Internet Books

If you're thinking about taking the Security+ exam from the position of a complete newcomer to the field of INFOSEC, then this book is highly recommended. The print quality is not that great, there are a few typos here and there and the humor sometimes gets a little tedious. But look beyond these shortcomings and this book is worth every penny you spend on it. In fact, if the Security+ exam were not as technical as it is, then this book would be the definitive text. The material is laid out in simple language and yet technical details like port numbers are covered nicely. In all, if you are new to INFOSEC, or you just want to be sure of your foundations, then this is a good place to start. For the exam, read this book first and then get Security+ Prep Guide by Ronald L. Krutz and Russell Dean Vines to provide more technical insight. Polish both off with the 100-page study guide that you get with Security+ Transcender and you should have no problems achieving 85% pass mark.

Congratulations to Helen and Tcat, their book is one of the most organized and practical technical books I have ever seen. I has been very useful to study and day-to-day tasks. A very good choice to prepare to Security+ Exam and IT security career.

I like how this book ties in real life examples and stories into its pages. This makes it a bit more interesting read then most dry, boring, and technical books on Security+.

When you are purchasing any can of material you must do your research on the product. Well I did and it has paid off!
You well not find a better book when your pursuing your Security+
certification! This book not only gets you going in the right direction, but the authors have also included links if you want to delve deeper into the particular subject they are addressing.
(I mean they did their research!)
The software they also include in my opinion is just simply one product you just cannot do without!

There are just too many kudos to list!

When purchasing any kind of material you must do your research. Well I did and it has paid off!

This is the book you want to have when you are pursuing your Secutity+ certification!

It has so much information that is presented in a way that makes you want to never let it down!
Not only will you have this wealth of information, but the authors have included so many hyperlinks related to subject they are addressing. This is great for the person that just wants that extra touch!

The tools which they include on the cdrom are just ones you must have! The missus and myself love testing each other.

There are just too many kudos too list!

When you wake up at 4:30 in the morning and start reading you know you have a great book in your hands!

As a project lead for a Microsoft team that works with adCenter clients, I read a lot of technical books about online advertising. A lot. I've never referred to any of those books as a page turner. Never. "Landing Page Optimization" is a book with weight and substance without being dead weight. When I finished the book I had a working knowledge of the rationale and testing methodology for landing pages including a better understanding of the math than I had expected. I have a background in search engine advertising and web analytics but lacked a clear understanding of multivariate testing. With this book I could step into a search engine advertising production environment and feel comfortable with the learning curve.

I often find that mastering the art and science of conversion optimization is one of the key areas that separates outstanding marketers from the also-rans. Tim's book is an essential resource to help people start to develop that mastery.

I particularly enjoyed Chapter 10 since it helps you think about the entire testing process from end to end. There tend to be three kinds of testers. (1) Those who don't know about testing yet. (2) Those who get good but not extraordinary benefits from testing since they don't think through their tests. (3) Those who do think through their testing and UX strategy and get such great results that it becomes huge competitive advantage.

Folks who can take the insights from this book and get a few big tests under their belt will not only deliver big gains to their employer but will also be the cream of the crop in the digital marketing professionals marketplace.

I just finished reading Tim's book and want to let you all know that this is by far the best book I have ever read on landing page optimization. I now have 18 pages of notes and ideas to apply to my work as a result. No combination of blog posts, speakers or articles can provide this kind of comprehensive, actionable knowledge.

I work in the search marketing / analytics field in a digital-centric agency setting and will be recommending this book to everyone I work with. This is a must read for any person or company involved in digital media, analytics, usability, web design or any other online field.

Landing page optimization (LPO) is NOT as simple as changing a web page's images, text, or font color and font size to create what you THINK others will like. There are many more pieces to the puzzle, which Tim Ash covers very well.

I firmly believe that this book is a great read for anybody who plays a part in the design and layout of any web page that asks a visitor to do something (i.e. buy, sign up, download, etc.). You'll definitely learn how you can make your mission critical landing pages convert better.

Even the old salty pros out there can learn a thing or two from LPO Jedi, Tim Ash.

Eric Itzkowitz
[...] Phone Cards

p.s. We've already put into place some of the learnings derived from this book. We can't wait to see the results!

The book was written by Tim Ash of SiteTuners.com, a web analytics and site optimization service who does landing page optimization among other things for his living.

It is a real-world and practical guide to landing page testing and optimization without any fluff. It is really for the folks who do the testing and the ones who have to sell it to their boss and need to know about the details of the process of landing page testing, what is involved, what are the risks and how it should be approached and why.

