There are two books on network security that any network manager ought to read. It’s almost impossible to develop a network with no vulnerabilities because the dangers to networks seem to be growing faster than network administrators can keep up. I think anybody who is operating a network ought to read the following two books. They give a lot of practical advice about how to protect your network from the many threats that can damage your network and your business.
Hacking Exposed by Stuart McClure, Joel Scambray and George Kurtz. The first version of this book came out on 1999 and is now up to the seventh edition. One would expect that there soon will be an eighth edition. The authors are industry experts. Stuart McClure has been the CTO of both McAfee and Intel. Joel Scambray was a senior director of security for Microsoft and has gone on to found successful security consultancy companies. George Kurtz is co-founder and CEO of CrowdStrike, a big data security company. Additionally they have brought in guest authors from other parts of the industry.
This is an industry standby and lays forth network security by discussing ways that security can be breached. The books covers two primary topics. First it describes the basics of hacking and it describes the approaches that hackers take to violate networks. This is the basic stuff that every network engineer ought to know about. It covers hacker techniques like enumeration, foot printing, database hacking, operation system detection and many other techniques. And it describes the basic network security techniques that are used to protect against each of these kinds of threats.
The books also then covers very more specific examples of hacking and this is the section of the book that gets quickly out of date as hackers change their techniques to bypass security measures. However, the real-life examples given are fascinating and provide a detailed look into how hackers think and work. But these examples are often somewhat dated by the time they make it into the latest edition. So this is not a book that tells you every step you should take with your network today, but instead is a primer to teach network engineers how hackers think. Used in that manner this book ought to be required reading for anybody operating an IP network.
Securing VoIP Networks by Peter Thermos and Ari Takanen. This new book is a compendium of the kinds of threats that can disrupt a VoIP network (or any IP network for the most part). Many of the threats discussed are specific to VoIP while others are more generic and concern general network security.
This book is probably the best basic compendium of issues that affect VoIP security. It describes each of the basic different technologies that are used to provide VoIP. It then goes on to describe the kinds of problems that can be found in VoIP networks. It lists well over two dozen major problems that range from network design flaws to hacking vulnerabilities. It includes such topics as insufficient verification, too low resources, password management, authentication, error handling and lack of a fallback system. For each VoIP network vulnerability it then discusses ways to mitigate each type of problem.
This books should be required reading for anybody who is thinking about launching a new VoIP network. It will provide you with a wealth of knowledge that will stop you from making common mistakes. But this also ought to be required reading for anybody who is going to purchase a significant amount of VoIP from somebody else. There are literally hundreds of companies today operating VoIP wholesale networks and they are not all the same. This book will arm you to ask the right questions about a potential VoIP vendor rather than mindlessly going for the lowest price.