Data Communications Books

This is THE BIBLE. This is the gold standard for the exposition of the TCP/IP protocol stack. Every other TCP/IP protocol book must be measured by the yardstick of this book. This is simply the most comprehensive book ever written on the TCP/IP protocol stack. It's crystal clear and utterly lucid. Stevens tome leads the reader logically, methodically and effortlessly through all of the layers of the TCP/IP protocol stack: the Link Layer (ethernet frames), IP layer, Transport Layer etc. All nuances of TCP/IP are discussed: Address Resolution Protocol (ARP), RARP, ICMP, IGMP, User Datagram Protocol, Transmission Control Protocol etc. In particular, the 135 page exposition of the transmission control protocol is a masterstroke. Application level protocols such as DNS, NFS, FTP, SMTP are discussed at length. TCP/IP Illustrated is Unix-centric. Given that the roots of TCP/IP are in Unix, every serious appreciation of the protocol requires at least a basic understanding of Unix philosophy. This book is a masterpiece of technical writing in Computer Science. Do not be mislead by the one negative review of this book on the spurious grounds that it is outdated. The TCP/IP protocol has not changed since the publication of this book in 1994. I have two copies of this book and will probably buy a third copy. I very, very highly recommend TCP/IP Illustrated Volume I.

It is a very good book for understanding TCP/IP protocol suite. It has lots of tools explained in detail to explore the different protocols on unix/linux based systems. Most of the protocols are presented well. It is a must have book for learning networking concepts. I highly recommend this book.

Either if you're a pro or a student, this book is a MUST-HAVE. "Buy it NOW, don't waste more time" is the best advice I could give to you.

This book has very well detailed TCP/IP information, unfortunately some of the information is outdated. The book is easy to follow, and would make an even better learning tool if updated. I bought the book since it was required reading for a class, but I would opt out for a younger publishing on this topic if I had a choice.

This is a good book that covers all the fundamentals of TCP/IP networking. Good illustrations. Seperate chapters for each common application protocols.

I recently purchased this book based on the rave reviews even with an updated second edition off the press. I can honestly say that this book is Awesome in detail and explanation and is still extremely relevant to understanding the how too's and processes involved in routing tcp/ip. The most amazing feature about this book is how well explained and the book makes topics that would normally seem dificult or confusing easily understood, in other words grandma could learn how routing tcp/ip works from reading this book!

Brandon, Rome, GA

Great book for understanding IGP in details.

If any book was ever considered as the MUST HAVE BIBLE for Interior Routing Protocols - then Jeff Doyle's first effort on IGPs is THE book (how many cliché's do you want in one sentence)!! The book goes through at a very even pace - dissecting and describing the majority of both open-standard IGPs (OSPF, RIP and a little on ISIS) and Cisco-proprietary IGPs (IGRP and it's beefier brother - EIGRP). The book also includes some invaluable appendixes - including tutorials on working with Binary and hex.

But let's focus on the book's main reason for being - explaining IGPs. Take for instance OSPF - one of the most popular and widely implemented routing protocols in use today. On page 416-417, the book correctly discusses virtual links as a type of network type. The OSPF chapter typically employs 5-8 routers (and shows the required configs). Such a daunting exercise may at first seem like overkill, but Doyle is able to show how (and why) the all these router configs are necessary (to show, for instance, how they interact with or whether a DR or BDR). The book does have it's typos though, as the table on page 484 incorrectly documents stub networks as allowing type 5 and 7 LSAs (not so - thus a stub!)

I cannot imagine there are many CCIEs out there that do not have this book on their bookshelf.

I give this book 5 pings out of 5:
!!!!!

I am reviewing Routing TCP/IP Volume 1 (ISBN 1578700418), part of the CCIE Professional Development Series from Cisco Press. This book is widely regarded as part of the "Holy Trinity" of CCIE preparatory books. In addition to CCIE prep, it is also highly valued as an essential desk reference for anyone pursuing a career as a senior-level routing engineer. The author, Jeff Doyle, having written the two most recognized tomes on IP Routing, is a respected authority on the topic. His writing style is very clear and not at all difficult to read, which sets him apart from a lot of the authors in the "high-end routing book" category.

The book is part of a set of two books. TCP/IP Volume 1 contains coverage of the major interior routing protocols (RIP, IGRP, EIGRP, OSPF & ISIS) and follows it with coverage of route redistribution, filtering and mapping. TCP/IP Volume 2 covers the BGP exterior gateway protocol and follows it with coverage of advanced IP routing issues. As someone who's come up through the CCNA-to-CCNP-to-CCIE-candidate path, I recognized all of the topics from the BSCI curriculum. All this book really does is takes them to another level of depth. I highly recommend this path of coming at the CCIE, because unless you've done it all and seen it all, there's way too much information to take in during a single reading. Reading the BSCI book first gets you familiar with all of the topics, so that you're not overwhelmed when reading the Doyle books.

