Back in cisco land
I have finally started studying in earnest for my CCIE re-certification. I’m taking the Security specialization exam (which makes more sense for me, considering what I do for a living). I looked at the exam blueprint, and (surprisingly?) not much has changed since last time.
I decided to try actually ordering a book, since they keep raising the price of the exam. The one I got was marketed as the official exam guide from Cisco Press. I got that book last week, and yesterday I opened it up to see what it was like.
Wow. It is bad. No, it’s terrible. Seriously. I can’t imagine how it got published; the author clearly didn’t remember much of what he apparently once knew, detail-wise, and he didn’t bother to go back and look things up. Furthermore, the book appears to have had no editor, as there are various grammar and spelling bugs and even, in one case, a blatant margin note from the author to the effect of is this right?
I’ve taken a lot of tests in my life, for certifications and otherwise, and cisco’s CCIE exams are among the hardest. I can tell you that this book will prepare you for maybe 25% of the questions. I feel bad for anyone who shells out $300 for a test after preparing by reading this book.
Anyway, the worst stuff by far is the crypto stuff. It really appears to me that nobody knows this stuff, at least at Cisco Press. There are minor problems everywhere - things like MD-5 is difficult to decrypt
. Another Cisco Press book posed the following question: What is the only way to defeat a man-in-the-middle attack?
- with the absolutely stunningly insightful answer Cryptology
.
Maybe I’m just being too picky, but I think I’m not, for two reasons: 1) This particular security exam is supposed to be among the most difficult and detailed of security exams, and the kind of sloppiness in this book will make you fail, and 2) security is Very Hard Stuff, and security pros need to know their subject matter cold. Security mistakes resulting from getting it almost right
can be devastating.
At a quick glance, Wikipedia seems to be more accurate than most of these books (but proceed with caution down that path), but if you really want to grok security, from a crypto standpoint anyway, read Applied Cryptography by Bruce Schneier. Twice.
November 27th, 2006 at 10:57 pm
[…] I had complained about a few books previously; now I have some empirical data to help me better evaluate them. First, let me say that I was pleasantly surprised with one Cisco Press book, Network Security Principles and Practices by Saadat Malik. Things got a little unclear when he got deep into crypto, but otherwise, this is hands down the best of the books I read this weekend. […]