search for books and compare prices
Tables of Contents for Managing Cisco Network Security
Introduction to IP Network Security
1
60
What Role Does Security Play in a Network?
2
6
Goals2
1
Confidentiality3
1
Integrity4
1
Availability4
2
Philosophy6
1
What if I Don't Deploy Security?7
1
The Fundamentals of Networking
8
1
Where Does Security Fit in?
9
37
Network Access Layer Security10
1
Internetwork Layer Security11
1
Access Control Lists12
2
Host-to-Host Layer Security14
1
IPSec14
3
Process Application Layer Security17
2
PGP19
1
S-HTTP19
1
Secure Sockets Layer and Transport Layer Security19
1
The Secure Shell Protocol20
1
Authentication21
1
Terminal Access Controller Access System Plus22
1
Remote Dial-in User System23
1
Kerberos23
2
OSI Model25
1
Layer 1: The Physical Layer26
1
Layer 2: The Data-link Layer26
2
Layer 3: The Network Layer28
1
Layer 4: The Transport Layer29
1
Layer 5: The Session Layer30
1
Layer 6: The Presentation Layer31
1
Layer 7: The Application Layer32
2
How the OSI Model Works34
1
Transport Layer Protocols34
6
The Internet Layer40
3
The Network Layer43
1
Composition of a Data Packet44
1
Ethernet44
1
Security in TCP/IP45
1
Cisco IP Security Hardware and Software
46
8
The Cisco Secure PIX Firewall46
3
Cisco Secure Integrated Software49
1
Cisco Secure Integrated VPN Software50
1
The Cisco Secure VPN Client50
1
Cisco Secure Access Control Server50
1
Cisco Secure Scanner51
1
Cisco Secure Intrusion Detection System51
1
Cisco Secure Policy Manager52
1
Cisco Secure Consulting Services53
1
Frequently Asked Questions
59
2
What Are We Trying to Prevent?
61
36
What Threats Face Your Network?
64
3
Loss of Confidentiality65
1
Loss of Integrity65
1
Loss of Availability65
1
Sources of Threats66
1
Trojan Horses67
1
Viruses67
1
Worms68
2
Current Malicious Code Threats70
1
Current Malicious Code Impacts70
1
The Smurf Attack73
1
The SYN Flood Attack74
1
Distributed Denial of Service (DDoS) Attacks75
1
Initial Detection77
1
File System Integrity Software77
1
Network Traffic Anomaly Tools78
1
Are Forensics Important?78
1
What Are the Key Steps after a Breach Is Detected?79
1
Reducing Vulnerabilities81
1
Providing a Simple Security Network Architecture82
3
Developing a Culture of Security85
1
Developing a Security Policy86
2
Frequently Asked Questions
94
3
Overview of the Security Features
100
9
Differences between PIX OS Version 4.x and Version 5.x104
2
Differences between PIX OS Version 6.0 and Version 5.x106
1
Cisco PIX Device Manager107
1
VPN Client v3.x107
1
CPU Utilization Statistics107
1
Dynamic Shunning with Cisco Intrusion Detection System107
1
Port Address Translations108
1
Skinny Protocol Support108
1
Session Initiation Protocol108
1
Stateful Sharing of HTTP (port 80) Sessions108
1
Ethernet Interfaces109
1
Initial Configuration
109
6
Installing the PIX Software109
1
Connecting to the PIX-Basic Configuration110
1
Identify Each Interface111
2
Installing the IOS over TFTP113
2
The Command-Line Interface
115
4
IP Configuration116
1
IP Addresses117
2
Configuring NAT and PAT
119
4
Permit Traffic Through120
3
Security Policy Configuration
123
17
Security Strategies125
1
Deny Everything that Is Not Explicitly Permitted126
1
Allow Everything that Is Not Explicitly Denied126
1
Identify the Resources to Protect127
1
Demilitarized Zone127
2
Identify the Security Services to Implement129
1
Authentication and Authorization129
1
Access Control130
1
Confidentiality130
1
URL, ActiveX, and Java Filtering130
1
Implementing the Network Security Policy131
1
Authentication Configuration in PIX131
2
Access Control Configuration in PIX133
2
Securing Resources135
3
Confidentiality Configuration in PIX138
1
URL, ActiveX, and Java Filtering138
2
PIX Configuration Examples