While many pan this book as being outdated since it was written in 1998, my contention is that all of the covered topics are still fair game for the CCIE qualifying written exam and the book still retains all of its original value. There are a lot of topics which are on the test which are not in Doyle's books, but if you look at the CCIE blueprint, the topics covered in the books map exactly to the topics in the IP Routing & IP Multicast sections of the blueprint. You can't treat any book as being a one stop shop for CCIE preparation. That's impossible. The book would be the size of my desk. I would actually contend that, on the next rewrite, they should break the 2 volume set into 3 volumes, one for the interior protocols, one for BGP by itself, and one for all of the advanced routing issues and multicast. This would make the volumes a bit less daunting and also somewhat easier to carry.

But, carry-ability issues aside, this is a very good book. It takes all of the topics to the degree of depth which you would expect for a CCIE-level book and explains things in a way that doesn't lose the reader. I had to work to keep the examples straight in my head, but no one said becoming a CCIE was easy. On the downside, the book contains no disc. This is unfortunate, because I always like to have the book on PDF. Also, it would be nice to have the review questions and answers put into a question bank. The book is also missing the "Do I Know This Already" section for each chapter, which is present in all of Cisco Press' certification guides. I realize that this is probably due to the fact that this is more of a desk reference / learning book than an official certification guide. However, as someone who's studying for an exam, I always like as many free practice questions as I can get.

I give Routing TCP/IP Volume 1 a 5 on my 5 ping rating scale and look forward to reading Volume 2.
!!!!!

Routing TCP/IP Volume 1 by Jeff Doyle (ISBN 1578700418) is an advanced level book on the theory and practice of routing and its implementation in Cisco routers. The 1026-page book (with a 50+ page index - always an important part of any technical book) is packed with useful information, example network architectures, and sample commands and their corresponding outputs to help the reader get a thorough grasp of real-life application of the theory.

The book is meant for working professionals in the network and routing field. Part I presents some basic routing theory along with the routing types - static and dynamic. This section, as in other books, is meant as a review for those seasoned engineers who have been working in the field for some time. It also helps to bring up to speed the other readers who may lack the necessary background. Part II contains the real substance of the book. It covers the interior routing protocols in detail including RIP 1 & 2, IGRP, EIGRP, OSPF, and IS-IS. The material presented in these chapters is definitely solid enough to give a detailed understanding of the subject matter and provide the necessary knowledge to allow one to troubleshoot the problems that creep up in maintaining networks running these routing protocols. Part III presents the issue relating to the optimization of networks running these routing protocols such as filtering and redistribution. Part IV consists of the appendices.

The most useful part of the book in my opinion is the examples and sample outputs. These really help the reader to understand the details on implementing the concepts presented in the book. Jeff presents a sample network architecture and uses that architecture to explain various aspects of the topic being discussed. For example, to illustrate various aspects of EIGRP routing and load balancing, a 5-router mesh architecture is presented followed by a detailed discussion of concepts such as succession, load sharing, route transitions and updates, etc. This approach really helps in understanding all aspects of a particular topic with concrete examples to relate to.

I took hold of this book not to help in preparing for the CCIE but to assist in the understanding of routing protocols that I use in my work life. As such, I can not comment on the applicability of this book to preparing for the CCIE exam but as for its application to real world scenarios, this book far exceeds any other on the topic of routing in the Cisco environment.

I am really impressed with the material presented in this book. The book is thorough and detailed in its coverage of interior routing protocols. Jeff Doyle is an expert in his field and this book proves it. On a scale of 1 to 5 with 5 being the highest, I give an enthusiastic 5 to Routing TCP/IP Volume 1 by Jeff Doyle. I can't wait to get my hands on Volume II.

Many networking books I read (or other books on similarly technical subjects) have a tendency to get bogged down in technical minutia that distracts from the big picture. Not so here. Cormer does an excellent job of getting all the important information out there and explains the common networking protocols, what goes into them, and what they do, without losing the reader. Do not think that this is a superficial view though - I've been in the field for several years now and still use it as a reference on occasion.

I purchased the book titled: Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture (4th Edition)for a class. The book arrived ahead of schedule, marking the service amazon provided as second to none. Keep up the great work.

Look for the 5th edition of this same book.
4th edition is much older than the newer 5th edition.

