I'll let the book explain.

“This book is safari enabled"

The safari enabled icon on the cover of your favourite technology book means the bok is available through Safari Bookshelf. When you buy this book, you get free access to the online edition for 45 days.

Safari Bookshelf is an electronic reference library that lets you easily search thousands of technical books, find code samples, download chapters, and access technical information whenever and wherever you need it.

To gain 45-day Safari Enabled access to this book

Go to the website in the book and enter the code on the inside of the book.

Cool huh?

So, all in all, I'd recommend this book to anyone who wants to learn about Cisco equipment but doesn't know where to start.

Note to Editor.

My 4/5 rating was purely because I would have liked to see an accompanying CD with test questions/test exam. However, on a purely book review basis, I'd give the book a 5/5!

CCDA Official Exam Certification Guide (Exam 640-863)

2014-02-09T22:02:58+11:00

Title:            CCDA Official Exam Certification Guide (Exam 640-863)
Authors:        Anthony Bruno, Steve Jordan
ISBN-10(13): 1587201771
Publisher:      Cisco Press
Published: June 21, 2007
Edition:          3rd Edition
Language:     English

The Cisco CCDA is a highly respected Cisco certification, although not as popular as the CCNA. The CCDA certification was created by Cisco for professionals seeking the path of a network designer.

As one would expect, Cisco Press comes to provide another fine title that will help any CCDA candidate succeed in their path to conquer the exam.

While there are quite a few study guides out there promising to help you, this is perhaps the only one written by Cisco CCIE's with more than 10 years of experience.

The book is populated with around about 650 pages and 20 chapters full of great information and material that will surely cover beyond the CCDA exam needs. Of course, as with every Cisco Press title, the book is decorated with a very nice hard cover and the well known white-dark green colour combinations.

At the back of the book, you'll be happy to find a CDROM containing more than 200 practice questions for the CCDA exam and the full text in electronic format so you can carry it with you wherever you might be.

Neatly organised, the chapters are broken down into 5 main groups of which each one covers a specific range of topics related to each other:

Group 1: General Network Design

Group 2: LAN and WAN Design

Group 3: The Internet Protocol and Routing Protocols

Group 4: Security, Convergence, and Network Management

Group 5: Comprehensive Scenarios

What really amazed me is that each topic discussed contains numerous examples and adequate diagrams to ensure the reader understands what its talking about. Various questions that might popup are answered in most cases, proving that the content has been thourghly reviewed so no gaps are left.

The authors tone through out the book is comfortable and helps the reading process no matter how long a chapter might be. At the end of each chapter, you'll find the helpful ‘Foundation Summary' that will help you quickly revise the key points on the chapter you've read and then comes the great Q&A section which consists of around 20-25 questions to test yourself on.

Overall, I admit the book has left a very positive impression. Easy to read and follow with plenty of examples, questions and answers to help you get through the CCDA experience.

If you believe that a book is a good companion for your professional success, then this one will surely become one of your favourite!

A well earned 4/5 without hesitation!

Preventing Web Attacks with Apache

2014-02-09T22:02:58+11:00

Title:            Preventing Web Attacks with Apache
Authors:        Ryan C. Barnett
ISBN-10(13): 0321321286
Publisher:      Addison-Wesley Professional
Published: February 6, 2006
Edition:         1st Edition
Language:     English

According to Netcraft's latest Website Server Survey (February 2006), over 68% of internet websites are hosted on Apache servers. This presents a large group of potential targets for malicious attacks.

'Preventing Web Attacks with Apache' attempts to provide a comprehensive treatment of the thorny area of web server security with the sole emphasis being on Apache. Initial doubts about the viability of a 500 page treatise on securing an Apache server were dispelled by the in-depth and thorough approach of the author.

The book kicks off by exposing common misconceptions about web server security. For example, the fact that web servers need to have ports 80 (http) and 443 (SSL) open in order to function properly means that the effectiveness of security measures such as firewalls, DMZs and intrusion detection systems is somewhat diminished.

The proper configuration of the underlying operating system is then highlighted as the first line of defence. Issues such as the timely application of vendor patches, disabling of non-essential services, user management and proper application of file permissions are addressed.

At this stage it is necessary to note that the author has tailored the book specifically to cater for the 2.0 version fork of Apache as opposed to the 1.3 version. This is in spite of the fact that the 1.3 legacy version holds the majority of market share. His reason is that the version 2.0 fork contains a number of new security features, amongst other improvements, which make it easier to secure. Therefore users of the 1.3 version will need to take this into account when reading the book. Obviously, the general principles of "OS-hardening" and other common features, which both forks still share, will ensure that the book is still a useful read for version 1.3 administrators.

The exhaustive approach is continued with a chapter dedicated to downloading and compiling the source code, while another 40-page chapter provides secure settings for httpd.conf, the primary configuration file for Apache. An interesting comparative exercise was performed using Nikto, the popular open-source vulnerability scanner. The scanner was run initially against a newly installed Apache server with the default configuration, and then again after httpd.conf had been "hardened" with revealing results.

Apache has been designed so that its functionality can be extended by the installation of additional modules. Chapter 5 deals with the installation and configuration of security-related modules that can be added to Apache in order to improve its security.

The installation and running of the CIS Apache Benchmark Scoring Tool rounds up the first part of the book, which concentrates on securing Apache and the underlying operating system. The second part of the book majors on the protection of web applications that run on top of Apache.

A vast array of possible web threats such as SQL injection attacks, cross-site scripting and path traversal attacks are detailed with corresponding countermeasures. These concepts are then applied to a suitably named demonstration web application called Buggy Bank. The use of web honeypots is also covered with a whole chapter on an open web proxy honeypot project conducted by the author.

Finally, a practical scenario is enacted to allow the application of appropriate Apache countermeasures to a vulnerability alert email. Step by step details are provided making use of skills acquired in the previous chapters.

This book will serve as a very useful tool to anyone charged with securing web servers, especially those running Apache. Concepts are clearly presented and then demonstrated using practical illustrations and examples.

Extrusion Detection, Security Monitoring for Internal Intrusions

2014-02-09T22:02:58+11:00

Title:            Extrusion Detection, Security Monitoring for Internal Intrusions
Authors:        Richard Bejtlich
ISBN-10(13): 0321349962
Publisher:      Addison-Wesley Professional
Published: November 18, 2005
Edition:         1st Edition
Language:     English

Following the success of ‘ The Tao of Network Security Monitoring' last year, world renowned security expert Richard Bejtlich raises once again the standard for security professionals, this time by focusing on analyzing threats coming from within our network - a kind of underestimated area.

Traditionally, the point of network security is about keeping the bad guys out of a network – ‘out' being where we hope they are to start with. Possible points of entry are considered to be devices accessible from the outside in some way, mostly servers and perhaps routers. Workstations with no address on the network have no apparent footprint that would betray their existence, so if potential intruders don't even know the hosts exist, and are unable to make any connection to them, how could they possibly exploit them? The truth is they can, in many ways, using not only technical skills but imagination and ability to exploit the human factor - against which no automated procedure or device can defend for long.

Furthermore, many administrators put all their effort and resources into trying to design an impenetrable network infrastructure, but ignore the fact that every prevention measure is bound to fail at any moment. These administrators put little or no thought into the possibility of a real intrusion and, as a result, when it occurs the network infrastructure they've built doesn't allow them to cut their losses to a minimum, regain control in a timely manner and collect credible evidence that may lead to a future investigation.

This, Richard Bejtlich's second book on the subject of network security, attempts to establish into readers' minds a solid grounding on how things are, while emphasizing common misconceptions of the past. By intentionally introducing concepts like “Extrusion Detection”, “Defensible Network” and “Pervasive Network Awareness” instead of relying on popular synonyms/counterparts, he addresses issues that have not been addressed - or given the appropriate importance - elsewhere.

Extrusion Detection is an extraordinary book in the sense that it moves in parallel between theory and practice, suggesting ways of thinking or functioning and explaining how these could be implemented utilizing available software.

Who should read this book?

Everyone will find in this book valuable ideas never considered before. Well, of course this is a network-security book, so those that will directly benefit from it are administrators and architects of large networks - or anyone that expects to find himself in such position.

What will you learn from this book?

Richard Bejtlich's book will take you deeply into the following skills:

• Designing defensible network infrastructures. As you will find out, a defensible network is a superset, and more accurate version, of what is referred to elsewhere as a “secure network”. Given the fact that there can be no totally secure network, a defensible network is the best security status that can possibly be achieved through designing, monitoring, controlling and policing procedures.

• Deploying Intrusion Detection/Prevention Systems in a way that will maximize their efficiency.

• Following a series of technical practices to minimize the possibility of exposure of internal networks to the outside. Also dealing with the network effects of host-centric security threats like viruses, trojans and worms, through traffic-control means.

• Designing and following security policies that will minimize the resistance, detection and counter-act abilities of internal networks to any intruders.

• Overcoming possible technical obstacles in order to have an appropriately monitored network, in other words achieving Pervasive Network Awareness . Available hardware and software products, as well as methods for their optimum deployment, are described in detail.

• Utilizing well-established techniques, like routing and traffic filtering/control in multiple layers to increase the network's defensibility.

• Capturing, analyzing, safekeeping and concentrating traffic in various levels. Making distinctions between malicious and legitimate traffic, detecting misconfiguration anomalies and taking the appropriate course of action in each circumstance.

• Responding, in the event of an intrusion, in a way that will minimize the consequences and the extent of the intrusion while gathering, analyzing and preserving all possible evidence. Classifying/assessing any possible threat and making the best decisions in real-time.

• Presenting evidence and conclusions derived by technical means, in a courtroom or to another, non-technical audience.

Recommended skills to get the most out of this book:

• Familiarity with basic networking and security concepts is required. You need to understand how TCP/IP works, how traffic filtering applies and how intruders commonly attack.

• Familiarity with open source operating systems is highly recommended. Though the book is written in such a way that its concepts apply beyond specific operating systems or other software and any specific instructions serve only as examples, it is true that some of the best security-related products are only available for unix platforms, so you should know how to find your way around installing and configuring them.

• Host-based security practices are not discussed, the reader is expected to know how to productively administer and secure the operating systems he deploys.

• Some of the techniques discussed involve writing basic scripts to make their deployment worthwhile and/or possible. Basic understanding of programming principles and familiarity with some scripting language is highly recommended.

• Extrusion detection does not differ in concept from intrusion detection. Any experience in intrusion detection techniques can easily be applied to extrusion detection and would be beneficial. Readers that are looking for a more thorough reading regarding those techniques are highly encouraged to read Richard Bejtlich's “ The TAO of Network Security Monitoring”.

Conclusion: This is a must-read for all security professionals or enthusiasts, networking architects and administrators that like to know what's going on in their network. I am confident that 90% of everyone that read it will make haste to implement many of the valuable ideas suggested, right after they finish reading!

The Symantec Guide to Home Internet Security

2014-02-09T22:02:58+11:00

Title:            The Symantec Guide to Home Internet Security
Authors:        Andrew Conry-Murray, Vincent Weafer
ISBN-10(13): 0321356411
Publisher:      Symantec Press
Published: September 3, 2005
Edition:         1st Edition
Language:     English

Windows is today by far the most popular platform for workstation and desktop computers. However, it has also proven to be the most susceptible to a wide variety of attacks, many of which being of a distributed (mass-spreading) nature.

Regardless of the important steps that Microsoft has taken to provide a sufficient out-of-the box level of security, a default Windows installation remains far from secure and not likely to survive for long against the various hazards that access to the Internet hides.

Truth is that few users are even aware of these hazards -until it is too late-, much less being able to make an educated choice among all these protective software titles with fancy names out there.

This is where Symantec Guide to Home Internet Security comes to the rescue, offering a consistent and easy to comprehend source of information to both the completely novice users and those with limited knowledge in the ways of computer security.

Without going into unnecessary technical details, it explains all that a user needs to know to protect his privacy in windows environments. For those that do not know, Symantec has been established as one of the leading companies in the field of computer security globally, offering it's own quality software solutions -with best examples the Norton Anti-Virus and Internet Security suite.

However this book is in no way written to promote or focus to any specific software. It aims to educate the reader so that he is able to make his own sensible choices of security-related software and it definitely succeeds in it... Symantec's Guide to Home Internet Security is of the few security-related books that demand no experience or previous knowledge.

In it's about 200 pages, it manages to teach with illustrative examples, tables and images everything from the ground, without becoming tiresome or confusing to the reader at any point. The material covered is well distributed into 10 chapters.

More specifically:

Chapter 1 is a short introduction to the main types of Internet risks. It shows how the Internet is full of cunning/malicious users that will do anything to take advantage of every valuable bit of information that we exchange.

Chapter 2 covers the most well-established techniques of identity-stealing. It teaches you important methods to prevent them and react in the event of identity theft.

Chapter 3 explains the logic behind firewalls, in which cases they can protect us and how they can be used to effectively do so.

Chapters 4 and 5 cover the large subject of Malware (malicious software). You will learn in what ways Viruses, Worms, Spyware, Adware and Trojan horses can harm your system, how you can minimize the possibility of being infected, in what ways you can utilize protective software as a measure of prevention and restoration and what are the criteria according to which you should choose those software products.

Chapter 6 continues with the subject of SPAM messages, whether they just carry annoying advertisements or act as means of Information Phising and Social Engineering techniques. This chapter will teach you a great deal of these techniques, how to filter out SPAM messages and determine the validity of any potentially harmful message.

Chapter 7 focuses generally on good practices for keeping your Windows system in good health.

Chapter 8 is dedicated in presenting methods for protecting other members of your family/environment that will use your computer with possibly less knowledge about security or underage from unwanted content. Windows features and extra tools for filtering access to unwanted content are described, along with recommendations for optimum implementation.

Chapter 9 speaks about security in Wireless/Portable devices and VoIP applications. Common usage mistakes are pointed with regard to the severity of their potential exploitation. Finally,

Chapter 10 introduces the basic principles of cryptography, it's most widely used applications and possible ways that we can take advantage of it to protect our privacy.

Conclusion: If you are not familiar at all with security or have your doubts in some things, this book can literally save you! The material covered is absolutely necessary for the survival of any windows station connected to the Internet and reading Symantec's Guide to Home Internet Security is probably the easiest way to learn it.

The Hack - Counter Hack

2014-02-09T22:02:58+11:00

Title:            The Hack - Counter Hack
Authors:        Ed Skoudis
ISBN-10(13): 013047729X
Publisher:      Prentice Hall PTR
Published: Year 2002
Edition:         1st Edition
Language:     English

This is a review of a video lecture series targetted at network administrators and people who are looking to start a career in the security field. It will also go down well with people who are pressed for time, as you can handle each section of the course on your own time, something that invariably doesn't happen with a book.

The lecturer, Ed Skoudis, is very well known in the security community and regularly lectures for www.sans.org - one of the premier information security sites on the web. The course consists of two CD's which have videos broken down into different sections, also included on the CDs are all the tools he demonstrates during the lectures, as well as a sample chapter from a book he has recently authored. If that were not enough, you also get a workbook to go along with the lectures so that you can revise important information and write your own notes alongside the key points.

The whole approach of the CD is very hands-on, which is a refreshing change from the drab texts that we've all poured over at some point or the other. The course starts from scratch and in the introductory lecture, Skoudis walks you through a full installation of both Windows XP and Redhat Linux 7.2 on two separate machines so that you can have your own laboratory to try the tools out.

Whenever he is demonstrating something, the camera focuses right in on his monitor so that you can see exactly what he is typing at each screen. After you've set up the two systems, he talks you through getting them properly networked, and gives you a few tips on the hardware to buy when setting up your lab.

The rest of the lectures cover the five phases an attacker will use to get into your network. Using the laboratory created at the start, he demonstrates different tools an attacker will use at different stages. This approach is uncannily similar to the Introduction to Security Article we recently published here, and in fact we feel this course and our article complement each other very well.

Both break down attacks into the same broad phases :

• Reconnaisance
• Scanning
• Gaining Access
• Maintaining Access
• Covering Tracks

And then get into the details of each phase.

The teaching methodology on this CD is fairly unique:

Skoudis first uses slides to explain the concept behind what the attacker is doing, before firing up the appropriate tool and showing it to you in action, after this he explains how you can secure your network against a tool of this kind. You will see him use wardialers, portscanners, sniffers, remote access trojans, covert channel systems, rootkits and more.

Best of all, you can try out exactly what he is doing using the tools included on the CD, you're not just left with a theoretical concept, you can implement the attack and figure out how to secure yourself against it. The course is also fairly evenly divided between Windows and Linux, he uses both operating systems to perform different attacks, and often attacks one system from the other. This ensures that the information will be relevant to you no matter which operating system you work with.

All in all this is an excellent primer to network security. Don't go looking for hard core technical details in this one, its targeted at people who understand the basics of networking but want to be shown their way around the complex world that makes up information security. What you'll get here are solid facts, a lot of tried and tested 'best practices', and a slickly executed demonstration of how real world tools work.

Skoudis has a way of illustrating concepts very clearly, if he uses a technical term, he will invariably give a laypersons explanation for it before proceeding. That said, I would have liked it if he applied the same practical approach that he uses for demonstrating attackers tools to showing how to secure the systems. It would also have been nice if the CD had come bundled with Realplayer (which is required to view the videos).

The Tao of Network Security Monitoring: Beyond Intrusion Detection

2014-02-09T22:02:58+11:00

Title:         The Tao of Network Security Monitoring: Beyond Intrusion Detection
Authors:        Richard Bejtlich
ISBN-10(13): 0321246772
Publisher:      Addison-Wesley Professional
Published: July 22, 2004
Edition:         1st Edition
Language:     English

Every once in a while you come across a book that really opens your eyes. One that talks in-depth about something completely different.

Unfortunately, most technical IT books are rehashes of a bunch of papers and tutorials off the net, and you often wonder whether the time you spent reading the book would have been better spent on google.

The Tao of Network Security Monitoring is not one of these books. It is with great pleasure that I am reviewing what I consider one of the most informative and well written books I have ever come across.

Network Security Monitoring (NSM) is half a science, and half a black art. It requires an in-depth knowledge of packets, protocols, applications, vulnerabilities and black hat tactics. This book focuses on the philosophy behind NSM, the skills required, the tools you need, and the way to set up an effective NSM operation.

The author, Richard Bejtlich, is a former Air Force intelligence officer, and the approach he dictates is almost military in nature. This book covers an introduction to security, what NSM is, how to deploy it, the best tools for the job and the types of things you will see.

I was most impressed by the analysis of normal versus suspicious versus malicious traffic. Since deep packet inspection is one of my hobbies, I am no stranger to reading data off the wire, but I was amazed by the amount of information this man was able to glean by looking at a simple DNS packet !

