Network Security Auditing
Author: Chris Jackson
Pages: 528
Publisher: Cisco Press
ISBN: 1587053527
Introduction
This book is part of the Cisco Press Networking Technology Series, and is aimed at teaching security and network professionals the assessment, prevention, detection, reaction and recovery skills they need to develop in order to be sure that their security practices are good and that they will meet the nowadays oh-so-common auditing requirements.
About the author
Chris Jackson, Technical Solutions Architect in the Cisco Architectures and Verticals Partner Organization, has focused for the past six years on developing security practices with the Cisco partner community. During a 15-year career in internetworking, he has built secure networks that map to strong security policies for organizations, including UPS, GE, and Sprint.
Inside the book
In order to tackle the auditing process, one must first learn the theory behind it. The book starts by answering these three questions: how, what and why you audit? It also introduces you with (federal, state, and regulatory compliance) laws that are applicable when it comes to information security issues, and the various governance frameworks and standards you need to be aware of – not to mention the tools and techniques used to perform an audit.
After having passed this well-structured and surprisingly easy-to-follow first part of the book, you are ready to learn how to methodically approach the seemingly monumental task of auditing the security solutions used for solving issues regarding policy, compliance and management; infrastructure security and perimeter intrusion prevention; access control and endpoint prevention; and unified communications and secure remote access.
Since the publisher of this book is Cisco Press, you might be inclined to think that this book is aimed strictly at Cisco users. It definitely isn’t so, but it is fair to say that they will draw the greatest benefit out of it.
The auditing tools covered in the book are both commercial and open source, so you needn’t be worried about being handicapped by your ultimate choice. The theory behind the practice is always the same, and you will be taught which are the things that you should pay attention to and audit.
Final thoughts
The title of this book is explicit, so don’t expect to find information about application or website auditing in it. But, do expect to find the subject of network security auditing thoroughly and systematically covered.
I was pleasantly surprised by the checklists presented at the end of the practice-oriented chapters – a series of question and insightful and succinct answers gives you a quick look into what you are getting yourself into and a feeling of the scope of the task. So much so that I recommend reading all of them before you start delving into the chapters themselves.