I knew nothing about TCP/IP. As a result, I bought a book "learn TCP/IP in 24 hours" and trashed it after I bought this book, no more 24 hour books. I had no idea what routing is and were to start looking for documents on the internet. This book is scientific and puts it all together. Each chapter lists the RFC that he relied on so you know were the stuff came from. The book is not boring; the author is excellent in explaining ideas. He covers ICMP, GGP, OSPF, EGP, DHCP, DNS, BOOTP, ARP and more. I feel I have accomplished something big by reeading this book. If you are not a beginner in routing, then look at the RFCs they are the source.

Want to really, really, really know TCP-IP???

Read this book and you will know it cold.

I just finished going through the entire book line by line. I am extreemly new to Linux and security, and this book made it all very clear. I only wish I realized that there was a second edition out when I bought this one. Everything in this original edition was still completely correct and appropriate, three years later.

I'm a big fan of the Hacking Exposed style of writing. All offensive theory is backed up by command line examples, followed by defensive countermeasures. Hacking Exposed: Linux, 2nd Ed (HE:L2E) follows this tradition, updating the content of the first edition and adding 200 pages of new content. Although I reviewed the first edition in Sep 01, reading the second edition reminded me of the challenges posed by securely configuring and deploying Linux systems.

The best way to learn while reading HE:L2E is to try the sample commands. I also recommend visiting the links mentioned and installing many of the tools described by the authors. I found programs like raccess, nsat (ch. 3), sslsniff (ch. 7), nstx, and httptunnel (ch. 15) particularly interesting from an attacker's point of view. From a system administration standpoint, coverage of passlogd (ch. 2), lilo and grub (ch. 5), and X (ch. 6) were very helpful.

The authors share many novel ways to abuse Linux systems, but counter those exploits with little-known features or third-party tools. I never knew I could use bash's HISTCONTROL feature to selectively remove entries from shell history files. HE:L2E goes the extra mile to help secure your system, such as including sample C code in ch. 13 to allow one to compile TCP Wrappers support into one's own programs. Other clear, concise defensive measures were introduced in excellent chapters on keeping the kernel and packages current (appendix B) and pro-active security measures (ch. 2). The last appendix gives a short yet powerful description of the damage an intruder can perform, showing how he hid unauthorized programs and how those programs were discovered.

If you use Linux, you'll find HE:L2E indispensable. I even applied many of the tools and techniques to my FreeBSD system, showing that that good security advice can be a cross-platform endeavor.

The Hacking Exposed books have set the bar for this genre of security book. Hacking Linux Exposed - 2nd Edition doesn't fail in meeting that bar as well. If you've read Hacking Exposed - 4th Edition and think this book can't tell you anything you don't already know- think again. For those who administer Linux boxes this book provides an in-depth look at specific hacks and vulnerabilities unique to the Linux operating system and the accompanying fixes and workarounds to protect yourself. The book is overflowing with examples and sample commands that users can immediately put to use to better understand the risks and how to mitigate them. Hacking Exposed is a must-read for security- this book is a must-read for Linux security.

(...)

First, this book does _NOT_ have a installation walk through...YES!!!

You will not find another book this comprehensive in the length in HLE has accomplished. i found the book to be on point, and not overdrawn on any specific topic. The authors usage of gender is something of a mystery aswell. For the first 10 chapters or so the cracker is a woman, then in later chapters it becomes a man, then in even later chapters a woman, then back to a man :-).

i found the book to be very well written, it feels like a very good naration. There is only a few plugs of direct humor (1 about using word for the publisher, another about the shortest sentence using all letters) but these few are lightening.

Technically this book is sound. it does very good in keeping the basics of security alive through the book (chattr +i, only use what you need, upgrade, etc...). This is very helpful to a beginer for reinforced learning. The software packages it mentions for firewalls, logging, etc. are very nice and descriptive.

All around great book. BTW, did i mention that is does _NOT_ cover a Linux installation from CD/DVD? That alone should be enough to buy it.

When I first starting using Linux systems and putting them online I had NO idea what sort of grief I was in for. The reason for that grief: I had NO clue how to 'harden' a system or what that term even meant. By not knowing that I put up systems that were quickly exploited by script kiddies and SPAM houses looking for open relays to use for SPAM and for 'zombies' to use in Distributed Denial of Service (DDoS) attacks. I bought this book, read it, and haven't had those problems since. If you are going to do *anything* with Linux on the internet then GET THIS BOOK NOW. Unless, of course, you *want* to have your computers destroyed on a weekly basis...

this book is culled from sources across the internet, almost all of the information is freely available somewhere. in most cases the author has not even bothered to change the filenames or unique file extensions. the book itself is barely an index of the cd-rom, with the first paragraph of a file serving as a description. there is some (un)original writing done by the author himself, comprising a miniscule amount of the actual text. if you would like to learn what these files are actually about, you would be much better served by going to the sites they were taken from

This book is trash. This is just a printed version of textfiles.com that gives you all of the "lost" files for free. This is just a horrible book that takes advantage of people not using google first to find free information.

