Subscribe to Windows IT Pro
January 19, 2011 09:44 AM

Network Security Auditing

Tony Stevenson
Left Brain
InstantDoc ID #129456
Rating: (3)

Author: Chris Jackson
Publisher: Cisco Press (www.ciscopress.com)
Published: June 2010
ISBN-13: 978-1-58705-352-8
ISBN-10: 1-58705-352-7
Format: Soft cover, 528 pages
Prices:
Book + eBook Bundle: $82.25
Book Price: $63.00
eBook Price: $49.50

Comprehensive Guide to Auditing Network Security


In the first chapter of the book, "Network Security Auditing", its author, Chris Jackson, reveals a secret about security when he says that "security isn't about hacking, nasty, malicious software, or the vulnerability of the day. Security is about maintaining a system and process that provide access to critical data without exposing your company or customers to excessive risk." He then discloses that "auditing is one of the most important aspects of maintaining that system, because it provides the opportunity to test assumptions about the security posture of networked systems and compare that posture with standards and regulations." Jackson then uses the rest of the book's opening chapter to answer two of the fundamental questions of paramount importance to auditors, firstly, "How do you know that you are secure?"; and secondly, "Can you prove that your security technology works?"

Jackson, a security technical solutions architect in the U.S. Channels organization with Cisco, is highly qualified to write a text about network security auditing. Not only does he have all of the necessary qualifications in terms of the latest certifications, he also has relevant practical experience too, where, as reported in the book, his focus is on "developing security consulting practices in the Cisco partner community."

The intended readership of Jackson's book covers two types of IT professionals – those who are just starting out in auditing, and then those who have already gained some valuable auditing experience but who are now looking to consolidate their knowledge of the area. Apart from these dedicated IT auditors, two other examples of IT professionals who could potentially benefit from reading this book are security consultants and InfoSec managers. And because the book is published by Cisco Press, naturally there is content in it that is especially relevant to Cisco networks. In fact, as Jackson himself states in the book's introduction, his text is "useful to anyone who wants to build a program to measure the effectiveness of Cisco security products. IT governance and auditing have common roots with financial auditing, and in many cases, it is ultimately the responsibility of the CFO in larger organizations." Jackson makes the comparison that "the language and procedures an IT auditor follows are similar to how a CPA might examine the books to certify that a business is keeping its records accurately and paying its taxes on time."

Jackson has designed his book's content into two major parts. He explains that the first of these parts (chapters 1 to 4) covers "the principles of auditing and strives to teach the language and key components of the auditing process." The purpose of the second part of the book (chapters 5 to 12)  is intended, as Jackson says, to cover "the major Cisco security solution domains, which break down Cisco security technologies into seven categories that enable the auditor to examine network security as a system of integrated components rather than individual products." The titles that Jackson has assigned to these two parts of his book are respectively "Principles of Auditing" and "Mapping Cisco Security Controls to Auditing Requirements."

Here now is a summary of what you can expect to find in each of the book's chapters. After defining and comprehensively discussing security fundamentals such as policies, procedures, standards, and controls in the first chapter, Jackson has subsequently devoted the other eleven chapters of his book to the following specific topics (the titles of the chapters are shown in italics):
•    Information Security and the Law: the title of this chapter clearly indicates what the content of this particular chapter is about, that is, an examination of those common IT security laws and regulations that specifically relate to network security.
•    Information Security Governance, Frameworks, and Standards: Jackson stresses here that acquiring knowledge about "security governance frameworks such as COSO, Cobit, and ITIL help businesses coordinate people, process, and technology around security objectives."
•    Auditing Tools and Techniques: The emphasis in this chapter is on examining different security testing methodologies, along with a selection of tools used for testing. Jackson has included plenty of screenshots to make it easy to follow his descriptions of those methodologies and tools. This particular chapter, along with the book's introduction and index, are available for reading as a PDF file from the site of the book's publisher Cisco Press (www.ciscopress.com).
•    Auditing Cisco Security Solutions: The main purpose of this chapter is, as Jackson explains, to "define security services that are enabled through logical groupings of Cisco products." A noteworthy feature of this chapter is the inclusion of an "audit checklist" which is described as providing "areas to be audited, control objective, assessment methods, and results (evidence) expected to prove compliance."
•    Policy, Compliance, and Management: Jackson is of the opinion that "policy and compliance is the first auditing domain and is focused on assessing security policies." And so he has written this chapter to provide his readers with an overview of the key security policies that he believes "businesses should have and how they should be constructed."
•    Infrastructure Security: Jackson cites the following as examples of typical threats to network infrastructure: unauthorized access; denial of service; traffic capture; layer 2 attacks; and network service attacks. In order to provide the level of security required, this chapter conducts an in-depth examination of the auditing of routers, switches, and wireless devices.
•    Perimeter Intrusion Prevention: Jackson reminds us that, not so long ago, "protecting a network perimeter used to be a simple thing." But the IT and business environments we have to deal with now are much more complex. He reports that "network borders have become fluid, while the need for secure access to data has increased dramatically. Defending the applications and services that provide this data is accomplished through perimeter defense controls such as firewalls and intrusion prevention systems (IPS)."
•    Access Control: Jackson defines access control as being "the process of establishing an individual's identity and determining what resources with which he is allowed to interact." His goal, when writing this chapter of his book, was to provide coverage of "techniques for auditing Cisco network access control technologies and best practices for securing access."
•    Secure Remote Access: Examples of topics discussed in this part of the book include the fundamentals of VPNs (Virtual Private Networks); remote access threats and risks; remote access policies; a remote access operational review; and a remote access architecture review.
•    Endpoint Protection: This chapter focuses on the type of protection that Jackson says can be successfully implemented by organizations and businesses to prevent and detect "attacks targeted at users and their network devices."
•    Unified Communications: In this the last chapter of "Network Security Auditing", Jackson turns his attention to those strategies involved in "auditing Unified communications systems policies, procedures, and security controls used to maintain confidentiality and defend against fraud." Such attention is warranted because, as Jackson says, "UC has changed the way in which businesses can interact with customers and employees, by taking a separate hardwired technology and turning it into a service that can be offered across a common network backbone."

In conclusion, good authors of technology books freely admit what their books are not meant to be! So in the case of "Network Security Auditing", Jackson readily acknowledges that this particular book "is not to be yet another hacker book devoted to the latest tools and techniques for breaking into networks. Those skills are useful, but are not the primary focus of a security audit." He correctly points out that "there have been many books devoted to that topic and they are typically out of date by the time they come to press because of the speed in which technology changes. This book is about measuring the deployment of Cisco security technologies to mitigate risk. Baseline technical testing is covered from a process standpoint, but the focus is not on penetration testing."

Finally, just a few additional points about the book. All of the chapters, except the one about auditing Cisco security solutions, end with an invaluable list of references that can be followed up for additional reading, or as reference sources, or as pointers to security testing tools that could come in handy. It is worth noting too that "Network Security Auditing" is just one of the security-related titles in the Networking Technology series published by Cisco Press.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.