It is very useful and complimentary to the "Landing Page Handbook" by MarketingSherpa, the $500 "bible" for folks who do serious landing page optimization for their business.

They also overlap in a few areas. This means that it is also a good buy for people who are not doing enough business that involves using landing pages to justify and recoup the $500 investment in the MarketingSherpa book. It's not exactly an alternative, but it is a start that cost a lot less.

If you are doing serious business with landing pages, I recommend getting both books. The return (increase in conversion = increase in business and profits) you will get out from it will pay for the initial investment quickly and then over and over again for the time to come.

This book was a big help in passing my TCP/IP exam, but I do not recomend it as a single source. My strategy, which has served me well, is to read the book once, take a practice test (eg Transender), figure out what concepts you do not get, study those areas of the book, take practice exam, repeat untill you are scoring high on the practice exams. This book work out great for that and it is cheap and a quick read. Perfect.

Only get this book if you're already experienced in the TCP/IP world. Passed the test with flying colors! I used this book to review beforehand. Wished it had a little more practice questions, but overall good material!

This is a great book. Even if you're not interested in takingthe test, this book is worth the price. It seems to cover almosteverything on the test. Buy the book if you want to take the test.

It is a very good book. It is not a thick book, but it contains many materials relevant to the exam, and you can get the main points from this book. I would say its content is even better than other training guide in the market. Of course, it is just a revision book, you cannot get any training from it, just get the facts only. In addition, I also find that its content is even same as the live questions that can help me pass the exam.

If you already know TCP/IP this book will help you slam-dunk the test! Its explanation on subnetting is the best I've seen. If you're new to WINS, DHCP and DNS then you better try another book. New Riders Training Guide on TCP/IP (ISBN 1562059203) is great- know this book and you know TCP/IP on NT! I studied both of these and scored a 966.

Excellent high-lvel book for anyone involved with software development and implementation. This book digs deep with enough details of security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The book also does well in terms of secure coding, white box and black box testing very well.

Few things where this book falls short "Ignorant" to emerging application landscape and the coding complexities in a multi-platform and application integration environment - J2EE, .NET, XML Web Services and SOA. I am sure, the author will agree on those gaps hopefully we see in the next edition of this book.

The book deserves 5 stars for the concepts + illustrations and 3 stars for those keen on development details for distributed applications.

A required reading for anyone involved with software development and implementation. This book drills-down to security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The concepts illustrated on secure coding, white box and black box testing are excellent. As a developer/architect, I thoroughly enjoyed this book and I suggest to everyone who wants to get started on secure coding and testing practices.

Couple of things I QUIBBLE with are... the book does'nt realize the emerging issues and how-to's for build/refactor security for distributed application proliferation as your it - Portals, Web Services and SOA. The way we develop software is changing, the applications are becoming more pervasive and no-longer contained standalone to a system which makes the built-in security brittle impeding the agile business requirements for application/process orchestration, b2b federation and Web based application mashups. I am sure, the author will realize those gaps in the next edition of this book.

Havingsaid - This book is still a must-read for the budding security developer who wants to focus on secure programming and testing.

What is MISSING - You will not find answers for how you do secure web-centric applications, XML Web services - message-level security, identity federation and other b2b application complexities.

Software Security is the best book for learning to integrate security throughout your software development lifecycle. It contains all the security material that is missing from software engineering books. The author understands that your software development lifecycle is different from his, and so focuses on seven touchpoints that can be introduced into any software development lifecycle, instead of attempting to sell you a new lifecycle. He also understands that no matter how important security is to you, you can't change everything about you develop software tomorrow, so he introduces the touchpoints in order of effectiveness based on his extensive consulting experience, starting with tool-assisted code reviews and architectural risk analysis.

If you're a software developer, Software Security is an essential book to have on your shelf, and you'll also want a secure programming book like Secure Programming with Static Analysis (Addison-Wesley Software Security Series) or the author's own Building Secure Software: How to Avoid Security Problems the Right Way.

The root cause of many security vulnerabilities is poorly written software. Often, software applications are written without security in mind. The logical, yet elusive, solution is to ensure that software developers are trained in writing secure code.

Software Security: Building Security In is a valiant attempt to show software developers how to do just that. The book is the latest step in Gary McGraw's software security series, whose previous titles include Building Secure Software and Exploiting Software.

