Cisco Press

Building resilient IP networks.

This work is intended to give those involved in the design and implementation of large-scale IP networks a better understanding of network availability and to introduce recent features and tools developed for improving network resiliency. The authors (all affiliated with Cisco) discuss the hardware and switching implementations that affect network resiliency, the relevance of quality of service models and queuing techniques, resiliency enhancements to the Interior Gateway Protocols, a design guide for a resilient campus access network, resilient connectivity to the Internet, improvements made to traditional WAN connectivity technologies, factors that influence data center network design, and resilient network management. (Annotation ©2008 Book News Inc. Portland, OR)

CCENT/CCNA ICND1 official exam certification guide, 2d ed. (CD-ROMs included)

Two CD-ROMs accompany this text, which guides prospective test-takers through networking fundamentals, LAN switching, IP routing, wide-area networks, and final preparation. Appended are answers to the "Do I Know this Already?" quizes; a decimal to binary conversion table; and ICND 1 exam updates (version 1.0). The CD-ROMs contain material on subnetting (practice and reference pages), memory tables, and ICND1 open-ended questions. The author, of course, is a seasoned expert and Cisco teacher. (Annotation ©2008 Book News Inc. Portland, OR)

CCNA flash cards and exam practice pack, 3d ed.

This book/CD-ROM package, now in its third edition, offers practice, practice, practice for those planning to take the exam for ICND1, ICND2, or the full CCNA exam for the CCENT or CCNA certification. There may be some who want to rip the binding off the book and cut up the pages along the heavy lines separating one flash card from another (three to a page: question on the front; answer on the back); but most will probably opt to use the included CD-ROM version to make their way through 1,400 flash cards, practice questions, and quick reference sheets. (Annotation ©2008 Book News Inc. Portland, OR)

CCNA ICND2 official exam certification guide, 2d ed. (CD-ROM included)

The official study guide covers the exam topics and includes self- assessment quizes, exam preparation tasks, and hundreds of practice questions (on the two included CD-ROMs). Among the topics covered: virtual LANs and Spanning Tree Protocol, static and connected routes, VLSM and route summarization, IP access control lists, network address translation, and troubleshooting, to name just a few. (Annotation ©2008 Book News Inc. Portland, OR)

Cisco ASA, PIX, and FWSM firewall handbook, 2d ed.

This guide explains the features available for configuring and managing the PIX and ASA security appliance families and the catalyst firewall services module (FWSM). A network engineer at the University of Kentucky discusses routing protocols, DHCP server functions, AAA servers, access lists, security policies, application inspection, firewall load balancing, activity logs, and security services modules. The second edition covers ASA 8.0 and FWSM 3.2 firewalls. (Annotation ©2008 Book News Inc. Portland, OR)

Cisco NAC appliance; enforcing host security with clean access.

A Cisco security consulting systems engineer introduces Cisco's network admission control (NAC) appliance which allows organizations to enforce their corporate host security policy and existing security investments. The guide explains the building blocks available with the Cisco NAC appliance solution, the different user roles, the clean access agent, configuration options, Layer 2 and 3 out-of-band deployment, single sign-on, roll-out phases, and monitoring tasks. (Annotation ©2008 Book News Inc. Portland, OR)

End-to-end network security; defense-in-depth.

This gives operators and developers of this manufacture's products a solid foundation in security practices, including firewalls, VPNs, and intrusion prevention systems. It concentrates on an in-depth defense model which uses multiple countermeasures layered throughout the infrastructure to locate vulnerabilities and counter attacks. Practitioner Santos, an expert employee of the manufacturer, describes the company's network security technologies and the concept of the security life cycle, the preparation phase to initiate study, the process of identifying and classifying security threats, the traceback procedure, reacting to security incidents, conducting postmortem and ascertaining methods of improvement, building a proactive security framework, wireless security, IP telephony security, data center security, and IPv6 security. He closes with a set of case studies for practice and further study. The result is a good general reference along with a self-study guide. (Annotation ©2008 Book News Inc. Portland, OR)

LAN switch security; what hackers know about your switches.

A Cisco technical advisor identifies vulnerabilities in Ethernet switch Layer 2 protocols and different styles of denial-of-service attacks, and offers techniques for detecting and preventing such attacks. The vulnerabilities include spanning tree, VLAN tags, DHCP, the address resolution protocol, IPv6 neighbor discovery, and the hot standby routing protocol. The closing chapters describe where an access control list can be used in a switch, identity-based networking services with 802.1X, and new protocols from IEEE that can encrypt all Ethernet frames at wire speed. (Annotation ©2008 Book News Inc. Portland, OR)