Book Reviews

Book Reviews


Securing Cisco IP Telephony Networks


Akhil Behl
Securing Cisco IP Telephony Networks
By Akhil Behl

This is one of my favorite Cisco Press books. It is thorough and approachable. It starts by clearly identifying the problem (you can get ripped off in a big way). It builds a structured case for security and I was very glad to see separate VLANs for voice and data. The author does something I think is crucial, he develops his policies before implementing his technologies. And this is a very nice job of policy bullets in chapter 4; I may have to ask for permission to reference a few of these in the policy course I teach. He ends that chapter with a discussion of risk and reward. The more technical a person is, the more important for them to be cognizant of the money they spend. We begin to get technical in chapter 6 with a discussion of layer 2 security which covers all the classic layer 2 attacks. Next of course, we work our way up to layer 3. In a future update of the book, I suggest the author take a minute to explain why proxy ARP is in the layer 3 chapter, that was a head scratcher for me. I am guessing it has to do with routing between VLANS.

As the book progresses it gets more technical. One thing I like is the boxes with Cisco IOS commands tend to be short, one atomic command. The author has clearly made an effort to "break up the code". Chapter 8 is perimeter security so, of course, now we are talking about ASA. Here we do have some longer runs of IOS; as a suggestion, if it is a page long, don't highlight everything in grey, makes it hard to read. And yes, we do finally get to the star of the show, the Unified Communications Manager. Again, a nice job of listing the use cases and giving lots of examples, as a reader I feel I could set this up and do it securely.

As I said, the book is very thorough, maybe just a bit too complete. In chapter 10 I was very surprised to see a discussion about Cisco Security Agent, I thought it was discontinued many years ago, but apparently it is still supported until December of this year. We next get a tour of Unity and Presence. In the IPSEC discussion in chapter 12, the book mentions DES as an encryption algorithm (friends don't let friends use DES).

I enjoyed the discussion on gatekeeper and the analogy of a guard. There is an important discussion in chapter 13 on the transition from H.323 to SIP (page 414): in a future update of the book, I would feature that more clearly because I had to go looking for it. I am glad wireless and softphones were covered from a conceptual level at the beginning and then nearer the end of the book, in detail. They are all part of the overall system package.

The bottom line, the author went for completeness and achieved it. The writing is clear and crisp and while there may be a use case that is missing, there are hundreds that are here. If you have, or are considering IP telephony in a organization that has Cisco equipment, this is a must read.