book

Inside Network Perimeter Security, Second Edition

Name: Inside Network Perimeter Security, Second Edition
ISBN: 0672327376

by Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Kent, Ronald W. Ritchey

March 2005

Intermediate to advanced

768 pages

22h 32m

English

Sams

Read now

Unlock full access

Copyright
About the Authors
About the Technical Editors
Acknowledgments
We Want to Hear from You!
Reader Services
Preface
Rickety PlanesFires in the WestRapid Advances in TechnologyDecline in Personal ServiceContinuous InspectionsDefense in DepthCore Business Sector
Introduction
Who Should Read This BookWhy We Created This Book's Second EditionOverview of the Book's ContentsConventions
I. The Essentials of Network Perimeter Security
1. Perimeter Security Fundamentals
Terms of the TradeThe PerimeterBorder RoutersFirewallsIntrusion Detection SystemsIntrusion Prevention SystemsVirtual Private NetworksSoftware ArchitectureDe-Militarized Zones and Screened SubnetsDefense in DepthComponents of Defense in DepthThe PerimeterThe Internal NetworkThe Human FactorCase Study: Defense in Depth in ActionSummary

2. Packet Filtering
TCP/IP Primer: How Packet Filtering WorksTCP and UDP PortsTCP's Three-way HandshakeThe Cisco Router as a Packet FilterAn Alternative Packet Filter: IPChainsThe Cisco ACLRule OrderCisco IOS BasicsEffective Uses of Packet-Filtering DevicesFiltering Based on Source Address: The Cisco Standard ACLBlacklisting: The Blocking of Specific Addresses“Friendly Net”: Allowing Specific AddressesIngress FilteringEgress FilteringTracking Rejected TrafficFiltering by Port and Destination Address: The Cisco Extended ACLThe Cisco Extended ACL“Friendly Net” RevisitedFiltering TCP and UDP Ports and ICMP TypesProblems with Packet FiltersSpoofing and Source RoutingFragmentsOpening a “Hole” in a Static Packet FilterTwo-way Traffic and the established KeywordThe established Keyword and the Problem of DNSProtocol Problems: Extended Access Lists and FTPDynamic Packet Filtering and the Reflexive Access ListFTP Problems Revisited with the Reflexive Access ListReflexive ACLs with UDP and ICMP Traffic: Clearing Up DNS IssuesTrouble in Paradise: Problems with Reflexive Access ListsCisco IPv6 Access ListsSummaryReferences
Bibliography
3. Stateful Firewalls
How a Stateful Firewall WorksThe Concept of StateTransport and Network Protocols and StateTCP and StateUDP and StateICMP and StateApplication-Level Traffic and StateHTTP and StateFile Transfer Protocol and StateMultimedia Protocols and the Stateful FirewallProblems with Application-Level InspectionDeep Packet InspectionStateful Filtering and Stateful InspectionStateful Firewall Product ExamplesNetfilter/IPTablesCheck Point FireWall-1The Cisco PIX FirewallSummaryReferences
Bibliography
4. Proxy Firewalls
Fundamentals of ProxyingPros and Cons of Proxy FirewallsAdvantages of Proxy FirewallsDisadvantages of Proxy FirewallsTypes of ProxiesWeb ProxiesReverse ProxiesAnonymizing ProxiesTools for ProxyingFirewall Toolkit (FWTK)SOCKSSOCKS Version 4SOCKS Version 5SquidSummary
5. Security Policy
Firewalls Are PolicyActive Policy EnforcementUnenforceable PolicyThe Effect of Unenforceable PolicyVectors for Unenforceable PolicyUnwittingly Coding Unenforceable PolicyNo Up-front PolicyTCP Port 80EmailVery Large, Very High-Latency PacketsBackdoorsHow to Develop PolicyIdentify RisksCommunicate Your FindingsCreate or Update the Security Policy as NeededDetermine Policy ComplianceSound Out the Organization's Rules and CultureComparing Policy and CultureWritten PolicyDirectivesContracts and Human Resources RulingsUnwritten PolicyElements of PolicyAuthorityScopeExpirationHallmarks of Good PolicySpecificity and ClarityConcisenessRealismPerimeter ConsiderationsReal-world Operations and PolicyPresumption of PrivacyEmail HandlingIncident Handling: Preparation to ContainmentIncident Handling: Eradication to Lessons LearnedRules of the RoadSummaryReferences