In past decades, writing secure code was left to the military and banking industry. Today, with everything on networks, all sectors must get into the act.

Much of the problem is that organizations target their security elsewhere--specifically on networks--rather than on software. But so many malicious attacks are directed at software that it is foolish to leave this vulnerability exposed.

McGraw goes into detail not only about writing secure code but also about key related areas, which he terms "the seven touchpoints of software security."

These points comprise code review, architectural risk analysis, penetration testing, risk-based security tests, abuse cases, security requirements, and security operations. A major portion of the book effectively discusses these "touchpoints," making the work a recommended tool for inculcating software developers with a security mind-set.

I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the production of more security software.

Gary McGraw's book gets my vote as the best of the six because it made the biggest impact on the way I look at the software security problem. First, Gary emphasizes the differences between bugs (coding errors) and flaws (deeper architectural problems). He shows that automated code inspection tools can be applied more or less successfully to the first problem set, but human investigation is required to address the second. Gary applauds the diversity of backgrounds found in today's security professionals, but wonders what will happen when this rag-tag bunch (myself included) is eventually replaced by "formally" trained college security graduates.

Second, Gary explains that although tools cannot replace a flaw-finding human, they can assist programmers trying to avoid writing bugs. Gary is the only author I encountered who acknowledged that it is unrealistic to expect a programmer to keep dozens or hundreds of sound coding practices and historical vulnerabilities in his head while writing software. An automated tool is a powerful way to apply secure coding lessons in a repeatable and measurable manner. Gary also reframed the way I look at software penetration testing, by showing in ch 6 that they are best used to discover environmental and configuration problems of software in production.

Third, Gary is not afraid to point out the problems with other interpretations of the software security problem. I almost fell out of my chair when I read his critique on pp 140-7 and p 213 of Microsoft's improper use of terms like "threat" in their so-called "threat model." Gary is absolutely right to say Microsoft is performing "risk analysis," not "threat analysis." (I laughed when I read him describe Microsoft's "Threat Modeling" as "[t]he unfortunately titled book" on p 310.) I examine this issue deeper in my reviews of Microsoft's books. Gary is also correct when he states on p 153 that "security is more like insurance than it is some kind of investment." I bookmarked the section (pp 292, 296-7) where Gary explained how the "19 Deadly Sins of Software Security" mix "specific types of errors and vulnerability classes and talk about them all at the same level of abstraction." He's also right that the OWASP Top Ten suffers the same problem. Finally, Gary understands the relationships between operators and developers and the importance of security vocabulary.

I was pleasantly surprised by "Software Security". I reviewed an early draft for Addison-Wesley and wondered where the author was taking this book. It ended up being my favorite software security book, easily complementing Gary's earlier book "Building Secure Software." In my opinion, Gary is thinking properly about all the fundamental issues that matter. This book should be distributed to all Microsoft developers to help them frame the software security problem properly.

I loved this book...

It has a very broad look into opening a Ebay business. It starts with the general how to establish a Ebay business. Then it onfolds into the details of everything you need to know about making money on Ebay. There are a few chapters where I would haved liked them to be longer, like the dropshipping chapter. But on general you have everything there. This book is a must.

This book is like a textbook of your favorite class from college... its very detailed and details are what matters on business.

I purchased a half a dozen books on creating a eBay business and I found this book to be the most complete and informative. Most of the others were junk. If you are starting an eBay business you must buy this book.

I have been on ebay now for a couple of years I have had some hits and misses as a seller. I think now with some of the tips and planse in this book I will be a better and more profitable seller. Oh by the way my Ebay name is Lamont912 check me out some time and just say hello

Skip knows what he's talking about and shares the wealth of his experience in this welcome guide. A Gold-level PowerSeller (not exactly Titanium, but high enough to show he's a pro), McGrath is also an eBay radio commentator, eBay Live speaker, and one of the most knowledgeable eBay writers around. This is a desk reference you'll want to keep handy as you build your business. Leaves no stone unturned. You can't go wrong with this one.

Skip is a very likeable writer who has obviously done well on eBay. I found this book to be well thought out easy to read. I met Skip at eBay Live last year and he was very helpful, which I appreciated. Unfortunately I also bought a book by Adam Ginsberg, only to find out through some news sites that he has been banned from eBay for shill bidding and failing to send multiple orders worth hundreds of thousands of dollars!

The only other comment I have about Skip's book is that I would have liked to have seen a few more real world examples of how his techniques can be applied. It's a small point though in a generally excellent book.