He explains the differences between full content data (logging everything to the application layer), session data (looking at just the different conversations between hosts), and statistical data. Everything in this book is practical, you can even go to the website and download the same packet traces he uses for explanation and run through them yourself.

This book taught me about a host of new tools, from Argus, to the incredible SGUIL. It taught me a lot of tricks about designing a top notch NSM collection and analysis setup, and more than anything, it introduced me to a completely new mind-set.

In short, this is at present the most enlightening book on my IT bookshelf. I strongly recommend it to anyone who is involved with networks or security. It will be of special interest to the sort of people who get a rush ripping up packets and understanding what happens below the surface. It also goes really well with firewall.cx, since most of the protocols talked about are explained here in detail.

If there is one disappointment, it's the absence of an included CD-ROM containing tools, or perhaps a live FreeBSD CD (Freebie) like the one he introduces in the book.

This one gets a scorching 4/5. Get it now, and open your mind !

HACK I.T - Security Through Penetration Testing

2014-02-09T22:02:58+11:00

Title:         HACK I.T - Security Through Penetration Testing
Authors:        T.J. Klevinsky, Scott Laliberte, Ajay Gupta
ISBN-10(13): 0201719568
Publisher:      Addison-Wesley Professional
Published: February 11, 2002
Edition:         1st Edition
Language:     English

Hack I.T. – Security Through Penetration Testing, is probably the only book you'll find devoted to the subject of penetration tests and their methodology.

When I first saw it, I was intrigued because most other security books will tell you the usual stuff and then get down to the hardening bits. Since I pen-test as a profession, I had to get my hands on the book.

My initial impression of the book was that it was just a review of a whole lot of tools – however after reading through it further, I realised that there was a lot of very useful information involved. I hadn't heard about a large number of the tools they were talking about, and picked up some very interesting tips as well.

This book is an incredibly useful reference when you're in the middle of a test and want to look up the right tool, or figure out a new technique. I have assigned it a permanent place in my travel bag from now on.

The book is broken up into different sections like scanning, sniffers, trojans, remote access, firewalls, password crackers, web-testing tools, IDS's etc. Each section then describes at least 5 tools in that category. You wont find yourself laden down with a whole lot of theory in this book, it is here to show you that this is the right tool for the job, and does that well.

Another thing I really liked is the appendixes at the end. One of them covers different sources (websites, mailing lists etc) where you can keep up to date with security information. I've found a few good sites there already. The second one is a collection of the top 20 most common vulnerabilities as put together by the guys at SANS. Very useful stuff.

As with most I.T. books, you get a CD bundled. This is also a pleasant surprise, as it doesn't have the same collection of tools that you tend to find with other books. You get demo versions of industry strength software such as Realsecure and Internet Security Scanner, as well as Nessus and a few other miscellaneous goodies.

If I have one grouse about this book, its that I wish it went into a little more detail with some of the tools. While Windows enumeration may get a whole section, there is a lot less for the *nix world, and practically nothing for Solaris. However this is well offset by the very useful methodology they provide (I have started using a lot of their data management tips and tricks). All in all, this one gets a 3/5.

Exploiting Software

2014-02-09T22:02:58+11:00

Title:         Exploiting Software
Authors:        Greg Hoglund, Gary McGraw
ISBN-10(13): 0201786958
Publisher:      Addison-Wesley
Published: February 27, 2004
Edition:         1st Edition
Language:     English

Anyone who's been in network security long enough will tell you that the current state of products and ‘solutions' to security problems are woefully inadequate.

Firewalls, intrusion detection systems, content filters and anti-virus solutions are all reactive technologies, and as a result, they fail to address the primary cause of security vulnerabilities.

This root cause is bad software. Viruses, worms and hackers exploit vulnerabilities in the design and logic of software applications to compromise, destroy and otherwise take control of important information. Once you accept this fact, you'll realize that the only path to good security is to write better code.

‘Exploiting Software – How to Break Code' is a book that fires up the hacker in me. It does not aim to teach you about the latest scanning tool, instead, it teaches you how to find and exploit vulnerabilities in systems. While many of the ideas in the book (such as the omnipresent buffer overflow) are not new, there is simply no literary comparison to the treatment given to them in this book.

Application security is one of the highest regarded and specialized technical services in the security industry, and thus, finding people (let alone books) that delve in-depth into the topic is rare and refreshing. The first day I used this book, I was on an application security project. The target application was a distributed database application running on SQL server with a web front-end.

I happened to have this book along with me, and while reading through it, the section on equivalent requests was something I hadn't tried – sure enough, 20 minutes later I had full control of the application and a very good impression of this book.

I particularly like the conceptual sections of this book, especially their idea of ‘attack patterns' – generic scenarios that often lead to compromise in systems. A thorough study of all these attack patterns will leave you a much better analyst than when you started out, and it definitely pays off when it comes to testing.

The book is also chock-a-block full of code, something that other books don't have the guts to do. Better yet, we're not talking about ‘hello world' stuff here, while reading the excellent chapter on root kits I finally realized that the device driver code I was trying out was way over my head. That's something you like to find, because it gives you something to learn.

The art of reverse engineering, disassembly, writing IDA-Pro plugins, black / white and grey-box techniques, advanced payload creation on multiple architectures – this book has it all. The only thing I can possibly say against it is that this it caters to a niche audience.

If you're not a coder or seriously into security however, large parts of the book may be inaccessible to you. However if you're a hacker, security tester or application developer and you don't own a copy of this book, you're not reaching your full potential.

Biometrics for Network Security

2014-02-09T22:02:58+11:00

Title:         Biometrics for Network Security
Authors:        Paul Reid
ISBN-10(13): 0131015494
Publisher:      Prentice Hall PTR
Published: December 30, 2003
Edition:         1st Edition
Language:     English

Network security has become the latter-day equivalent of oxymoronic terms like "jumbo shrimp" and "exact estimate."

Newspaper headlines are routinely peppered with incidents of hackers thwarting the security put forth by the government and the private sector.

As with any new technology, the next evolution of network security has long languished in the realm of science fiction and spy novels. It is now ready to step into the reality of practical application.

In Biometrics for Network Security , biometrics security expert Paul Reid covers a variety of biometric options, ranging from fingerprint identification to voice verification to hand, face, and eye scanning. Approaching the subject from a practitioner's point of view, Reid describes guidelines, applications, and procedures for implementing biometric solutions for your network security systems.

Coverage includes:

An introduction to authentication technologies and biometrics
Dealing with privacy issues
Biometric technologies, including finger, hand geometry, handwriting, iris, retina, voice, and face
Security concerns related to biometrics, including attempts to spoof or fake results
Deployment of biometric security systems, including vendor selection and roll out procedures
Real-life case studies

For security, system, and network administrators and managers, as well as anyone who is interested in the application of cutting-edge biometric technology, Biometrics for Network Security will prove an indispensable addition to your library!

Network Security Product Review: GFI LanGuard 2014 - The Ultimate Tool for Admins and IT Managers

2013-12-20T08:00:00+11:00

Review by Arani Mukherjee

For a company’s IT department, it is essential to manage and monitor all assets with a high level of effectiveness, efficiency and transparency for users. Centralised management software becomes a crucial tool for the IT department to ensure that all assets are performing at their utmost efficiency, and that they are safeguarded from any anomalies, be it a virus attack, security holes created by unpatched softwares or even the OS.

GFI LanGuard is one such software that promises to provide a consolidated platform from which software, network and security management can be performed, remotely, on all assets under its umbrella. Review of LanGuard Version 2011 was published previously on Firewall.cx by our esteemed colleagues Alan Drury and John Watters. Here are our observations on the latest version of LanGuard 2014. This is something we would call a perspective from a fresh pair of eyes.

Installation

The installation phase has been made seamless by GFI. There are no major changes from the previous version. Worth noting is that near the end of the installation you will be asked to point towards an existing instance of SQL Server, or install one. This might prolong the entire process but, overall, a very tidy installation package. Our personal opinion is to ensure the hardware server has a decent amount of memory and CPU speed to provide the sheer number crunching needs of LanGuard.

First Look: The Dashboard

Once the installation is complete, LanGuard is ready to roll without the need for any OS restarts or a hardware reboot. For the purpose of this review two computers, one running Windows 7 and the other running Linux Ubuntu, were used. The Dashboard is the first main screen the user will encounter:

Main Screen (Click to enlarge)

LanGuard will be able to pick up the machines it needs to monitor from the workgroup it belongs to. Obviously it does show a lot of information at one glance. The section of Common Tasks (lower left corner) is very useful for performing repetitive actions like triggering scans, or even adding computers. Adding computers can be done by looking into the existing domain, by computer name, or even by its IP address. Once LanGuard identifies the computer, and knows more about it from scan results, it allocates the correct workgroup under the Entire Network section.

Below is what the Dashboard looked like for a single device or machine:

(Click to enlarge)

The Dashboard has several sub categories, but we’ll talk about them once we finish discussing the Scan option.

Scan Option

The purpose of this option is to perform the management scan of the assets that need to be monitored via LanGuard. Once the asset is selected LanGuard will perform various types of scans, called audit operations. Each audit operation corresponds to an output of information under several sections for that device. Information ranges from hardware type, software installed, ports being used, patch information etc.

The following screenshot displays a scan in progress on such a device:

LanGuard Scan Option (Click to enlarge)

The progress of the Scan is shown at the top. The bottom section, with multiple tabs, lets the user know the various types of audit operations that are being handled. If any errors occur they appear in the Errors tab. This is very useful in terms of finding out if there are any latent issues with any device that might hamper LanGuard’s functions.

The Dashboard – Computers Tab

Once the Scan is complete, the Dashboard becomes more useful in terms of finding information about the devices. The Computers Tab is a list view of all such devices. The following screenshot shows how the various sections can be used to group and order the devices on the list:

LanGuard Computer Tab (Click to enlarge)

Notice that just above the header named ‘Computer Information’, it asks the user to drag any column header to group the computers using that column. This is a unique feature. This goes to show that LanGuard has given the control of visibility to the user, instead of providing stock views. As well, every column header can be used to set filters. This means the user has multiple viewing options that can be adjusted depending on the need of the hour.

The Dashboard – History Tab

This tab is a listed historical view of all actions that have been taken on a given device. Every device’s functional history is shown, based on which computer has been selected on the left ‘Entire Network’ section. This is like an audit trail that can be used to track the functional progression of the computer. The following screenshot displays the historical data generated on the Windows 7 desktop that was used for our testing.

LanGuard History Tab (Click to enlarge)

Information is sectioned in terms of date, and then further sectioned in terms of time stamps. We found the level of reporting to be very useful and easy to read.

The Dashboard – Vulnerabilities

This is perhaps one of the most important tabs under the Dashboard. At once glance you can find out the main weakness of the machine scanned. All such vulnerabilities are sub divided into Types, based on their level of criticality. If the user selects a type, the actual list of issues comes up in the right hand panel.

Now if the user selects a single vulnerability, a clearer description appears at the bottom. LanGuard not only tells you about the weakness, it also provides valid recommendations on how to deal with it. Here’s a view of our test PC’s desktop’s weaknesses. Thanks to LanGuard, all of them were resolved!

LanGuard Vulnerabilities Tab (Click to enlarge)

The Dashboard – Patches

Like the Vulnerabilities tab, the Patches tab shows the user the software updates and patches that are lacking on the target machine. Below is a screenshot demonstrating this:

LanGuard Patches Tab (Click to enlarge)

Worth noting is the list of action buttons on the panel at the bottom right corner. The user has the option of acknowledging the patch issue or set it to ‘ignore’. The ‘Remediate’ option will be discussed at a later date.

The Dashboard – Ports Tab

The function of the Ports tab is to display which ports are open on the target machine. They are smarty divided into TCP and UDP ports. When the user selects either of the two divisions, the ports are listed in the right panel. Selecting a port displays the process which is using that port, along with the process path. From a network management point of view, with network security in mind, this is an excellent feature to have.

LanGuard Ports Tab (Click to enlarge)

The Dashboard – Software Tab

This tab is a good representation of how well LanGuard scans the target machine and brings out information about it. Any software installed, along with version and authorisation, is listed. An IT manager can use this information to reveal any unauthorised software that might be in use on company machines. This makes absolute sense when it comes to safeguarding company assets from the hazards of pirated software:

LanGuard Software Tab (Click to enlarge)

The Dashboard – Hardware Tab

The main purpose of the Hardware tab is titular, displaying the hardware components of the machines. The information provided is very detailed and can be very useful in maintaining a framework of similar hardware for the IT Infrastructure. LanGuard is very good at obtaining detailed information about a machine and presenting it in a very orderly fashion. Here’s what LanGuard presented in terms of hardware information:

LanGuard Hardware Tab (Click to enlarge)

The Dashboard – System Information

Obviously, LanGuard was providing user specific information along with services and shares on the machines. This shows all the processes and services running on the machines. It also shows all the various user profiles and current users logged onto the machine. It can be used to see if a user is available on a machine, the shares that are listed, and identify them as authorised or not. Same can be done for the users that reside on that machine. As always selecting the System Information List on the right hand panel would display more details on the bottom panel.

LanGuard System Information Tab (Click to enlarge)

Remediate Option

One of the key options for LanGuard, Remediate, is there to ensure all important patches and upgrades necessary for your machines are delivered as and when required. As mentioned earlier in the Dashboard – Patches section, any upgrade or patch that is missing is listed with a Remediate option. But Remediate not only lets the user deploy patches, but it also helps in delivering bespoke software and malware protection. This is a core vital function as it ensures the security of the IT infrastructure along with its integrity. A quick look at the main screen for Remediate clearly defines its utilities:

LanGuard Remediate Main Screen (Click to enlarge)

The level of detail provided and the ease of operation was clearly evident.

Here’s a snapshot of the Software Updates screen. The layout speaks for itself:

LanGuard Deploy Software Updates Screen (Click to enlarge)

Obviously, the user is allowed to pick and choose which updates to deploy and which ones to shelve for the time being.

Activity Monitor Option

This is more of an audit trail of all the actions, whether manually triggered or scheduled, that have been taken by LanGuard. This helps the user to find out if any scan or search has encountered any issues. This gives a bird’s eye view of how well LanGuard is working in the background to ensure the assets are being monitored properly.

The top left panel helps the user to select which audit trail needs to be seen and, based on that, the view dynamically changes to accommodate the relevant information. Here’s what it would look like if one wanted to see the trail of Security Scans:

LanGuard Activity Monitor Option (Click to enlarge)

Reports Option

All the aforementioned information is worth gathering if it can be presented for making commercial and technical decisions. That is where LanGuard presents us with a plethora of reporting options. The sheer volume of options was a bit overwhelming but every report has its own merits. The screen shown in the screenshot below does not even show the bottom of the reports menu, there’s a lot to scroll below as well:

LanGuard Reports Option (Click to enlarge)

Running the Network Security Report provides a level of presentation which played with every detail, and wasn’t confusing with too much information. Here’s what it looked like:

LanGuard Network Security Report (Click to enlarge)

The graphical report was certainly eye catching.

Configuration Option

Clearly LanGuard has not shied away from letting users having the power to tweak the software to their best advantage. Users can scan the network for devices and remotely deploy the agents which would perform the repeated scheduled scans.

LanGuard Configuration Option (Click to enlarge)

LanGuard was unable to scan the Ubuntu box properly and refused to deploy the agent, in spite of being given the right credentials.

A check on GFI’s website for the minimum level of Linux supported showed that the Ubuntu was two versions above the requirements. The scan could recognise it as ‘Probably Unix’ and that’s the most LanGuard managed. We suspect the problem to be related with the system's firewall and security settings.

The following message appeared on the Agent Dialog box when trying to deploy it on the Linux machine: “Not Supported for this Operating System”

Minor issues identifing our Linux workstation (Click to enlarge)

Moving on to LanGuard’s latest offering, the ability to manage mobile devices. This is a new addition to LanGuard’s arsenal. It can manage and monitor mobile devices that use an Microsoft Exchange Server for email access etc. Company smart phones and tablets can be managed using this new tool. Here’s the interface for the same purpose.

LanGuard Managing Mobile Devices (Click to enlarge)

Utilities Option

We call it the Swiss Army Knife for network management. One of our favourite sections, it included some quick and easy way of checking network features of any devices or an IP Address. This just goes to prove that LanGuard is very well thought out piece of software. Not only does it include mission critical functions, it also provides a day to day point of mission control for the IT Manager.

We could not stop ourselves from performing a quick check on the output from the Whois option here:

LanGuard Whois using Utilities (Click to enlarge)

The other options were pretty self-explanatory and of course very handy for a network manager.

Final Verdict

LanGuard provides an impressive set of tools. The process of adding machines, gathering information and then displaying the information is very efficient. The reporting is extremely resourceful and caters to every need possible for an IT Manager. Hoping the lack of support for Linux is an isolated incident. It has grabbed the attention of this reviewer to the point that he is willing to engage his own IT Manager and query what software his IT Department uses.

If it’s not LanGuard, there’s enough evidence here to put a case for this brilliant piece of software. LanGuard is a very good tool and should be part of an IT Manager’s or Administrator’s arsenal when it comes to managing a small to large enterprise IT Infrastructure.

Interview: Kevin Wallace CCIEx2 #7945 (Routing/Switching and Voice) & CCSI (Instructor) #20061

2013-05-23T05:11:24+10:00

Kevin Wallace is a well-known name in the Cisco industry. Most Cisco engineers and Cisco certification candidates know Kevin from his Cisco Press titles and the popular Video Mentor training series. Today, Firewall.cx has the pleasure of interviewing Kevin and revealing how he managed to become one of the world's most popular CCIEs, which certification roadmap Cisco candidates should choose, which training method is best for your certification and much more.

Kevin Wallace, CCIEx2 (R/S and Voice) #7945, is a Certified Cisco Systems Instructor (CCSI #20061), and he holds multiple Cisco certifications, including CCNP Voice, CCSP, CCNP, and CCDP, in addition to multiple security and voice specializations. With Cisco experience dating back to 1989 (beginning with a Cisco AGS+ running Cisco IOS 7.x). Kevin has been a network design specialist for the Walt Disney World Resort, a senior technical instructor for SkillSoft/Thomson NETg/KnowledgeNet, and a network manager for Eastern Kentucky University. Kevin holds a Bachelor of Science Degree in Electrical Engineering from the University of Kentucky. Kevin lives in central Kentucky with his wife (Vivian) and two daughters (Stacie and Sabrina).

Firewall.cx Interview Questions

Q1. Hello Kevin and thanks for accepting Firewall.cx’s invitation. Can you tell us a bit about yourself, your career and daily routine as a CCIE (Voice) and Certified Cisco Systems Instructor (CCSI)?

Sure. As I was growing up, my father was the central office supervisor at the local GTE (General Telephone) office. So, I grew up in and around a telephone office. In college, I got a degree in Electrical Engineering, focusing on digital communications systems. Right out of college, I went to work for GTE Laboratories where I did testing of all kinds of telephony gear, everything from POTS (Plain Old Telephone Service) phones to payphones, key systems, PBX systems, and central office transmission equipment.