Bibliography
II. Fortifying the Security Perimeter
6. The Role of a Router
The Router as a Perimeter DeviceRoutingSecure Dynamic RoutingRoute AuthenticationOther Dynamic Routing DefensesThe Router as a Security DeviceThe Router as a Part of Defense in DepthPacket FilteringNetwork-Based Application Recognition (NBAR)The Router as a Lone Perimeter Security SolutionRouter PlacementTechnology ChoicesRouter HardeningOperating SystemLocking Down Administration PointsTelnetSSHThe Console PortTFTP and FTPConfiguration Management Tricks with TFTP and ScriptsSimple Network Management ProtocolAuthentication and PasswordsDisabling ServersDisable Unneeded ServicesSmall ServicesCisco Discovery ProtocolFingerPAD ServiceProxy-ARPConfigure NTP and NTP AuthenticationCisco TCP Keepalives ServicesUnicast Reverse Path ForwardingInternet Control Message Protocol BlockingUnreachablesDirected BroadcastsRedirectsSpoofing and Source RoutingRouter LoggingAutomatic Securing and Auditing of Cisco RoutersSecuring Your Router with Cisco's Auto Secure FeatureAuditing Your Router with the Router Audit Tool (RAT)Summary
7. Virtual Private Networks
VPN BasicsBasic VPN MethodologyWhat Is Tunneling?Packet-Level View of TunnelingAdvantages and Disadvantages of VPNsBenefits of a VPNSecurityDeployment AdvantagesCost EffectivenessDisadvantages of VPNProcessing OverheadPacket OverheadImplementation IssuesTroubleshooting and Control IssuesInternet Availability IssuesIPSec BasicsIPSec Protocol SuiteSAIPSec Tunnel and Transport ModesIKEIKE Phase 1Annotated IKE Phase 1 ExampleIKE Phase 2Annotated IKE Phase 2 ExampleIPSec Security Protocols AH and ESPAH ProtocolESPCombined Use of ESP and AHIPSec Configuration ExamplesCisco Router VPN ExamplesWindows XP IPSec Configuration ExampleOther VPN Protocols: PPTP and L2TPPPTPL2TPComparison of PPTP, L2TP, and IPSecPPTP and L2TP ExamplesClient Windows XP SetupCisco PIX VPDN Setup for PPTP TrafficSummaryReferences
Bibliography
8. Network Intrusion Detection
Network Intrusion Detection BasicsThe Need for Intrusion DetectionAnomaly DetectionSignature DetectionHow Signatures WorkFalse Positives and False NegativesDeveloping Signatures That Minimize False Positives and NegativesDetecting IDS Evasion TechniquesAvoiding Unwanted AlertsAlerting, Logging, and ReportingIntrusion Detection SoftwareIntrusion-Related ServicesDistributed IDS ServicesOutsourced Intrusion Detection System MonitoringThe Roles of Network IDS in a Perimeter DefenseIdentifying WeaknessesSecurity AuditingPolicy ViolationsDetecting Attacks from Your Own HostsIncident Handling and ForensicsComplementing Other Defense ComponentsIDS Sensor PlacementDeploying Multiple Network SensorsPlacing Sensors Near Filtering DevicesPlacing IDS Sensors on the Internal NetworkWorking with EncryptionProcessing in High-traffic SituationsConfiguring SwitchesUsing an IDS Management NetworkMaintaining Sensor SecurityCase StudiesCase Study 1: Simple Network InfrastructureIDS Deployment RecommendationsCase Study 2: Multiple External Access PointsIDS Deployment RecommendationsCase Study 3: Unrestricted EnvironmentIDS Deployment RecommendationsSummary
9. Host Hardening
The Need for Host HardeningRemoving or Disabling of Unnecessary ProgramsControlling Network ServicesResource-Sharing ServicesRemote Access ServicesInformation LeakageRemoving Extraneous Software ComponentsLimiting Access to Data and Configuration FilesControlling User and PrivilegesManaging Unattended AccountsProtecting Administrative AccountsEnforcing Strong PasswordsControlling Group MembershipMaintaining Host Security LogsWindows Logging and AuditingUNIX Logging and AuditingApplying PatchesAdditional Hardening GuidelinesAutomating Host-Hardening StepsCommon Security VulnerabilitiesHardening ChecklistsSummary