Vacca's new book provides a comprehensive overview of the emerging wireless data technology. The book is geared toward experienced Internet professionals who need to learn how to install wireless networks quickly. It provides numerous hands-on examples, such as an access network protocol, and useful discussions about issues such as the implementation of homeland security (currently most available protocols and products have huge holes). A large portion of the book is devoted to the design of wireless networks, dealing with issues such as standards, robustness, ease of installation and use, and, of course, security. Detailed schematics demonstrate typical filter and uplink applications. The final chapter offers a series of recommendations to support Vacca's assertion that wireless technology is the key to the future of communications and concludes that future networks will require a new methodology that integrates all layers of network design. The book is organized to move from an overview of this emerging technology through the planning and design, installation and deployment, and configuration phases. It also supplies advanced solutions to wireless design problems and new directions of the technology. Altogether a must for those people who are charged with implementing this type of network in their organizations.

This is the practical stuff you can't ever learn by going to grad school.
Wonderfully comprehensive and chalk full of highly useful information for today's high tech world. Wireless Data hits every conceivable corner of wireless technology with a well balanced mix of overview, technical depth, and hands on applications. The diagrams and illustrations are very well done. Highly recommended for the spectrum of tech managers, network engineers, and technicians. This book will be a mainstay for my reference library.

Vacca provides a unique value in his books in allowing the reader to drill down to the technical level required. This one is certainly no exception. His top-level scenarios are enlightening and encourage you to leap onto the technological bandwagon, but I particularly appreciate his caveats - particularly where he indicates what standardisation or legislation is required within the industry, as well as his very specific cautions against over-design within your application. Subsequently, he proceeds into the technical rationale for such limitations, and where it can be bypassed or overcome.

As I have spent the majority of my applications career interfacing between management/marketing ideals (necessary for progress) and technical viability within the available staff (typically pessimistic after the first few confrontations with external technical reality), I sincerely appreciate Vacca's substantiated presentations of current viability, emergent solutions, and futures.

JohnVacca has again written a book about a subject that has great application in the near future. As notebook computers are fast replacing desktop computers and as flat screen monitors are replacing CRT monitors, wireless data is replacing data transmission via cables of different types. Several companies have already replaced their local networks with wireless networks at work place where their employees can move about the work place and be connected to not only the company's Intranet but also the Internet. This book provides a good explanation in the understanding of wireless data transmission and the challenges for companies that provide wireless transmission to improve this technology as more companies and organizations will soon depend on this application to conduct business.

I have added also this new book by John vacca to my Company library. Practically all of John books end up being used to train all of our employees . You did it again John!
Keep at it , you are the best

Tullio Bortoletto

This is a very, very helpful book on travel! I love the fact that it is so up-to-date with web addresses and information-the athor has really done his work! I lost my Mother recently and before she got sick I tried to get her on a cruise. I could not convince to go. Your book is a Godsend! God Bless You!

With the thousands of Internet travel guidebooks to choose from it is very difficult to separate the good from the mediocre. You can literally devote days trying to figure out which guide will reveal the most useful information pertaining to the best air-fares, hotels, cars, lodging, student travel, medical resources, romantic vacations, unique lodging, National Parks, hideaways, things to do and see, shopping, restaurants, and many other essentials necessary to plan and enjoy your vacation.

The impetus that brought about the publication of the recent Internet travel guidebook, You Are Here Traveling with JohnnyJet.com, was the result of the many emails John E. DiScala had received from viewers of his Internet portal JohnnyJet.com.

Apparently, people were inquiring if there was a companion travel guidebook to compliment the portal.
As a result, DiScala and fellow co-author, Eric Leebow, decided to put together a innovative book that would be the ultimate Internet travel guide for people wanting quick and easy information, and at the same time to be used in conjunction with the web site.

Divided into 34 chapters, the guide effectively points its readers in the right direction in clearly summarizing and highlighting over 3000 travel Internet sites.
These sites provide a wealth of detailed information that makes life much easier for the traveler. Even the arm- chair traveler will find something of interest.

The guidebook not only focuses on the traditional topics as senior travel, restaurants and hotels, but also the non-traditional-where to find the best diving directories, adoption travel or family reunions, travel humor sites, religious travel, archaeological digs, zoos, and other topics you would not normally find in the "run of the mill" Internet guidebooks.

Also included are some interesting sidebars containing useful tidbits of advice.
For example, where is the best place to sit on a plane? We are advised that if you suffer from motion sickness, choose a seat towards the middle of the plane or near the wings.