I think this book is equivalent to somebody filling up a bottle with tap water and selling it for 20 dollars as pure water found in the most secret places.

The widespread availability of computers and access to telephone and Internet technologies has contributed to the sharp rise in the number of people going online over the years. Unfortunately, many of these people found their way online through less-than-honest means, and once online, they would set out to perform a great deal of mischief and damage to various computers and computer information systems.

Hack Attacks Encyclopedia edited by John Chirillo serves as the ultimate source for collected information on the history of hacking, cracking, and phreaking. The book features nearly 2,000 text and HTML document extracts that includes news articles, online postings, and other snippets of insightful information. Some of the accounts are startling. Readers will quickly pick up just how clever some hackers, crackers, and phreakers really are. The following snippet exemplifies available talent in Northern America:

"Silver Spy has everything going for him - comfortable surroundings, a father who is an engineer. He ranks in the top 3 percent of his high-school class. His SAT scores for college admission totaled 1,400 of a possible 1,600. He wants to attend Stanford or the Massachusetts Institute of Technology. But in the eyes of the phone companies he is a thief, and in the eyes of the law he's a criminal. Such is the portrait of this 17-year-old computer "hacker" and "phone phreaker" who lives about 20 miles outside Boston. He spoke with U.S. News & World report on the condition that neither his real name nor home town be revealed."

The Hack Attack Encyclopedia is broken up into major sections by decade - the 70's, the 80's, the 90's, the Millennium, and a special historical synopsis. From beginning to end, readers will be able to follow the history of mischievous behavior. It will be an eye-opening experience for anyone to follow the advancements made in communications technologies and how they can be easily circumvented and otherwise compromised to carryout further activities. Although some of the technologies disclosed in the book are outdated and have been replaced, readers will still gain helpful insight of the mindset of hackers, crackers, and phreakers operating today. They are a force to be taken very seriously.

An extensive 217-page glossary of terms will enlighten readers about the slang talk used in the hacking, cracking, and phreaking communities. As a special bonus, the CD accompanying the book features full-length editions of the article and snippet extracts included in the book, hundreds of computing and Internet exploits, and a sampling of useful utility programs.

Hacking, cracking, phreaking, and virus infection still poses problems for many people today. This book will open the eyes of many people - including business people, IT managers, and law enforcement officials. It will serve as an excellent starting point for taking necessary corrective action to prevent further mischief and harm caused to personal and company computer systems. I can't wait to see an updated edition. Highly recommended reading.

this book is culled from sources across the internet, almost all of the information is freely available somewhere. in most cases the author has not even bothered to change the filenames or unique file extensions. the book itself is barely an index of the cd-rom, with the first paragraph of a file serving as a description. there is some (un)original writing done by the author himself, comprising a miniscule amount of the actual text. if you would like to learn what these files are actually about, you would be much better served by going to the sites they were taken from

The book looks damned impressive from the outside; it's 960 pages! Surely, this must be the most complete discussion of the hacking and phreaking subculture ever published! The cover, a sunset-colored affair with barbed wire and neat lettering, tells you it'll have a more up-to-date sensibility. Everything said this would be my next purchase.

My heart sank as I read through the book.

The vast, vast, VAST (over two-thirds) majority of the book consists of the first paragraph of BBS textfiles, with a line telling you the filename included on the CD that comes with the book. In some cases, Chirillo deigns to visit upon you a single-line description, but many don't even have that. So now, imagine this: page after page of filenames, then descriptions, then the first paragraph, of files located on a CD that's in the back of a book. What a horrible waste! There's a computer "glossary" in the back which looks suspiciously like similar documents available on the web, although I can't be sure. Also, there are a few tiny chapters giving general descriptions of the hacker and phreaking subculture. If you were to remove the filenames and descriptions and paragraphs, I doubt this book could get past 100 pages, if that.

I am about 3/4 of the way through at this point. It is a fantastic book with a lot of good information. I would highly recommend it for anyone looking for a good methodology for network design. There is also a lot of good hints for things to keep in mind while designing the network.

This book is a very comprehensive reference source and working guide for 3G mobile networks. If you're only going to buy one book on the subject, this is it.

