Network Security Architectures

Network security is finally getting the attention it's long deserved, with organizations devoting time and money to the problem and more than a few independent consultants peddling their services in the area. Network security, though, is hard to do right, largely because it's not concerned with making the network do something (like connect the head office to the factory), but with making it not do something (allow access to an ill-defined community of malefactors). Network Security Architectures explains the generally accepted design practices that make networks as resistant as possible to damage and invasion.

Relatively little of this book is concerned with software configuration details, and it's generally not a paean to Cisco Systems products. Rather, this is a design guide, advising that it's usually best to put the proxy server inside the firewall and often a good idea to put IP phones on a private (RFC 1918) address range. Sean Convery--he wrote one of Cisco's standard security white papers--diligently explains why his advice is as it is, and how anticipated evolutions in technology might change design decisions. He makes clear that network security is an evolving discipline, but in this book documents the state of the art very well. Read this, then keep up with the latest on the Web sites, and you'll be in great shape to keep your networks safe. --David Wall

Topics covered: How to design data networks (including those that carry voice over IP) to be as inherently secure as possible. Threat assessment, device hardening, safe routing, VPNs, and the specific risks and requirements of applications (such as email) are covered. Detailed designs appear for common situations, such as securing telecommuter connections and tightening security on a corporate campus.