What I found particularly useful about the book is the user- friendly format with its detailed Table of Contents, appendices and Index.
The reader is not forced to thumb through several pages before he or she can track down what they are seeking. Immediately, a glance to the table of contents or index will clearly point out the way, saving you a great deal of time and frustration.
In addition, you even have comprehensive appendices listing destination sites, automobile rental sites, major hotel and motel chains, US and International airlines, airfreight companies with phone numbers, and where to report stolen credit cards with phone numbers.

You Are Here Traveling with JohnnyJet.com is sure to prove to be an invaluable tool in covering the full range of queries travelers often ask and is a welcome addition to the spate of Internet travel books.

Whether you are surfing about online dreaming about your next vacation or seriously planning your next adventure, "You are Here" is the ultimate online travel portal.

Features:

More than 3,000 carefully researched Websites
Money saving travel bargains
Travel tips that make a difference
34 chapters filled with amazing information

Some of the main chapters:

Steals and Deals on Fares
Lodging
Airport Information
Food on the Road
Traveling with the Family
Seniors: Traveling in the Golden Years
Student Travel
25 Things to Do and See (Everything from Haunted Tours to the London Theatre)
Pets Can Travel Too

You are Here: Traveling with JohnnyJet dot com is encyclopedic and perhaps the most comprehensive book I've seen on online travel resources. If you travel, you need this book.

John E. DiScala's research will make your travel research easier and when you are actually traveling, you can visit the website. When you visit the site you can look up information with the "Jet Codes." For example: Johnny Jet Code: Boat Rides. You will then find links to various sites and can quickly click through and find the information you need. It was super fast and much easier than trying to look up boat rides in a regular search engine. Just look for the Code Index in this book. The regular index is also quite helpful.

So, whether you need a free language translator or want to avoid the world's most dangerous places, it is all here.

Eric Leebow is the founder of Yahbooks Publishing and is the author of various other You Are Here books. John E. DiScala, AKA Johnny Jet is a travel expert and the founder of the travel portal Johnny Jet dot com. He is known for his weekly newsletter and site and from what I can see he is passionate about traveling.

~The Rebecca Review

This incredible book is jam packed with everything you would ever need or want to know with over 3,000 websites, adventures, bed and breakfasts, mountain climbing, resorts and spas, tips on airline fares, hideaway destinations, and cultural ones, this book has it all!

Whether you want a long weekend getaway, a long vacation, or are planning a speaking tour and want to know where to stay, and what you can see and do at your destination, this book will make your life so much easier.
Highly recommended for its incredible resources no matter where you want to go, or what your interests are, it is covered in this fantastic book.

If you want to know how to find all the "insider" secrets to exciting, safe, and inexpensive travel, you can't do better than this great guide.

This book helps you navigate the deepest, darkest corners of the Web so that you can plan the best vacation ever.

Want to go hiking in Scotland, or scuba diving in the Carribean? You'll find where to look for vacation information here.

Need the best selection of luggage, at discount prices? You'll find the best places to shop online.

Want the best ways to stay in touch while on business travel? You got it -- the links are here.

I consider myself pretty Web savvy, and at first I was skeptical that a book could do better than a few minutes with Google. Well it can -- and now, I am a big believer.

Save yourself hours of frustration searching page after page in the search engines, jumping back and forth from site to site, as you try to find what you need among billions of search engine pages. Use that time, instead, enjoying the great vacation you were able to plan.

Dos ultimos livros que tenho comprado, assim como os da serie Head First da O'Really este livro superou muito as minhas espectativas.

Como um livro de tutorial foi maravilhoso e me trouxe muito conteudo !!!

Realmente vale a pena !!!

It's an excellent book, the book teaches you how to develop a site in three layers (presentation, business and data) in my ishe goal of this book.

It is cover a lot of great part of asp.net 2.0. It is easy to understand and implement. Some code is very profession and hard to understand. Most of them cover SQL,ASP,WEB service,security issue.I will say it is the cool part of ASP.net. You can see author spend a lot of time to collect the beauty of asp.net. You will like it no matter how many time you read the book.