I purchased this book with the intent on gaining a further understanding of the network design process. I really didn't expect the book to give me as through an understanding of network design as what has turned out to be the case. Coming from the network support side this book has been a tremendous compliment to my support and logic in how traffic flows from A to B. I feel now that after having read the book which is an EASY READ that I have come away with enough knowledge to auctually design and implement a small to midsized company network. The authur does an outstanding job of presenting to the reader the many processes involved in through network design, network logic, and what exactly happens when your pc 1st boots and why it takes so long for the logon screen to appear "if this is the case on your network", and countless other topics. If you are just getting into network design or have been in the field and are a seasoned veteran I highly recommend that you add this book to your networking library.

Like the carpenter, the network designer does well to develop a plan before purchase. The title, Top-Down Network Design, is accurate because the author's key approach throughout the book is to consider what works best for the end user and meet the goals of a Request for Proposal. Priscilla Oppenheimer has presented a well structured textbook that covers every facet of networking in general with the intent of training the reader in the best practices of network design. The point of this book is to discourage going straight to product catalogs and picking out hardware when assigned a network project. Even if the customer is not given an RFP, the designer should present an overview of the project that includes the goals and how those goals will be measured.

The reader should have some basic knowledge of networking. However, this would make an excellent text book at a university or trade school since Oppenheimer covers all of the logical concepts and physical aspects of modern networking. The well read and experienced network engineer will find it a good review with a unique insight or tip sprinkled just often enough to make it worth the read. Except for the CCDP exam, the book is primarily a supplement to the student, but a must have reference for the consulting and design professional.

Oppenheimer gives well thought through, easy to read descriptions of technologies. For example, page 208 gives the most succinct explanation of how IPv6 works I have ever read. Another practical lesson is her definition of the "Heisenberg uncertainty principle" as "the act of observing something can alter what is observed." Consultants should be careful that their analysis doesn't become a problem in itself. Top-Down Network Design is a reference you will want to check yourself and those you hire.

Top-Down Network Design, Second Edition is both a new terrific book and still a terrific book. The original took a systems approach to designing a network which could provide the service the people paying for it expected, partly by getting them to clarify their expectations and needs. The new Second Edition does this, too, but it includes material relevant to the networks being implemented today, and they are very different networks than we saw even three or four years ago.

New technologies, such as VPNs, VoIP, IPv6 as well as v4, Gigabit Ethernet and 10GigE, etc. are covered as part of a networking solution, not just as cool and sexy technologies to be rolled out for that reason. Likewise, new business emphases like reliability, redundancy, resiliency (which are not the same thing), security, and even survivability are addressed. Not all new technologies will help solve these problems, and, more often than not, they aren't even necessary. Thoughtful planning is far more important, and working with the network as it is now, toward what it is desired to become, is how you can really solve these problems.

I think one of the greatest techniques you can learn from TDND, 2e is to characterize the flows of traffic on the network. Priscilla Oppenheimer gives several examples of developing such analyses in a variety of situations - campus networks, WANs, a design testing scenario, and so forth. The Appendix with workstation bootup traffic information is especially helpful - the only thing I would have liked to see that I didn't was a little more detail on the contents of the various packets involved, but it is an Appendix, and using a sniffer will let you see them for yourself.

I have both the original and the new Second Edition - and getting the new one is definitely worth it. Networking has changed, and this book will help you handle the new material.

Buy this book. Enough said. Doesn't get any easier.

While confirming many of my already developed ColdFusion skills, this amazing book tough me a few new techniques that have brought me to the next level. An excellent book!

I have been programming in Coldfusion for over a year now but with this book, I've discovered more techniques in creating an efficient code.

Although I haven't taken the exam yet, I'm pretty sure that what I've learned would be a great help in passing it.

Once again the pen of Ben comes produces a gem! This book is the perfect capstone to any introductory level book for developers that not only want to study for the Cold Fusion certification exam but take their knowledge of Cold Fusion to the next level. This 378 page tomb has more higher level tips and tricks than his equally well written 1000 page+ giants. Several tips and tricks have saved me hours of time and helped me produce better code. Now all that I need to do is pass the exam and I am sure that this book will indeed do the trick. Keep em' coming Ben...

I have been working exclusively in cold fusion for a bit over 1yr. Just when I thought I knew everything there is to know to pass the CF certification test, reading this book was a humbling experience -- I learned something new in every chapter.

This book was a quick read, it took about 20 hrs +/- to complete all 38 chapters. By the time I was done with this book, it only took me 25 minutes to complete the 60 questions (90min) exam. Best of all, quite a few of the questions on the exam came straight from the book.