Then I went to work for a local university, thinking that I was going to be their PBX administrator but, to my surprise, they wanted me to build a data network from scratch, designed around a Cisco router. This was about 1989 and the router was a Cisco AGS+ router running Cisco IOS 7.x. And I just fell in love with it. I started doing more and more with Cisco routers and, later, Cisco Catalyst switches.

Also, if you know anything about my family and me you know we’re huge Disney fans and we actually moved from Kentucky to Florida where I was one of five Network Design Specialists for Walt Disney World. They had over 500 Cisco routers (if you count RSMs in Cat 5500s) and thousands of Cisco Catalyst switches. Working in the Magic Kingdom was an amazing experience.

However, due to a family health issue we had to move back to KY where I started teaching classes online for KnowledgeNet (a Cisco Learning Partner). This was in late 2000 and, even though we’ve been through a couple of acquisitions (first Thomson NETg and then Skillsoft), we’re still delivering Cisco authorized training live and online.

Being a Cisco trainer has been a dream job for me because it lets me stay immersed in Cisco technologies all the time. Of course I need, and want, to keep learning. I’m always in pursuit of some new certification. Just last year I earned my second CCIE, in Voice. My first CCIE, in Route/Switch, came way back in 2001.

In addition to teaching live online Cisco courses (mainly focused on voice technologies), I also write books and make videos for Cisco Press and have been for about the last ten years.

So, to answer your question about my daily routine: it’s a juggling act of course delivery and course development projects for Skillsoft and whatever book or video title I’m working on for Cisco Press.

Q2. We would like to hear your personal opinion on Firewall.cx’s technical articles covering Cisco technologies, VPN Security and CallManager Technologies. Would you recommend Firewall.cx to Cisco engineers and certification candidates around the world?

Firewall.cx has an amazing collection of free content. Much of the reference material is among the best I’ve ever seen. As just one example, the Protocol Map Cheat Sheet in the Downloads area is jaw-dropping. So, I would unhesitatingly recommend Firewall.cx to other Cisco professionals.

Q3. As a Cisco CCIE (Voice) and Certified Cisco Systems Instructor (CCSI) with more than 14 years experience, what preparation techniques do you usually recommend to students/engineers who are studying for Cisco certifications?

For me, it all starts with goal setting. What are you trying to achieve and why? If you don’t have a burning desire to achieve a particular certification, it’s too easy to run out of gas along your way.

You should also have a clear plan for how you intend to achieve your goal. “Mind mapping” is a tool that I find really useful for creating a plan. It might, for example, start with a goal to earn your CCNA. That main goal could then be broken down into subgoals such as purchasing a CCNA book from Cisco Press, building a home lab, joining an online study group, etc. Each of those subgoals could then be broken down even further.

Also, since I work for a Cisco Learning Partner (CLP), I’m convinced that attending a live training event is incredibly valuable in certification preparation. However, if a candidate’s budget doesn’t permit that I recommend using Cisco Press books and resources on Cisco’s website to self-study. You’ve also got to “get your hands dirty” working on the gear. So, I’m a big fan of constructing a home lab.

When I was preparing for each of my CCIE certifications, I dipped into the family emergency fund in order to purchase the gear I needed to practice on. I was then able to sell the equipment, nearly at the original purchase price, when I finished my CCIE study.

But rather than me rattling on about you should do this and that, let me recommend a super inexpensive book to your readers. It’s a book I wrote on being a success in your Cisco career. It’s called, “Your Route to Cisco Career Success,” and it’s available as a Kindle download (for $2.99) from Amazon.com.

If anyone reading this doesn’t have a Kindle reader or app, the book is also available as a free .PDF from the Products page of my website, 1ExamAMonth.com/products.

Q4. In today’s fast paced technological era, which Cisco certifications do you believe can provide a candidate with the best job opportunities?

I often recommend that certification candidates do a search on a job website, such as dice.com or monster.com, for various Cisco certs to see what certifications are in demand in their geographical area.

However, since Cisco offers certifications in so many different areas, certification candidates can pick an area of focus that’s interesting to them. So, I wouldn’t want someone to pursue a certification path just because they thought there might be more job opportunities in that track if they didn’t have an interest and curiosity about that field.

Before picking a specific specialization, I do recommend that everyone demonstrate that they know routing and switching. So, my advice is to first get your CCNA in Routing and Switching and then get your CCNP. At that point, decide if you want to specialize in a specific technology area such as security or voice, or if you want to go even deeper in the Routing and Switching arena and get your CCIE R/S.

Q5. There is a steady rise on Cisco Voice certifications and especially the CCVP certification. What resources would you recommend to readers who are pursuing their CCVP certification that will help them prepare for their exams?

Interestingly, Cisco has changed the name of the CCVP certification to the CCNP Voice certification, and it’s made up of five exams: CVOICE, CIPT1, CIPT2, TVOICE and CAPPS. Since I teach all of these classes live and online, I think that’s the best preparation strategy. However, it is possible to self-study for those exams. Cisco Press offers comprehensive study guides for the CVOICE, CIPT1 and CIPT2 exams. However, you’ll need to rely on the exam blueprints for the TVOICE and CAPPS exams, where you take each blueprint topic and find a resource (maybe a book, maybe a video, or maybe a document on Cisco’s website) to help you learn that topic.

For hands-on experience, having a home lab is great. However, you could rent rack time from one of the CCIE Voice training providers or purchase a product like my CCNP Voice Video Lab Bundle, which includes over 70 videos of lab walkthroughs for $117.

Q6. What is your opinion on Video based certification training as opposed to text books – Self Study Guides?

Personally I use, and create, both types of study materials. Books are great for getting deep into the theory and for being a real-world reference. However, for me, there’s nothing like seeing something actually configured from start to finish and observe the results. When I was preparing for my CCIE Voice lab I would read about a configuration, but many times I didn’t fully understand it until I saw it performed in a training video.

So, to answer your question: instead of recommending one or the other, I recommend both.

We thank Kevin Wallace for his time and interview with Firewall.cx.

Interview: Vivek Tiwari CCIEx2 #18616 (CCIE Routing and Switching and Service Provider)

2013-03-17T04:46:04+11:00

Vivek Tiwari holds a Bachelor’s degree in Physics, MBA and many certifications from multiple vendors including Cisco’s CCIE. With a double CCIE on R&S and SP track under his belt he mentors and coaches other engineers.

Vivek has been working in the Inter-networking industry for more than fifteen years, consulting for many Fortune 100 organizations. These include service providers, as well as multinational conglomerate corporations and the public sector. His five plus years of service with Cisco’s Advanced Services has gained him the respect and admiration of colleagues and customers alike.

His experience includes, but is not limited to, network architecture, training, operations, management and customer relations, which made him a sought after coach and mentor, as well as a recognized leader.

He is also the author of the following titles:

“Your CCIE Lab Success Strategy the non-Technical guidebook”

“Stratégie pour réussir votre Laboratoire de CCIE”

“Your CCNA Success Strategy Learning by Immersing – Sink or Swim”

“Your CCNA Success Strategy the non-technical guidebook for Routing and Switching”

Q1. Hello Vivek and thanks for accepting Firewall.cx’s invitation for this interview. Can you let us know a bit more about your double CCIE area of expertise and how difficult the journey to achieve it was?

I have my CCIE in Routing and Switching and Service Provider technologies. The first CCIE journey was absolutely difficult. I was extremely disappointed when I failed my lab the first time. This is the only exam in my life that I had not passed the first time. However, that failure made me realize that CCIE is difficult but within my reach. I realized the mistakes I was making, persevered and eventually passed Routing and Switching CCIE in about a year’s time.

After the first CCIE I promised myself never to go through this again but my co-author Dean Bahizad convinced me to try a second CCIE and surprisingly it was much easier this time and I passed my Service Provider lab in less than a year’s time.

We have chronicled our story and documented the huge number of lessons learned in our book Your CCIE Lab Success Strategy the non-technical guidebook. This book has been reviewed by your website and I am proud to state has been helping engineers all over the globe.

Q2. As a globally recognised and respected Cisco professional, what do you believe is the true value of Firewall.cx toward its readers?

Firewall.cx is a gem for its readers globally. Any article that I have read to date on Firewall.cx is well thought of and has great detailed information. The accompanying diagrams are fantastic. The articles get your attention and are well written because I have always read the full article and have never left it halfway.

The reviews for books are also very objective and give you a feel for it. Overall this is a great service to the network engineer community.

Thanks for making this happen.

Q3. Could you describe your daily routine as a Cisco double CCIE?

My daily routine as a CCIE depends on the consulting role that I am playing at that time. I will describe a few of them:

Operations: being in operations you will always be on the lookout for what outages happened in the last 24 hours or in the last week. Find the detailed root cause for it and suggest improvements. These could range from a change in design of the network to putting in new processes or more training at the appropriate levels.

Architecture: As an architect you are always looking into the future and trying to interpret the current and future requirements of your customer. Then you have to extrapolate these to make the network future proof for at least 5 to 7 years. Once that is done then you have to start working with network performance expected within the budget and see what part of the network needs enhancement and what needs to be cut.

This involves lots of meetings and whiteboard sessions.

Mix of the Above: After the network is designed you have to be involved at a pilot site where you make your design work with selected operations engineers to implement the new network. This ensures knowledge transfer and also proves that the design that looked good on the board is also working as promised.

All of the above does need documentation so working with Visio, writing white papers, implementation procedures and training documents are also a part of the job. Many engineers don’t like this but it is essential.

Q4. There are thousands of engineers out there working on their CCNA, CCNP and CCVP certifications. Which certification do you believe presents the biggest challenge to its candidates?

All certifications have their own challenges. This challenge varies from one individual to another. However, in my mind CCNA is extremely challenging if it is done the proper way. I say this because most of the candidates doing CCNA are new to networking and they have not only to learn new concepts of IP addressing and routing but also have to learn the language of typing all those commands and making it work on a Cisco Device.

The multitude of learning makes it very challenging. Candidates are often stuck in a maze running from one website to another or studying one book and then another without any real results. That is the reason we have provided a GPS for CCNA, our book “Your CCNA exam Success Strategy the non-technical guidebook”

I also want to point out that whenever we interview CCNA engineers many have the certificate but it seems they have not spent the time to learn and understand the technologies.

What they don’t understand is that if I am going to depend on them to run my network which has cost my company millions of dollars I would want a person with knowledge not just a certificate.

Q5. What resources do you recommend for CCNA, CCNP, CCVP and CCIE candidates, apart from the well-known self-study books?

Apart from all the books the other resources to have for sure are

A good lab. It could be made of real network gear or a simulator, but you should be able to run scenarios on it.
Hands on practice in labs.
Be curious while doing labs and try different options (only on the lab network please)
A positive attitude to learning and continuous improvement.
a) Write down every week what you have done to improve your skills
b) Don’t be afraid to ask questions.
Lastly and most important have a mentor. Follow the guidelines in our book about choosing a mentor and how to take full advantage of a mentor. Remember a mentor is not there to spoon feed you: a mentor is there to make sure you are moving in the right direction and in case you are stuck to show you a way out (not to push you out of it). A mentor is a guide not a chauffeur.

Q6. When looking at the work of other Cisco engineers, e.g network designs, configurations-setup etc, what do you usually search for when trying to identify a knowledgeable and experienced Cisco engineer?

I usually do not look at a design and try to find a flaw in it. I do make a note of design discrepancies that come to my mind. I say that from experience because what you see as a flaw might be a design requirement. For example, I have seen that some companies send all the traffic coming inside from the firewall across the data center to a dedicated server farm where it is analysed and then sent across to the different parts of the company. It is very inefficient and adds delay but it is by design.

I have seen many differences in QOS policies even between different groups within the organizations.

If a network design satisfies the legal, statutory and organization requirements then it is the best design.

Q7. What advice would you give to our readers who are eager to become No.1 in their professional community? Is studying and obtaining certifications enough or is there more to it?

Studying is important but more important is to understand it and experience it. Obtaining certifications has become necessary now because that is one of the first ways that a candidate can prove to their prospective employer that they have learnt the technologies. If an employer is going to let you work on his network that will cost him thousands of dollars per minute of downtime (think eBay, amazon, PayPal, a car assembly line) or could even cost lives of people (think of a hospital network, or the emergency call network like the 911 in US, or the OnStar network in US) then they’d better be careful in hiring. I am sure you agree. Certification is what gets you in the door for an interview only but it is:

Your knowledge and understanding
Your experience
Your attitude towards your work
How well you work in teams
Which work related areas are of interest to you (Security, Voice, Wireless etc.) that gets you the job and makes you move ahead in your career.

The best way to move ahead and be No. 1 in your career is to do what you are passionate about. If you are pursuing your passion then it is not work anymore and you enjoy doing it and will excel beyond limits.

Another thing I would want to tell the readers is don’t chase money. Chase excellence in whatever you are doing and money will be the positive side effect of your excellence.

The New GFI EventsManager 2013 - Active Network and Server Monitoring

2013-01-23T06:21:56+11:00

On the 21st of January 2013, GFI announced its new version of its popular GFI EventsManager, now named, GFI EventsManager 2013.

For those who are unaware of the product, GFI EventsManager is one of the most popular software solutions that allows a network administrator, engineer or IT manager to actively monitor a whole IT infrastructure from a single intuitive interface.

Even though GFI EventsManager has been in continuous development, this time GFI has surprised us once again by introducing highly anticipated features that make this product a one-of-a-kind winner.

Below is a list of some of the new features included in GFI EventsManager 2013 that make this product a must for any company:

Active network and server monitoring based on monitoring checks is now available and can function in conjunction with the log based monitoring system in order to provide a complete and thorough view of the status of your environment.
The unique combination of active network and server monitoring through log-based network and server monitoring provides you not only with incident identification but also with a complete set of logs from the assets that failed, making problem investigation and solving much easier.
Enhanced console security system helps complying with 'best practices' recommendations that imply access to data on a “need-to-know” basis. Starting with this version, each GFI EventsManager user can be assigned a subset of computers that he/she manages and the console will only allow usage of the data coming from those configured computers while the user is logged in.
New schema for parsing XML files, available by default, that enables monitoring of XML–based logs and configuration files.
New schema for parsing DHCP text logs that enables monitoring of DHCP IP assignment.
More flexibility for storing events: the new database system has been updated to include physical deletion of events for easier maintenance and collection to remote databases.
Hashing of log data for protection against attempts at tampering with the logs coming from outside the product, enables enhanced log consolidation and security.
New reports for J Sox and NERC CIP compliance.

Interview: Akhil Behl CCIEx2 #19564 (Voice & Security)

2012-11-12T16:00:00+11:00

It's not everyday you get the chance to interview a CCIE, and especially a double CCIE! Today, Firewall.cx interviews Akhil Behl, a Double CCIE (Voice & Security) #19564 and author of the popular Cisco Press title ‘Securing Cisco IP Telephony Networks'.

Akhil Behl's Biography

Akhil Behl is a Senior Network Consultant with Cisco Advanced Services, focusing on Cisco Collaboration and Security architectures. He leads Collaboration and Security projects worldwide for Cisco Services and the Collaborative Professional Services (CPS) portfolio for the commercial segment. Prior to his current role, he spent 10 years working in various roles at Linksys, Cisco TAC, and Cisco AS. He holds CCIE (Voice and Security), PMP, ITIL, VMware VCP, and MCP certifications.

He has several research papers published to his credit in international journals including IEEE Xplore.

He is a prolific speaker and has contributed at prominent industry forums such as Interop, Enterprise Connect, Cloud Connect, Cloud Summit, Cisco SecCon, IT Expo, and Cisco Networkers.

Be sure to not to miss our on our review of Akhil's popular Securing Cisco IP Telephony Networks and outstanding article on Secure CallManager Express Communications - Encrypted VoIP Sessions with SRTP and TLS.

Readers can find outstanding Voice Related Technical Articles in our Cisco VoIP/CCME & CallManager Section.

Interview Questions

Q1. What are the benefits of a pure VoIP against a hybrid system?

Pure VoIP solutions are a recent addition to the overall VoIP portfolio. SIP trunks by service providers are helping covert PSTN world reachable by IP instead of TDM. A pure VoIP system has a number of advantages over a hybrid VoIP system for example:

All media and signaling is purely IP based and no digital or TDM circuits come into picture. This in turn implies better interoperability of various components within and outside the ecosystem.
Configuration, troubleshooting, and monitoring of a pure VoIP solution is much more lucid as compared to a hybrid system.
The security construct of a pure VoIP system is something which the provider and consumer can mutually agree upon and deploy. In other words, the enterprise security policies can now go beyond the usual frontiers up to the provider’s soft-switch/SBC.

Q2. What are the key benefits/advantages and disadvantages of using Cisco VoIP Telephony System, coupled with its security features?

Cisco’s IP Telephony / Unified Communications systems present a world class VoIP solution to consumers from small to medium to large enterprises and SMB’s as well as various business verticals such as education, finance, banking, energy sector, and government agencies. When the discussion is around security aspect of Cisco IP Telephony / UC solution, the advantages outweigh the disadvantages because of a multitude of factors:

Cisco IP Telephony endpoints, and underlying network gear is capable of providing robust security by means of built in security features
Cisco IP Telephony portfolio leverages industry standard cryptography and is compatible with any product based on RFC standards
Cisco engineering leaves no stone unturned to ensure that the IP Telephony products and applications deliver feature rich consumer experience; while maintaining a formidable security posture
Cisco Advanced Services helps consumers design, deploy, operate, and maintain a secure, stable, and robust Cisco IP Telephony network
Cisco IP Telephony and network applications / devices / servers can be configured on-demand to enable security to restrain a range of threats

Q3. As an author, please comment on the statement that your book can be used both as a reference and as a guide for security of Cisco IP Telephony implementation.

Over the past 10 years, I have seen people struggling with lack of a complete text which can act as a reference, a guide, and a companion to help resolve UC security queries pertinent to design, deployment, operation, and maintenance of a Cisco UC network. I felt there was a lack of a complete literature which could help one through various stages of Cisco UC solution development and build i.e. Plan, Prepare, Design, Implement, Operate, and Optimize (PPDIOO) and thought of putting together all my experience and knowledge in form of a book where the two realms i.e. Unified Communications and Security converge. More often than not, people from one realm are not acquainted with intricacies of the other. This book serves to fill in the otherwise prominent void between the UC and Security realms and acts as a guide and a reference text for professionals, engineers, managers, stakeholders, and executives.

Q4. What are today’s biggest security threats when dealing with Cisco Unified Communication installations?

