Cisco Nac Appliance

Cisco Nac Appliance : Enforcing Host Security with Clean Access

4.66 (3 ratings by Goodreads)
By (author)  , By (author)  , By (author)  , By (author) 

List price: US$67.00

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Cisco NAC Appliance Enforcing Host Security with Clean Access Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance Jamey Heary, CCIE(R) No. 7680 Contributing authors: Jerry Lin, CCIE No. 6469, Chad Sullivan, CCIE No. 6493, and Alok Agrawal With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past. Cisco(R) Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point. Cisco NAC Appliance provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy. Jamey Heary, CCIE(R) No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP(R), and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. * Understand why network attacks and intellectual property losses can originate from internal network hosts * Examine different NAC Appliance design options * Build host security policies and assign the appropriate network access privileges for various user roles * Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide * Set up and configure the NAC Appliance solution * Learn best practices for the deployment of NAC Appliance * Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-Security Covers: End-Point Securityshow more

Product details

  • Paperback | 576 pages
  • 185.42 x 226.06 x 33.02mm | 793.78g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587053063
  • 9781587053061
  • 1,835,771

Back cover copy

"Cisco NAC Appliance" "Enforcing Host Security with Clean Access" Authenticate, inspect, remediate, and authorize end-point devices using Cisco NAC Appliance Jamey Heary, CCIE(R) No. 7680 Contributing authors: Jerry Lin, CCIE No. 6469, Chad Sullivan, CCIE No. 6493, and Alok Agrawal With today's security challenges and threats growing more sophisticated, perimeter defense alone is no longer sufficient. Few organizations are closed entities with well-defined security perimeters, which has led to the creation of perimeterless networks with ubiquitous access. Organizations need to have internal security systems that are more comprehensive, pervasive, and tightly integrated than in the past. Cisco(R) Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access, provides a powerful host security policy inspection, enforcement, and remediation solution that is designed to meet these new challenges. Cisco NAC Appliance allows you to enforce host security policies on all hosts (managed and unmanaged) as they enter the interior of the network, regardless of their access method, ownership, device type, application set, or operating system. Cisco NAC Appliance provides proactive protection at the network entry point. "Cisco NAC Appliance" provides you with all the information needed to understand, design, configure, deploy, and troubleshoot the Cisco NAC Appliance solution. You will learn about all aspects of the NAC Appliance solution including configuration and best practices for design, implementation, troubleshooting, and creating a host security policy. Jamey Heary, CCIE(R) No. 7680, is a security consulting systems engineer at Cisco, where he works with its largest customers in the northwest United States. Jamey joined Cisco in 2000 and currently leads its Western Security Asset team and is a field advisor for its U.S. Security Virtual team. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP(R), and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. Understand why network attacks and intellectual property losses can originate from internal network hosts Examine different NAC Appliance design options Build host security policies and assign the appropriate network access privileges for various user roles Streamline the enforcement of existing security policies with the concrete measures NAC Appliance can provide Set up and configure the NAC Appliance solution Learn best practices for the deployment of NAC Appliance Monitor, maintain, and troubleshoot the Cisco NAC Appliance solution This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Cisco Press-Security Covers: End-Point Securityshow more

About Jamey Heary

About the Author Jamey Heary , CCIE No. 7680, is currently a security consulting systems engineer at Cisco Systems, Inc., and works with its largest customers in the Northwest United States. Jamey joined Cisco in 2000. He currently leads its Western Security Asset team and is a field advisor for the U.S. Security Virtual team. Prior to working at Cisco, he worked for the Immigration and Naturalization Service as a network consultant and project leader. Before that he was the lead network and security engineer for a financial firm whose network carries approximately 12 percent of the global equities trading volume worldwide. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. He has been working in the IT field for 13 years and in IT security for 9 years. He has a BS from St. Lawrence University. About the Contributing Authors Jerry Lin, CCIE No. 6469, is a consulting systems engineer for Cisco and is based in southern California. He specializes in security best practices. Jerry has worked with a variety of Cisco enterprise customers in areas such as software development, local government agencies, K-12 and universities, high tech manufacturing, retail, and health care, as well as managed web-hosting service provider customers. He holds his CCIE in routing and switching as well as in CCDP and CISSP. Jerry has been working in the IT industry for the past 12 years. During the late 1990s, he worked as a technical instructor. Jerry earned both a bachelor's degree and a master's degree in mechanical engineering from the University of California, Irvine. Chad Sullivan, CCIE No. 6493 (Security, Routing and Switching, SNA/IP), CISSP, CHSP, is a senior security engineer and owner of Priveon, Inc., which provides leading security solutions to customers globally. Prior to starting Priveon, Chad worked as a security consulting systems engineer at Cisco. Chad is recognized within the industry as one of the leading implementers of the Cisco Security Agent product and is the author of both Cisco Press books dedicated to the Cisco Security Agent. Alok Agrawal is the technical marketing manager for the Cisco NAC Appliance (Clean Access) product. He leads the technical marketing team developing technical concepts and solutions and driving future product architecture and features. He works with the Cisco sales and partner community to scale the adoption of the NAC Appliance product line globally. Prior to joining the Cisco Security Technology Group, he worked in the switching team of the Cisco Technical Assistance Center. He has a strong background in routing and switching and host security design and implementation. Alok holds a master's degree in electrical engineering from the University of Southern California and a bachelor's degree in electronics engineering from the University of Mumbai.show more