The only flaw, if that's what it is, is that it was written with CF 4.5 in mind -- Did not cover things such as CFFLUSH, CFGRAPH, and other new tags.

Even if you think you know all there is to know, you can still learn a few things from this book. It's a MUST GET!!

I am currently studying for the CWNA exam and I have no other resources. This book helps you understand the concepts in plain language. I started using it with the SQ3R method and I find that I can really retain the concepts offered in this book. The SQ3R method takes a little time but if you really want to learn it for the test combine it with how the information is laid out in this book and you'll get it. Good luck!

This is a great book on Wireless. Tons of detail on RF properties, troubleshooting and things to look for. Aside from being a decent study guide for the exam this book will serve as a handy reference in day to day work as well as research activities.

The book very well organize and easy to follow, however it needs more detail in order to pass the exam.

I read this book after reading the official CWNA Guide from Planet3 Wireless. I was amazed at how easy it was to read considering the depth and breadth of the material presented in the book. Some topics which weren't very clear from the other CWNA book were made much clearer. Even though I haven't taken the exam yet, I have not found a book on WLANs that I could recommend more highly for getting you up to speed as quickly as possible. The fact that the authors supply their email addresses is a HUGE bonus too. The end of chapter questions are especially useful for testing your understanding. In short BUY IT!!

After taking a class given by David Westcott I decided to buy his book. I am so glad I did. I went from working in the wireless field for three years and not being certified to reading his book and two months later becoming a CWNA. This book is just very easy to understand. They use alot of analogies to help you get the point of what they are trying to teach. If you have ever read a Cisco press book you will really appreciate the two David's writing style.

After I purchased this book a co-worker purchased "the other" CWNA book and the rest of my fellow co-workers compared the two and after all the scrutiny they all purchased this one.

If you have ever wanted to become a CWNA or just learn more about wireless technologies this book is definitely for you.

This book is a great introduction to the world of NSM (Network Security Monitoring). The basic idea is that security defenses will fail at some point and that to realistically improve the security posture of an organization NSM is needed.



The book starts with an introduction to risk analysis. It then describes how to build an NSM platform using open source tools, FreeBSD, and network taps / SPAN ports. It also includes some case studies and a lot of material on the operational aspects of running a NSM team.



I really like Richard's style such as his footnotes with related papers.

Be sure to check out the author's blog at http://taosecurity.blogspot.com/.

It's hard to add much that isn't said by the 17 other 5 star reviews, but this is easily my favorite security book. Aside from ascribing me to the theories of NSM -- that visibility into the network provides the critical information required to accurately diagnose and respond to security issues -- and being an excellent read, this book is also a fantastic reference. As I've implemented NSM in my environment, I haven't stopped referencing the book to find tools that might be better suited to jobs, or to find tools that have all but vanished from the face of the earth. I thoroughly recommend this book to anyone responsible for the security of any size network.

Cuts right to the chase. Worthy addition to any serious network security library.

A problem with the approach many people take to network and security monitoring is that they expect it to be plug and play. Install the software and then stop attackers in their tracks. If only it was so easy. But one can't simply install monitoring software or an IDS, collect data and expect it all to correlate and correct itself.

The beauty of The Tao of Network Security Monitoring : Beyond Intrusion Detection is that it shows how network monitoring requires a strong discipline to truly have an effect on security.

The book is written for the person; primarily a system administrator or security engineer whom truly wants to use an IDS to manage and secure their network. This is not an introductory text, rather it is written for someone not scared of downloading and compiling code. If you are looking for an intro to IDS usage, this is not the book for you. This is a book about someone who has an IDS, and needs to find a way to use it and tune it for maximum usage.

The book has a near endless supply of network traffic capture and analysis tools, techniques and network topologies. Beyond simply providing a list of software tools, the book shows how to install and configure a variety of these tools. Rather than wasting pages and screen shots detailing how to download and install the software mentioned; the book shows how to use the tool in the context or Tao of security monitoring.

In addition, the author emphasizes the point that the people are a crucial aspect of effective network monitoring. The ultimate success of any IDS is directly tied to the analyst behind the console. They are the ones making the decision on how to respond to an incident, and if they are not appropriately trained, all of the hardware and software will only provide a fraction of it potential.

With that, The Tao of Network Security Monitoring should be considered required reading for anyone using an IDS or responsible for its use. If you have staff using an IDS, ensure that they have read The Tao of Network Security Monitoring as it will educate them in truly understanding how to monitor a network.