10. Host Defense Components
Hosts and the PerimeterWorkstation ConsiderationsServer ConsiderationsAntivirus SoftwareStrengths of Antivirus SoftwareLimitations of Antivirus SoftwareHost-Based FirewallsFirewalls for WorkstationsFirewalls for ServersPFPacket Filtering via IPSec on WindowsHost-Based Intrusion DetectionThe Role of Host-Based IDSHost-Based IDS CategoriesChecking the File System's IntegrityNetwork Connection MonitorsLog File MonitorsChallenges of Host Defense ComponentsDefense Components on Compromised HostsControlling Distributed Host Defense ComponentsSummaryReferences
Bibliography
11. Intrusion Prevention Systems
Rapid Changes in the MarketplaceWhat Is IPS?An IPS Must Be FastAn IPS Must Keep StateAn IPS Must Be Accurate and Up to DateAn IPS Must Have the Ability to Nullify an AttackIPS LimitationsAn Excuse to Ignore Sound PracticeAn IPS Simply Buys You TimeNIPSHow Chokepoint NIPS WorkFirewall Plus SomethingCheck Point FireWall-1 NGmodwallIDS Plus SomethingIntruShieldNFR SentivistHogWash and Snort-InlineLaBrea Technologies SentrySwitch-Type NIPSProtocol Scrubbing, Rate Limiting, and Policy EnforcementEnvironmental Anomaly AnalysisNIPS ChallengesDetection Capabilities and Evasion ResistanceStability DemandsThroughput DemandsLatency RequirementsSecurityPassive AnalysisIncreased Security Intelligence in the Switch ProductsTippingPoint's UnityOne IPSTopLayer Attack MitigatorSwitch NIPS Deployment RecommendationsBegin Budgeting NowReview Products in Report-Only ModeWork with Vendors Identifying Test Procedures for False Positives and False NegativesBe Wary of Absence of Auto-Update MechanismsBe Wary of Auto-Update MechanismsDocument a Change-Management MechanismExpect the NIPS to Be Blamed for All ProblemsUse a Combination of NIPS and NIDS Where AppropriateHost-Based Intrusion Prevention SystemsReal-world Defense ScenariosDynamic Rule Creation for Custom ApplicationsMonitoring File IntegrityMonitoring Application BehaviorHIPS AdvantagesHIPS ChallengesMore HIPS ChallengesHIPS RecommendationsDocument Requirements and Testing ProceduresDevelop a Centrally Managed Policy for Controlling UpdatesDon't Blindly Install Software UpdatesDon't Rely Solely on HIPS to Protect SystemsExpect Your HIPS to Come Under AttackSummary
III. Designing a Secure Network Perimeter
12. Fundamentals of Secure Perimeter Design
Gathering Design RequirementsDetermining Which Resources to ProtectServersWorkstationsNetworking GearModemsOther DevicesDetermining Who the Potential Attackers AreDetermined OutsiderDetermined InsiderScript KiddyAutomated Malicious AgentsDefining Your Business RequirementsCostBusiness-Related ServicesPerformanceInline Security DevicesThe Use of EncryptionDetailed LoggingFault ToleranceIntrasystem RedundancyIntrasite RedundancyFirewall RedundancySwitch RedundancyGeographic RedundancyDesign Elements for Perimeter SecurityFirewall and RouterBasic FilteringAccess ControlRouter Under the ISP's ControlRouter Without the FirewallFirewall and VPNFirewall with VPN as External DeviceFirewall and VPN in One SystemMultiple FirewallsInline FirewallsFirewalls in ParallelSummaryReferences
Bibliography
13. Separating Resources
Security ZonesA Single SubnetSecurity Zones Within a ServerSecurity Zones via Dedicated ServersMultiple SubnetsBroadcast DomainsSecurity Zones via SubnetsCommon Design ElementsMail RelayJustifying Mail Server SeparationImplementing a Mail RelaySplit DNSJustifying DNS Server SeparationDNS Spoofing AttacksImplementing Split DNSClient SeparationLAN-Connected DesktopsWandering Laptops, VPN and Dialup UsersThe Wireless ClientVLAN-Based SeparationVLAN BoundariesJumping Across VLANsFirewalls and VLANsPrivate VLANsSummaryReferences
Bibliography
14. Wireless Network Security
