Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Designing and Building Enterprise DMZs", Ido Dubrawsk

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Designing and Building Enterprise DMZs", Ido Dubrawsky et al
Date: Mon, 05 Feb 2007 16:03:07 -0800 
BKDBEDMZ.RVW   20061223

"Designing and Building Enterprise DMZs", Ido Dubrawsky et al, 2006,
1-59749-100-4, U$59.95/C$77.95
%E   Ido Dubrawsky
%C   800 Hingham Street, Rockland, MA   02370
%D   2006
%G   1-59749-100-4
%I   Syngress Media, Inc.
%O   U$59.95/C$77.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O  http://www.amazon.com/exec/obidos/ASIN/1597491004/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1597491004/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1597491004/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   714 p.
%T   "Designing and Building Enterprise DMZs"

Chapter one does outline some basic DMZ (DeMilitarized Zone) concepts
and design, but is vague and verbose, with many large (in page size)
and simplistic (in terms of information content) illustrations with
little detail and minimal differences between them.  (Figures 1.5 and
1.6 are, in fact, identical, even though they purport to show
different topologies.)  Windows DMZ design, in chapter two, is both
too broad (it discusses very general aspects of planning for a DMZ
setup) and too detailed (the text almost immediately jumps into the
specifics of particular outside hardware to be purchased for an
isolated example) to be of practical use.  Much the same is true of
chapter three, which is based on Sun's Solaris operating system.

Chapter four lists wireless network attacks and some security
technologies, but doesn't really deal with DMZ aspects, and chapter
five, purportedly about implementing wireless DMZs, just has lots of
screenshots for installing various products.

Chapter six starts a section of the book cataloguing various firewall
products.  In this case it is Cisco's PIX and ASA systems, and
discusses unit specifications, licensing, and some Cisco commands. 
Chapters seven through ten, respectively about Checkpoint,
SecurePlatform and Nokia, NetScreen, and ISA Server 2005, basically
contain screenshots for installation and configuration.

Chapter eleven, entitled "DMZ Router and Switch Security," would have
been a good place to deliberate on security considerations of the
different routing protocols, but only suggests hardening routers and
switches.  VPN (Virtual Private Network) topologies and products are
noted in chapter twelve, with almost no mention of DMZs at all.  The
standard advice for building MS Windows bastion hosts is in chapter
thirteen.  We are told to remove unnecessary services (without being
told which are necessary), to rename the administrator account
(although nobody mentions that the renamed account can still be
determined), and the text recommends using Terminal Services (even
though this service is widely considered to be a security risk).  Most
of the material is about how to use the configuration utilities,
rather than suggestions on the settings themselves.  Much the same
type and level of advice is given in chapter fourteen, in regard to
Linux.

Ultimately, while there is content in the work that can be helpful in
terms of security, there is relatively little that actually relates to
DMZ concepts, design, use, or protection.

copyright Robert M. Slade, 2006   BKDBEDMZ.RVW   20061223


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
What about the main thing in life, all its riddles?  If you want,
I'll spell it out for you right now.  Do not pursue what is
illusory--property and position: all that is gained at the
expense of your nerves decade after decade, and is confiscated
in one fell night.  Live with a steady superiority over life--
don't be afraid of misfortune, and do not yearn after happiness;
it is, after all, all the same: the bitter doesn't last forever,
and the sweet never fills the cup to overflowing.  It is enough
if you don't freeze in the cold, and if thirst and hunger don't
claw at your insides.  If your back isn't broken, if your feet
can walk, if both arms can bend, if both eyes see, and if both
ears hear, then whom should you envy?  And why?  Our envy of
others devours us most of all.  Rub your eyes and purify your
heart--and prize above all else in the world those who love you
and who wish you well.  Do not hurt them or scold them, and never
part from any of them in anger; after all, you simply do not
know: it might be your last act before your arrest, and that will
be how you are imprinted in their memory!
                           - The Gulag Archipelago, Solzhenitsyn
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Designing and Building Enterprise DMZs", Ido Dubrawsky et al, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Date:  [CISSP-D] REVIEW: "The Art of Software Security Assessment", Mark Dowd/John McDonald/Justin Schuh, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Thread:  [CISSP-D] REVIEW: "The Art of Software Security Assessment", Mark Dowd/John McDonald/Justin Schuh, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]