While there are a host of threats out there which lurk around your Cisco UC solution, the most prominent ones are as follows:

Toll-Fraud
Eavesdropping
Session/Call hijacking
Impersonation or identity-theft
DOS and DDOS attacks
Poor or absent security guidelines or policy
Lack of training or education at user level on their responsibility towards corporate assets such as UC services

As you can see, not every threat is a technical threat and there’re threats pertinent to human as well as organizational factors. More often than not, the focus is only on technical threats while, organizations and decision makers should pay attention to other (non-technical) factors as well without which a well-rounded security construct is difficult to achieve.

Q5. When implementing SIP Trunks on CUCM/CUBE or CUCME, what steps should be taken to ensure Toll-Fraud is prevented?

An interesting question since, toll-fraud is a chronic issue. With advent of SIP trunks for PSTN access, the threat surface has evolved and a host of new threats comes into picture. While most of these threats can be mitigated at call-control and Session Border Controller (CUBE) level, an improper configuration of call restriction and privilege as well as a poorly implemented security construct can eventually lead to a toll-fraud. To prevent toll-fraud on SIP trunks following suggestions can be helpful:

Ensure that users are assigned the right calling search space (CSS) and partitions (in case of CUCM) or Class of Restriction (COR in case of CUCME) at line/device level to have a granular control of who can dial what
Implement after-hour restrictions on CUCM and CUCME
Disable PSTN or out-dial from Cisco Unity, Unity Connection, and CUE or at least restrict it to a desirable local/national destination(s) as per organization’s policies
Implement strong pin/password policies to ensure user accounts cannot be compromised by brute force or dictionary based attacks
For softphones such as Cisco IP Communicator try and use extension mobility which gives an additional layer of security by enabling user to dial international numbers only when logged in to the right profile with right credentials
Disable PSTN to PSTN tromboning of calls is not required or as per organizational policies
Where possible enable secure SIP trunks and SIP authorization for trunk registration with provider
Implement COR where possible at SRST gateways to discourage toll-fraud during an SRST event
Monitor usage of the enterprise UC solution by call billing and reporting software (e.g. CAR) on an ongoing basis to detect any specific patterns or any abnormal usage

Q6. A common implementation of Cisco IP Telephony is to install the VoIP Telephony network on a separate VLAN – the Voice VLAN, which has restricted access through access lists applied on a central layer-3 switch. Is this common practice adequate to provide basic-level of security?

Well, I wouldn’t just filter the traffic at Layer 3 with access-lists or just do VLAN segregation at layer 2 but also enable security features such as:

Port security
DHCP snooping
Dynamic ARP Inspection (DAI)
802.1x
Trusted Relay Point (TRP)
Firewall zoning

and so on, throughout the network to ensure that legitimate endpoints in voice VLAN (whether hard phones or softphones) can get access to enterprise network and resources. While most of the aforementioned features can be enabled without any additional cost, it’s important to understand the impact of enabling these features in a production network as well as to ensure that they are in-line with the corporate/IP Telephony security policy of the enterprise.

Q7. If you were asked to examine a customer’s VoIP network for security issues, what would be the order in which you would perform your security checks? Assume Cisco Unified Communications Manager Express with IP Telephones (wired & wireless), running on Cisco Catalyst switches with multiple VLANs (data, voice, guest network etc) and Cisco Aironet access points with a WLC controller. Firewall and routers exist, with remote VPN teleworkers

My first step towards assessing the security of the customer’s voice network will be to ask them for any recent or noted security incidents as it will help me understand where and how the incident could have happened and what are the key security breach or threats I should be looking at apart from the overall assessment.

I would then start at the customer’s security policy which can be a corporate security policy or an IP Telephony specific security policy to understand how they position security of enterprise/SMB communications in-line with their business processes. This is extremely important as, without proper information on what their business processes are and how security aligns with them I cannot advise them to implement the right security controls at the right places in the network. This also ensures that the customer’s business as usual is not interrupted when security is applied to the call-control, endpoints, switching infrastructure, wireless infrastructure, routing infrastructure, at firewall level, and for telecommuters.

Once I have enough information about the customer’s network and security policy, I will start at inspection of configuration of access switches, moving down to distribution, to core to data center access. I will look at the WLC and WAP configurations next followed by IOS router and firewall configuration.

Once done at network level, I will continue the data collection and analysis at CUCME end. This will be followed by an analysis of the endpoints (wired and wireless) as well as softphones for telecommuters.

At this point, I should have enough information to conduct a security assessment and provide a report/feedback to the customer and engage with the customer in a discussion about the opportunities for improvement in their security posture and construct to defend against the threats and security risks pertinent to their line of business.

Q8. At Firewall.cx, we are eagerly looking forward to our liaison with you, as a CCIE and as an expert on Cisco IP Telephony. To all our readers and members, what would be your message for all those who want to trace your footsteps towards a career in Cisco IP Telephony?

I started in IT industry almost a decade ago with Linksys support (a division of Cisco Systems). Then I worked with Cisco TAC for a couple of years in the security and AVVID teams, which gave me a real view and feel of things from both security and telephony domains. After Cisco TAC I joined the Cisco Advanced Services (AS) team where I was responsible for Cisco’s UC and security portfolio for customer facing projects. From thereon I managed a team of consultants. On the way I did CCNA, CCVP, CCSP, CCDP, and many other Cisco specialist certifications to enhance my knowledge and worked towards my first CCIE which was in Voice and my second CCIE which was in Security. I am a co-lead of Cisco AS UC Security Tiger Team and have been working on a ton of UC Security projects, consulting assignments, workshops, knowledge transfer sessions, and so on.

It’s almost two years ago when I decided to write a book on the very subject of my interest that is – UC/IP Telephony security. As I mentioned earlier in this interview, I felt there was a dire need of a title which could bridge the otherwise prominent gap between UC and Security domains.

My advice to anyone who wishes to make his/her career into Cisco IP Telephony domain is, ensure your basics are strong as the product may change and morph forms however, the basics will always remain the same. Always be honest with yourself and do what it takes to ensure that you complete your work/assignment – keeping in mind the balance between your professional and personal life. Lastly, do self-training or get training from Cisco/Partners on new products or services to ensure you are keeping up with the trends and changes in Cisco’s collaboration portfolio.

Software Review: Colasoft Capsa 7 Enterprise Network Analyzer

2012-10-02T06:09:39+10:00

Reviewer: Arani Mukherjee

Colasoft Capsa 7.2.1 Network Analyser was reviewed by Firewall.cx a bit more than a year ago. In a year Colasoft has managed to bring in the latest version of the Analyser software i.e. Version 7.6.1.

As a packet analyser, Colasoft Capsa Enterprise has already collected many accolades from many users and businesses, so I would refrain from turning this latest review into a comparison between the two versions. Since Colasoft has made the effort to give us a new version of a well established software, it’s only fair that I perform the review in light of the latest software. This only goes to prove that the new software is not just an upgraded version of the old one, but a heavy weight analyser in its own right.

As an effective packet analyser, the various functions performed are: detecting network issues; intrusion and misuse; isolating network problems; monitoring bandwidth; usage; data in motion; end point security and server as a day to day primary data source for network monitoring and management. Capsa is one of the most well known packet analysers available for use today and the reasons it occupies such an enviable position in the networking world are its simplicity in deployment, usage, and data representation. Let’s now put Capsa under the magnifying glass to have a better understanding of why it’s one of the best you can get.

Installing Colasoft Capsa Enterprise

I have mentioned before that I will not use this as an opportunity for comparison between the two versions. However, I must admit, Capsa has retained all the merits displayed in the older version. This is a welcome change as often I have witnessed newer versions of software suddenly abandoning certain features just after all the users have got used to it. So in light of that, the first thing notable is the ease of installation of the software. It was painless from the time you download the full version or the demo copy til you put in the license key information and activate it online. There are other ways of activating it but as a network manager why would someone install a packet analyser on a machine which does not have any network connection.

It takes 5-7 minutes to get the software up and running to a point where you can start collecting data about your network. It carries all the hallmarks of a seamless easy installation and deployment and for all of us, one less thing to worry about. Bearing in mind some of you might find an adhoc review of this software already done while Colasoft’s nChronos Server was being reviewed, I will try not to repeat myself.

Using Capsa Enterprise

You will be greeted with a non cluttered well designed front screen as displayed below.

The default view is the first tab called Dashboard. One you have selected which adapter you want to monitor, and you can have several sessions based on what you do, you hit the ‘Start’ button to start collecting data. The Dashboard then starts coming up with data as it is being gathered. The next screenshot shows what your dashboard will end up looking like:

Every tab on this software will display data based on what you want to see. In the Node Explorer on the left you can select either a full analysis or particular analysis based on either protocol, the physical nodes or IP nodes.

The Total Traffic Graph is a live progressing chart which can update its display as fast as 1 second, or as slow as up to 1 hour. If you don’t fancy the progressing line graph, you can ponder the bar chart at the bottom. For your benefit you can pause the live flow of the graph by right clicking and selecting ‘Pause Refresh’, as show below:

The toolbar at the top needs particular mention because of the features it provides. My favourite was obviously the Utilisation and PPS meters. I forced a download from an FTP site and captured how the needles reacted. Also note the traffic chart which captured bytes per second. The needle position updated every 1 second:

The Summary tab is there to provide the user with a full statistical analysis of the network traffic. The separated sections are self explanatory and do provide in-depth meta data.

The Diagnosis tab is of particular interest. It gives a full range view of what’s happening to the data in the network in terms of issues encountered:

The diagnosis is separated in terms of the actual layers, severity and event description. This I found to be very useful when defining the health of my network.

The Protocol tab gave me a ringside view of the protocols that were topping the list and what was responsible for what chunk of data flowing through the network. I deemed it useful when I wanted to find out who’s been downloading too much using FTP, or who has set up a simultaneous ping test of a node.

Physical and IP Endpoints tabs showed data conversations happening between the various nodes in my network. I actually used this feature to isolate two nodes which were responsible for a sizeable chunk of the network traffic within a LAN. A feature I’m sure network managers will find useful.

Physical, IP, TCP, and UDP Conversations is purely an expanded form of the info provided at the bottom of the previous two tabs.

My favourite tab was the Matrix. Not because of just the name but because of what it displayed. Every data transfer and its corresponding links were mapped based on IP nodes, Physical nodes. You also have the luxury of only seeing the top 100 in the above categories. Here’s a screenshot of my network in full bloom, the top 100 physical conversations:

The best display for me was when I selected Top 100 IPv4 Conversations and hovered the mouse over one particular conversation. Not only did Capsa tell me how many peers it was conversing with, it also showed me how many packets were received and sent:

Further on the Packet tab is quite self explanatory. It shows every packet spliced up into its various protocol and encapsulation based components. This is one bit that definitely makes me feel like a Crime Scene Investigator, a feeling I also had while reviewing nChronos. I also sensed that this also helps in terms of understanding how a packet is built, and transferred across a network. Here’s a screenshot of one such packet:

As shown above, the level of detail is exhaustive. I wish I’d had this tool when I was learning about packets and their structure. This would have made my learning experience a bit more pleasurable.

All of this is just under the Analysis section. Under the Tools section, you will find very useful applications like the Ping and the MAC Scanner. For me, the MAC Scanner was very useful as I could take a snapshot of all MAC addresses and then be able to compare any changes at a later date. This is useful if there is a change in any address and you are not aware of it. It could be anything from a network card change to a new node being added without you knowing.

I was pleasantly surprised about the level of flexibility of this software when it came to how you wish to see the data. There is the option to have your own charts, add filters against protocols to ignore data that is not important, create alarm conditions which will notify if a threshold is broken or met. A key feature for me was to be able to store packet data and then play it later on using the Packet Player, another nice tool in the Tools section. This historical lookup facility is essential for any comparison that needs be performed after a network issue has been dealt with.

Summary

I have worked with several packet or network analysers and I have to admit Capsa Enterprise captures data and displays it in the best way I have seen. My previous experiences were marred by features that were absent and features that didn’t work or deliver the expected outcome. Colasoft has done a brilliant job of delivering Capsa which meets all my expectations. This software is not only helpful for the network managers but also for students of computer networking. I definitely would have benefitted from Capsa had I known about it back then, but I have now. This tool puts network managers more in control of their networks and gives them that much needed edge for data interpretation. I would tag it with a ‘Highly Recommended’ logo.

Cloud-based Network Monitoring: The New Paradigm - GFI Free eBook

2012-09-11T07:00:00+10:00

GFI has once again managed to make a difference: They recently published a free eBook named "Cloud-based network monitoring: The new paradigm" as part of their GFI Cloud offerings.

IT managers face numerous challenges when deploying and managing applications across their network infrastructure. Cloud computing and cloud-based services are the way forward.

This 28 page eBook covers a number of important key-topics which include:

Traditional Network Management
Cloud-based Network Monitoring: The new Paradigm
Big Challenges for Small Businesses
A Stronger Defense
How to Plan Ahead
Overcoming SMB Pain Points
The Best Toold for SMB's
...and much more!

This eBook is no longer offered by the vendor. Please visit our Security Article section to gain access to similar articles.

GFI Network Server Monitor Online Review - Road Test

2012-08-31T07:00:00+10:00

Reviewer: Alan Drury

There’s a lot of talk about ‘the cloud’ these days, so we were intrigued when we were asked to review GFI’s new Cloud offering. Cloud-based solutions have the potential to revolutionise the way we work and make our lives easier, but can reality live up to the hype? Is the future as cloudy as the pundits say? Read on and find out.

What is GFI Cloud?

GFI Cloud is a new service from GFI that provides anti-virus (VIPRE) and workstation/server condition monitoring (Network Server Monitor Online) via the internet. Basically you sign up for GFI Cloud, buy licenses for the services you want and then deploy them to your internet-connected machines no matter where they are. Once that’s done, as long as you have a PC with a web browser you can monitor and control them from anywhere.

In this review we looked at GFI Network Server Monitor Online, but obviously to do that we had to sign up for GFI Cloud first.

Installation of GFI Network Server Monitor Online

Installation is quick and easy; so easy in fact that there’s no good reason for not giving this product a try. The whole installation, from signing up for our free 30-day trial to monitoring our first PC, took barely ten minutes.

To get started, simply follow the link from the GFI Cloud product page and fill in your details:

Next choose the service you’re interested in. We chose Network Server Monitor Online:

Then, after accepting the license agreement, you download and run the installer and that’s pretty much it:

Your selected GFI Cloud products are then automatically monitoring your first machine – how cool is that?

Below is a screenshot of the GFI Cloud desktop. The buttons down the left-hand side and the menu bar across the top let you view the output from either Server Monitor or VIPRE antivirus or, as shown here, you can have a status overview of your whole estate.

We’ve only got one machine set up here but we did add more, and a really useful touch is that machines with problems always float to the top so you need never be afraid of missing something. There’s a handy Filters box through which you can narrow down your view if required. You can add more machines and vary the services running on them, but we’ll come to that later. First let’s have a closer look at Network Server Monitor Online.

How Does It Work?

Network Server Monitor Online uses the GFI Cloud agent installed on each machine to run a series of health checks and report the results. The checks are automatically selected based on the type of machine and its OS. Here’s just a sample of those it applied to our tired XP laptop:

As well as the basics like free space on each of the volumes there’s a set of comprehensive checks to make sure the essential Windows services are running, checks for nasties being reported in the event logs and even a watch on the SMART status of the hard disk.

If these aren’t enough you can add your own similar checks and, usefully, a backup check:

This really is nice – the product supports lots of mainstream backup suites and will integrate with the software to check for successful completion of whatever backup regime you’ve set up. If you’re monitoring a server then that onerous daily backup check is instantly a thing of the past.

As well as reporting into the GFI Cloud desktop each check can email you or, if you add your number to your cloud profile, send you an SMS text alert. So now you can relax on your sun lounger and sip your beer safe in the knowledge that if your phone’s quiet then all is well back at the office.

Adding More Machines To GFI Network Server Monitor Online

Adding more machines is a two-step process. First you need to download the agent installer and run it on the machine in question. There’s no need to login - it knows who you are so you can do a silent push installation and everything will be fine. GFI Cloud can also create a group policy installer for installation on multiple workstations and servers. On our XP machine the agent only took 11k of RAM and there was no noticeable performance impact on any of the machines we tested.

Once the agent’s running the second step is to select the cloud service(s) you want to apply:

When you sign up for GFI cloud you purchase a pool of licenses and applying one to a machine is as simple as ticking a box and almost as quick – our chosen product was up and running on the target machine in less than a minute.

This approach gives you amazing flexibility. You can add services to and remove them from your machines whenever you like, making sure that every one of your purchased licenses is working for you. It’s also scalable – you choose how many licenses to buy so you can start small and add more as you grow. Taking the license off a machine doesn’t remove it from GFI Cloud (it just stops the service) so you can easily put it back again, and if a machine is ever lost or scrapped you can retrieve its licenses and use them somewhere else. Quite simply, you’re in control.

Other Features

Officially this review is about Network Server Monitor Online, but by adding a machine into GFI Cloud you also get a comprehensive hardware and software audit. This is quite useful in itself but when coupled with Network Server Monitor Online it tells you almost everything you need to know:

On top of this you can reboot machines remotely and see at a glance which machines have been shut down or, more ominously, are supposed to be up but aren’t talking to the cloud.

The whole thing is very easy to use but should you need it the documentation is excellent and you can even download a free e-book to help you on your way.

In Conclusion

What GFI has done here is simply brilliant. For a price that even the smallest organisation can afford you get the kind of monitoring, auditing and alerting that you know you need but think you don’t have the budget for. Because it’s cloud-based it’s also a godsend for those with numerous locations or lots of home-workers and road warriors. The low up-front cost and the flexible, scalable, pay-as-you-go licensing should please even the most hard-bitten financial director. And because it’s so easy to use it can sit there working for you in the background while you get on with other things.

Could it be improved? Yes, but even as it stands this is a solid product that brings reliable and useful monitoring, auditing and alerting within the reach of those who can’t justify the expense of dedicated servers and costly software. GFI is on a winner here, and for that reason we’re giving GFI Cloud and GFI Network Server Monitor Online the coveted Firewall.cx ten-out-of-ten award.

Colasoft: nChronos v3 Server and Console Review

2012-08-29T01:30:00+10:00

Reviewer: Arani Mukherjee

nChronos, a product of Colasoft, is one of the cutting edge packet/network analysers that the market has to offer today. What we have been promised by Colosoft through their creation is an end to end, round the clock packet analysis, coupled with historical network analysis. nChronos provides an enterprise network management platform which enables users to troubleshoot, diagnose and address network security and performance issues. It also allows retrospective network analysis and, as stated by Colasoft, will “provide forensic analysis and mitigate security risks”. Predictably it is a must have for anyone involved with network management and security.

