Book Reviews

Book Reviews


Cisco Firewalls


Alexandre M.S.P. Moraes
Cisco Firewalls
By Alexandre Moraes

This is another monster sized book from Cisco Press, it took me over six weeks to finish reading and I just found my notes so I figured I had best pen the review while the content is still current. The book has a pretty good table of contents and index, so it can serve as a decent reference book if you are running ASA, but these could be improved. As an example, I could not find "Ping of death" in the index and I remember reading about it in the book. There is one chapter on general firewall technology, 26 pages out of 868. Chapter two jumps straight into ASA. By page 43 we are starting to learn to configure the firewall. This was a disadvantage to me in the review since my last Cisco "firewall" was a router running the firewall feature set. Caveat: there are tons and tons of IOS examples and I skipped over all of them, since I couldn't type them into anything.

The book is clearly focused on ASA owners, but for the next section of the review, let me point out some gems, so that anyone who finds the book on the organization's library shelves can benefit.

  • Page 61, a recommendation not to use Telnet, boy do I agree, a little more discussion on the dangers of clear text would not hurt.
  • Page 74, how to synchronize clocks using NTP. The author doesn't really go into detail why, but the answer is simple, if you don't synch all the clocks in the devices that report in to the SIEM, it becomes close to useless.
  • Page 98 begins a fairly straightforward explanation of Netflow and how it can be used, this was one of my favorite reads in the book.
  • Page 150 has a nifty section of EIGRP.
  • Page 242 begins a discussion of virtualization; if you work in security, you need to continuously get your head around virtualization, and the network diagrams here are easy to read.
  • Page 429 has a nifty little section on filtering on TTL values, but I would have loved to see a discussion on inbound values that are very low, maybe I missed it.
  • Page 439 discusses IP fragmentation and I think the author does a fine job.
  • Page 547 begins the VOIP section; it has a nice introduction to VOIP, a lot of detail in surprisingly few pages. I had never heard of Skinny and made a note to go read more about it. Turns out that if you do a Google search, "site:sans.org skinny client control", we have some papers in the SANS Reading Room.
  • Page 722 gives a nice overview of IPv6; this was my second favorite section in the book. Do not miss the Antispoofing discussion on 776.
  • Page 788 has a discussion of firewalls and IPS; I have to commend the author for having a neutral stance on this, I tend to foam at the mouth when that comes up.
  • I may have missed it, but the packet capture section does not seem to specify if it is PCAP, but I did find a Cisco product note that says the buffer may be transferred in PCAP format.
The bottom line: does the book teach enough about firewall/perimeter technology to buy/read it if you are not running ASA? Not to buy it, it is meant for ASA owners and there is nothing wrong with that, but if you have it on the shelf and don't work with networks every day, you can go through the sections I have pointed out, starting with the netflow discussion, in about two hours and I think the investment of time will be beneficial.