Table of contents

Introduction xxii Part I The Host Security Landscape 3 Chapter 1 The Weakest Link: Internal Network Security 5 Security Is a Weakest-Link Problem 6 Hard Outer Shell with a Chewy Inside: Dealing with Internal Security Risks 7 The Software Update Race: Staying Ahead of Viruses, Worms, and Spyware 9 Summary 10 Chapter 2 Introducing Cisco Network Admission Control Appliance 13 Cisco NAC Approaches 13 NAC as an Appliance 13 NAC as an Embedded Solution 15 Cisco NAC Integrated Implementation 16 Cisco NAC Appliance Overview 16 Cisco NAC Return on Investment 17 Summary 18 Part II The Blueprint: Designing a Cisco NAC Appliance Solution 21 Chapter 3 The Building Blocks in a Cisco NAC Appliance Design 23 Cisco NAC Appliance Solution Components 23 Cisco NAC Appliance Manager 24 Cisco NAC Appliance Server 25 Cisco Clean Access Agent 28 Cisco NAC Appliance Network Scanner 29 Cisco NAC Appliance Minimum Requirements 30 Cisco NAC Appliance Manager and Server Requirements 31 Cisco Clean Access Agent Requirements 32 Scalability and Performance of Cisco NAC Appliance 33 Summary 33 Chapter 4 Making Sense of All the Cisco NAC Appliance Design Options 35 NAC Design Considerations 35 Single-Sign-On Capabilities 36 In-Band Versus Out-of-Band Overview 36 Layer 2 Versus Layer 3 Client Adjacency Overview 37 Virtual Gateway Versus Real IP Gateway Overview 37 Deployment Options 38 How to Choose a Client/Server Adjacency Mode 39 Layer 2 Mode 40 Layer 3 Mode 40 Layer 2 Strict Mode for Clean Access Agent 41 How to Choose a Network Mode 42 Virtual Gateway Mode 42 Real IP Gateway Mode 43 In-Band Mode 43 The Certification Process in In-Band Mode 44 Certification Steps for Host with Clean Access Agent 44 Steps for Client to Acquire an IP Address 44 Clean Access Agent Authentication Steps 45 Clean Access Agent Host Security Posture Assessment Steps 45 Clean Access Agent Network Scanner Steps 46 Agent Post-Certification Steps 47 Login Steps for Host Using Web Login (No Clean Access Agent) 47 Web Login Authentication Steps 48 Web Login Network Scanning Steps 48 Post-Web Login Steps 50 Advantages of Using In-Band Mode 50 Disadvantages of Using In-Band Mode 51 Where You Can Use In-Band Mode 51 Out-of-Band Mode 52 How the Adjacency Mode Affects Out-of-Band Operation 56 Layer 3 Out-of-Band Traffic Control Methods 58 How the Network Mode Affects Out-of-Band Operation 65 Login Steps with OOB in L2 Adjacency, Virtual Gateway Mode 68 Initial Steps for OOB Clients 69 Clean Access Agent Authentication Steps in OOB 71 Agent Host Security Posture Assessment Steps for OOB 71 Agent Post-Certification Steps for OOB 72 Login Steps for OOB in L3 Adjacency, Real IP Mode 73 Initial Client Steps for L3 OOB 74 Steps to Obtain an IP Address in L3 OOB 74 Client Authentication and PBR Steps in L3 OOB 75 Client Certification and Post-Certification Steps in L3 OOB 76 Advantages of Using Out-of-Band Mode 77 Disadvantage of Using Out-of-Band Mode 78 Where You Can Use Out-of-Band Mode and Where You Cannot 78 Switches Supported by NAC Appliance Out-of-Band 78 Clean Access Agent and Web Login with Network Scanner 81 Summary 85 Chapter 5 Advanced Cisco NAC Appliance Design Topics 87 External Authentication Servers 87 Mapping Users to Roles Using Attributes or VLAN IDs 89 MAC Address Authentication Filters 92 Single Sign-On 93 Active Directory SSO 93 Active Directory SSO Prerequisites 94 How Active Directory SSO Works 94 VPN SSO 96 VPN SSO Prerequisites 96 How VPN SSO Works 96 Cisco Wireless SSO 99 Cisco Wireless SSO Prerequisites 99 How Cisco Wireless SSO Works 99 NAC Appliance and IP Telephony Integration 101 IP Telephony Best Practices for In-Band Mode 101 IP Telephony Best Practices for Out-of-Band Mode 102 High Availability and Load Balancing 104 High Availability 106 Stateful Failover of NAC Appliance Manager 107 Stateful Failover of NAC Appliance Server 108 Fallback Feature on NAC Appliance Server 109 Spanning Tree N+1 110 Load Balancing 112 Cisco Content Switching Module or Standalone Content Services Switch 113 NAC Appliance Server Load Balancing Using Policy-Based Routing 116 Summary 118 Part III The Foundation: Building a Host Security Policy 121 Chapter 6 Building a Cisco NAC Appliance Host Security Policy 123 What Makes Up a Cisco NAC Appliance Host Security Policy? 