I am not sure how I was first introduced to the author, Mr. Bejtlich. I cannot remember if I first noticed his work via his excellent blog or this, his first book. Either way, after reading "The Tao of Network Security" by Richard Bejtlich, I feel he has prepared and educated me in a way unlike any other author. The first item you must recognize is the tone that this book dictates right from the outset. The book begins by citing many different authors, their books and their value. I knew immediately that I was in for a treat. And I was right!

I will not attempt to offer a full review as I feel one can gather from other reviews the value of this book. The book is basically broken up into 5 sections. The first 100 pages is an intro to Network Security Monitoring (NSM). The second part is dedicated to the different ways to monitor - I particularly like (and agree) with how the author broke up the different ways of cataloguing NSM - full content, session, and alert. The third section describers NSM processes and the fourth section describes NSM people.

The book, overall, is a superb resource. Not a page goes by without some screenshots of TCPDump, UNIX configs or diagrams. I have heard others' mention they have been given this book to read in their classroom study and I can see why.

I give this book 5 pings out of 5:
!!!!!

If you are considering buying any guide for Check Point Firewall-1 NG buy this one first and forget the rest.

Don't let the author's "phoneboy" aka make you think twice. This is one of the best guides I have ever read. Most are dry boring and overly technical. This guide is a very easy read, it is well written and to the point and covers all aspects of Check Point Fire Wall thoroughly.

Welch-Abernathy has taken great care to present installation, configuration and troubleshooting in a manner anyone will understand, whether you are seasoned pro or just getting started. He has covered all OS models and taken many of the trobleshooting questions from his site FAQs at www.phoneboy.com and shown examples of how to understand and correct them. In addition to actual Q and A, he outlines the step by step sample configurations excellently with actual scripts, screenshots, notes and diagrams.

Welch-Abernathy also guides you through creating network structures on a scale that allows someone new to Check Point to design and impliment smallto medium network configurations in easy to manage ways.

The author starts out buy giving a great overview of firewall security technologies and there relation to OS Models while comparing the benifits and short comings of both.

Welch-Abernathy then guides you through the installation and developing your rule base. He includes tables and charts to show examples of each and backs up his examples with the most common Q&As making an installation seem like a breeze.

The authors explanation of remote access, NAT and high availability servers don't get any simpler. Any Admin who needs load balancing and fail over on a server cluster should keep this
guide around for refferance as well as daily use.

In addition to the main body of knowledge Welch-Abernathy also includes a great appendex covering OS Bastion security that is not only simple it is direct as well. Also included in the Appendices are a use policy template, ldap configuration, fine tuning for performance and two pages of concrete internet resources.

The author starts out buy giving a great overview of firewall security technologies and there relation to OS Models while comparing the benifits and short comings of both. I also found his overview and specifics of the licensing to be very helpfull.

Welch-Abernathy then guides you through maze of the installation process and developing your rule base. He includes tables and charts to show examples of each and backs up his examples with the most common Q&As making an installation seem like a breeze.

His examples of authentication, encyption and vpn make this a must read for anyone running Check Point on a corpoarte network.

I also found his overview and specifics of the licensing to be very helpfull as well.

If you are running Check Point Firewall-1 or considering using Check Point Firewall-1 you won't go wrong by putting this one in your library.

Alot of subjects in IT and security are covered over and over with a mass of books that may be a little better or a little worse, but are essentially identical. While Checkpoint is a less crowded topic than, say, NT Administration, I suspect this book will continue to stand out. In researching Checkpoint issues I've been struck by the extent to which "Phoneboy" is personally identified with the topic, both by newbies and by seasoned professionals. It's for good reason. This book is extremely thorough (within its scope) and brings alot to the table in the way of the details that a professional would need. I've read alot of technical texts, but this one stands out, both generally and with the specific topic. The book is written well, with a good structure and giving useful examples. I found the bug reports and known issues particularly useful. As a technical resource it seems unmatched. It was an excellent resource, both on the job and in earning my CCSA.

Each chapter of the book starts off with describing what the reader will learn or accomplish by reading that chapter. This sort of information is helpful for allowing readers to skip information that may not be useful to them and find the answers they seek. Many of the chapters also contain FAQ's and sample configurations and illustrations to help reinforce the information.

The book tries to cover a very broad scope and apply to a wide audience. It contains information all the way from holding the readers hand if they are new to Checkpoint Firewall-1 NG to providing detailed troubleshooting and configuration steps for experienced Checkpoint administrators.

I have never administered a Checkpoint firewall personally, but I found the information mostly straight forward and understandable. Again, this is not a book one would typically read casually, but for anyone who administers a Checkpoint firewall or is looking at installing a Checkpoint Firewall-1 NG system this is an excellent source of information.