'Beginning ASP .NET 2.0 E-Commerce in C# 2005: From Novice to Professional' by Cristian Darie and Karli Watson is one of the most unique and important books out there for anyone that is developing an E-Commerce site with ASP.NET 2.0. Starting from scratch, the authors step by step show you how to get a site running and WORKING well and efficient. Packed with 650+ pages of material, the authors break the steps down in logical parts, show how they go about the work to be done, and then provide the code which does the dirty work. Not only is it helpful, but it's a joy to follow the steps as so much of the curtain is pulled away to show the developer how to get the job done. This is easily one of my favorite Apress books that I have seen. One of the nicest things about the Apress line of books is the fact that they write and publish books that no one else seems to and this is a perfect example of this. I'll close with a chapter overview for your inspection:

01. Starting off
02. Laying Out the Foundation
03. Creating the Product Catalog: Part I
04. Creating the Product Catalog: Part II
05. Searching the Catalog
06. Improving Performance
07. Receiving Payments Using PayPal
08. Catalog Administration
09. Creating a Custom Shopping Cart
10. Custom Orders
11. Making Product Recommendations
12. Adding Customer Accounts
13. Advanced Customer Orders
14. Order Pipeline
15. Implementing the Pipeline
16. Credit Card Transactions
17. Integrating with Amazon

Tack on 2 appendixes to the end and you have a MUST-HAVE book for anyone that is looking to achieve the same goals that this books does!!

***** HIGHLY RECOMMENDED

This book covers it's topic E-Commerce very well. It also takes advantage of the new features found in ASP.Net 2.0 including some of the new ADO features. If you are getting ready to setup an E-Commerce site I highly recommend this book. I also recommend it for beginning developers wanting to know more about ADO and database design.
The authors have a great approach to design that anyone doing E-Commerce would do well to follow. Better yet they mention the pros and cons of different approaches and explain why they chose their approach. I've been thrilled to learn some new strategies to improve performance that I hadn't considered before as well as some new features in ASP.Net and ADO 2.0 that I wasn't aware of.
The only negative, for me, is the database as well as ADO basics this book spends many pages covering. However there's plenty of worthwhile content to justify the price. So if you are familiar with database design and have a working knowledge of ADO you can just skip past those pages. I do recommend you skim thru them though as, like me, you may learn some new 2.0 features you weren't aware of.
The book covered all my E-Commerce questions: catalog design, how to scale up/performance considerations, SSL, Security issues, credit card processing, and costs involved. They even point you in the direction of a few recommended credit card processing businesses. Best of all they approach the site creation in such a way you can quickly get up and going and then later on focus on fine tuning payment options and really making the site standout with features.

I come from a routing shop - never having a customer need for Multicast. This book brought me up to speed very quickly on the both the beauty and ease of Multicast. As a tool for my CCIE studies, I felt the first 200 pages were of immense value at helping my studies. I felt Chapter 5 (on DVMRP) was not nearly as valuable as Chapters 6 and 7 (on PIM-DM and PIM-SM).

Some typos I was able to pick out:
page 144 - 2nd line from bottom should read "...it too sends a Graft message to Router C" - not Router D.

page 168 - 3rd line on the 1st paragraph should read "...SPT to pull the (S2, G) traffic down to the RP..." - not (S1, G).

There are some other typos, but they are few and far between (but I'm not an expert on multicast!). I have heard of this book being talked about as the 'bible' for multicast - I can see why.

I give this book 5 pings out of 5:
!!!!!

I was skeptical about buying a book this old, but I just finished it and am still slightly amazed at how little has changed in multicast technology in ~8 years. I have read Doyle's multicast coverage, listened to InternetworkExpert's excellent "class on demand" (CoD) on the topic many times, and worked through over half of their 20 CCIE lab scenarios, all of which have multicast sections. This doesn't make me an expert by any means, but I know enough now to recognize that the material in this book is still worth reading.

The differences between this book and Doyle's (2004) are:
- Williamson dedicates a lot more effort to explaining the mroute table. This was my single biggest stumbling block in multicast routing
- Doyle, IMO, gives IGMP a better treatment
- Doyle goes over mtrace and mstat
- Williamson spreads the information out over more pages via liberal usage of config snips and diagrams, often one per page. This allows him to go into *brutal, painful and excruciating* detail about every line in the mroute table, every flag, every state transition, etc.
- Williamson does a more thorough job of explaining exactly what happens in PIM-SM networks (100+ pages to Doyle's ~25)
- Doyle goes over Anycast RP and gives a better explanation of MSDN, which appears to have been rather cutting edge when Williamson put finger to keyboard

I finished the book in about a week of serious effort, but I skipped the following chapters (Cisco has not put much effort into the technologies described), leaving me with about 400 pages of groovyness:
DVMRP
CBT
MOSPF
Connecting to DVMRP Networks
and several sections of other chapters

To be sure, some things have changed. I didn't see any mention of the "ip pim autorp listener" command, which negates the need for sparse-dense mode when configuring Auto-RP (can't recall if Doyle mentioned that either). Also, in current versions of IOS one *does* need to specify the RP on the RP itself, whereas Williamson (and Doyle) explicitly say this is not the case (they were both right at the time of print, Cisco has changed this). Overall however, I would say that easily >95% of the material is solid here.