123 Host Security Policy Checklist 124 Involving the Right People in the Creation of the Host Security Policy 124 Determining the High-Level Goals for Host Security 126 Common High-Level Host Security Goals 127 Defining the Security Domains 129 Understanding and Defining NAC Appliance User Roles 132 Built-In User Roles 133 Unauthenticated Role 134 Normal Login Role 134 Temporary Role 134 Quarantine Role 135 Commonly Used Roles and Their Purpose 136 Establishing Acceptable Use Policies 138 Checks, Rules, and Requirements to Consider 143 Sample HSP Format for Documenting NAC Appliance Requirements 148 Common Checks, Rules, and Requirements 149 Method for Adding Checks, Rules, and Requirements 150 Research and Information 150 Establishing Criteria to Determine the Validity of a Security Check, Rule, or Requirement in Your Organization 152 Method for Determining Which User Roles a Particular Security Requirement Should Be Applied To 153 Method for Deploying and Enforcing Security Requirements 153 Defining Network Access Privileges 154 Enforcement Methods Available with NAC Appliance 155 Commonly Used Network Access Policies 156 Summary 160 Part IV Cisco NAC Appliance Configuration 163 Chapter 7 The Basics: Principal Configuration Tasks for the NAM and NAS 165 Understanding the Basic Cisco NAC Appliance Concepts 165 NAM Overview 166 NAM Hardware Installation Requirements 166 NAM Software Installation Requirements 166 How to Connect NAM 166 Performing Initial NAM Configurations 167 NAC Licensing 172 NAM GUI Description 173 NAS Overview 175 NAS Hardware Installation Requirements 175 NAS Software Installation Requirements 176 NAS Software License Requirement 176 How to Connect NAS 176 Performing Initial NAS Configurations 176 NAS GUI Description 179 Configuring NAS Deployment Mode 182 In-Band Deployment Options 182 Out-of-Band Deployment Options 186 Understanding NAS Management Within the NAM GUI 186 Global Versus Local Settings 187 Global Settings 187 Local NAS Settings 193 Adding Additional NAS Appliances 201 Summary 201 Chapter 8 The Building Blocks: Roles, Authentication, Traffic Policies, and User Pages 203 Configuring User Roles 203 Creating Custom Roles 203 Editing or Deleting a Custom Role 206 Configuring Role Assignment 207 Creating a Local User and Assigning a Role 207 Assigning a Role by VLAN 209 Assigning a Role by MAC and IP Address 213 Assigning a Role by Subnet 217 Assigning a Role by External Authentication Source Attributes 219 Role Mapping Summary 219 Configuring Authentication 220 Creating Admin Users and Groups 220 Creating an Admin Group 220 Creating an Admin User 222 Adding External Authentication Sources 222 Adding a RADIUS External Authentication Source 223 Adding an LDAP/AD External Authentication Source 224 Configuring and Creating Traffic Policies 226 IP-Based Traffic Control Policy 227 Host-Based Traffic Control Policy 229 Bandwidth Policies 230 Customizing User Pages and Guest Access 232 Login Pages 232 Guest Access 236 API for Guest Access 236 Summary 237 Chapter 9 Host Posture Validation and Remediation: Cisco Clean Access Agent and Network Scanner 239 Understanding Cisco NAC Appliance Setup 239 Cisco NAC Appliance Updates 240 General Setup 242 Web Login 242 Agent Login 243 Certified Devices 245 Certified List 245 Add Exempt Device 246 Add Floating Device 246 Timer 249 Cisco Clean Access Agent 250 Agent Installation Process 250 Sample Agent Installation 251 Agent Distribution 255 Alternative Agent Installation Methods 257 Agent Policy Enforcement 258 Requirements, Rules, and Checks 