I am writing my first book review here, in my blog after almost two years. I guess, this is the only technical book that I read within this period “Network Security first-step”. Honestly, I do not feel the necessity to read a book. I can easily goggling on the Internet, write on forums or better ask my contracted partner for the necessary info.

I was sitting lazily in the office; one of my colleagues came and said “if you want to order a book this year, find it on Amazon and send me the link until afternoon”. Some ideas flashed in my mind
- No, I don’t need a book
- Maybe, a reference book would be good. No, I am using the Cisco web site , everything is available and searchable.
- Exam preparation books maybe. No they are boring.
- I wanted to find a book, which I could read before sleep. It should be well written, easy to read, but not marketing mambo jumbo, and should have some real purified info.
I started hunting for such a book!

The book “Network Security first-step”

It has been written by Tom Thomas, published by Cisco Press in 2004. The ISBN number is 1-58720-099-6. It has a red cover with a lock on it, 431 pages. It has a price tag of $29.99 at the back of the book.

It is a must read for any IT guy who is into network “security” and has a job that deals with it. If you are teaching any kind of information security courses /classes, then you too need it. It is also a must read for all those who specialize in network security and also it is suitable for Information security auditors.

It is nice to read if you are CIO or IT technology manager/director and any kind of Networker.

The Content
It starts with the basics of hacking; terminology, methods and organizations that are working against the hackers.
The book speaks about security technologies like ACLs, NAT and TACACS, security protocols like DES, MD5, PPTP and SSH, A full chapter for firewalls, a full chapter for router security. A very clear and detailed VPN chapter has been followed by wireless security. Wireless security includes both technology related titles like WEP, EAP and history of war walking and wireless hacking tools. IDS chapter is so informative and honeypots was a new term for me explained in this chapter. The last chapter is about real world hacking tools.

The most interesting thing in this book for me was second chapter completely dedicated to security policies. Explains basics of building security policies and then it gives some reusable security policy samples.

Mentioned tools mostly open source tools which you can easily download from the Internet and work on your own in more detail. Related URLs has been given for tools and organizations. This will let you use this book as a start point for your further security studies.

He mentions about his own company (Granite Systems) in some points. I have to say there are some hidden advertising on it.

Conclusion
This book does the trick. Get one copy of it for your own. I am aware, this book has been published in 2004 and I am suggesting it in 2009. I know what I said. There is a second edition of this book that is not published yet. Some people complain about some typo errors in the book. I hope second edition will satisfy them too.