Packet analysis has been in the forefront for a while, for the purposes of network analysis; detection of network intrusion; detect misuse; isolate exploited systems; monitor network usage; bandwidth usage; endpoint security status; verify adds, moves and changes and various other such needs. There are quite a few players in this field and, for me, it does boil down to some key unique selling points. I will lay out the assessment using criteria like ease of installation, ease of use, unique selling points and, based on all of the aforementioned, how it stacks up against competition.

Ease of Installation - nChronos Installation

The installation instructions for both nChronos Server and console are straightforward. You install the server first, followed by the console. Setting up the server was easy enough. The only snag that I encountered was when I tried to log onto the server for the first time. The shortcut created by default runs the web interface using the default web browser. However, it calls ‘localhost’ as the primary link for the server. That would bring up the default web page of the physical server on which nChronos server was installed. I was a bit confused when the home page of my web server came up instead of what I was expecting. But one look into the online help files and the reference on this topic said to try ‘localhost:81’ as an option and, if that doesn’t work, try ‘localhost:82’. The first option worked straight away, so I promptly changed the shortcut of nChronos server to point to ‘localhost:81’. Voilà, all was good. Rest of the configuration was extremely smooth, and the run of events followed exactly what was said in the instruction manual. For some reason at the end of the process the nChronos server is meant to restart. If by any chance you receive an error message in the lines of the server not being able to restart, it’s possibly a glitch. The server restarted just fine, as I found out later. I went ahead to try the various installation scenarios mentioned and all of them worked just as fine.

Once the server was up and running, I proceeded to install the nChronos Console, which was also straightforward. It worked the first time, every time. With the least effort I was able to link up the console with the server and start checking out the console features. And yes, don’t forget to turn the monitoring on for the network interfaces you need to manage. You can do that either from the server or from the console itself. So all in all, the installation process passed with some high grades.

Ease Of Use

Just before starting to use the software I was getting a bit apprehensive about what I needed to include in this section. First I thought I would go through the explanation of how the software works and elaborate on the technologies used to render the functionalities provided. But then it occurred to me that it would be redundant for me to expand on all of that because this is specialist software. The users of this type of software are already aware of what happens in the background and are well versed with the technicalities of the features. I decided to concentrate on how effectively this software helps me perform the role of network management, packet tracing and attending to issues related to network security.

The layout of the nChronos Server is very simple and I totally agree with Colasoft’s approach of a no nonsense interface. You could have bells and whistles added but they would only enhance the cosmetic aspect of the software, adding little or nothing to its function.

The screenshot above gives you an idea of what the Server Administration page looks like, which is the first page that would open up once the user has logged in. This is the System Information page. On the left pane you will find several other pages to look at i.e. Basic Settings which displays default port info and HDD info of the host machine, User Account (name says it all), and Audit Log (which will basically show the audit trail of user activity.)

The interesting page to look at is Network Link. This is where the actual interfaces to be monitored are added. The screenshot below shows this page:

Obviously for the purpose of this review the only NIC registered on the server was the NIC of my own machine. This is the page from where you can start monitoring of the various network interfaces all over your network. Packet data for any NIC would not be captured if you haven’t clicked on the ‘Start’ button for the specific NIC. So don’t go about blaming the car not starting up when you haven’t even turned the ignition key!!!

All in all, it’s simple and it’s effective as it gives you less chances of making any errors.

Now that the server is all up and running we use the nChronos Console to peer into the data that it is capturing:

The above screenshot shows the console interface. For the sake of simplicity I have labelled three separate zones, 1, 2, and 3. When the user logs in the for first time, he/she has to select the interface that needs to be looked at from zone 2 and click on the ‘Open’ button. That then shows all the details about that interface in Zones 1 and 3. Notice in Zone 1 there is a strip of buttons, one of which is the auto–scroll feature. I loved this feature as it helps you the see traffic as it passes through. To see a more detailed data analysis you simply click drag and release the mouse button to select a time frame. This unleashes a spectrum of relevant information in Zone 3. Each and every tab displays the packets captured through a category window, e.g. The application tab will show the types of application protocols have been used in that time frame i.e. HTTP, POP, etc.

One of the best features I found was the ability to parse each line of data under any tab by just double clicking on it. So if I double clicked the link on the application tab that says HTTP, it would drill down to IP Address. I can keep on drilling down and it would traverse from HTTP → IP Address → IP Conversation → TCP Conversation. I can jump to any specific drill down state by right clicking on the application protocol itself and making a choice on the right click menu. This is a very useful feature. For the more curious, the little spikes in traffic in zone 1 was my mail application checking for new mail every 5 seconds.

The magic happens when you right click on any line of data and select ‘Analyse Packet’. This invokes the nChronos Analyzer:

The above screenshot shows what the Analyzer looks like by default. This was by far my favourite tool. The way the information about the packets was shown was just beyond belief. This is one example where Colasoft has shown one of its many strengths, where it can combine flamboyance with function. The list of tabs on the top will give you an idea of how many ways the Analyzer can show you the data you want to see. Some of my favourites were the following: Protocol

This is a screenshot of the Protocol Tab. I was impressed with seeing the number of column headers that were being used to show detailed information about the packets. The tree-like expanded way of showing protocols under particular data units, based on the layers involved, was useful.

Another one of my favourite tabs was the Matrix:

The utility of this tab is to show the top 100 end to end conversions which can be IP conversions, physical conversions etc. If you double click any of those lines denoting a conversion it opens up an actual data exchange between the nodes. This is very important for a network manager if there is a need to decipher what exact communication was ensuing between to nodes, be it physical or IP, for a given point of time. It can be helpful in terms of checking network abuse, intrusions etc.

This brings me to my most favourite tab of all, the Packet tab. This tab will show you end to end data being exchanged between any two interfaces and show you exactly what data was being exchanged. I know most packet analyzers primary function is to be able to do that but I like Colasoft’s treatment of this functionality:

I took the liberty of breaking up the screen into three zones to show how easy it was to delve into any packet. In zone 1, you would select exactly which interchange of data between any concerned nodes you want to splice. Once you have done that, zone 2 starts showing the packet structure in terms of the difference network protocols i.e. Data link layer, Network Layer, Transport Layer, Application Layer etc. Then zone 3 shows you the actual data that was encapsulated inside that specific packet. This is by far the most lucid and practical approach I have seen by any packet analyzer software when showing encapsulated data within packets. I kid you not, I have seen many packet analyzers and Colasoft trumps the lot.

Summary

Colasoft’s unique selling points will always remain simplicity, careful positioning of features to facilitate easy access for users, presentation of data in a non–messy way for maximum usage and, specially for me, making me feel like a Crime Scene Investigator of networks, like you might see on CSI–Las Vegas (apologies to anyone who is hasn’t seen the CSI series).

Network security has become of paramount importance to us in our daily lives as more and more civil, military and scientific work and facilities are becoming dependant on networks. For a network administrator it is not only important to resume normalcy of network operations as soon as possible but also to go back and investigate successfully why an event, capable of crippling a network, might have happened in the first place. This is also applicable in terms of preventing such a disruptive event.

Colasoft’s nChronos Server and Console coupled with Analyzer is an assorted bundle of efficient software which helps to perform all the function required to preserve network integrity and security. It is easy to setup and maintain, requires minimum intervention when it’s working and delivers vast amounts of important information in the easiest manner possible. This software bundle is a must-have for any organisation which, for all the right reasons, values its network infrastructure highly, and wants to preserve its integrity and security.

GFI WebMonitor 2012 Internet Web Proxy Review

2012-07-06T04:37:38+10:00

Review by Alan Drury and John Watters

The Internet connection is vital for many Small to Medium or Large-sized enterprises, but it can also be one of the biggest headaches. How can you know who is doing what? How can you enforce a usage policy? And how can you protect your organisation against internet-borne threats? Larger companies tend to have sophisticated firewalls and border protection devices, but how do you protect yourself when your budget won’t run to such hardware? This is precisely the niche GFI has addressed with GFI WebMonitor.

How Does GFI WebMonitor 2012 Work?

Before we get into the review proper it’s worth taking a few moments to understand how it works. GFI WebMonitor installs onto one of your servers and sets itself up there as an internet proxy. You then point all your browsers to the internet via that proxy and voilà – instant monitoring and control.

The server you choose doesn’t have to be internet-facing or even dual-homed (although it can be), but it does obviously need to be big enough and stable enough to become the choke point for all your internet access. Other than that, as long as it can run the product on one of the supported Microsoft Windows Server versions, you’re good to go.

We tested it in a average company that had an adequate amount of PCs, laptops and mobile clients (phones), running on a basic ADSL internet connection and a dual-core Windows 2003 Server box that was doing everything, including being the domain controller and the print server in its spare time, and happily confirmed no performance impact on the server.

Installing GFI WebMonitor 2012

As usual with GFI we downloaded the fully functional 30-day evaluation copy (82Mb) and received the license key minutes later by email. On running the installer we found our humble server lacked several prerequisites but happily the installer went off and collected them without any fuss.

After that it offered to check for updates to the program, another nice touch:

The next screen is where you decide how you want to implement the product. Having just a single server with a single network card we chose single proxy mode:

With those choices made the installation itself was surprisingly quick and before long we were looking at this important screen:

We reconfigured several user PCs to point to our newly-created http proxy and they were able to surf as if nothing had happened. Except, of course, for the fact that we were now in charge!

We fired off a number of web accesses (to www.Firewall.cx of course, among others) and some searches, then clicked Finish to see what the management console would give us.

WebMonitor 2012 - The All-Seeing Eye

The dashboard overview (above) displays a wealth of information. At a glance you can see the number of sites visited and blocked along with the top users, top domains and top categories (more on these later). There’s also a useful trending graph which fills up over time, and you can change the period being covered by the various displays using the controls in the top right-hand corner. The console is also web-based so you can use it remotely.

Many of the displays are clickable allowing you to easily drill down into the data, and if you hover the mouse you’ll get handy pop-up explanations. We were able to go from the overview to the detailed activities of an individual user with just a few clicks. A user here is a single source IP, in other words a particular PC rather that the person using it. Ideally we would have liked the product to query the Active Directory domain controller and nail down the actual logged-on user but to be honest given the reasonable price and the product’s undoubted usefulness we’re not going to quibble.

The other dashboard tabs help you focus on particular aspects. The Bandwidth tab (shown below) and the activity tab let you trend the activity either by data throughput or the number of sessions as well as giving you peaks, totals and future projections. The real-time traffic tab shows all the sessions happening right now and lets you kill them, and the quarantine tab lists the internet nasties that WebMonitor has blocked.

To the right of the dashboard, the reports section offers three pages of ad-hoc and scheduled reports that you can either view interactively or have emailed to you. You can pretty much get anything here: the bandwidth wasted by non-productive surfing during a time period; the use of social networking sites and/or webmail; the search engine activity; the detailed activity of a particular user and even the use of job search websites on company time.

Underlying all this is a huge database of site categories. This, along with the malware protection, is maintained by GFI and downloaded daily by the product as part of your licensed support so you’ll need to stay on support moving forward if you want this to remain up to date.

The Enforcer

Monitoring, however, is only half the story and it’s under the settings section that things really get interesting. Here you can configure the proxy (it can handle https if you give it a certificate and it also offers a cache) and a variety of general settings but it’s the policies and alerts that let you control what you’ve been monitoring.

By defining policies you can restrict or allow all sorts of things, from downloading to instant messaging to categories of sites allowed or blocked and any time restrictions. Apply the relevant policies to the appropriate users and there you go.

The policies are quite detailed. For example, here’s the page allowing you to customise the default download policy. Using the scrolling list you can restrict a range of executables, audio/video files, document types and web scripts and if the default rules don’t meet your needs you can create your own. You can block them, quarantine them and generate an alert if anyone tries to do what you’ve forbidden.

Also, hidden away under the security heading is the virus scanning policy. This is really nice - GFI WebMonitor can scan incoming files for you using several anti-virus, spyware and malware detectors and will keep these up to date. This is the part of the program that generates the list of blocked nasties we mentioned earlier.

Pull down the monitoring list and you can set up a range of administrator alerts ranging from excessive bandwidth through attempted malware attacks to various types of policy transgression. By using the policies and alerts together you can block, educate or simply monitor across the whole spectrum of internet activity as you see fit.

Final Thoughts

GFI WebMonitor is a well thought-out, thoughtfully focussed and well integrated product that provides everything a small to large-sized enterprise needs to monitor and control internet access at a reasonable price. You can try it for free and the per-seat licensing model means you can scale it as required. It comes with great documentation both for reference and to guide you as you begin to take control.

Product Review - GFI LanGuard Network Security Scanner 2011

2012-04-03T01:08:00+10:00

Review by Alan Drury and John Watters

Introduction

With LanGuard 2011 GFI has left behind its old numbering system (this would have been Version 10), perhaps in an effort to tell us that this product has now matured into a stable and enterprise-ready contender worthy of serious consideration by small and medium-sized companies everywhere.

Well, after reviewing it we have to agree.

In terms of added features the changes here aren’t as dramatic as they were between say Versions 8 and 9, but what GFI have done is to really consolidate everything that LanGuard already did so well, and the result is a product that is rock-solid, does everything that it says on the tin and is so well designed that it’s a joy to use.

Installation

As usual for GFI we downloaded the fully-functional evaluation copy (124Mb) from its website and received our 30-day trial licence by email shortly afterwards. Permanent licences are reasonably priced and on a sliding scale that gets cheaper the more target IP addresses you want to scan. You can discover all the targets in your enterprise but you can only scan the number you’re licensed for.

Installation is easy. After selecting your language your system is checked to make sure it’s up to the job:

The installer will download and install anything you’re missing but it’s worth noting that if you’re on a secure network with no internet access then you’ll have to get them yourself.

Once your licence is in place the next important detail is the user account and password LanGuard will use to access and patch your machines. We’d suggest a domain account with administrator privileges to ensure everything runs smoothly across your whole estate. And, as far as installation goes, that’s pretty much it.

Scanning

LanGuard opened automatically after installation and we were delighted to find it already scanning our host machine:

The home screen (above) shows just how easy LanGuard is to use. All the real-world tasks you’ll need to do are logically and simply accessible and that’s the case all the way through. Don’t be deceived, though; just because this product is well-designed doesn’t mean it isn’t also well endowed.

Here’s the first treasure – as well as scanning and patching multiple versions of your Windows OS’s LanGuard 2011 interfaces with other security-significant programs. Here it is berating us for our archaic versions of Flash Player, Java, QuickTime and Skype:

This means you can take, from just one tool, a holistic view of the overall security of your desktop estate rather than just a narrow check of whether or not you have the latest Windows service packs. Anti-virus out of date? LanGuard will tell you. Die-hard user still on an older browser? You’ll know. And you can do something about it.

Remediation

Not only will LanGuard tell you what’s missing, if you click on Remediate down in the bottom right of the screen you can ask the product to go off and fix it. And yes, that includes the Java, antivirus, flash player and everything else:

Want to deploy some of the patches but not all? No problem. And would you like it to happen during the dark hours? LanGuard can do that too, automatically waking up the machines, shutting them down again and emailing you with the result. Goodness, we might even start to enjoy our job!

LanGuard can auto-download patches, holding them ready for use like a Windows SUS server, or it can go and get them on demand. We just clicked Remediate and off it went, downloaded our updated Adobe AIR and installed it without any fuss and in just a couple of minutes.

Agents and Reports

Previous versions of LanGuard were ‘agentless’, with the central machine scanning, patching and maintaining your desktop estate over the network. This was fine but it limited the throughput and hence what could be achieved in a night’s work. While you can still use it like this, LanGuard 2011 also introduces a powerful agent-based mode. Install the agent on your PCs (it supports all the current versions of Windows) and they will do the work while your central LanGuard server merely gives the orders and collects the results. The agents give you a lot of power; you can push-install them without having to visit every machine, and even if a laptop strays off the network for a while its agent will report in when it comes back. This is what you’d expect from a scalable, enterprise-credible product and LanGuard delivers it in style.

The reports on offer are comprehensive and nicely presented. Whether you just want a few pie charts to convince your boss of the value of your investment or you need documentary evidence to demonstrate PCI DSS compliance, you’ll find it here:

A particularly nice touch is the baseline comparison report; you define one machine as your baseline and LanGuard will then show you how your other PCs compare to it, what’s missing and/or different:

Other Features

What else can this thing do? Well there’s so much it’s hard to pick out the best points without exceeding our word limit, but here are a few of our favourites:

A comprehensive hardware audit of all the machines in your estate, updated regularly and automatically, including details of the removable USB devices that have been used
An equally comprehensive and automatic software audit, broken down into useful drag-and-drop categories, so you’ll always know exactly who has what installed. And this doesn’t just cover applications but all the stuff like Java, flash, antivirus and antispyware as well
The ability to define programs and applications as unauthorised, which in turn allows LanGuard to tell you where they are installed, alert you if they get installed and – oh joy, automatically remove them from the user’s machines
System reports including things like the Windows version, shared drives, processes, services and local users and groups including who logged on and when
Vulnerability reports ranging from basic details like open network ports to detected vulnerabilities with their corresponding OVAL and CVE references and hyperlinks for further information
A page of useful tools including SNMP walk, DNS lookup and enumeration utilities

Conclusion

We really liked this product. If you have a shop full of Windows desktops to support and you want complete visibility and control over all aspects of their security from just one tool then LanGuard 2011 is well worth a look. The real-world benefits of a tool like this are undeniable, but the beauty of LanGuard 2011 is in the way those benefits are delivered. GFI has drawn together all the elements of this complicated and important task into one seamless, intuitive and comprehensive whole and left nothing out, which is why we’ve given LanGuard 2011 the coveted Firewall.cx 10/10 award.

GFI Languard Network Security Scanner V9 Review

2011-07-09T10:27:21+10:00

With Version 9, GFI's Network Security Scanner has finally come of age. GFI has focussed the product on its core benefit – maintaining the security of the Windows enterprise – and the result is a powerful application that offers real benefits for the time-pressed network administrator.

Keeping abreast of the latest Microsoft patches and Service Packs, regular vulnerability scanning, corrective actions, software audit and enforcement in a challenging environment can really soak up your time. Not any more though – install Network Security Scanner and you can sit back while all this and more happens automatically across your entire estate.

The user interface for Version 9 is excellent; so intuitive in fact that we didn't touch the documentation at all yet managed all of the product's features. Each screen leads you to the next so effectively that you barely need to think about what you are doing and using the product quickly becomes second nature.

Version 8 was good, but with Version 9 GFI has done it again.

Installation

Installation is straightforward. All the software needs is an account to run under, details of its back-end database and a location to reside. MS Access, MSDE or MS SQL Server databases are supported and you can even migrate your data from one to another if needs be.

The Interface

The separate toolbar scheduler from Version 8 is gone and, in its place, the opening screen gives you all the options you need: Scan this Computer, Scan the Network, Custom Scan or Scheduled Scan. Click ‘Scan this Computer' and the scan begins – just one simple mouse click and you're off.