258 Creating and Enforcing a Requirement 258 Creating Checks 264 Creating a Custom Rule 266 Network Scanning 266 Nessus Plug-Ins 266 Scanning Setup 267 Vulnerability Handling 269 User Agreement Configuration 271 Testing the Scanning Setup 271 Summary 273 Chapter 10 Configuring Out-of-Band 275 Out-of-Band Overview and Design 275 User Access Method 275 Switch Support 275 Central Deployment Mode or Edge Deployment Mode 276 Layer 2 or Layer 3 276 Gateway Mode for NAC Appliance Server 276 Simple Network Management Protocol Trap to Trigger the NAC Process 277 Port-Based VLAN Assignment or User Role-Based VLAN Assignment 278 Sample Design and Configuration for Layer 2 Out-of-Band Deployment 278 Step 1: Configuring the Switch 279 Configuring VLAN Trunking Protocol and VLANs 279 Configuring SVIs 280 Configuring the Switch as a DHCP Server 281 Configuring Fa1/0/1-The Interface Connecting the NAC Appliance Manager eth0 Port 282 Configuring Fa1/0/3-The Interface Connecting the Trusted Port (eth0) of NAC Appliance Server 282 Configuring Fa1/0/4-The Interface Connecting the Untrusted Port (eth1) of NAC Appliance Server 283 Configuring Fa1/0/5-The Interface Connecting the Host 283 Configuring Simple Network Management Protocol 283 Step 2: Configuring NAC Appliance Manager 284 Step 3: Configuring NAC Appliance Server 286 Step 4: Logging In to NAC Appliance Manager 288 Step 5: Adding NAC Appliance Server to NAC Appliance Manager 289 Step 6: Editing Network Settings on NAC Appliance Server 290 Step 7: Configuring VLAN Mapping 291 Step 8: Configuring Managed Subnets 292 Step 9: Configuring a Switch Group 293 Step 10: Configuring a Switch Profile 294 Step 11: Configuring a Port Profile 295 Step 12: Configuring the SNMP Receiver 296 Step 13: Adding a Switch to NAC Appliance Manager 297 Step 14: Configuring Ports to Be Managed by NAC 298 Step 15: Configuring User Roles 299 Step 16: Configuring User Authentication on the Local Database 303 Step 17: Testing Whether OOB and User Role-Based VLAN Assignment Works 304 Sample Design and Configuration for Layer 3 Out-of-Band Deployment 310 Step 1: Configuring the Switches 311 Configuring the Central Switch 311 Configuring the Edge Switch 313 Step 2: Configuring NAC Appliance Manager 318 Step 3: Configuring NAC Appliance Server 319 Step 4: Logging In to NAC Appliance Manager 322 Step 5: Adding NAC Appliance Server to NAC Appliance Manager 322 Step 6: Editing Network Settings on NAC Appliance Server 323 Step 7: Configuring Static Routes 324 Step 8: Configuring a Switch Group 325 Step 9: Configuring a Switch Profile 326 Step 10: Configuring a Port Profile 326 Step 11: Configuring the SNMP Receiver 328 Step 12: Adding the Switch to NAC Appliance Manager 328 Step 13: Configuring Ports to Be Managed by NAC Appliance 330 Step 14: Configuring User Roles 331 Step 15: Configuring User Authentication on the Local Database 334 Step 16: Changing the Discovery Host 335 Step 17: Configuring the Web Login Page 336 Step 18: Testing Whether OOB and User Role-Based VLAN Assignment Works 337 Additional Out-of-Band Considerations 342 Summary 343 Chapter 11 Configuring Single Sign-On 345 Active Directory Single Sign-On Overview 345 Supported Devices for AD SSO 345 Basic AD SSO Configuration Steps 346 Configuring Single Sign-On for Windows AD 347 NAM Configuration 348 NAS Configuration 349 Layer 3 3550 Core Switch Configuration 352 3500XL Edge Layer 2 Switch Configuration 354 Active Directory or Domain Controller Configuration 355 Beginning Overall Setup 356 Adding an AD Server as an AD SSO Auth Server 357 Configuring Traffic Policies and Ports in the Unauthenticated Role for AD Authentication 358 Configuring AD SSO Settings in NAS 359 Configuring the AD Server and Running the ktpass Command 360 Enabling Agent-Based Windows AD SSO 364 Enabling GPO Updates 364 (Optional) Adding LDAP Lookup Server to Map Users to Multiple Roles 366 LDAP Browser (Not Required but Very