(...)

Checkpoint FireWall-1 has become one of the top firewall software products in the industry. There are many reasons for its predominance. It was the first commercial
firewall on the market, but more importantly, the FireWall-1 GUI and its ease of use impressed corporate CIO's.

Although FireWall-1 is easy to use, some users face difficulty in configuring the product correctly and appropriately. In fact, one of the biggest dangers of a firewall is that it can
provide a false sense of security; if not properly configured, a firewall may have so many holes that it actually functions as nothing more than a router. Firewall expert Marcus
Ranum notes that, "...eventually, if enough data is going back and forth through your firewall, it is no longer a firewall -- it is a router."

Many times, firewall administrators are hired not because of their expertise in information security, but because they know network and systems administration quite
well. Many FireWall-1 administrators start with zero experience and knowledge. This is good from a job security and training perspective, but terrible from a security perspective.
Despite the proliferation and ubiquitous nature of FireWall-1 over the past decade, it is only in the last few months that any worthwhile books on FireWall-1 have become
available. One of the best is Essential Checkpoint Firewall-1: An Installation, Configuration, and Troubleshooting Guide by Dameon Welch-Abernathy. Welch-
Abernathy maintains a Web site, ..., which contains information on anything and everything related to FireWall-1. In fact, many FireWall-1 administrators have
... bookmarked as their prime site for FireWall-1 information, even before the Check Point support site.

Although the documentation that comes with FireWall-1 is quite good, Essential Checkpoint Firewall-1 often surpasses it. This is what makes Welch-Abernathy known as
the man for FireWall-1. Even Nir Zuk, who was a principal engineer at Check Point, stated that Welch-Abernathy's knowledge of FireWall-1 in many cases surpassed the
knowledge of Check Point's own engineers.

As its title implies, the book covers the installation, configuration, and troubleshooting of FireWall-1. Whereas the product itself is pretty straightforward to install (except for the
software license information), the real challenge is in the post- installation arena. The book has 14 chapters and, by Chapter 3 (page 34), the book is already into FireWall-
1. Other books often include up to 100 pages of filler on topics such as computer secrity, cryptography, threats, etc., and don't get to the main subject until half way through the
book. Chapter 4 of this book provides a thorough overview of how to build a rulebase. The chapter describes the various fields and objects that need to be created for the
firewall to be effective. Although the simplicity of the Check Point GUI is obvious, the definition of names, network objects, and so forth, must be carefully planned -- especially
for rollouts of FireWall-1 in large enterprise environments.

Chapter 8 provides an excellent overview of content security. FireWall-1 is built on its patented Stateful Inspection capabilities, but it has other security facilities including CVP
(Content Vectoring Protocol), UFP (URL Filtering Protocol), and others. The chapter describes much of the secondary content protection capabilities of FireWall-1. Such

capabilities are crucial in light of the volume of information that passes through corporate firewalls (including streaming media, email, files, Java, etc.).

Essential Checkpoint Firewall-1 covers all the crucial topics that any FireWall-1 administrator needs to know. From authentication, VPN, logging, high availability, and
more, it is all there. This is what makes Essential Checkpoint Firewall-1 the book of choice for FireWall-1.

This is one of those rare books that delivers what the title claims. It gives in-depth instructions on Firewall-1 installation, configuration and troubleshooting, and also includes additional material on security and networking that goes beyond what the title promises.

What I especially liked about this book are the little details that have a big impact if they're overlooked. Notable examples include:

(1) Quick, but thorough, introduction that provides an overview of firewalls at a general level, and the key features and benefits of Firewall-1 in particular.
(2) Issues, such the need for a security policy, are addressed early on. This is an important consideration and the author goes beyond merely highlighting the need by giving you a brief template to use in creating one.
(3) Guide through the labyrinth of Check Point's Firewall-1 licensing schemes - this is a nice touch because mastering the technology is a less daunting task then figuring out Check Point's sales strategy.
(4) Strengths and weaknesses of candidate operating systems, and a straightforward process for installing and configuring Firewall-1. The latter is a strong point because you'll benefit from the author's extensive experience and will save time by having a strategy instead of getting bit by obscure issues and learning painful lessons.

I like the way that each section ends with frequently asked questions. The author anticipates and answers common questions about installation, configuration and troubleshooting. Because of the way this book is structured it can serve as an off-the-shelf implementation and maintenance guide, eliminating the need to develop this material in-house.

This is one of the best written and well thought-out technical guides that I've had the pleasure of reading. It sets a high standard for similar books, but more importantly, it so completely covers Firewall-1 that you won't need anything but this book to implement and support this product.