Sebastopol, CA--No matter how sophisticated an alarm system you have installed in your home, common sense (and security experts) will tell you that it's not going to do you much good if you fail to lock your doors. Likewise with your network, the finest IDS (intrusion detection system) won't deter intruders if your routers are unsecured. "Organizations spend hundreds of thousands of dollars on firewalls, virtual private networks, intrusion detection, and other security measures, and yet they run routers with out-of-the-box configurations," says Thomas Akin, author of Hardening Cisco Routers (O'Reilly, US $24.95). "From personal experience, at least eight or nine out of every ten networks has routers that are vulnerable to attacks."
Network security is most often thought of as something that protects machines on a network, Akin explains, but router security involves protecting the network itself by hardening or securing the routers. Specifically, it prevents attackers from using routers to gain information about a network that can be used in an attack, disabling the routers (and therefore the network), reconfiguring routers, and even using the routers to launch further internal or external attacks. Router attacks have not drawn a lot of attention from the media, however, because routers are often used to provide attackers with valuable information about the network and servers rather than being the object of attack themselves. Moreover, router compromises are less likely to be detected than other forms of attack.
"Cisco routers run an estimated seventy to eighty percent of the Internet. Attacks on them by hackers are becoming increasingly more frequent," Akins warns. "Once an attacker has control of your router, he has control of your network. So router security is going to become an extremely important issue over the next few years."
Hardening Cisco Routers focuses exclusively on how to secure routers against attack, providing a succinct, practical guide to understanding and applying router security. At the end of each chapter, Akin includes a checklist that summarizes the hardening techniques discussed in the chapter. The checklist helps administrators double-check the configurations they've made and serves as a quick reference for future security procedures. The book also covers topics that incorporate the most current thinking about security: denial of service attack mitigation, router auditing, and FBI recommendations on incident response.
"Information security is vital to every person and business that owns a computer, yet the majority of system and network administrators are not taught security as part of their jobs," says Akin. "Security is a key part of every administrator's job, and I hope that my book will serve as a hands-on guide to help network administrators understand and implement security on their networks' routers.
"I put a tremendous amount of effort into making the book as practical and useful as possible," Akin adds. "After buying the book, readers will be able to follow a step-by-step checklist to increase the security of their routers."
Hardening Cisco Routers was written for network administrators who need guidance on securing their Cisco routers. Security auditors can also use the checklists as baselines when verifying the security of an organization's routers. Readers will find that once they have mastered the information in this book, they will have a secure foundation on which to build their networks and network security.
By Thomas Akin
ISBN 0-596-00166-5, 173 pages, $24.95 (US), $37.95 (CAN)
O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.
PRESS QUERIES ONLY