So which book to buy? Well if you're serious about the CCIE and/or running a multicast network you'll get both, and read them both several times. I do hope Williamson updates the book though, as he alludes to several draft proposals, and gives a "state of the multicast internet" address that I would like to know more about without digging through two dozen RFCs. Also, the few things that have changed would be a boon to the book.

Multicasting is truly a technology solution in search of a problem. Excepting highly specialized conferencing applications (a few of which are mentioned here) it is difficult to see how multicasting can be a money-making service for carriers and providers, and the protocols have yet to really penetrate to wide deployment. That said, knowledge of this separate realm of IP networking is a must for any professional in the telecom space.

I'm glad to say that this book rewards determined scrutiny. As a technical writer supporting a very complex product line that has recently added PIM-SM to its bag of tricks, I've found this book painstaking and tremendously informative. You will need to understand IP networking before approaching this title; on the assumption that you do, you will fully understand shared trees, SPTs, and their combination in PIM to an absolute fare-thee-well. My focus when reading this book was on IGMP and PIM-SM, so I have not read absolutely every page of this title. However, Williamson breaks the processes down packet-by-packet for each protocol in the multicasting suite in almost excruciating detail. Advanced coverage of topics such as registration, pruning, and Rendezvous Point behavior means that you will have complete mastery of Cisco multicasting, and for any platform that conforms to the standards, by the time you are finished.

This is an excellent, excellent effort in what I think is a consistently solid networking series.

Multicast has for several years been used in LAN environments to easily exchange information among users, especially in educational and academic research environments. The advent of audio and video conferencing has increased its use in these environments, and it is now making its presence known in WAN and Internet environments. This book gives an overview of the how to implement IP multicast on Cisco devices, and does a good job in that regard. Readers with a general knowledge of networks, even those who have not administered Cisco devices explicitly, can gain much from the book. This reviewer was not interested in the actual implementation of Cisco multicast networks, which is covered in Part 3 of the book, and so this review will concentrate on the other three parts of the book. These parts are mostly descriptive, but they do discuss some of the performance issues involved with the deployment of IP multicast, although nowhere in the book are test cases discussed, even though their inclusion would have been extremely helpful. Multicasting by itself is not a complicated phenomena to understand and use, but when it is deployed over Layer 2 or when coupled with QoS some interesting issues can arise. This reviewer was mostly interested in traffic engineering in multicast environments, and the author spends an entire chapter on this topic.

The book begins with a history of multicast and the MBone, the latter of which is a collection of Internet routers and hosts that are interconnected and are able to forward IP multicast traffic. IP multicast is of course an unreliable transmission mechanism, based as it is on UDP. Along with stating the assigned scope of the multicast addresses over IP, the author also reviews the scheme for multicast MAC addressing. The MAC address mapping will cause a CPU performance hit though since the CPU will have to be interrupted in order to deal with all 32 of the IP multicast groups. This arises since the IP multicast address information cannot be mapped into the available space of the MAC address space. There is a 32:1 address ambiguity when an IP multicast address is mapped to a MAC address.

One can summarize the properties of the multicast routing protocols discussed in the book straightforwardly:

PIM (Protocol Independent Multicasting) can run in three different modes, namely Dense (DM), Sparse (SM) and Sparse-Dense. A router will always forward multicast traffic on a dense mode interface unless all the PIM neighbors of the interface prune themselves from the multicast tree. Multicast traffic will be forwarded on a sparse mode interface only if at least one of the PIM neighbors explicitly joins the multicast tree. In sparse-dense mode, the interface can be running in sparse mode for some groups and dense mode for others. There is a "hello interval" for PIM multicast which is the frequency at which the router will send PIM query messages, the latter of which are used for selecting a PIM designated router. The PIM designated router is responsible for sending IGMP (v1) queries. Bootstrap messages can be forwarded from an interface in PIMv2. This allows all PIM-SM routers in a domain to dynamically learn all Group-to-RP mappings.In PIM-DM, the multicast traffic is periodically forwarded even on pruned interfaces of a source-based distribution tree. This allows the learning of membership changes. This 'state-refresh interval' can be configured on the first-hop routers of the multicast source, allowing the interface to periodically send a state refresh control message down the source-based distribution tree. When doing multicast in an NBMA (NonBroadcast MultiAccess) network, a router will replicate multicast packets for all neighbors configured for broadcast (actually pseudobroadcast to use the author's characterization). To avoid this, one can configure the router in NBMA mode, which will then only allow the replication of packets for PIM neighbors. NBMA mode is only supported by Cisco for SM networks.