Performance and Results

Scanning speed is just as good as Version 8 and in less than two minutes we had a summary of the results:

Simply look below the results summary and the handy Next Steps box (with amusing typographical error) leads you through the process of dealing with them.

The prospect of Analizing the results made our eyes water so, having taken care to protect our anatomy from any such unwarranted incursion, we clicked the link:

The scan results are grouped by category in the left column with details to the right. Expand the categories and you get a wealth of information.

The vulnerabilities themselves are described in detail with reference numbers and URLs to lead you to further resources, but that's not all. You also get the patch status of the scanned system, a list of open ports, a comprehensive hardware report, an inventory of the installed software and a system summary. Think of all this in terms of your enterprise – if you have this product scanning all your machines you can answer questions such as “Which machines are still on Service Pack 2?” or “How much memory is in each of the Sales PCs?” or “What software does Simon have installed on his laptop?” without going anywhere else. It's all there for you at the click of a mouse.

There are other gems here as well, too many to list but here are some of our favourites. Under Potential Vulnerabilities the scanner lists all the USB devices that had been connected so we could monitor the historical use of memory sticks and the like. And the software audit, useful in itself, held another delight. Right click on any software entry and you can tell the scanner to uninstall it, either from just this machine or from all the machines in the network. Go further and define a list of banned applications and the product will remove them for you, automatically, when it runs its regular scan. Imagine the face of that wayward user each morning …

Patch Deployment

Choose the Remediate link and you'll head off to the part of the product that installs patches and service packs. Needless to say, these can be downloaded for you from Microsoft as they are released and held by the product, ready for use:

You can either let the scanner automatically install whatever patches and service packs it finds missing or you can vet and release patches you want to allow. This will let you block the next release of Internet Explorer, for example, while allowing other critical patches through. You can also uninstall patches and service packs from here.

As in Version 8, you can also deploy custom software to a single machine or across your estate. In a nutshell, if it is executable or can be opened then you can deploy it. As a test we pushed a picture of a pair of cute kittens to a remote machine where the resident graphics program popped open to display them. You can install software just as easily provided the install needs no user intervention:

Alerts and Reporting

This is where GFI demonstrates it is serious about positioning this product as a robust and reliable enterprise-ready solution.

Firstly the scanner can email you the results of its nocturnal activities so all you have to do each morning is make yourself a coffee and check your inbox. We'd have liked to see this area expanded, perhaps with definable events that could trigger an SMS message, SNMP trap or a defined executable. Maybe in Version 10?

To convince your manager of the wisdom of your investment there is a good range of coloured charts and if you have the GFI report Manager framework the product slots right into that so you can generate detailed custom reports from the back-end database.

And speaking of the database, GFI has now provided maintenance options so you can schedule backups and perform management tasks from within the scanner itself; a good idea for a key application.

Subscribe to what?

A vulnerability scanner is only any good, of course, if it can be automatically updated with the latest exploits as they come out. GFI has changed the business model with Version 9, so you'll be expected to shell out a modest annual fee for a Software Maintenance Agreement (SMA) unlike Version 8 where you paid in full and updates were free thereafter.

A nag screen reminds you when your subscription runs out so you needn't worry about not noticing:

Conclusion

What more can we say? If you have an estate of Windows machines to secure and maintain then this is what you have been looking for. It does everything you might need and more, it's easy to use and delivers real-world benefits.

Colasoft Capsa v7.2.1 Network Analyser Review

2011-07-09T10:08:32+10:00

Using network analysing software, we are able to monitor our network and dig into the various protocols to see what's happening in real time. This can help us understand much better the theoretical knowledge we've obtained throughout the years but, most importantly, help us identify, troubleshoot and fix network issues that we wouldn't be able to do otherwise.

A quick search on the Internet will surely reveal many network analysers available making it very confusing to select one. Some network analysers provide basic functions, such as packet sniffing, making them ideal for simple tasks while others give you all the necessary tools and functions to ensure your job is done the best possible way.

Colasoft's network analyser is a product that falls in the second category. We had the chance to test drive the Colasoft Network Analyser v7.2.1 which is the latest available version at the time of writing.

Having used previous versions of Colasoft's network analyser, this latest version we tested left us impressed and does, in fact, promise a lot no matter what the environment demands.

The Software

Colasoft's Capsa network analyser is available as a demo version directly from their website www.colasoft.com. We quickly downloaded the 21.8mb file and began the installation which was a breeze. Being small and compact meant the whole process didn't take more than 30-40 seconds.

We fired up the software, entered our registration details, activated our software and up came the first screen which shows a completely different philosophy to what we have been used to:

Before you even start capturing packets and analysing your network, you're greeted with a first screen that allows you to select the network adaptor to be used for the session, while allowing you to choose from a number of preset profiles regarding your network bandwidth (1000, 100, 10 or 2 Mbps).

Next, you can select the type of analysis you need to run for this session ranging from Full analysis, Traffic Monitoring, Security analysis to HTTP, Email, DNS and FTP analysis. The concept of pre-configuring your packet capturing session is revolutionary and very impressive. Once the analysis profile is selected, the appropriate plug-in modules are automatically loaded to provide all necessary information.

For our review, we selected the ‘100Mb Network’ profile and ‘Full Analysis’ profile, providing access to all plug-in modules, which include ARP/RARP, DNS, Email, FTP, HTTP and ICMPv4 – more than enough to get any job done!

Optionally, you can use the ‘Packet Filter Settings’ section to apply filters to the packets that will be captured:

The Main Dashboard

As soon as the program loaded its main interface, we were left surprised with the wealth of information and options provided.

The interface is broken into four sections: tool bar, node explorer, dashboard and online resource. The node explorer (left lower side) and online resource (right lower side) section can be removed, providing the dashboard with the maximum possible space to view all information related to our session.

The menu provided allows the configuration of the program, plus access to four additional tools: Ping, Packet Player, Packet Builder and MAC Scanner.

To uncover the full capabilities of the Colasoft Capsa Network Analyser, we decided to proceed with the review by breaking down each of the four sections.

The ToolBar

The toolbar is populated with a number of options and tools that proved extremely useful and are easily accessible. As shown below, it too is broken into smaller sections allowing you to control the start - stop function of your capturing session, filters, network profile settings from where you can set your bandwidth settings, profile name, alarms and much more.

The Analysis section is populated with some great features we haven't found in other similar tools. Here, you can enable or disable the built-in ‘diagnosis settings’ for over 35 different protocols and tcp/udp states.

When selecting a diagnosis setting, Colasoft Capsa will automatically explain, in the right window, what the setting shows and the impact on the network. When done, click on the OK button and you're back to the main capturing screen.

The Analysis section also allows you to change the buffer size in case you want to capture packets for an extended period of time and, even better, you can enable the ‘auto packet saving’ feature which will automatically save all captured packets to your hard drive, making them available whenever you need them.

Right next to the analysis section is the 'Network Utilisation' and 'pps' (packets per second) gauges, followed by the 'Traffic History Chart'. These nifty gauges will show you in almost realtime the utilisation of your network card according to the network profile you selected before, plus any filters that might have been selected.

For example, if a 100Mbps network profile was selected, the gauges will represent the utilisation of a 100Mbps network card. If, in addition, filters were selected e.g. HTTP, then both gauges will represent a 100Mbps network utilisation only for the HTTP protocol. So if there were a large email or FTP download, it wouldn't register at the gauges as they will only show utilisation for HTTP traffic, according to the filter.

To give the gauges a try, we disabled all filters and started a 1.4Gig file transfer between our test bed and server, over our 100Mbps network. Utilisation hit the red areas while the pps remained at around 13,000 packets per second.

The gauges are almost realtime as they are updated once every second, though we would have loved to see them swinging left-right in real time. One issue we encountered was that the 'Traffic History Chart' seemed to chop off the bandwidth value when moving our cursor toward the top of the graph. This is evident in our screenshot where the value shown is 80.8Mbps, and makes it almost impossible to use the history chart when your bandwidth is almost 100% utilised. We hope to see this fixed in the next version.

At the very end of the toolbar, the 'Packet Buffer' provides visual feedback on how full the buffer actually is, plus there are a few options to control the packet buffer for that session.

Node Explorer & DashBoard

On the lower left area we'll find the 'Node Explorer' which works in conjunction with the main dashboard to provide the information of our captured session. The Node Explorer is actually a very smart concept as it allows you to instantly filter information captured.

The Node Explorer starts populating the segmented areas automatically as it captures packets on the network. It provides a nice break-down of the information using a hierarchical approach that also follows the OSI model.

As we noticed, we could choose to select the Physical Explorer that contained nodes with MAC Addresses, or select the IP Explorer to view information about nodes based on their IP Address.

Each of these sections are then further broken down as shown. A nice simple and effective way to categorise the information and help the user find what is needed without searching through all captured packets.

Once we made a selection (Protocol Explorer/Ethernet II/IP (5) as shown below, the dashboard next to it provided up to 13 tabs of information which are analysed in the next screenshot.

Selecting the IP Tab, the protocol tab in the main dashboard provided a wealth of information and we were quickly able to view the quantity of packets, type of traffic, amount of traffic and other critical information for the duration of our session.

We identified our Cisco Call Manager Express music-on-hold streaming under the UDP/SCCP, which consumes almost 88Kbps of bandwidth, an SNMP session which monitors a remote router accounting for 696bps of traffic, and lastly the ICMP tracking of our website, costing us another 1.616Kbps of traffic. All together, 89.512Kpbs.

This information is automatically updated every second and you can customise the refresh rate from 10 presets. One function we really loved was the fact we could double-click on any of the shown protocols and another window would pop up with all packets captured for the selected protocol.

We double-clicked on the OSPF protocol (second last line in the above screenshot) to view all packets related to that protocol and here is what we got:

Clearly there is no need to use filters as we would probably need to in other similar type of software, thanks to the smart design of the Node Explorer and Dashboard. Keep in mind that if we need to have all packets saved, we will need the appropriate buffer, otherwise the buffer is recycled as expected.

Going back to the main area, any user will realise that the dashboard area is where Colasoft's Capsa truly excels and unleashes its potential. The area is smartly broken into a tabbed interface and each tab does its own magic:

The user can quickly switch between any tabs and obtain the information needed without disrupting the flow of packets captured.

Let's take a quick look at what each tab offers:

Summary Tab

The Summary tab is an overview of what the network analyser 'sees' on the network.

We get brief statistics on the total amount of traffic we've seen, regardless of whether it’s been captured or not, the current network utilisation, bits per second and packets per second, plus a breakdown of the packet sizes we've seen so far. Handy information if you want to optimise your network according to your network packet size distribution.

Diagnosis Tab

The Diagnosis tab is truly a goldmine. Here you'll see all the information that related to problems automatically detected by Colasoft Capsa without additional effort!

This amazing section is broken up into the Application layer, Transport layer and Network layer (not shown). Capsa will break down each layer in a readable manner and show all related issues it has detected.

Once a selection has been made - in our example we choose the 'Application layer/ DNS Server Slow Response' - the lower area of the window brings up a summary of all related packets this issue was detected in.

Any engineer who spends hours trying to troubleshoot network issues will truly understand the power and usefulness of this feature.

Protocol Tab

The Protocol tab provides an overview and break-down of the IP protocols on the network, along with other useful information as shown previously in conjunction with the Node Explorer.

Physical Endpoint Tab

The Physical Endpoint tab shows conversations from physical nodes (Mac Addresses). Each node expands and its IP Address is revealed to help track the traffic. Similar statistics regarding the traffic is also shown:

As with previous tabs, when selecting a node the physical conversation window opens right below and shows the relevant conversations along with their duration and total traffic.

IP Endpoint Tab

The IP Endpoint tab offers similar information but on the IP Layer. It shows all local and Internet IP addresses captured along with statistics such as number of packets, total bytes received, packets per second and more.

When selecting an IP Address, Capsa will show all IP, TCP and UDP conversations captured for this host.

IP Conversation Tab

The IP Conversation tab will be useful to many engineers. It allows the tracking of conversations between endpoints on your network, assuming all traffic passes through the workstation where the Capsa Network Analyser is installed.

The tab will show individual sessions between endpoints, duration, bytes in and out from each end plus a lot more.

Network engineers can use this area to troubleshoot problematic sessions between workstations, servers and connections toward the Internet. Clicking on a specific conversation will show all TCP and UDP conversations between the hosts, allowing further analysis.

Matrix Tab

The Matrix tab is an excellent function probably only found on Colasoft's Capsa. The matrix shows a graphical representation of all conversations captured throughout the session. It allows the monitoring of endpoint conversations and will automatically resolve endpoints when possible.

Placing the mouse over a string causes Capsa to automatically show all relevant information about conversations between the two hosts. Active conversations are highlighted in green, multicast sessions in red and selected session in orange.

The menu on the left allows more options so an engineer can customise the information.

Packet Tab

The Packet tab gives access to the packets captured on the network. The user is able to lock the automatic scrolling or release it so new packets are shown as they are captured or have the program continue capturing packets without scrolling the packet window. This allows ease of access to any older packet without the need to scroll back for every new packet captured.

Even though the refresh time is customisable, the fastest refresh rate was only every 1 second. We would prefer a 'realtime' refresh rate and hope to see this implemented in the next update.

Log Tab

The Log tab offers information on sessions related to specific protocols such as DNS, Email, FTP and HTTP. It's a good option to have, but we found little value in it since all other features of the program fully cover the information provided by the Log tab.

Report Tab

The report tab is yet another useful feature of Colasoft's Capsa. It will allow the generation of a network report with all the captured packets and can be customised to a good extent. The program allows the engineer to insert a company logo and name, plus customise a few more fields.

The options provided in the report are quite a few, the most important being the Diagnosis and Protocol statistics.

Finally, the report can be exported to PDF or HTML format to distribute it accordingly.

Professionals can use this report to provide evidence of their findings to their customers, making the job look more professional and saving hours of work.

Online Resource

The 'Online Resource' section is a great resource to help the engineer get the most out of the program. It contains links and live demos that show how to detect ARP poisoning attacks, ARP Flooding, how to monitor network traffic efficiently, track down BitTorrents and much more.

Once the user becomes familiar with the software they can select to close this section, giving its space to the rest of the program.

Final Conclusion

Colasoft's Capsa Network Analyser is without doubt a goldmine. It offers numerous enhancements that make it pleasant to work with and easy for anyone to find the information they need. Its unique functions such as the Diagnosis, Matrix and Reports surely make it stand out and can be invaluable for anyone troubleshooting network errors.

While the program is outstanding, it can do with some minor enhancements such as the real-time presentation of packets, more thorough network reports and improvement of the traffic history chart. Future updates will also need to include a 10Gbit option amongst the available network profies.

We would definitely advise any network administrator or engineer to give it a try and see for themselves how great a tool like Capsa can be.

GFI Languard Network Security Scanner V8

2011-07-09T09:50:36+10:00

Can something really good get better? That was the question that faced us when we were assigned to review GFI's Languard Network Security Scanner, Version 8 , already well loved (and glowingly reviewed) at Version 5.

All vulnerability scanners for Windows environments fulfil the same basic function, but as the old saying goes “It's not what you do; it's the way that you do it”. GFI have kept all the good points from their previous releases and built on them; and the result is a tool that does everything you would want with an excellent user interface that is both task efficient and a real pleasure to use.

Installation

Visit GFI's website and you can download a fully-functional version that you can try before you buy; for ten days if you prefer to remain anonymous or for thirty days if you swap your details for an evaluation code. The download is 32Mb expanding to 125Mb on your disk when installed.

First of all, if you have a license key you can enter it during installation to save time later – just a little thing, but it shows this software has been designed in a very logical manner.

You're then asked for an account to run the Attendant service, the first of the Version 8 enhancements. This, as its name suggests, is a Windows service that sits in your system tray and allows you easy access to the program and its documentation plus a handy window that lets you see everything the scanner is doing as it works away in the background.

After this you're asked whether you'd like your scan results stored in Microsoft Access or SQL Server (2000 or higher). This is another nice feature, particularly if you're using the tool to audit, patch and secure an entire infrastructure.

One feature we really liked is the ability to run unattended scheduled scans and email the results. This is a feature you won't find in any other similar product.

GFI's LANguard scanner doesn't just find vulnerabilities, it will also download the updates that fix them and patch your machines for you.

Finally, you can tell the software where to install itself and sit back while the installation completes.

Getting Started

Each time you start the scanner it checks with GFI for more recent versions and for updated vulnerabilities and patches. You can turn this off if you don't always have internet access.

You'll also get a wizard to walk you through the most common scanning tasks. This is great for new users and again you can turn it off once you become familiar with the product.

The Interface

Everything takes place in one uncluttered main screen as shown below. As our first review task we closed the wizard and simply ‘had a go' without having read a single line of documentation. It's a testament to the good design of the interface that within a few mouse clicks we were scanning our first test system without any problems.

The left hand pane contains the tools, menus and options available to you. This is split over three tabs, an improvement over Version 5 where everything sat in one huge list. To the right of this are two panes that display the information or settings relating to the option you've chosen, and the results the product has obtained. Below them is a results pane that shows what the scanner is up to, tabbed again to let you view the three scanner threads or the overall network discovery.

Performance and Results

It's fast. While performance obviously depends on your system and network we were pleasantly surprised by the efficiency and speed of the scan.

Speed is nothing however without results, and the product doesn't disappoint. Results are logically presented as an expanding tree beneath an entry for each scanned machine. Select one of the areas in the left pane and you'll get the detail in the right pane. Right-click there and you can take appropriate action; in the example shown right-clicking will attempt a connection on that port:

Vulnerabilities are similarly presented with rich and helpful descriptions, while references for further information from Microsoft and others plus the ability to deploy the relevant patches are just a right-click away:

The scanner is also surprisingly resilient. We decided to be mean and ran a scan of a desktop PC on a large network – via a VPN tunnel within a VPN tunnel across the public internet with an 11Mb/s wireless LAN connection on the other end. The scan took about ten minutes but completed fine.

Patch Deployment

Finding vulnerabilities is only half the story; this product will also help you fix them. One click at the machine level of the scan results opens yet another helpful screen that gathers all your options in one place. You can elect to remotely patch the errant machine, shut it down or even berate the operator, and a particularly nice touch is the list of your top five most pressing problems:

Patch deployment is similarly intuitive. The product can download the required patches for you, either now or at a scheduled time, and can access files already downloaded by a WSUS server if you have one. Once you have the files available you can patch now or schedule the deployment, and either way installation is automatic.

