Overview of the Book's Contents
We would like to introduce this book from a 50,000-foot view. Part I, "The Essentials of Network Perimeter Security," covers the first five chapters and serves as a foundation for later chapters. The first chapter presents an overview of everything we will talk about throughout the book. Other chapters in Part I discuss core perimeter security concepts, such as packet filtering, stateful firewalls, proxies, and security policy.
Part II, "Fortifying the Security Perimeter," comprises Chapters 6 through 11 and concentrates on additional components that make up a network security perimeter. Here, we examine the role of routers, virtual private networks (VPNs), network intrusion detection systems (IDSs), intrusion prevention systems (IPSs), and host-centric defense mechanisms.
Good design is covered in Part III, "Designing a Secure Network Perimeter," where we focus on integrating perimeter components into a unified defense architecture. Chapters 12 through 18 describe ways of achieving defense in depth that are appropriate for your needs and budgets, letting you apply what you have learned about security devices and approaches. In addition to discussing design fundamentals, we focus on topics such as resource separation, wireless network security, software architecture, and VPN integration. We also explain how to tune a security design to achieve optimal performance, and we look at several sample architectures.
Part IV, "Maintaining and Monitoring Perimeter Security," which comprises Chapters 19 through 24, concludes the book by answering the famous question, "How do you know?" It presents a discussion of understanding what the perimeter systems are telling us and of ensuring that the perimeter operates according to its design. We examine perimeter maintenance procedures, log analysis, and troubleshooting approaches. We also describe techniques for assessing the strength of your defenses and explain how to conduct an adversarial review of the network architecture. The last chapter summarizes defense-in-depth concepts that have been described throughout the book. It is a mirror in some sense of the first chapter, but it is used to wrap up prime concepts of the book.
We have also outfitted the book with two appendixes, where we provide sample Cisco access list configurations and discuss fundamentals of cryptography that are relevant to network defense. Designing, deploying, and maintaining a network security perimeter is a challenging journey, and we hope that our approach to network defense makes your path more comfortable.