140
12
Protecting a Private Network140
2
Protecting a Network Connected to the Internet142
3
Protecting Server Access Using Authentication145
1
Protecting Public Servers Connected to the Internet146
6
Securing and Maintaining the PIX
152
5
System Journaling152
2
Securing the PIX154
3
Frequently Asked Questions
160
3
Traffic Filtering in the Cisco Internetwork Operating System
163
70
Access List Operation166
1
Types of Access Lists167
2
Standard IP Access Lists169
1
Source Address and Wildcard Mask170
1
Keywords any and host171
1
Keyword Log172
2
Applying an Access List174
2
Extended IP Access Lists176
5
Keywords permit or deny181
1
Protocol181
1
Source Address and Wildcard-mask182
1
Destination Address and Wildcard-mask183
1
Source and Destination Port Number183
1
Established184
5
Log and Log-input189
1
Named Access Lists189
1
Editing Access Lists190
2
Problems with Access Lists192
1
Lock-and-key Access Lists
193
6
Reflexive Access Lists
199
6
Building Reflexive Access Lists202
3
Applying Reflexive Access Lists205
1
Context-based Access Control
205
8
The Context-based Access Control Process208
1
Configuring Context-based Access Control208
3
Inspection Rules211
1
Applying the Inspection Rule212
1
Configuring Port to Application Mapping
213
14
Configuring PAM213
1
Protecting a Private Network214
3
Protecting a Network Connected to the Internet217
2
Protecting Server Access Using Lock-and-key219
2
Protecting Public Servers Connected to the Internet221
6
Frequently Asked Questions
230
3
Network Address Translation/Port Address Translation
233
40
Address Realm235
1
RFC 1918 Private Addressing235
2
NAT237
1
Transparent Address Assignment237
1
Transparent Routing238
2
Public, Global, and External Networks240
1
Private and Local Networks240
1
Application Level Gateways240
1
Traditional NAT or Outbound NAT241
2
Port Address Translation243
2
Static NAT245
1
Twice NAT246
2
Guidelines for Deploying NAT and PAT
248
3
IOS NAT Support for IP Telephony
251
1
H.323 v2 Support251
1
Call Manager Support252
1
Session Initiation Protocol252
1
Configuring NAT on Cisco IOS
252
11
Configuration Commands253
5
Verification Commands258
1
Configuring NAT between a Private Network and the Internet259
2
Configuring NAT in a Network with DMZ261
2
Considerations on NAT and PAT
263
3
IP Address Information in Data263
1
Bundled Session Applications264
1
Peer-to-Peer Applications264
1
IP Fragmentation with PAT en Route264
1
Applications Requiring Retention of Address Mapping264
1
IPSec and IKE265
1
Frequently Asked Questions
271
2
Understanding Cryptography Concepts
274
3
History275
1
Encryption Key Types275
2
Learning about Standard Cryptographic Algorithms
277
8
Understanding Symmetric Algorithms278
1
DES278
2
AES (Rijndael)280
1
IDEA281
1
Understanding Asymmetric Algorithms282
1
Diffie-Hellman282
2
RSA284
1
Understanding Brute Force
285
6
Brute Force Basics285
1
Using Brute Force to Obtain Passwords286
2
L0phtcrack288
1
Crack289
1
John the Ripper289
2
Knowing When Real Algorithms Are Being Used Improperly
291
5
Bad Key Exchanges291
1
Hashing Pieces Separately292
1
Using a Short Password to Generate a Long Key293
1
Improperly Stored Private or Secret Keys294
2
Understanding Amateur Cryptography Attempts
296
11
Classifying the Ciphertext297
1
Frequency Analysis297
1
Ciphertext Relative Length Analysis298
1
Similar Plaintext Analysis298
1
Monoalphabetic Ciphers299
1
Other Ways to Hide Information299
1
XOR299
4
UUEncode303
1
Base64303
2
Compression305
2
Frequently Asked Questions
310
3
Cisco Local Director and DistributedDirector
313
22
Improving Security Using Cisco Local Director
314
2
Local Director Technology Overview315
1
Local Director Product Overview315
1
Local Director Security Features
