Posts Tagged ‘PKI’

Book Review: PKI Uncovered, Certificate-based Security Solutions for Next-Generation Networks

How do you rate/review a technical book?    I could go on and on about different methodologies, but basically, I think a technical book is good if I can read it without having to take a ton of breaks, if I walk away with an understanding of the technology, and if it meets the needs of why I read it in the first place.

What makes me take breaks?  Really dry, super-down-in-the-weeds writing.  I am not a PhD candidate, nor do I live for reading IEEE RFCs.  It’s been said that if you want to write for the masses, it has to be at an 8th grade level  (I may be wrong, it could be 6th or 10th grade).    Techies are generally not “the masses”, but we still don’t want to be bored.   Nor do we want to see if you can use every word in the dictionary that has more than six syllables.

Even when writing at a level that the masses can follow, a good technical writer still needs to be able to impart the desired information in such a way that it can be retained and be of value.   Good writers provide clear examples, use analogies when appropriate, and know when enough is enough.

One could argue that if I end up with an understanding of the technology, then it is a good book regardless of how hard it was to read.   But since this my blog and I am writing the review, my rules win.

Now on to the review…

I just finished reading PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks from Cisco Press.  All-in-all, it’s a decent book.  Just for grins, I read the intro/preface to see who was the intended target audience and I think it misfired in that sense.  It’s not technical enough for the die-hard techies (thankfully – see above about taking breaks) and it’s too technical for the C-level (and other managerial types) it listed.

This book follows a traditional chapter layout approach: theory, examples, troubleshooting, and integration with other products.

The first chapter is a refresh on cryptography.  It explains what it is, characteristics, and the major components.  I would have liked more info in this chapter, but it really is just meant to be a quick refresh before delving into PKI.

The next few chapters focus on components of a public key infrastructure, how to set it up, troubleshooting, and design.

The final chapters deal with integrating PKI with other Cisco technologies/product such as VPNs, Unified Communications, and such.  As mentioned on the back cover, the book “offers specific, detailed guidance on using PKI with Cisco ..” products and it does not disappoint.

So what did I like about this book?  I really liked the fact that this book has plenty of examples and screen shots.  Being Cisco-centric, this book does a great job of explaining how to setup PKI on Cisco gear.  There is also a very good chapter on how to troubleshoot your public key infrastructure.  The authors provide numerous process flow charts, log parsing examples, and more to help troubleshoot a technology that can be very cryptic (no pun intended) to figure out.  If you are a Cisco shop, consider certain aspects of this book to be like a cookbook: follow the examples shown, you should end up with a working public key infrastructure.

This is also the book’s downside.  Once you get past the first few chapters, this book is heavily Cisco focused. This isn’t a problem if you know that before purchasing.  After all, it is a Cisco Press book.  I’ve only read about 10 Cisco Press books and I read them because I wanted to know about Cisco product.  And to be fair, the back cover does state that the book is for “Cisco customers”.

Another positive quality of this book is that it provides some very good design principles, such as having multiple/redundant certificate servers (in the proper hierarchy).  Too many times I’ve seen tech books provide designs that have many built-in single points of failure.  This isn’t one of those books.

In my opinion, there are only two areas for improvement: writing style and technical depth.  The writing style is dry.  If you’ve read some of my other blog posts, you will undoubtedly have noticed that I’m very informal most of the time.  I also like to inject some humor into my writings every now and then.  That being said, this book could use some could use some lightening up.

As for technical depth, I would have liked a bit more on just a few topics.  Not super-techie, but a bit more.  For example, the book mentions Diffie-Hellman but doesn’t get into the workings of it.  Same can be said for a few other items.  I figure if you are going to mention something, then do it justice and not just cover it in a line or two.  I would hazard a guess that D-H isn’t discussed in much detail because it really isn’t germane to the book’s topic.  For those topics that are germane, the authors do a good job.  Deep enough, but not so deep as to put the average techie to sleep.

So would I recommend this book?  If you are a Cisco shop looking to implement PKI, then most definitely.   If you are not a Cisco shop, then half of this book may not be of value.  For theory and principles, I think you would see value in it.  It’s a judgment call at this point.  As for myself, I would consider this book a good buy just for the first few chapters.  The rest of it is bonus material.

Categories: Book Reviews, cisco Tags: ,