Designing Network Security - Second Edition
Just finished reviewing Designing Network Security. I read this title over a decade ago - when it was the original first edition and again when the Second Edition came out. It was already in my library - I seem to vaguely remember it as a parting gift from the folks I worked with years ago. [Yeah, people used to do that in the "old days" when front-line leaders valued and encouraged off-hours self-study.]
This is one of the books on the official recommended reading list from Cisco (and INE). It's a very good book and I enjoyed reading this years ago. However, like most of the Cisco security materials - it is very outdated. My best advice is that if you feel you want to read this book, use Safari Books Online or buy a used copy. The material in it is mostly covered in the other (more recent) titles in the recommended reading. And if you are wanting to be complete (read: worried you might miss something), don't spend the time and effort reading every page. Flip through it like a magazine. By the time you're ready to study for the CCIE, you should already know the material in this book.
To give you an idea of the level and obsolete material in this 600+ page book, here are some notable items:
* IKEv1 is covered, but IKEv2 is mentioned (in one paragraph) as an emerging and evolving technology. This is not good enough for today's exams. You need to know IKEv2 and the differences between IKEv1 and IKEv2 for the exam.
* The firewall mentioned and used in the examples is a PIX firewall. The PIX is obsolete and will not be covered on the exam. The ASA and ASA-x and its current version of OS (8.2 to 9.x code) will be on the exam and is not covered in this book (because it was not invented yet).
* There is no mention of ISE, Prime or the WSA. These devices are part of the exam blueprint and did not exist when the book was written. So the "Network Security Design" does not incorporate these important devices.
* OSPFv2 is covered in 4.5 pages and OSPFv3 is covered in 1.5 pages. I'm guessing that if you're reading this, _you_ could probably write more than that on securing these protocols.
Hopefully this saves someone a few dollars or a few hours of effort (and time is money). This is definitely one you can skip and not worry about. Good luck and keep reading!