802.11 FundamentalsSecuring Wireless NetworksNetwork DesignSeparation via Network Control MechanismsProtecting Against Signal LeakageDefending Against Wireless Denial of Service (DoS)Wireless EncryptionWired Equivalent Privacy (WEP)Extensible Authentication Protocols: PEAP/LEAP/EAP-TLSWi-Fi Protected Access (WPA)Hardening Access PointsDisabling SSID BroadcastsMAC Address LockdownMiscellaneous AP HardeningDefense in Depth for Wireless NetworksVPN/IPSecHost DefensesAuditing Wireless SecurityAuditing the Wireless Network DesignAuditing Network ControlsAuditing Signal LeakageAuditing EncryptionCase Study: Effective Wireless ArchitectureSummaryReferences
Bibliography
15. Software Architecture
Software Architecture and Network DefenseThe Importance of Software ArchitectureThe Need to Evaluate Application SecurityHow Software Architecture Affects Network DefenseFirewall and Packet-Filtering ChangesWeb Services and Interapplication CommunicationsConflicts with Network ConfigurationEncrypting ConnectionsPerformance and ReliabilityAtypical Operating SystemSoftware Component PlacementSingle-System ApplicationsMultitier ApplicationsAdministrator Access to SystemsUser-Unfriendly SecurityExternal Administrative Access to ApplicationsApplications for Internal Users OnlyIdentifying Potential Software Architecture IssuesSoftware Evaluation ChecklistSources of Application InformationHow to Handle an Unsecurable ApplicationSoftware TestingHost SecurityNetwork Configuration and SecurityNetwork Defense Design RecommendationsCase Study: Customer Feedback SystemDeployment LocationsArchitecture RecommendationCase Study: Web-Based Online Billing ApplicationDeployment LocationsWeb Interface on Existing Screened SubnetWeb Interface and Application on the Same Screened SubnetAll Components on the Internal NetworkArchitecture RecommendationSummaryReferences
Bibliography
16. VPN Integration
Secure ShellStandard SSH ConnectionsSSH Client IntegrationSSH Server IntegrationSSH Perimeter Defense AdjustmentsWhen to Use Standard SSH ConnectionsSSH TunnelsSSH Tunnel Client IntegrationSSH Tunnel Server IntegrationSSH Tunnel Perimeter Defense AdjustmentsWhen to Use SSH TunnelsSecure Sockets LayerSSL Standard ConnectionsSSL Client IntegrationSSL Server IntegrationSSL Perimeter Defense AdjustmentsWhen to Use SSLSSL TunnelsSSL Tunnel Perimeter Defense AdjustmentsWhen to Use SSL TunnelsSSL Proxy ServersSSL Proxy Server Perimeter Defense AdjustmentsWhen to Use SSL Proxy ServersRemote Desktop SolutionsSingle SessionSingle-Session Remote Desktop Client IntegrationSingle-Session Remote Desktop Server IntegrationSingle-Session Remote Desktop Perimeter Defense AdjustmentsWhen to Use Single-Session Remote Desktop SoftwareMultiple SessionMultiple Remote Desktop Client IntegrationMultiple Remote Desktop Server IntegrationMultiple Remote Desktop Perimeter Defense AdjustmentsWhen to Use Terminal Server SoftwareIPSecIPSec Client IntegrationIPSec Server IntegrationIPSec Perimeter Defense AdjustmentsIPSec ArchitecturesOther VPN ConsiderationsProprietary VPN ImplementationsCompromised or Malicious VPN ClientsVPN Design Case StudyCase Study: Home Users and Multiple ApplicationsTerminal ServerIPSecSSL-Enabled ApplicationsCase Study ConclusionSummaryReferences
Bibliography
17. Tuning the Design for Performance
Performance and SecurityDefining PerformanceNetwork Bandwidth and LatencyResponse TimeThroughputUnderstanding the Importance of Performance in SecurityNetwork Security Design Elements That Impact PerformanceThe Performance Impacts of Network FiltersPacket FiltersStateful FirewallsProxy FirewallsContent FiltersNetwork ArchitectureBroadcast DomainsWAN LinksTCP/IP TuningRouting Protocols: RIP Versus OSPFCase Studies to Illustrate the Performance Impact of Network Security Design ElementsCase Study 1: Two Networks Connected Using 128K ISDNCase Study 2: Satellite-Based NetworkImpact of EncryptionCryptographic ServicesUnderstanding Encryption at the Network and Transport LayersNetwork Layer CryptographyTransport Layer Security (TLS)Using Hardware Accelerators to Improve PerformanceCase Studies to Illustrate the Performance Impact of EncryptionCase Study 3: Link Encrypting Between Two RoutersCase Study 4: SSL Web ServerUsing Load Balancing to Improve PerformanceProblems with Load BalancingLayer 4 DispatchersLayer 7 DispatchersMitigating the Effects of DoS AttacksICMP FloodingSYN FloodingSummaryReferences