316
7
Filtering of Access Traffic316
2
Using synguard to Protect Against SYN Flood Attacks318
2
Using NAT to Hide Real Addresses320
1
Restricting Who Is Authorized to Have Telnet Access to Local Director321
1
Password Protection321
1
The enable Password322
1
The telnet Password322
1
Syslog Logging322
1
Securing Geographically Dispersed Server Farms Using Cisco Distributed Director
323
3
Distributed Director Technology Overview323
3
Distributed Director Product Overview326
1
Distributed Director Security Features
326
5
Limiting the Source of DRP Queries326
1
Authentication between Distributed Director and DRP Agents327
1
The key chain Command327
1
The key Command328
1
The key-string Command328
1
Password Protection329
1
The enable secret Password329
1
The enable Password330
1
The telnet Password330
1
Syslog Logging330
1
Frequently Asked Questions
333
2
Virtual Private Networks and Remote Access
335
44
Overview of the Different VPN Technologies
336
6
The Peer Model336
2
The Overlay Model338
1
Link Layer VPNs338
1
Network Layer VPNs339
1
Tunneling VPNs339
1
Virtual Private Dial Networks340
1
Controlled Route Leaking340
1
Transport and Application Layer VPNs340
1
Intranet VPNs340
1
Extranet VPNs341
1
Access VPNs341
1
Layer 2 Transport Protocol
342
3
Configuring Cisco L2TP343
1
An LAC Configuration Example344
1
A LNS Configuration Example344
1
IPSec Architecture346
3
Security Associations349
1
Anti-replay Feature350
1
A Security Policy Database351
1
Authentication Header351
1
Encapsulating Security Payload352
1
Manual IPSec352
1
Internet Key Exchange353
1
Authentication Methods354
1
IKE and Certificate Authorities355
1
IPSec limitations356
1
Network Performance356
1
Network Troubleshooting356
1
IPSec and Cisco Encryption Technology357
1
Configuring Cisco IPSec358
1
IPSec Manual Keying Configuration358
6
IPSec over GRE Tunnel Configuration364
9
Connecting IPSec Clients to Cisco IPSec373
1
Cisco Secure VPN Client373
1
Windows 2000374
1
Linux FreeS/WAN374
2
Frequently Asked Questions
377
2
Cisco Authentication, Authorization, and Accounting Mechanisms
379
76
AAA Authentication382
3
AAA Authorization385
1
AAA Accounting385
1
AAA Benefits385
1
Cisco AAA Mechanisms
386
53
Supported AAA Security Protocols387
1
RADIUS388
5
TACACS+393
4
Kerberos397
8
Choosing RADIUS, TACAS+, or Kerberos405
2
Configuring AAA Authentication407
2
Configuring Login Authentication Using AAA409
4
Configuring PPP Authentication Using AAA413
3
Enabling Password Protection for Privileged EXEC Mode416
1
Authorization417
2
Configure Authorization419
3
TACACS+ Configuration Example422
2
Accounting424
1
Configuring Accounting425
4
Suppress Generation of Accounting Records for Null Username Sessions429
1
RADIUS Configuration Example429
2
Typical RAS Configuration Using AAA431
4
Typical Firewall Configuration Using AAA435
4
How the Authentication Proxy Works439
1
Comparison with the Lock-and-key Feature440
1
Benefits of Authentication Proxy441
1
Restrictions of Authentication Proxy442
1
Configuring Authentication Proxy442
1
Configuring the HTTP Server443
1
Configuring the Authentication Proxy444
2
Authentication Proxy Configuration Example446
2
Frequently Asked Questions
451
4
Cisco Content Services Switch
455
24
Overview of Cisco Content Services Switch
456
1
Cisco Content Services Switch Technology Overview457
1
Cisco Content Services Switch Product Information
457
2
Security Features of Cisco Content Services Switch
459
11
FlowWall Security459
3
Example of Nimda Virus Filtering without Access Control Lists462
2
Using Network Address Translation to Hide Real Addresses464
1
Firewall Load Balancing465
1
Example of Firewall Load Balancing with Static Routes466
2
Password Protection468
1
The User Access Level468
1
The SuperUser Access Level469
1
Disabling Telnet Access
470
1
Known Security Vulnerabilities
471
3
Cisco Bug ID CSCdt08730472
1
Cisco Bug ID CSCdtl2748472
1
Cisco Bug ID CSCdu20931472
1
Cisco Bug ID CSCdt32570472
1
Cisco Bug ID CSCdt64682472
1
Multiple SSH Vulnerabilities473
1
Malformed SNMP Message Handling Vulnerabilities473
1
CodeRed Impact473
1
Frequently Asked Questions
476
3
Cisco Secure Scanner
479
34
Minimum System Specifications for Secure Scanner
481
2
Searching the Network for Vulnerabilities
483
10
Identifying Network Addresses485
2
Identifying Vulnerabilities487
4
Scheduling the Session491
2
Changing Axis Views495
2
Drilling into Data497
1
Pivoting Data498
2
Zooming In and Out500
1
Creating Charts501
1
Saving Grid Views and Charts502
1
Reports and Wizards503
1
Keeping the System Up-to-Date
504
4
Frequently Asked Questions
510
3
Cisco Secure Policy Manager
513
28
Overview of the Cisco Secure Policy Manager
514
4
The Benefits of Using Cisco Secure Policy Manager515
1
Installation Requirements for the Cisco Secure Policy Manager516
2
Features of the Cisco Secure Policy Manager
518
10
Cisco Firewall Management519
1
VPN and IPSec Security Management520
2
Security Policy Management522
1
Security Policy Definition522
1
Security Policy Enforcement523
2
Security Policy Auditing525
1
Network Security Deployment Options526
1
Cisco Secure Policy Manager Device and Software Support526
2
Using the Cisco Secure Policy Manager
528
7
Configuration528
2
CSPM Configuration Example530
5
Frequently Asked Questions
538
3
What Is Intrusion Detection?
542
7
Types of IDSs543
1
IDS Architecture543
1
Why Should You Have an IDS?544
1
Benefits of an IDS in a Network545
1
Reduce the Risk of a Systems Compromise545
1
Identifying Errors of Configuration546
1
Optimize Network Traffic546
1
Documenting Existing Threat Levels for Planning or Resource Allocation546
1
Changing User Behavior547
1
Deploying an IDS in a Network547
1
Sensor Placement547
1
Difficulties in Deploying an IDS548
1
Tuning551
1
Turn It Up551
1
Tone It Down552
1
Network Attacks and Intrusions
552
13
Poor Network Perimeter/Device Security553
1
Packet Decoders553
1
Scanner Programs554
1
Network Topology554
1
Unattended Modems555
1
Poor Physical Security556
1
Application and Operating Software Weaknesses556
1
Software Bugs556
1
Getting Passwords-Easy Ways of Cracking Programs557
1
Human Failure557
1
Poorly Configured Systems557
1
Information Leaks558
1
Malicious Users558
1
Weaknesses in the IP Suite of Protocols558
1
Layer 7 Attacks559
2
Layer 3 and Layer 4 Attacks561
4
The Cisco Secure Network Intrusion Detection System
565
18
What Is the Cisco Secure Network Intrusion Detection System?566
1
The Probe566
1
The Director566
1
The Cisco Secure Policy Manager567
1
The Post Office567
2
Before You Install569
1
Director and Probe Setup570
1
Director Installation570
1
Director Configuration571
1
Probe Installation571
1
Completing the Probe Installation572
1
General Operation573
1
nrConfigure574
1
Configuring Logging from a Router to a Sensor574
1
Configuring Intrusion Detection on Sensors574
1
Customizing the NSDB575
1
Upgrading the NSDB576
1
The Data Management Package576
1
An E-mail Notification Example576
1
Cisco IOS Intrusion Detection Systems577
1
Configuring Cisco IOS IDS Features578
4
Associated Commands582
1
Frequently Asked Questions
589
4
Network Security Management
593
56
PIX Device Manager Overview595
1
PIX Device Manager Benefits595
1
Supported PIX Firewall Versions596
1
PIX Device Requirements596
1
Requirements for a Host Running the PIX Device Management Client597
1
Using PIX Device Manager598
1
Configuring the PIX Device Manager598
1
Installing the PIX Device Manager599
7
Configuration Examples606
2
Connecting to the PIX with PDM608
1
Configuring Basic Firewall Properties609
3
Implementing Network Address Translation612
3
Allowing Inbound Traffic from External Sources615
2
CiscoWorks2000 Access Control List Manager
617
15
ACL Manager Overview617
2
ACL Manager Device and Software Support619
1
Installation Requirements for ACL Manager619
1
ACL Manager Features620
1
Using a Structured Access Control List Security Policy621
1
Decreasing Deployment Time for Access Control Lists621
1
Ensure Consistency of Access Control Lists621
1
Keep Track of Changes Made on the Network622
1
Troubleshooting and Error Recovery622
1
The Basic Operation of ACL Manager623
1
Using Templates and Defining Classes623
1
Using DiffViewer624
1
Using the Optimizer and the Hits Optimizer625
1
Using ACL Manager626
1
Configuring the ACL Manager626
1
Installing the ACL Manager and Associated Software627
1
Configuration Example: Creating ACLs with ACLM628
4
Cisco Secure Policy Manager
632
1
Cisco Secure Access Control Server
633
13
Overview of the Cisco Secure Access Control Server633
1
Benefits of the Cisco Secure Access Control Server634
1
Authentication634
1
Authorization635
1
Accounting636
1
Installation Requirements for the Cisco Access Control Server636
1
Features of Cisco Secure ACS637
1
Placing Cisco Secure ACS in the Network638
1
Cisco Secure ACS Device and Software Support639
2
Using Cisco Secure ACS641
1
Installing Cisco Secure ACS641
1
Configuration642
1
Configuration Example: Adding and Configuring a AAA Client643
3
Frequently Asked Questions
648
1
Looking Ahead: Cisco Wireless Security
649
72
Understanding Security Fundamentals and Principles of Protection
651
21
Ensuring Confidentiality651
2
Ensuring Integrity653
1
Ensuring Availability654
1
Ensuring Privacy655
1
Ensuring Authentication655
4
Extensible Authentication Protocol (EAP)659
4
An Introduction to the 802.1x Standard663
3
Per-Packet Authentication666
1
Cisco Light Extensible Authentication Protocol667
2
Configuration and Deployment of LEAP669
1
Ensuring Authorization670
2
What Is a MAC Address?672
1
Where in the Authentication/Association Process Does MAC Filtering Occur?673
1
Determining MAC Filtering Is Enabled674
1
MAC Spoofing674
1
Ensuring Non-Repudiation675
3
Accounting and Audit Trails678
1
Using Encryption679
1
Encrypting Voice Data680
1
Encrypting Data Systems681
1
Reviewing the Role of Policy
681
10
Identifying Resources683
2
Understanding Classification Criteria685
1
Implementing Policy686
3
Addressing the Issues with Policy689
2
Defining WEP691
1
Creating Privacy with WEP692
1
The WEP Authentication Process693
1
WEP Benefits and Advantages693
1
WEP Disadvantages694
1
The Security Implications of Using WEP694
1
Implementing WEP on the Cisco Aironet AP 340694
1
Exploiting WEP695
1
Security of 64-Bit versus 128-Bit Keys696
1
Acquiring a WEP Key696
1
Addressing Common Risks and Threats
697
4
Finding a Target698
1
Finding Weaknesses in a Target698
2
Exploiting Those Weaknesses700
1
Sniffing, Interception, and Eavesdropping
701
3
Defining Sniffing701
1
Sample Sniffing Tools701
1
Sniffing Case Scenario702
2
Protecting Against Sniffing and Eavesdropping704
1
Spoofing and Unauthorized Access
704
2
Defining Spoofing704
1
Sample Spoofing Tools705
1
Protecting Against Spoofing and Unauthorized Attacks706
1
Network Hijacking and Modification
706
3
Defining Hijacking707
1
Sample Hijacking Tools708
1
Hijacking Case Scenario708
1
Protection against Network Hijacking and Modification708
1
Denial of Service and Flooding Attacks
709
3
Defining DoS and Flooding709
1
Sample DoS Tools710
1
DoS and Flooding Case Scenario710
1
Protecting Against DoS and Flooding Attacks711
1
Frequently Asked Questions
718
3
<