DVMRP (Distance Vector Multicast Routing Protocol) does neighbor discovery, where network routing information is exchanged between neighbors. This information consists of Route Report messages that advertise a source network and a hop-count. DVMRP generates two routing tables, one is a multicast routing table to the receivers and a unicast routing table to the sources. When forwarding, a DVMRP router will use the unicast table for RPF (Reverse Path Forwarding) checks and the multicast table for forwarding multicast packets. When doing unicast routing, the router will use the unicast table for the RPF check, but will use a different multicast routing protocol for forwarding multicast packets. There is a metric value associated with a DVMRP unicast route, which is the sum of the interface metrics of a route between the router originating the report and the router in the source network.

For multicast traffic, one can control bandwidth with: 1. Aggregate rate limiting, which sets an upper bound for all multicast traffic being sent on an interface. 2. Mroute table entries wherein each individual multicast stream is set to a maximum rate. 3. `Scoped zones' and multicast boundaries, which prevent multicast traffic with a high rate from traveling outside the provisioned regions. Doing actual multicast traffic engineering is complicated do to the need for calculating the proper RPF (Reverse Path Forwarding) interface (and not the destination IP address). The author discusses in detail some of the techniques that can be used, such as GRE tunnels and `pseudo load-sharing.' GRE tunnels are used to do load-splitting of multicast traffic, which cannot be done otherwise since multicast is allowed only one incoming interface. He also describes how to do traffic conversion between broadcast and multicast, this being allowed for Cisco IOS 11.1 or later. This is a useful capability for networks where the source or the receivers, or both, do not support IP multicast.

This is the best multicast book on the market. It is a must have whether you are preparing for the CCIE Lab or just want to understand multicast.

The explanation was simple and clear. There are tons of configuration examples covering pretty much all kinds of scenarios. The author actually explained every single line of the configurations.

I bought this book for my Lab exam, and after two days of reading, 99.99% of my questions were answered (the only one I still have is I actually made PIM-DM work in a hub-spoke frame relay network. The prune message from one spoke was actually seen by the other spoke, I don't know why the hub would forward it out).

I have to admit this is one of the best books I've read for a long time. Just like Jeff Doyle's TCP/IP Routing is the Bible of IGP, this book is the Bible of Multicast.

This is a great book for seasoned IT professionals that want to learn how to secure small and medium sized networks.

As others have said, if you want to read only one book, this is the one. The authors did a great job of describing concepts and relevant low level details and tools.

I enjoyed reading most of it, but I skimmed parts that described processes that seasoned engineers have applied countless times.

Highly recommended!

Very, very good.
All the most important subjects of perimeter security, remote access, resources separation are addressed.
TCP protocol details are clearly part of the explanation, therefore the more you know of it the better it is.
Useful links and vendor specific technology references are also included, like Microsoft, Cisco and so on.
Excellent.

Stephen Northcutt has done a great job! this is the most comphrensive book on the subject. I particularly found the part on access lists very helpful. Niloufer Tamboly, CISSP

Stephen Northcutt, and the various contributing authors, have created a masterful and well rounded guide of the various considerations that go into securing the network perimeter. As a student of Information Technology this book has been instrumental in my education and has earned a permanent place on my bookshelf (when it is not in my hands directly).

Fairly decent overview of perimeter security. If your a security professional you may learn a thing or two, if your a network administrator and your idea of security is a firewall then this book is meant for you. Its a fairly easy read, but some of the examples of the commands to enter in configuring routers and hosts could be eliminated. I felt the author was just taking up space with these examples. (not a big deal but I'm taking a star away on principal) I also felt the author could have gone into a little be more detail in the VPN chapter, especially when dealing with encryption, PKI, and authenication which I felt was glossed over. (again not a big deal, but when you call yourself the definitive guide, be more definitive and save the 'commands' for the user guides")