Bibliography
18. Sample Designs
Review of Security Design CriteriaCase StudiesCase Study 1: Telecommuter Who Is Using a Broadband ConnectionCase Study 2: A Small Business That Has a Basic Internet PresenceCase Study 3: A Small E-Commerce SiteCase Study 4: A Complex E-Commerce SiteThe InternetThe DMZThe Proxy LayerThe Internal NetworkThe Security NetworkSummary
IV. Maintaining and Monitoring Perimeter Security
19. Maintaining a Security Perimeter
System and Network MonitoringBig Brother FundamentalsEstablishing Monitoring ProceduresHosts and DevicesAccessibility of Network ServicesLocal System AttributesSecurity Considerations for Remote MonitoringIncident ResponseNotification OptionsGeneral Response GuidelinesResponding to Malicious IncidentsAutomating Event ResponsesAccommodating ChangeFundamentals of Change ManagementObtaining Buy-in from Relevant PersonnelCommunicating Proposed ChangesPreventing and Detecting Unauthorized ChangesTesting Changes Before DeploymentVerifying Proper System OperationRolling Back Undesired ChangesImplementing Change-Management ControlsApplying PatchesDiscovering New Services and DevicesSummaryReferences
Bibliography
20. Network Log Analysis
The Importance of Network Log FilesCharacteristics of Log FilesInformation That Log Files Usually RecordInformation That Log Files Sometimes RecordInformation That Log Files Rarely RecordPurposes of Log FilesIncident HandlingIntrusion DetectionEvent CorrelationGeneral TroubleshootingLog Analysis BasicsGetting Started with Log AnalysisAutomating Log AnalysisGetting the Right Data from Log FilesDesigning ReportsUsing a Third-Party Analysis ProductTimestampsAnalyzing Router LogsCisco Router LogsOther Router LogsAnalyzing Network Firewall LogsCisco PIX LogsCheck Point FireWall-1 LogsIPTables LogsAnalyzing Host-Based Firewall and IDS LogsZoneAlarmNorton Personal FirewallSummary
21. Troubleshooting Defense Components
The Process of TroubleshootingCollecting SymptomsReviewing Recent ChangesForming a HypothesisTesting the HypothesisAnalyzing the ResultsRepeating If NecessaryTroubleshooting Rules of ThumbMake Only One Change at a TimeKeep an Open MindGet a Second OpinionStay Focused on Fixing the ProblemDon't Implement a Fix That Further Compromises Your SecurityThe Obvious Problems Are Often OverlookedDocument, Document, Document!The Troubleshooter's ToolboxApplication Layer TroubleshootingNslookupSystem Call Trace UtilitiesOther Useful UtilitiesTroubleshooting Check Point FireWall-1 with FW MonitorTransport Layer TroubleshootingTelnetNetcatNetstatLsofFport and Active PortsHpingTcpdumpRevisiting the Sample Firewall Problem with Transport Layer TechniquesNetwork Layer TroubleshootingIfconfig and IpconfigNetstatPingTracerouteTcpdumpLink Layer TroubleshootingIfconfig and IpconfigARPTcpdumpRevisiting the Sample Firewall Problem with Link Layer TechniquesSummaryReferences
Bibliography
22. Assessment Techniques
Roadmap for Assessing the Security of Your NetworkPlanningReconnaissanceNetwork Service DiscoverySystem EnumerationNetwork ScannersTracerouteService DiscoveryNmapTelnet and Banner RetrievalVulnerability DiscoveryNessusISS Internet ScannerRetinaLANguardVulnerability ResearchVerification of Perimeter ComponentsPreparing for the Firewall ValidationVerifying Access ControlsTraffic RestrictionsFirewall ManagementRemote AccessWardialingWardrivingVPNs and Reverse ProxiesEncryptionAuthenticationAccess ControlsClient-Side RestrictionsExploitationResults Analysis and DocumentationSummary