Helpful) 366 Configuring LDAP Lookup Server in NAM 368 User Attributes in Active Directory 370 Enabling DHCP in NAS 379 Enabling User Login Pages in NAM 382 NAC Agent Download and Login 382 Configuring Single Sign-On for VPN 386 ACS Setup 388 ASA-5510 VPN Setup 388 Configuring NAS to Support VPN SSO 393 Configuring Single Sign-On for Cisco Wireless LAN Controller 398 ACS Server Setup 399 WLC Setup 399 NAM/NAS Setup 402 Summary 403 Chapter 12 Configuring High Availability 405 High Availability on NAC Appliance Manager 405 High Availability on NAC Appliance Server 408 Example of a High Availability Configuration for NAC Appliance Manager and Server 411 Adding NAC Appliance Managers in High Availability Mode 412 Adding a CA-Signed Certificate to the Primary NAC Appliance Manager 413 Generating a Self-Signed Temporary Certificate on the Primary NAC Appliance Manager 414 Adding a Certificate to the Secondary NAC Appliance Manager 415 Configuring High Availability for NAC Appliance Managers 416 Adding NAC Appliance Servers in High Availability Mode 418 Configuring the eth2 Interfaces 419 Configuring the Primary Server for High Availability 420 Configuring the Secondary Server for High Availability 429 Setting Up DHCP Failover on NAC Appliance Servers 438 Troubleshooting HA 440 Summary 440 Part V Cisco NAC Appliance Deployment Best Practices 443 Chapter 13 Deploying Cisco NAC Appliance 445 Pre-Deployment Phase 446 Executive Summary 447 Scope 447 Vision 448 NAC Appliance Overview (Diagram) 448 Host Security Policy 448 Business Drivers for Deployment 448 Deployment Schedule 449 Resources 449 New Equipment 451 Support Plan 451 Communication Plan 451 Cisco NAC Appliance Training 451 Deployment Plan Overview 452 Proof of Concept Phase 454 Pilot Phase 455 Production Deployment Phases 456 Production Deployment Phase 1: Initial Introduction to User Community 456 Production Deployment Phase 2: Implementing Host Security Policy Checks Without Enforcement 457 Production Deployment Phase 3: Host Security Policy Enforcement 458 Summary 459 Part VI Cisco NAC Appliance Monitoring and Troubleshooting 461 Chapter 14 Understanding Cisco NAC Appliance Monitoring 463 Understanding the Various Monitoring Pages and Event Logs 463 Summary Page 463 Discovered Clients and Online Users Pages 465 Discovered Clients Page 466 Online Users Page 467 Event Logs 470 Understanding and Changing Logging Levels of NAC Appliance 474 SNMP 477 Understanding Monitoring of Web Login and Clean Access Agents 480 Clean Access Agent Reports 480 Certified List 484 Manually and Automatically Clearing the Certified List 486 Requiring Certification for Every Login 488 Summary of the Behavior of the Certified List 490 Monitoring the Status of NAC Appliance Manager and NAC Appliance Servers 490 Manager and Server Monitoring Using the Linux CLI 491 Manager and Server Monitoring Using the Web GUI 492 Summary 493 Chapter 15 Troubleshooting Cisco NAC Appliance 495 Licensing Issues 495 Adding NAS to NAM 496 Policy Issues 498 Agent Issues 500 Out-of-Band Issues 504 Single Sign-On Issues 509 AD SSO 509 VPN and Wireless SSO 512 High Availability Issues 513 Useful Logs 516 NAM Logs 516 NAS Logs 516 Additional Logs 517 Common Issues Encountered by the Help Desk in the First 30 Days 517 Users Not Being Able to Get a Web Login Page, or the NAC Appliance Agent Not Popping 518 Users Not Being Able to Authenticate 518 Users Getting Stuck in the Quarantine or Temporary Role 519 Users Not Being Put in the Correct VLAN or Not Getting Access to Certain Resources 520 Summary 521 Appendix Sample User Community Deployment Messaging Material 523 Sample NAC Appliance Requirement Change Notification E-Mail 523 Sample NAC Appliance Notice for Bulletin Board or Poster 524 Sample NAC Appliance Letter to Students 526 Index 528show more

Rating details

3 ratings
4.66 out of 5 stars
5 67% (2)
4 33% (1)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X