Alongside this is another Version 8 feature which gives you access to the same mechanism to deploy and install software of your choice. We tested this by push-installing some freeware tools, but all you need is a fully scripted install for unattended installation and you can deploy anything you like out to your remote machines. This is where the Attendant Service comes in again as the tray application provides a neat log of what's scheduled and what's happened. The example shows how good the error reporting is (we deliberately supplied the wrong credentials):

This powerful feature is also remarkably configurable –you can specify where the copied files should go, check the OS before installation, change the user credentials (important for file system access and for push-installing the Patch Agent service), reboot afterwards or even seek user approval before going ahead. We've used other tools before for software deployment and we felt right at home with the facilities here.

Scripting and Tools

Another plus for the busy administrator is the facility to schedule scans to run when you'd rather be away doing something else. You can schedule a simple timed scan and have the results emailed to you, or you can set up repeating scans and have the product compare the current results with the previous and only alert you if something has changed. If you don't want your inbox battered you can sleep soundly knowing you can still consult the database next morning to review the results. And if you have mobile users your group scan (or patch) jobs can stay active until your last elusive road warrior has appeared on the network and been processed. Resistance is futile!

Under the Tools tab there are a few more goodies including an SNMP audit to find insecure community strings. This was the site of our only disappointment with the product – we would have liked the ability to write our own tools and add them in here, but it seemed we'd finally found something GFI hadn't thought of.

Having said that, all the other scripting and tweaking facilities you'd expect are there, including a comprehensive command-line interface for both scanning and patch deployment and the ability to write custom vulnerability definitions in VBScript. All this and more is adequately documented in the well-written on-line help and user manual, and if you're still stuck there's a link to GFI's knowledgebase from within the program itself.

Summary

We were really impressed by this product. GFI have done an excellent job here and produced a great tool, which combines vulnerability scanning and patch management , with heavyweight features and an excellent user interface that is a joy to work with.

Acunetix Web Vulnerability Scanner

2011-07-09T09:40:24+10:00

The biggest problem with testing web applications is scalability. With the addition of even a single form or page to test, you invariably increase the number of repetitive tasks you have to perform and the number of relationships you have to analyze to figure out whether you can identify a security issue.

As such, performing a security assessment without automation is an exercise in stupidity. One can use the lofty argument of the individual skill of the tester, and this is not to be discounted – I’ll come back to it – but, essentially, you can automate at least 80% of the task of assessing website security. This is part of the reason that security testing is becoming highly commoditized, the more you have to scan, the more repetitive tasks you have to perform. It is virtually impossible for a tester to manually analyze each and every single variable that needs to be tested. Even if it were so, to perform this iterative assessment manually would be foolishly time-consuming.

This problem, coupled with the explosive growth of web applications for business critical applications, has resulted in a large array of web application security testing products. How do you choose a product that is accurate (false positives are a key concern), safe (we’re testing important apps), fast (we come back the complexity point) and perhaps most importantly, meaningful in its analysis?

This implies that its description of the vulnerabilities discovered, and the measures to be taken to mitigate them, must be crystal clear. This is essentially what you’re paying for, it doesn’t matter how good the scanning engine is or how detailed their threat database is if the output – risk description and mitigation – are not properly handled. With these points in mind, we at Firewallcx, decided to take Acunetix’s Web Vulnerability Scanner for a spin.

I’ve had the pleasure of watching the evolution of web scanning tools, right from my own early scripting in PERL, to the days of Nikto and libwhisker, to application proxies, protocol fuzzers and the like. At the outset, let me say that Acunetix’s product has been built by people who have understood this evolution. The designers of the product have been around the block and know exactly what a professional security tester needs in a tool like this. While this puppy will do point ’n’ shoot scanning with a wizard for newbies, it has all the little things that make it a perfect assistant to the manual tester.

A simple example of ‘the small stuff’ is the extremely handy encoder tool that can handle text conversions and hashing in a jiffy. Anyone who’s had the displeasure of having to whip up a base-64 decoder or resort to md5sum to obtain a hash in the middle of a test will appreciate why this is so useful. More importantly, it shows that the folks at Acunetix know that a good tester will be analyzing the results and tweaking the inputs away from what the scanning engine would do. Essentially they give you the leeway to plug your own intellect into the tool.

Usage is extremely straightforward, hit the icon and you’ll get a quick loading interface that looks professional and displays information smartly (I appreciate the tabbed interfaces, these things matter as a badly designed UI could overwhelm you with more information than you need). Here’s a shot of the target selection wizard:

What I liked here was the ‘Optimize for the following technologies’ setup. Acunetix did a quick query of my target (our website, www.Firewall.cx) and identified PHP, mod_ssl, OpenSSL and FrontPage as modules that we’re using. When you’re going up against a blind target in a penetration test or setting up scans for 50 webapps at a time, this is something that you will really appreciate.

Next we come to the profile selection – which allows you to choose the scanning profile. Say I just want to look for SQL injection, I can pick that profile. You can use the profile editor to customize and choose your own checks. Standard stuff here. The profile and threat selection GUI is well categorized and it’s easy to find the checks you want to deselect or select.

You can browse the threat database in detail as shown below:

At around this juncture, the tool identified that www.Firewall.cx uses non-standard (non-404) error pages. This is extremely important for the tool to do. If it cannot determine the correct ‘page not found’ page, it will start throwing false positives on every single 302 redirect. This is a major problem with scanners such as Nikto and is not to be overlooked. Acunetix walked me through the identification of a valid 404 page. Perhaps a slightly more detailed explanation as to why this is important would benefit a newbie.

I had updated the tool before scanning, and saw the threat database being updated with some recent threats. I don’t know the threat update frequency, but the process was straightforward and, unlike many tools, didn’t require me to restart the tool with the new DB.

Since I was more interested in the ‘how can I help myself’ as opposed to ‘how can you help me’ approach to scanning, I fiddled with the fuzzer, request generator and authentication tester. These are very robust implementations, we have fully fledged tools implementing just this functionality and you should not be surprised to see more people discarding other tools and using Acunetix as a one-stop-shop toolbox.

One note though, the usernames dictionary for the authentication tester is far too limited out of the box (3-4 usernames), the password list was reasonably large, but the tool should include a default username list (where are things like ‘tomcat’, ‘frontpage’ etc?) so as not to give people a false sense of security. Given that weak password authentication is still one of the top reasons for a security breach, this module could use a reworking. I would like to see something more tweakable, along the lines of Brutus or Hydra’s HTTP authentication capabilities. Perhaps the ability to plug in a third party bruteforce tool would be nice.

Here I am playing with the HTTP editor:

Here’s the neat little encoder utility that I was talking about earlier. You will not miss this one in the middle of a detailed test:

After being satisfied that this product could get me through the manual phase of my audits, I fell back on my tester’s laziness and hit the scan button while sipping a Red Bull.

The results arrive in real time and are browseable, which is far better than seeing a progress bar creep forward arbitrarily. While this may seem cosmetic, when you’re being pushed to deliver a report, you want to be able to keep testing manually in parallel. I was watching the results come in and using the HTTP editor to replicate the responses and judge what required my manual intervention.

Essentially, Acunetix chews through the application looking for potential flaws and lets you take over to verify them in parallel. This is absolutely the right approach and far more expensive tools that I’ve used do not realise this. Nobody with half smarts will rely purely on the output of a tool, a thorough audit will have the tester investigating concern areas on his own, if I have to wait for your tool to finish everything it does before I can even see those half-results, you’ve wasted my time.

Here’s how the scanning window looked:

Now bear in mind that I was running this test over a 256kbps link on the Internet, I was expecting it to take time, especially given that Firewall.cx has an extremely large set of pages. Halfway through, I had to stop the test as it was bravely taking on the task of analyzing every single page in our forums. However, there was constant feedback through the activity window and my network interface, you don’t end up wondering whether the product has hung as is the case with many other products I’ve used.

The reporting features are pretty granular, allowing you to select the usual executive summary and detailed report options. Frankly, I like the way the results are presented and in the course of my audits never needed to generate a report from the tool itself. I’m certain that the features of the reporting module will more than suffice. The descriptions of the vulnerabilities are well written, the solutions are accurate and the links to more information come from authoritative sources. If you come back to what I said in the opening stages of this review, this is the most important information that a tool should look to provide. Nothing is more terrible than ambiguous results, and that is a problem you will not have with this product.

One drawback found with the product was the lack of a more complete scripting interface. Many testers would like the ability to add their own code to the scanning setup. I did check out the vulnerability editor feature, but would prefer something that gave me more flexibility. Another was the lack of a version for Linux / UNIX-like systems. The majority of security testers operate from these platforms and it would be nice not to have to switch to a virtual machine or deal with a dual boot configuration to be able to harness the power of this tool. Neither of these drawbacks are deal killers, and should be treated more as feature requests.

Other than that, I truly enjoyed using this product. Web application auditing can be a tedious and time consuming nightmare, and the best praise I can give Acunetix is that they’ve made a product that makes me feel a part of the test. The interactivity and levels of detail available to you give you the ability to be laid back or tinker with everything you want, while the test is still going on. With its features and reasonable pricing for a consultant’s license, this product is unmatched and will quickly become one of the premier tools in your arsenal.

GFI LANguard Network Security Scanner Version 5.0 Review

2011-07-09T09:29:32+10:00

In the light of all the recent attacks that tend to focus on the vulnerabilities of Windows platforms, we were increasingly dissatisfied with the common vulnerability scanners that we usually employ. We wanted a tool that didn't just help find holes, but would help administer the systems, deploy patches, view account / password policies etc. In short, we were looking for a Windows specialist tool.

Sure, there's a number of very popular (and very expensive) commercial scanners out there. However, most of them are prohibitively priced for the networks we administrate and all of them fell short on the administrative front. We tested a previous version of LANguard and our initial impressions were good. Thus we decided to give their latest offering a spin.

Getting Started

Getting the tool was easy enough, a quick visit to GFI's intuitively laid out site, and a 10MB download later, we were set to go. We must mention that we're partial to tools that aren't too heavy on the disk-space. Sahir has started carrying around a toolkit on his cell-phone USB drive, where space is at a premium. 10MB is a reasonable size for a program with all the features of this one.

Installation was the usual Windows deal (Click <next> and see how quickly you can reach <finish>). We fired up the tool and was greeted with a splash screen that checked for a newer version, and downloaded new patch detection files, dictionaries, etc.

We'd prefer to have the option of updating rather than having it happen every time at startup bu we couldn't find the option to change this behaviour; this is a minor point that GFI should add.

Interface

Once the program is fully updated, you're greeted with a slick interface that looks like it's been made in .Net. No low coloured icons and cluttered toolbars here. While some may consider this inconsequential, it's a pleasure to work on software that looks good. It gives it that final bit of polish that's needed for a professional package. You can see the main screen below.

The left panel shows all the tools available and is like an ‘actions' pane. From here you can select the security scanner, filter your scan results in a variety of ways, access the tools (such as patch deployment, DNS lookup, traceroute, SNMP audit, SQL server audit etc) and the program configuration as well. In fact if you look under the menus at the top, you'll find very few options as just about everything can be controlled or modified from the left panel.

The right panel obviously shows you the results of the scan, or the tool / configuration section you have selected. In this case it's on the Security Scanner mode where we can quickly setup a target and scan it with a profile. A profile is a description of what you want to scan for, the built in profiles include:

Missing patches
CGI scanning
Only Web / Only SNMP
Ping them all
Share Finder
Trojan Ports
Full TCP & UDP port scan

In the Darkness, Scan ‘em...

We setup the default scanning profile and scanned our localhost (a mercilessly locked down XP box that resists spirited break-ins from our practice penetration tests). We scanned as the ‘currently logged on user' (an administrator account), which makes a difference, since you see a lot more when scanning with privileges than without. As we had expected, this box was fairly well locked down. Here is the view just after the scan finished:

Clicking one of the filters in the left pane brings up a very nicely formatted report, showing you the information you requested (high vulnerabilities, low vulnerabilities, missing patches etc). Here is the full report:

As you can see, it identified three open ports (no filtering was in place on the loopback interface) as well as MAC address, TTL, operating system etc.

We were not expecting much to show up on this highly-secured system, so we decided to wander further.

The Stakes Get Higher...

Target 2 is the ‘nightmare machine'. It is a box so insecure that it can only be run under VMWare with no connection to the Internet. What better place to set LANguard free than on a Windows XP box, completely unpatched, completely open? If it were setup on the ‘net it would go down within a couple of minutes!

However, this was not good enough for our rigorous requirements, so we infected the box with a healthy dose of Sasser. Hopefully we would be able to finish the scan before LSASS.exe crashed, taking the system down with it. To make life even more difficult, we didn't give LANguard the right credentials like we had before. In essence, this was a 'no privilege' scan.

LANguard detected the no password administrator account, the Sasser backdoor, default sharing, Terminal Services active (we enabled it for the scenario). In short, it picked up on everything.

We purposely didn't give it any credentials as we wanted to test its patch deployment features last, since this was what we were really interested in. This was very impressive as more expensive scanners (notably Retina) missed out on a lot of things when given no credentials.

To further extend out scans, we though it would be a good idea to scan our VLAN network that contained over 250 Cisco IP Phones and two Cisco Call Managers. LANguard was able to scan all IP Phones without a problem and also gave us some interesting findings as shown in this screenshot:

LANguard detected with ease the http port (80) open and also included a sample of the actual page that would be downloaded should a client connect to the target host!

It is quite important to note at this point that the scan shown above was performed without any disruptions to our Cisco VoIP network. Even though no vulnerabilities were detected, something we expected, we were pleased enough to see Languard capable of working in our Cisco VoIP network without problems.

If you can't join them …... Patch them!

Perhaps one of the most neatest features of GFI's LANguard is the patch management system, designed to automatically patch the systems you have previously scanned. The automatic patching system works quite well, but you should download the online PDF file that contains instructions on how to proceed should you decide to use this feature.

The automatic patching requires the host to be previously scanned in order to find all missing patches, service packs and other vulnerabilities. Once this phase is complete, you're ready to select the workstation(s) you would like to patch!

As expected, you need the appropriate credentials in order to successfully apply all selected patches, and for this reason there is a small field in which you can enter your credentials for the remote machine.

We started by selectively scanning two hosts in order to proceed patching one of them. The target host was 10.0.0.54, a Windows 2000 workstation that was missing a few patches:

LANguard successfully detected the missing patches on the system as shown on the screenshot above, and we then proceeded to patch the system. A very useful feature is the ability to select the patch(es) you wish to install on the target machine.

As suggested by LANguard, we downloaded the selected patch and pointed our program to install it on the remote machine. The screen shot above shows the patch we wanted to install, followed by the machine on which we selected to install it. At the top of the screen we needed to supply the appropriate credentials to allow LANguard to do its job, that is, a username of 'Administrator' and a password of ..... sorry - can't tell :)

Because most patches require a system reboot, LANguard includes such options, ensuring that no input at all is required on the other side for the patching to complete. Advanced options such as ‘Warn user before deployment' and ‘Delete copied files from remote computer after deployment', are there to help cover all your needs:

The deployment status tab is another smart feature; it allows the administrator to view the patching in progress. It clearly shows all steps taken to deploy the patch and will report any errors encountered.

It is also worth noting that we tried making life more difficult by running the patch management system from our laptop, which was connected to the remote network via the Internet, and securing it using a Cisco VPN tunnel with the IPSec as the encryption protocol. Our expectations were that GFI's LANguard would fail terribly, giving us the green light to note a weak point of the program.

To our surprise, it seems like GFI's developers had already forseen such situations and the results were simply amazing, allowing us to successfully scan and patch a Windows 2000 workstation located on the end of the VPN tunnel!

Summary

GFI without doubt has created a product that most administrators and network engineers would swear by. It's efficient, fast and very stable, able to perform its job whether you're working on the local or remote LAN.

Its features are very helpful: you won't find many network scanners pointing you to web pages where you can find out all the information on discovered vulnerabilities, download the appropriate patches and apply them with a few simple clicks of a mouse!

We've tried LANguard from small networks with 5 to 10 hosts up to large corporate network with more than 380 hosts, over WAN links and Cisco VPN tunnels and it worked like a charm without creating problems such as network congestions. We are confident that you'll love this product's features and it will quickly become one of your most necessary programs.

GFI EventsManager 7 Review

2011-07-09T03:19:10+10:00

Imagine having to trawl dutifully through the event logs of twenty or thirty servers every morning, trying to spot those few significant events that could mean real trouble among that avalanche of operational trivia. Now imagine being able to call up all those events from all your servers in a single browser window and, with one click, open an event category to display just those events you are interested in…

Sounds good? Install this product, and you’ve got it.

A product of the well-known GFI stables, EventsManager 7 replaces their earlier LANguard Security Event Log Monitor (S.E.L.M.) which is no longer available. There’s also a Reporting Suite to go with it; but we haven’t reviewed that here.

In a nutshell the product enables you to collect and archive event logs across your organisation, but there’s so much more to it than that. It’s hard to condense the possibilities into a review of this size, but what you actually get is:

Automatic, scheduled collection of event logs across the network; not only from Windows machines but from Linux/Unix servers too, and even from any network kit that can generate syslog output;
The ability to group your monitored machines into categories and to apply different logging criteria to each group;
One tool for looking at event logs everywhere. No more switching the event log viewer between servers and messing around with custom MMCs;
The ability to display events by category or interest type regardless of where they occurred (for example just the Active Directory replication events, just the system health events, just the successful log-on events outside normal working hours);
Automated response actions for particular events or types of events including alerting staff by email or pager or running an external script to deal with the problem;
A back-end database into which you can archive raw or filtered events and which you can search or analyse against – great for legal compliance and for forensic investigation.

You can download the software from GFI’s website and, in exchange for your details, they’ll give you a thirty-day evaluation key that unlocks all the features; plenty of time to decide if it’s right for you. This is useful, because you do need to think about the deployment.

One key issue is the use of SQL-Server as the database back-end. If you have an existing installation you can use that if capacity permits, or you could download SQL Server Express from Microsoft. GFI do tell you about this but it’s hidden away in Appendix 3 of the manual, and an early section giving deployment examples might have been useful.

That said, once you get installed a handy wizard pops up to lead you through the key things you need to set up:

Here again are things you’ll need to think about – such as who will get alerted, how, when and for what, and what actions need to be taken.

You’ll also need to give EventsManager a user that has administrative access to the machines you want to monitor and perhaps the safest way to do this is to set up a new user dedicated to that purpose.

Once you’ve worked through the wizard you can add your monitored machines under the various categories previously mentioned. Ready-made categories allow you to monitor according to the type, function or importance of the target machine and if you don’t like those you can edit them or create your own.

The categories are more than just cosmetic; each one can be set up to define how aggressively EventsManager monitors the machines, their ‘working week’, (useful for catching unauthorised out-of-hours activity) and the types of events you’re interested in (you might not want Security logs from your workstations, for example). Encouragingly though, the defaults provided are completely sensible and can be used without worry.

Once your targets are defined you’ll begin seeing logs in the Events Browser, and this is where the product really scores. To the left of the browser is a wealth of well-thought-out categories and types; click on one of these and you’ll see those events from across your enterprise. It’s as simple, and as wonderful as that.

