Author: Alexandre M.S.P. Moraes
Publisher: Cisco Press
There used to be a time when firewalls were considered a full proof solution for protecting networks, and that time is long gone. History has taught us there are no silver bullets when it comes to computer and information security, but firewalls are still a great and versatile tool in the hands of those who know how to use them effectively. “Cisco Firewalls” will tell you how.
About the author
Alexandre Matos da Silva Pires de Moraes has worked as a Systems Engineer for Cisco Brazil since 1998 in projects that involve not only Security and VPN technologies but also Routing Protocol and Campus Design, IP Multicast Routing, and MPLS Networks Design.
Inside the book
The first three chapters deal with the evolution of firewalls through time, present the various Cisco families of firewalls (and their performance parameters) and cover the process of their initial configuration. Each chapter is subdivided in several short portions that offer in a very simple and short manner the basic knowledge of the topic.
Right off the bat, you can see that part of the reason why this book is such a hefty tome is because it has an illustration, screenshot or diagram on almost every page – which I, as a visual learner, appreciate greatly.
People who are familiar with the topics in these first three chapters can skip directly to the fourth – a must read since it presents the tools that will be used throughout the book. Another very helpful chapter is that on “Virtualization in the Firewall World”, since it touches the topic of how to set up a secure virtualization architecture.
The theory behind this book is that the reader should learn what every firewall feature brings to the table so that he could make an informed and correct decision when dealing with his own firewall situation.
In order to do that, the author covers both ASA-centric and IOS-based firewall deployments, and addresses the motivations for the use of features of each of those two types clearly.
The chapter on additional protection mechanisms is very interesting, and so are those that deal with application inspection and that of voice protocols.
It’s helpful to point out at this point that advanced users are welcome to skip through chapters, but others should stick to the order given to them by the author, since many of the chapter build on the knowledge introduced in the previous one(s).
The most important thing about this book is that the it’s chock full of meaningful and handy examples. This is not a simple handbook – it aims at making the reader think for himself, and make the connection between theory and practice easy and natural.
The last three chapters deal with how IP multicast tasks and the introduction of the IPv6 standard influence the choices on firewall features, and the book ends with a chapter that deals with security design. It is not overly comprehensive, and here is definitely where I could have enjoyed reading more about how new trends like mobility and cloud computing affect the notion of using firewall to protect the future borderless network. But, perhaps that is a subject for another book.
This book is a must read for everyone who is charged with designing, implementing and deploying firewall solutions, and especially if they are Cisco’s.
The author has had the interesting notion of using troubleshooting tools to help show how the various firewall features work, so that, in fact, troubleshooting is “performed” throughout the book instead of at the end – and you’ll be grateful for that.