23. Design Under Fire
The Hacker Approach to Attacking NetworksAdversarial ReviewGIAC GCFW Student Practical DesignsPractical Design 1Determining the Access That Remains: Screening Filtering RoutersThe Ingress FilterThe Egress FilterOther FiltersProtecting the RoutersDetermining the Impact: RoutersDetermining the Access That Remains: The External FirewallsIncomingOutgoingTo DMZFrom DMZDetermining the Impact: The External FirewallsDetermining the Access That Remains: The Internal FirewallsDetermining the Impact: The Internal FirewallRepeating as Necessary: Attacking the Whole NetworkPractical Design 2Determining the Access That Remains: The External FirewallDetermining the Impact: The External FirewallDetermining the Access That Remains: The Public Web ServerDetermining the Impact: The Public Web ServerDetermining the Access That Remains: The Extranet ServerDetermining the Impact: The Extranet ServerDetermining the Access That Remains: The Internal FirewallDetermining the Impact: The Internal FirewallRepeating as Necessary: Attacking the Whole NetworkSummaryReferences
Bibliography
24. A Unified Security Perimeter: The Importance of Defense in Depth
Castles: An Example of Defense-in-Depth ArchitectureHard Walls and Harder CannonballsSecret PassagesTunnels Through the FirewallSOAP (Simple Object Access Protocol)Non-RFC Approaches to HTTP TunnelingAttacking the Web ServerChange in the Perimeter ConfigurationInsider ThreatsInsider Employees and ContractorsInsider Programs, Spyware, and Keystroke LoggersHiding in the MistSYN/FINReconnaissance with FragmentsReconnaissance with Echo RepliesDefense on the InsideHost-Centric Firewalls as SensorsInternal Firewalls/AppliancesThe Case for AirgapsSelf-Defending Network (SDN)Absorbent PerimetersHoneypotsRate LimitingFailoverDefense in Depth with InformationThe Problem of DiffusionCryptography and Defense in DepthSummary
V. Appendixes
A. Cisco Access List Sample Configurations
Complete Access List for a Private-Only NetworkComplete Access List for a Screened Subnet Network That Allows Public Server Internet AccessExample of a Router Configuration as Generated by the Cisco Auto Secure Feature
B. Crypto 101
Encryption AlgorithmsShared Key: SymmetricPublic–Private Key: AsymmetricDigital Signatures and Hash AlgorithmsReferences
Bibliography

Overview

Security professionals and administrators now have access to one of the most valuable resources for learning best practices for network perimeter security. Inside Network Perimeter Security, Second Edition is your guide to preventing network intrusions and defending against any intrusions that do manage to slip through your perimeter. This acclaimed resource has been updated to reflect changes in the security landscape, both in terms of vulnerabilities and defensive tools. Coverage also includes intrusion prevention systems and wireless security. You will work your way through fortifying the perimeter, designing a secure network, and maintaining and monitoring the security of the network. Additionally, discussion of tools such as firewalls, virtual private networks, routers and intrusion detection systems make Inside Network Perimeter Security, Second Edition a valuable resource for both security professionals and GIAC Certified Firewall Analyst certification exam candidates.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Network Security First-Step, Second Edition

Integrated Security Technologies and Solutions - Volume I: Cisco Security Solutions for Advanced Threat Protection with Next Generation Firewall, Intrusion Prevention, AMP, and Content Security, First edition

Aaron Woland, Vivek Santuka, Mason Harris, Jamie Sanbower

Publisher Resources

ISBN: 0672327376Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills