search for books and compare prices
Tables of Contents for Managing Cisco Network Security
Chapter/Section Title
Page #
Page Count
Foreword
xxxi
Introduction to IP Network Security
1
60
Introduction
2
1
What Role Does Security Play in a Network?
2
6
Goals
2
1
Confidentiality
3
1
Integrity
4
1
Availability
4
2
Philosophy
6
1
What if I Don't Deploy Security?
7
1
The Fundamentals of Networking
8
1
Where Does Security Fit in?
9
37
Network Access Layer Security
10
1
Internetwork Layer Security
11
1
Access Control Lists
12
2
Host-to-Host Layer Security
14
1
IPSec
14
3
Process Application Layer Security
17
2
PGP
19
1
S-HTTP
19
1
Secure Sockets Layer and Transport Layer Security
19
1
The Secure Shell Protocol
20
1
Authentication
21
1
Terminal Access Controller Access System Plus
22
1
Remote Dial-in User System
23
1
Kerberos
23
2
OSI Model
25
1
Layer 1: The Physical Layer
26
1
Layer 2: The Data-link Layer
26
2
Layer 3: The Network Layer
28
1
Layer 4: The Transport Layer
29
1
Layer 5: The Session Layer
30
1
Layer 6: The Presentation Layer
31
1
Layer 7: The Application Layer
32
2
How the OSI Model Works
34
1
Transport Layer Protocols
34
6
The Internet Layer
40
3
The Network Layer
43
1
Composition of a Data Packet
44
1
Ethernet
44
1
Security in TCP/IP
45
1
Cisco IP Security Hardware and Software
46
8
The Cisco Secure PIX Firewall
46
3
Cisco Secure Integrated Software
49
1
Cisco Secure Integrated VPN Software
50
1
The Cisco Secure VPN Client
50
1
Cisco Secure Access Control Server
50
1
Cisco Secure Scanner
51
1
Cisco Secure Intrusion Detection System
51
1
Cisco Secure Policy Manager
52
1
Cisco Secure Consulting Services
53
1
Summary
54
2
Solutions Fast Track
56
3
Frequently Asked Questions
59
2
What Are We Trying to Prevent?
61
36
Introduction
62
2
What Threats Face Your Network?
64
3
Loss of Confidentiality
65
1
Loss of Integrity
65
1
Loss of Availability
65
1
Sources of Threats
66
1
Malicious Mobile Code
67
4
Trojan Horses
67
1
Viruses
67
1
Worms
68
2
Current Malicious Code Threats
70
1
Current Malicious Code Impacts
70
1
Denial of Service
71
5
The Smurf Attack
73
1
The SYN Flood Attack
74
1
Distributed Denial of Service (DDoS) Attacks
75
1
Detecting Breaches
76
4
Initial Detection
77
1
File System Integrity Software
77
1
Network Traffic Anomaly Tools
78
1
Are Forensics Important?
78
1
What Are the Key Steps after a Breach Is Detected?
79
1
Preventing Attacks
80
8
Reducing Vulnerabilities
81
1
Providing a Simple Security Network Architecture
82
3
Developing a Culture of Security
85
1
Developing a Security Policy
86
2
Summary
88
3
Solutions Fast Track
91
3
Frequently Asked Questions
94
3
Cisco PIX Firewall
97
66
Introduction
98
2
Overview of the Security Features
100
9
Differences between PIX OS Version 4.x and Version 5.x
104
2
Differences between PIX OS Version 6.0 and Version 5.x
106
1
Cisco PIX Device Manager
107
1
VPN Client v3.x
107
1
CPU Utilization Statistics
107
1
Dynamic Shunning with Cisco Intrusion Detection System
107
1
Port Address Translations
108
1
Skinny Protocol Support
108
1
Session Initiation Protocol
108
1
Stateful Sharing of HTTP (port 80) Sessions
108
1
Ethernet Interfaces
109
1
Initial Configuration
109
6
Installing the PIX Software
109
1
Connecting to the PIX-Basic Configuration
110
1
Identify Each Interface
111
2
Installing the IOS over TFTP
113
2
The Command-Line Interface
115
4
IP Configuration
116
1
IP Addresses
117
2
Configuring NAT and PAT
119
4
Permit Traffic Through
120
3
Security Policy Configuration
123
17
Security Strategies
125
1
Deny Everything that Is Not Explicitly Permitted
126
1
Allow Everything that Is Not Explicitly Denied
126
1
Identify the Resources to Protect
127
1
Demilitarized Zone
127
2
Identify the Security Services to Implement
129
1
Authentication and Authorization
129
1
Access Control
130
1
Confidentiality
130
1
URL, ActiveX, and Java Filtering
130
1
Implementing the Network Security Policy
131
1
Authentication Configuration in PIX
131
2
Access Control Configuration in PIX
133
2
Securing Resources
135
3
Confidentiality Configuration in PIX
138
1
URL, ActiveX, and Java Filtering
138
2
PIX Configuration Examples
140
12
Protecting a Private Network
140
2
Protecting a Network Connected to the Internet
142
3
Protecting Server Access Using Authentication
145
1
Protecting Public Servers Connected to the Internet
146
6
Securing and Maintaining the PIX
152
5
System Journaling
152
2
Securing the PIX
154
3
Summary
157
1
Solutions Fast Track
157
3
Frequently Asked Questions
160
3
Traffic Filtering in the Cisco Internetwork Operating System
163
70
Introduction
164
1
Access Lists
164
29
Access List Operation
166
1
Types of Access Lists
167
2
Standard IP Access Lists
169
1
Source Address and Wildcard Mask
170
1
Keywords any and host
171
1
Keyword Log
172
2
Applying an Access List
174
2
Extended IP Access Lists
176
5
Keywords permit or deny
181
1
Protocol
181
1
Source Address and Wildcard-mask
182
1
Destination Address and Wildcard-mask
183
1
Source and Destination Port Number
183
1
Established
184
5
Log and Log-input
189
1
Named Access Lists
189
1
Editing Access Lists
190
2
Problems with Access Lists
192
1
Lock-and-key Access Lists
193
6
Reflexive Access Lists
199
6
Building Reflexive Access Lists
202
3
Applying Reflexive Access Lists
205
1
Context-based Access Control
205
8
The Context-based Access Control Process
208
1
Configuring Context-based Access Control
208
3
Inspection Rules
211
1
Applying the Inspection Rule
212
1
Configuring Port to Application Mapping
213
14
Configuring PAM
213
1
Protecting a Private Network
214
3
Protecting a Network Connected to the Internet
217
2
Protecting Server Access Using Lock-and-key
219
2
Protecting Public Servers Connected to the Internet
221
6
Summary
227
1
Solutions Fast Track
227
3
Frequently Asked Questions
230
3
Network Address Translation/Port Address Translation
233
40
Introduction
234
1
NAT Overview
234
7
Address Realm
235
1
RFC 1918 Private Addressing
235
2
NAT
237
1
Transparent Address Assignment
237
1
Transparent Routing
238
2
Public, Global, and External Networks
240
1
Private and Local Networks
240
1
Application Level Gateways
240
1
NAT Architectures
241
7
Traditional NAT or Outbound NAT
241
2
Port Address Translation
243
2
Static NAT
245
1
Twice NAT
246
2
Guidelines for Deploying NAT and PAT
248
3
IOS NAT Support for IP Telephony
251
1
H.323 v2 Support
251
1
Call Manager Support
252
1
Session Initiation Protocol
252
1
Configuring NAT on Cisco IOS
252
11
Configuration Commands
253
5
Verification Commands
258
1
Configuring NAT between a Private Network and the Internet
259
2
Configuring NAT in a Network with DMZ
261
2
Considerations on NAT and PAT
263
3
IP Address Information in Data
263
1
Bundled Session Applications
264
1
Peer-to-Peer Applications
264
1
IP Fragmentation with PAT en Route
264
1
Applications Requiring Retention of Address Mapping
264
1
IPSec and IKE
265
1
Summary
266
2
Solutions Fast Track
268
3
Frequently Asked Questions
271
2
Cryptography
273
40
Introduction
274
1
Understanding Cryptography Concepts
274
3
History
275
1
Encryption Key Types
275
2
Learning about Standard Cryptographic Algorithms
277
8
Understanding Symmetric Algorithms
278
1
DES
278
2
AES (Rijndael)
280
1
IDEA
281
1
Understanding Asymmetric Algorithms
282
1
Diffie-Hellman
282
2
RSA
284
1
Understanding Brute Force
285
6
Brute Force Basics
285
1
Using Brute Force to Obtain Passwords
286
2
L0phtcrack
288
1
Crack
289
1
John the Ripper
289
2
Knowing When Real Algorithms Are Being Used Improperly
291
5
Bad Key Exchanges
291
1
Hashing Pieces Separately
292
1
Using a Short Password to Generate a Long Key
293
1
Improperly Stored Private or Secret Keys
294
2
Understanding Amateur Cryptography Attempts
296
11
Classifying the Ciphertext
297
1
Frequency Analysis
297
1
Ciphertext Relative Length Analysis
298
1
Similar Plaintext Analysis
298
1
Monoalphabetic Ciphers
299
1
Other Ways to Hide Information
299
1
XOR
299
4
UUEncode
303
1
Base64
303
2
Compression
305
2
Summary
307
1
Solutions Fast Track
308
2
Frequently Asked Questions
310
3
Cisco Local Director and DistributedDirector
313
22
Introduction
314
1
Improving Security Using Cisco Local Director
314
2
Local Director Technology Overview
315
1
Local Director Product Overview
315
1
Local Director Security Features
316
7
Filtering of Access Traffic
316
2
Using synguard to Protect Against SYN Flood Attacks
318
2
Using NAT to Hide Real Addresses
320
1
Restricting Who Is Authorized to Have Telnet Access to Local Director
321
1
Password Protection
321
1
The enable Password
322
1
The telnet Password
322
1
Syslog Logging
322
1
Securing Geographically Dispersed Server Farms Using Cisco Distributed Director
323
3
Distributed Director Technology Overview
323
3
Distributed Director Product Overview
326
1
Distributed Director Security Features
326
5
Limiting the Source of DRP Queries
326
1
Authentication between Distributed Director and DRP Agents
327
1
The key chain Command
327
1
The key Command
328
1
The key-string Command
328
1
Password Protection
329
1
The enable secret Password
329
1
The enable Password
330
1
The telnet Password
330
1
Syslog Logging
330
1
Summary
331
1
Solutions Fast Track
331
2
Frequently Asked Questions
333
2
Virtual Private Networks and Remote Access
335
44
Introduction
336
1
Overview of the Different VPN Technologies
336
6
The Peer Model
336
2
The Overlay Model
338
1
Link Layer VPNs
338
1
Network Layer VPNs
339
1
Tunneling VPNs
339
1
Virtual Private Dial Networks
340
1
Controlled Route Leaking
340
1
Transport and Application Layer VPNs
340
1
Intranet VPNs
340
1
Extranet VPNs
341
1
Access VPNs
341
1
Layer 2 Transport Protocol
342
3
Configuring Cisco L2TP
343
1
An LAC Configuration Example
344
1
A LNS Configuration Example
344
1
IPSec
345
31
IPSec Architecture
346
3
Security Associations
349
1
Anti-replay Feature
350
1
A Security Policy Database
351
1
Authentication Header
351
1
Encapsulating Security Payload
352
1
Manual IPSec
352
1
Internet Key Exchange
353
1
Authentication Methods
354
1
IKE and Certificate Authorities
355
1
IPSec limitations
356
1
Network Performance
356
1
Network Troubleshooting
356
1
IPSec and Cisco Encryption Technology
357
1
Configuring Cisco IPSec
358
1
IPSec Manual Keying Configuration
358
6
IPSec over GRE Tunnel Configuration
364
9
Connecting IPSec Clients to Cisco IPSec
373
1
Cisco Secure VPN Client
373
1
Windows 2000
374
1
Linux FreeS/WAN
374
2
Summary
376
1
Solutions Fast Track
376
1
Frequently Asked Questions
377
2
Cisco Authentication, Authorization, and Accounting Mechanisms
379
76
Introduction
380
1
Cisco AAA Overview
381
5
AAA Authentication
382
3
AAA Authorization
385
1
AAA Accounting
385
1
AAA Benefits
385
1
Cisco AAA Mechanisms
386
53
Supported AAA Security Protocols
387
1
RADIUS
388
5
TACACS+
393
4
Kerberos
397
8
Choosing RADIUS, TACAS+, or Kerberos
405
2
Configuring AAA Authentication
407
2
Configuring Login Authentication Using AAA
409
4
Configuring PPP Authentication Using AAA
413
3
Enabling Password Protection for Privileged EXEC Mode
416
1
Authorization
417
2
Configure Authorization
419
3
TACACS+ Configuration Example
422
2
Accounting
424
1
Configuring Accounting
425
4
Suppress Generation of Accounting Records for Null Username Sessions
429
1
RADIUS Configuration Example
429
2
Typical RAS Configuration Using AAA
431
4
Typical Firewall Configuration Using AAA
435
4
Authentication Proxy
439
9
How the Authentication Proxy Works
439
1
Comparison with the Lock-and-key Feature
440
1
Benefits of Authentication Proxy
441
1
Restrictions of Authentication Proxy
442
1
Configuring Authentication Proxy
442
1
Configuring the HTTP Server
443
1
Configuring the Authentication Proxy
444
2
Authentication Proxy Configuration Example
446
2
Summary
448
1
Solutions Fast Track
449
2
Frequently Asked Questions
451
4
Cisco Content Services Switch
455
24
Introduction
456
1
Overview of Cisco Content Services Switch
456
1
Cisco Content Services Switch Technology Overview
457
1
Cisco Content Services Switch Product Information
457
2
Security Features of Cisco Content Services Switch
459
11
FlowWall Security
459
3
Example of Nimda Virus Filtering without Access Control Lists
462
2
Using Network Address Translation to Hide Real Addresses
464
1
Firewall Load Balancing
465
1
Example of Firewall Load Balancing with Static Routes
466
2
Password Protection
468
1
The User Access Level
468
1
The SuperUser Access Level
469
1
Disabling Telnet Access
470
1
Syslog Logging
471
1
Known Security Vulnerabilities
471
3
Cisco Bug ID CSCdt08730
472
1
Cisco Bug ID CSCdtl2748
472
1
Cisco Bug ID CSCdu20931
472
1
Cisco Bug ID CSCdt32570
472
1
Cisco Bug ID CSCdt64682
472
1
Multiple SSH Vulnerabilities
473
1
Malformed SNMP Message Handling Vulnerabilities
473
1
CodeRed Impact
473
1
Summary
474
1
Solutions Fast Track
475
1
Frequently Asked Questions
476
3
Cisco Secure Scanner
479
34
Introduction
480
1
Minimum System Specifications for Secure Scanner
481
2
Searching the Network for Vulnerabilities
483
10
Identifying Network Addresses
485
2
Identifying Vulnerabilities
487
4
Scheduling the Session
491
2
Viewing the Results
493
11
Changing Axis Views
495
2
Drilling into Data
497
1
Pivoting Data
498
2
Zooming In and Out
500
1
Creating Charts
501
1
Saving Grid Views and Charts
502
1
Reports and Wizards
503
1
Keeping the System Up-to-Date
504
4
Summary
508
1
Solutions Fast Track
508
2
Frequently Asked Questions
510
3
Cisco Secure Policy Manager
513
28
Introduction
514
1
Overview of the Cisco Secure Policy Manager
514
4
The Benefits of Using Cisco Secure Policy Manager
515
1
Installation Requirements for the Cisco Secure Policy Manager
516
2
Features of the Cisco Secure Policy Manager
518
10
Cisco Firewall Management
519
1
VPN and IPSec Security Management
520
2
Security Policy Management
522
1
Security Policy Definition
522
1
Security Policy Enforcement
523
2
Security Policy Auditing
525
1
Network Security Deployment Options
526
1
Cisco Secure Policy Manager Device and Software Support
526
2
Using the Cisco Secure Policy Manager
528
7
Configuration
528
2
CSPM Configuration Example
530
5
Summary
535
1
Solutions Fast Track
535
3
Frequently Asked Questions
538
3
Intrusion Detection
541
52
Introduction
542
1
What Is Intrusion Detection?
542
7
Types of IDSs
543
1
IDS Architecture
543
1
Why Should You Have an IDS?
544
1
Benefits of an IDS in a Network
545
1
Reduce the Risk of a Systems Compromise
545
1
Identifying Errors of Configuration
546
1
Optimize Network Traffic
546
1
Documenting Existing Threat Levels for Planning or Resource Allocation
546
1
Changing User Behavior
547
1
Deploying an IDS in a Network
547
1
Sensor Placement
547
1
Difficulties in Deploying an IDS
548
1
IDS Tuning
549
3
Tuning
551
1
Turn It Up
551
1
Tone It Down
552
1
Network Attacks and Intrusions
552
13
Poor Network Perimeter/Device Security
553
1
Packet Decoders
553
1
Scanner Programs
554
1
Network Topology
554
1
Unattended Modems
555
1
Poor Physical Security
556
1
Application and Operating Software Weaknesses
556
1
Software Bugs
556
1
Getting Passwords-Easy Ways of Cracking Programs
557
1
Human Failure
557
1
Poorly Configured Systems
557
1
Information Leaks
558
1
Malicious Users
558
1
Weaknesses in the IP Suite of Protocols
558
1
Layer 7 Attacks
559
2
Layer 3 and Layer 4 Attacks
561
4
The Cisco Secure Network Intrusion Detection System
565
18
What Is the Cisco Secure Network Intrusion Detection System?
566
1
The Probe
566
1
The Director
566
1
The Cisco Secure Policy Manager
567
1
The Post Office
567
2
Before You Install
569
1
Director and Probe Setup
570
1
Director Installation
570
1
Director Configuration
571
1
Probe Installation
571
1
Completing the Probe Installation
572
1
General Operation
573
1
nrConfigure
574
1
Configuring Logging from a Router to a Sensor
574
1
Configuring Intrusion Detection on Sensors
574
1
Customizing the NSDB
575
1
Upgrading the NSDB
576
1
The Data Management Package
576
1
An E-mail Notification Example
576
1
Cisco IOS Intrusion Detection Systems
577
1
Configuring Cisco IOS IDS Features
578
4
Associated Commands
582
1
Summary
583
4
Solutions Fast Track
587
2
Frequently Asked Questions
589
4
Network Security Management
593
56
Introduction
594
1
PIX Device Manager
594
23
PIX Device Manager Overview
595
1
PIX Device Manager Benefits
595
1
Supported PIX Firewall Versions
596
1
PIX Device Requirements
596
1
Requirements for a Host Running the PIX Device Management Client
597
1
Using PIX Device Manager
598
1
Configuring the PIX Device Manager
598
1
Installing the PIX Device Manager
599
7
Configuration Examples
606
2
Connecting to the PIX with PDM
608
1
Configuring Basic Firewall Properties
609
3
Implementing Network Address Translation
612
3
Allowing Inbound Traffic from External Sources
615
2
CiscoWorks2000 Access Control List Manager
617
15
ACL Manager Overview
617
2
ACL Manager Device and Software Support
619
1
Installation Requirements for ACL Manager
619
1
ACL Manager Features
620
1
Using a Structured Access Control List Security Policy
621
1
Decreasing Deployment Time for Access Control Lists
621
1
Ensure Consistency of Access Control Lists
621
1
Keep Track of Changes Made on the Network
622
1
Troubleshooting and Error Recovery
622
1
The Basic Operation of ACL Manager
623
1
Using Templates and Defining Classes
623
1
Using DiffViewer
624
1
Using the Optimizer and the Hits Optimizer
625
1
Using ACL Manager
626
1
Configuring the ACL Manager
626
1
Installing the ACL Manager and Associated Software
627
1
Configuration Example: Creating ACLs with ACLM
628
4
Cisco Secure Policy Manager
632
1
Cisco Secure Access Control Server
633
13
Overview of the Cisco Secure Access Control Server
633
1
Benefits of the Cisco Secure Access Control Server
634
1
Authentication
634
1
Authorization
635
1
Accounting
636
1
Installation Requirements for the Cisco Access Control Server
636
1
Features of Cisco Secure ACS
637
1
Placing Cisco Secure ACS in the Network
638
1
Cisco Secure ACS Device and Software Support
639
2
Using Cisco Secure ACS
641
1
Installing Cisco Secure ACS
641
1
Configuration
642
1
Configuration Example: Adding and Configuring a AAA Client
643
3
Summary
646
1
Solutions Fast Track
646
2
Frequently Asked Questions
648
1
Looking Ahead: Cisco Wireless Security
649
72
Introduction
650
1
Understanding Security Fundamentals and Principles of Protection
651
21
Ensuring Confidentiality
651
2
Ensuring Integrity
653
1
Ensuring Availability
654
1
Ensuring Privacy
655
1
Ensuring Authentication
655
4
Extensible Authentication Protocol (EAP)
659
4
An Introduction to the 802.1x Standard
663
3
Per-Packet Authentication
666
1
Cisco Light Extensible Authentication Protocol
667
2
Configuration and Deployment of LEAP
669
1
Ensuring Authorization
670
2
MAC Filtering
672
9
What Is a MAC Address?
672
1
Where in the Authentication/Association Process Does MAC Filtering Occur?
673
1
Determining MAC Filtering Is Enabled
674
1
MAC Spoofing
674
1
Ensuring Non-Repudiation
675
3
Accounting and Audit Trails
678
1
Using Encryption
679
1
Encrypting Voice Data
680
1
Encrypting Data Systems
681
1
Reviewing the Role of Policy
681
10
Identifying Resources
683
2
Understanding Classification Criteria
685
1
Implementing Policy
686
3
Addressing the Issues with Policy
689
2
Implementing WEP
691
6
Defining WEP
691
1
Creating Privacy with WEP
692
1
The WEP Authentication Process
693
1
WEP Benefits and Advantages
693
1
WEP Disadvantages
694
1
The Security Implications of Using WEP
694
1
Implementing WEP on the Cisco Aironet AP 340
694
1
Exploiting WEP
695
1
Security of 64-Bit versus 128-Bit Keys
696
1
Acquiring a WEP Key
696
1
Addressing Common Risks and Threats
697
4
Finding a Target
698
1
Finding Weaknesses in a Target
698
2
Exploiting Those Weaknesses
700
1
Sniffing, Interception, and Eavesdropping
701
3
Defining Sniffing
701
1
Sample Sniffing Tools
701
1
Sniffing Case Scenario
702
2
Protecting Against Sniffing and Eavesdropping
704
1
Spoofing and Unauthorized Access
704
2
Defining Spoofing
704
1
Sample Spoofing Tools
705
1
Protecting Against Spoofing and Unauthorized Attacks
706
1
Network Hijacking and Modification
706
3
Defining Hijacking
707
1
Sample Hijacking Tools
708
1
Hijacking Case Scenario
708
1
Protection against Network Hijacking and Modification
708
1
Denial of Service and Flooding Attacks
709
3
Defining DoS and Flooding
709
1
Sample DoS Tools
710
1
DoS and Flooding Case Scenario
710
1
Protecting Against DoS and Flooding Attacks
711
1
Summary
712
1
Solutions Fast Track
713
5
Frequently Asked Questions
718
3
Index
721
<