You can click on the higher-level categories to view, for example, all the SQL Server events, or you can expand that out and view the events by subcategory (just the Failed SQL Server Logons for example).

Again, if there are events of particular significance in your environment you can edit the categories to include them or even create your own, right down to the specifics of the event IDs and event types they collect. A particularly nice category is ‘Noise’, which you can use to collect all that day-to-day operational verbiage and keep it out of the way

For maximum benefit you’ll also want to assign actions to key categories or events. These can be real-time alerts, emails, corrective action scripts and log archiving. And again, you guessed it, this is fully customisable. The ability to run external scripts is particularly nice as with a bit of tweaking you can make the product do anything you like.

Customisation is one of the real keys to this product. Install it out of the box, just as it comes, and you’ll find it useful. But invest some time in tailoring it to suit your organisation and you’ll increase its value so much you’ll wonder how you ever managed without it.

In operation the product proved stable though perhaps a little on the slow side when switching between screens and particularly when starting up. This is a testimony to the fact that the product is doing a lot of work on your behalf and, to get the best from it, you really should give it a decent system to run on. The benefits you’ll gain will more than make up for the investment.

Reviews & Interviews

The VIRL Book – A Guide to Cisco’s Virtual Internet Routing Lab (Cisco Lab)

Cisco Press Review for “Cisco Firepower and Advanced Malware Protection Live Lessons” Video Series

Title: Cisco Firepower & Advanced Malware Protection Live LessonsAuthors: Omar SantosISBN-10: 0-13-446874-0Publisher: Cisco PressPublished: June 22, 2016Edition: 1st EditionLanguage: English

Cisco CCNP Routing & Switching v2.0 – Official Cert Guide Library Review (Route 300-101, Switch 300-115 & Tshoot 300-135)

Title: Cisco CCNP Routing & Switching v2.0 – Official Cert Guide LibraryAuthors: Kevin Wallace, David Hucaby, Raymond Lacoste ISBN-13: 978-1-58720-663-4Publisher: Cisco PressPublished: December 23rd, 2014Edition: 1st EditionLanguage: English

GFI’s LANGUARD Update – The Most Trusted Patch Management Tool & Vulnerability Scanner Just Got Better!

CCIE Collaboration Quick Reference Review

Title: CCIE Collaboration Quick ReferenceAuthors: Akhil BehlASIN: B00KDIM9FIPublisher: Cisco PressPublished: May 16, 2014Edition: 1st EditionLanguage: English

CCIE Collaboration Quick Reference Exam Guide

Title: CCIE Collaboration Quick ReferenceAuthors: Akhil BehlISBN-10(13): 0-13-384596-6Publisher: Cisco PressPublished: May 2014Edition: 1st EditionLanguage: English

The Business Case For Network Security

Title: The Business Case For Network SecurityAuthors: Catherine Paquet, Warren SaxeISBN-10(13): 1587201216Publisher: Cisco PressPublished: December 23, 2004Edition: 1st EditionLanguage: English

Firewalls and Internet Security: Repelling the Wily Hacker

Title: Firewalls and Internet Security: Repelling the Wily HackerAuthors: William R. Cheswick, Steven M. Bellovin, Aviel D. RubinISBN-10(13): 020163466XPublisher: Addison-Wesley ProfessionalPublished: March 6, 2003Edition: 2nd EditionLanguage: English

CCENT - CCNA 640-802 Official Certification Library 3rd Edition

Title: CCENT - CCNA 640-802 Official Certification Library 3rd EditionAuthors: Wendell OdomISBN-10(13): 1-58720-438-XPublisher: Cisco PressPublished: December 10th, 2011Edition: 3rd EditionLanguage: English

Salient Features

Summary

The Ruby Way

Title: The Ruby WayAuthors: Hal FultonISBN-10(13): 0672328844Publisher: Addison-Wesley ProfessionalPublication date: November 4, 2006Edition: 2nd EditionLanguage: English

Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

Title: Best Practices & Strategies for J2EE, Web Services & Identity ManagementAuthors: Christopher Steel, Ramesh Nagappan, Ray LaiISBN-10(13): 0131463071Publisher: Prentice HallPublished: October 24, 2005Edition: 1st EditionLanguage: English

Linux Starter Kit

Title: Linux Starter KitAuthors: Emmett DulaneyISBN-10(13): 0672328879Publisher: SamsPublished: June 8, 2006Edition: 1st EditionLanguage: English

Red Hat Fedora 5 Unleashed

Title: Red Hat Fedora 5 UnleashedAuthors: Paul Hudson, Andrew HudsonISBN-10(13): 067232847XPublisher: SamsPublished: May 29, 2006Edition: 1st EditionLanguage: English

Securing Cisco IP Telephony Networks

Title: Securing Cisco IP Telephony NetworksAuthors: Akhil BehlISBN-10(13): 1587142953Publisher: Cisco PressPublished: September 10, 2012Edition: 1st EditionLanguage: English

Salient Features

Part I

Part II

Part III

Part IV

Summary

Cisco LAN Switching (CCIE Professional Development Series)

Title: Cisco LAN Switching (CCIE Professional Development Series)Authors: Kennedy Clark, Kevin HamiltonISBN-10(13): 1578700949Publisher: Cisco PressPublished: August 26, 1999Edition: 1st EditionLanguage: English

Foundational Issues

Spanning Tree

Trunking

Advanced Features

Summary

Cisco Express Forwarding

Title: Cisco Express ForwardingAuthors: Nakia Stringfield , Russ White, Stacia McKeeISBN-10(13): 1587052369Publisher: Cisco PressPublished: May 4, 2007Edition: 1st EditionLanguage: English

SDN and OpenFlow for Beginners with Hands-on Labs

Title: SDN and OpenFlow for Beginners with Hands-on LabsAuthors: Vivek TiwariISBN-10(13): B00EZE46D4Publisher: Amazon Digital Services, Inc.Published: 4th September 2013Edition: 1st EditionLanguage: English

Part 1 - The Theory

Part 2 - Hands-on Experience With Labs

Summary

VMware vSphere 5 Building a Virtual Datacenter (VMware Press Technology)

Title: VMware vSphere 5 - Building a Virtual DatacenterAuthors: Eric Maillé, René-François MennecierISBN-10(13): 0321832213Publisher: VMware PressPublished: August 30, 2012Edition: 1st EditionLanguage: English

Conclusion

Automating vSphere with VMware vCentre Orchestrator

Title: Automating vSphere with VMware vCentre OrchestratorAuthors: Cody BunchISBN-10(13): 0321799917Publisher: VMware PressPublished: March 2012Edition: 1st EditionLanguage: English

Part I: Introduction, Installation & Configuration

Part II: Working With vCentre Orchestrator

Part III: Real World Use Cases

Summary

Global IPv6 Strategies

Title: Global IPv6 StrategiesAuthors: Patrick Grossetete, Ciprian P. Popoviciu, Fred WettlingISBN-10(13): 1587053438Publisher: Cisco PressPublished: May 25, 2008Edition: 1st EditionLanguage: English

Network Management: Accounting & Performance Strategies

Title: Network Management: Accounting & Performance StrategiesAuthors: Benoit Claise, Ralf WolterISBN-10(13): 1587051982Publisher: Cisco PressPublished: June 30, 2007Edition: 1st EditionLanguage: English

How to Break Web Software

Title: How to Break Web SoftwareAuthors: Mike Andrews, James A. WhittakerISBN-10(13): 0321369440Publisher: Addison-Wesley ProfessionalPublished: February 12, 2006Edition: 1st EditionLanguage: English

Essential CheckPoint Firewall-1 NG

Title: Essential CheckPoint Firewall-1 NGAuthors: Dameon D. Welch-AbernathyISBN-10(13): 0321180615Publisher: Addison-Wesley ProfessionalPublished: January 31, 2004Edition: 1st EditionLanguage: English

Open Source Network Administration

Title: Open Source Network AdministrationAuthors: James M. KretchmarISBN-10(13): 0130462101Publisher: Prentice Hall PTRPublished: September 22, 2003Edition: 1st EditionLanguage: English

TCP/IP Illustrated - Volume 1

Title: TCP/IP Illustrated, Vol. 1Authors: W. StevensISBN-10(13): 0201633469Publisher: Addison-Wesley ProfessionalPublished: January 10, 1994Edition: 1st EditionLanguage: English

Your CCNA Routing & Switching Exam Success Strategy: The Non-Technical Guidebook

Title: CCNA Routing & Switching Exam Success StrategyAuthors: Vivek Tiwari & Dean BahizadISBN-10(13): 1481162659Publisher: CreateSpacePublished: February 2013Edition: 1st EditionLanguage: English

Features

Summary

Optimizing Network Performance

Title: Optimizing Network PerformanceAuthors: Matthew Syme, Philip GoldieISBN-10(13): 0131014684Publisher: Prentice HallPublished: July 12, 2003Edition: 1st EditionLanguage: English

The Official VCP5 Certification Guide

Title: The Official VCP5 Certification GuideAuthors: Bill FergusonISBN-10(13): 0789749319Publisher: VMware PressPublished: August 26, 2012Edition: 1st EditionLanguage: English

Salient Features

Summary

Title: Cisco Firepower & Advanced Malware Protection Live Lessons
Authors: Omar Santos
ISBN-10: 0-13-446874-0
Publisher: Cisco Press
Published: June 22, 2016
Edition: 1st Edition
Language: English

Title: Cisco CCNP Routing & Switching v2.0 – Official Cert Guide Library
Authors: Kevin Wallace, David Hucaby, Raymond Lacoste
ISBN-13: 978-1-58720-663-4
Publisher: Cisco Press
Published: December 23rd, 2014
Edition: 1st Edition
Language: English

Title: CCIE Collaboration Quick Reference
Authors: Akhil Behl
ASIN: B00KDIM9FI
Publisher: Cisco Press
Published: May 16, 2014
Edition: 1st Edition
Language: English

Title: CCIE Collaboration Quick Reference
Authors: Akhil Behl
ISBN-10(13): 0-13-384596-6
Publisher: Cisco Press
Published: May 2014
Edition: 1st Edition
Language: English

Title: The Business Case For Network Security
Authors: Catherine Paquet, Warren Saxe
ISBN-10(13): 1587201216
Publisher: Cisco Press
Published: December 23, 2004
Edition: 1st Edition
Language: English

Title: Firewalls and Internet Security: Repelling the Wily Hacker
Authors: William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin
ISBN-10(13): 020163466X
Publisher: Addison-Wesley Professional
Published: March 6, 2003
Edition: 2nd Edition
Language: English

Title: CCENT - CCNA 640-802 Official Certification Library 3rd Edition
Authors: Wendell Odom
ISBN-10(13): 1-58720-438-X
Publisher: Cisco Press
Published: December 10th, 2011
Edition: 3rd Edition
Language: English

Title: The Ruby Way
Authors: Hal Fulton
ISBN-10(13): 0672328844
Publisher: Addison-Wesley Professional
Publication date: November 4, 2006
Edition: 2nd Edition
Language: English

Title: Best Practices & Strategies for J2EE, Web Services & Identity Management
Authors: Christopher Steel, Ramesh Nagappan, Ray Lai
ISBN-10(13): 0131463071
Publisher: Prentice Hall
Published: October 24, 2005
Edition: 1st Edition
Language: English

Title: Linux Starter Kit
Authors: Emmett Dulaney
ISBN-10(13): 0672328879
Publisher: Sams
Published: June 8, 2006
Edition: 1st Edition
Language: English

Title: Red Hat Fedora 5 Unleashed
Authors: Paul Hudson, Andrew Hudson
ISBN-10(13): 067232847X
Publisher: Sams
Published: May 29, 2006
Edition: 1st Edition
Language: English

Title: Securing Cisco IP Telephony Networks
Authors: Akhil Behl
ISBN-10(13): 1587142953
Publisher: Cisco Press
Published: September 10, 2012
Edition: 1st Edition
Language: English

Title: Cisco LAN Switching (CCIE Professional Development Series)
Authors: Kennedy Clark, Kevin Hamilton
ISBN-10(13): 1578700949
Publisher: Cisco Press
Published: August 26, 1999
Edition: 1st Edition
Language: English

Title: Cisco Express Forwarding
Authors: Nakia Stringfield , Russ White, Stacia McKee
ISBN-10(13): 1587052369
Publisher: Cisco Press
Published: May 4, 2007
Edition: 1st Edition
Language: English

Title: SDN and OpenFlow for Beginners with Hands-on Labs
Authors: Vivek Tiwari
ISBN-10(13): B00EZE46D4
Publisher: Amazon Digital Services, Inc.
Published: 4th September 2013
Edition: 1st Edition
Language: English

Title: VMware vSphere 5 - Building a Virtual Datacenter
Authors: Eric Maillé, René-François Mennecier
ISBN-10(13): 0321832213
Publisher: VMware Press
Published: August 30, 2012
Edition: 1st Edition
Language: English

Title: Automating vSphere with VMware vCentre Orchestrator
Authors: Cody Bunch
ISBN-10(13): 0321799917
Publisher: VMware Press
Published: March 2012
Edition: 1st Edition
Language: English

Title: Global IPv6 Strategies
Authors: Patrick Grossetete, Ciprian P. Popoviciu, Fred Wettling
ISBN-10(13): 1587053438
Publisher: Cisco Press
Published: May 25, 2008
Edition: 1st Edition
Language: English

Title: Network Management: Accounting & Performance Strategies
Authors: Benoit Claise, Ralf Wolter
ISBN-10(13): 1587051982
Publisher: Cisco Press
Published: June 30, 2007
Edition: 1st Edition
Language: English

Title: How to Break Web Software
Authors: Mike Andrews, James A. Whittaker
ISBN-10(13): 0321369440
Publisher: Addison-Wesley Professional
Published: February 12, 2006
Edition: 1st Edition
Language: English

Title: Essential CheckPoint Firewall-1 NG
Authors: Dameon D. Welch-Abernathy
ISBN-10(13): 0321180615
Publisher: Addison-Wesley Professional
Published: January 31, 2004
Edition: 1st Edition
Language: English

Title: Open Source Network Administration
Authors: James M. Kretchmar
ISBN-10(13): 0130462101
Publisher: Prentice Hall PTR
Published: September 22, 2003
Edition: 1st Edition
Language: English

Title: TCP/IP Illustrated, Vol. 1
Authors: W. Stevens
ISBN-10(13): 0201633469
Publisher: Addison-Wesley Professional
Published: January 10, 1994
Edition: 1st Edition
Language: English

Title: CCNA Routing & Switching Exam Success Strategy
Authors: Vivek Tiwari & Dean Bahizad
ISBN-10(13): 1481162659
Publisher: CreateSpace
Published: February 2013
Edition: 1st Edition
Language: English

Title: Optimizing Network Performance
Authors: Matthew Syme, Philip Goldie
ISBN-10(13): 0131014684
Publisher: Prentice Hall
Published: July 12, 2003
Edition: 1st Edition
Language: English

Title: The Official VCP5 Certification Guide
Authors: Bill Ferguson
ISBN-10(13): 0789749319
Publisher: VMware Press
Published: August 26, 2012
Edition: 1st Edition
Language: English

Title: CCNP Security VPN 642-648 Official Cert Guide (2nd Edition)
Authors: Howard Hooper
ISBN-10(13): 1587204479
Publisher: Cisco Press
Published: July 2nd, 2012
Edition: 2nd Edition
Language: English

Title: CCNP Security FIREWALL 642-618 Official Cert Guide
Authors: David Hucaby, Dave Garneau, Anthony Sequeira
ISBN-10(13): 1587142716
Publisher: Cisco Press
Published: June 3rd 2012
Edition: 1st Edition
Language: English

Title: Your CCIE Lab Success Strategy: The Non-Technical Guidebook
Authors: Vivek Tiwari & Dean Bahizad
ISBN-10(13): 1470103168
Publisher: CreateSpace
Published: March 2nd 2012
Edition: 1st Edition
Language: English

Title: CCNA Wireless Official Exam Certification Guide (CCNA IUWNE 640-721)
Authors: Brandon James Carroll
ISBN-10(13): 1587202115
Publisher: Cisco Press
Published: November 2, 2008
Edition: 1st Edition
Language: English

Title: CCNA Practice Questions (Exam 640-802)
Authors: Jeremy Cioara
ISBN-10(13): 0789737140
Publisher: Cisco Press
Published: April 13, 2008
Edition: 3rd Edition
Language: English

Title: CCNA Preparation Library
Authors: Stephen McQuerry
ISBN-10(13): 1587054647
Publisher: Cisco Press
Published: March 28, 2008
Edition: 7th Edition
Language: English

Title: CCDA Official Exam Certification Guide (Exam 640-863)
Authors: Anthony Bruno, Steve Jordan
ISBN-10(13): 1587201771
Publisher: Cisco Press
Published: June 21, 2007
Edition: 3rd Edition
Language: English

Title: Preventing Web Attacks with Apache
Authors: Ryan C. Barnett
ISBN-10(13): 0321321286
Publisher: Addison-Wesley Professional
Published: February 6, 2006
Edition: 1st Edition
Language: English

Title: Extrusion Detection, Security Monitoring for Internal Intrusions
Authors: Richard Bejtlich
ISBN-10(13): 0321349962
Publisher: Addison-Wesley Professional
Published: November 18, 2005
Edition: 1st Edition
Language: English

Title: The Symantec Guide to Home Internet Security
Authors: Andrew Conry-Murray, Vincent Weafer
ISBN-10(13): 0321356411
Publisher: Symantec Press
Published: September 3, 2005
Edition: 1st Edition
Language: English

Title: The Hack - Counter Hack
Authors: Ed Skoudis
ISBN-10(13): 013047729X
Publisher: Prentice Hall PTR
Published: Year 2002
Edition: 1st Edition
Language: English

Title: The Tao of Network Security Monitoring: Beyond Intrusion Detection
Authors: Richard Bejtlich
ISBN-10(13): 0321246772
Publisher: Addison-Wesley Professional
Published: July 22, 2004
Edition: 1st Edition
Language: English

Title: HACK I.T - Security Through Penetration Testing
Authors: T.J. Klevinsky, Scott Laliberte, Ajay Gupta
ISBN-10(13): 0201719568
Publisher: Addison-Wesley Professional
Published: February 11, 2002
Edition: 1st Edition
Language: English

Title: Exploiting Software
Authors: Greg Hoglund, Gary McGraw
ISBN-10(13): 0201786958
Publisher: Addison-Wesley
Published: February 27, 2004
Edition: 1st Edition
Language: English

Title: Biometrics for Network Security
Authors: Paul Reid
ISBN-10(13): 0131015494
Publisher: Prentice Hall PTR
Published: December 30, 2003
Edition: 1st Edition
Language: English