Network Security First-Step

Häftad, Engelska, 2012

Av Thomas Thomas, Donald Stoddard

389 kr

Skickas imorgon

Fri frakt för medlemmar vid köp för minst 249 kr.

Network Security first-step

Second Edition

Tom Thomas and Donald Stoddard

Your first step into the world of network security

No security experience required
Includes clear and easily understood explanations
Makes learning easy

Your first step to network security begins here!

Learn how hacker attacks work, from start to finish
Choose the right security solution for each type of risk
Create clear and enforceable security policies, and keep them up to date
Establish reliable processes for responding to security advisories
Use encryption effectively, and recognize its limitations
Secure your network with firewalls, routers, and other devices
Prevent attacks aimed at wireless networks

No security experience required!

Computer networks are indispensible, but they also are not secure. With the proliferation of security threats, many people and companies are looking for ways to increase the security of their networks and data. Before you can effectively implement security technologies and techniques, you need to make sense of this complex and quickly evolving world of hackers and malware, as well as the tools to combat them.

Network Security First-Step, Second Edition explains the basics of network security in easy-to-grasp language that all of us can understand. This book takes you on a guided tour of the core technologies that make up and control network security. Whether you are looking to take your first step into a career in network security or simply are interested in gaining knowledge of the technology, this book is for you!

Produktinformation

Utgivningsdatum2012-01-19
Mått188 x 231 x 28 mm
Vikt886 g
FormatHäftad
SpråkEngelska
Antal sidor448
Upplaga2
FörlagPearson Education
ISBN9781587204104

Tillhör följande kategorier

Nätverk och kommunikation inom Data och it

Tom Thomas, CCIE No. 9360, claims he never works because he loves what he does. When you meet him, you will agree!Throughout his many years in the networking industry, Tom has taught thousands of people how networking works and the secrets of the life of a packet. Tom is the author or coauthor of 18 books on networking, including the acclaimed OSPF Network Design Solutions, published by Cisco Press and now in its second edition. Beyond his many books, Tom also has taught computer and networking skills through his roles as an instructor and training-course developer.In addition to holding the Cisco Certified Internetwork Expert (CCIE) certification–the pinnacle of networking certifications–Tom holds Cisco CCNP Security, CCDA, and CCNA certifications and is a certified Cisco Systems instructor (CCSI). These certifications support his industry-proven, problem-solving skills through technical leadership with demonstrated persistence and the ability to positively assist businesses in leveraging IT resources in support of their core business. He has also completed his Master of Science degree in network architecture and is looking at a doctorate next.Tom currently is the CIO of Qoncert, a Cisco Gold Partner in Southern Florida that has an affiliated arm known as CCPrep.com, a Cisco Learning Partner, where he provides strategic direction and a little hands-on for customers of all types.Donald Stoddard began his career in information technology in 1998, designing networks and implementing security for schools in North Dakota and South Dakota. He then went on to design and implement Geographical Information Systems (GIS) for a firm in Denver, Colorado. While there, he earned his Bachelor of Science degree in computer information systems management from Colorado Christian University. From Colorado, he then moved south, learned the ins-and-outs of Cisco VoIP, and began working through designing and securing VoIP solutions throughout the southeast. Don holds Microsoft MCSA and Linux+ and Security+ certifications and is presently wading through the CISSP material.Currently, Don works for the Department of the Navy as the Information Assurance Officer for one of the premier Navy research and development labs, where he provides certification and accreditation guidance for the various projects being developed for implementation and deployment.

Introduction xxiiChapter 1 There Be Hackers Here! 1Essentials First: Looking for a Target 2Hacking Motivations 3Targets of Opportunity 4Are You a Target of Opportunity? 6Targets of Choice 7Are You a Target of Choice? 7The Process of an Attack 9Reconnaissance 9Footprinting (aka Casing the Joint) 11Scanning 18Enumeration 23Enumerating Windows 24Gaining Access 26Operating System Attacks 27Application Attacks 27Misconfiguration Attacks 28Scripted Attacks 29Escalating Privilege 30Covering Tracks 31Where Are Attacks Coming From? 32Common Vulnerabilities, Threats, and Risks 33Overview of Common Attacks and Exploits 36Network Security Organizations 39CERT Coordination Center 40SANS 40Center for Internet Security (CIS) 40SCORE 41Internet Storm Center 41National Vulnerability Database 41Security Focus 42Learning from the Network Security Organizations 42Chapter Summary 43Chapter Review 43Chapter 2 Security Policies 45Responsibilities and Expectations 50A Real-World Example 50Who Is Responsible? You Are! 50Legal Precedence 50Internet Lawyers 51Evolution of the Legal System 51Criminal Prosecution 52Real-World Example 52Individuals Being Prosecuted 53International Prosecution 53Corporate Policies and Trust 53Relevant Policies 54User Awareness Education 54Coming to a Balance 55Corporate Policies 55Acceptable Use Policy 57Policy Overview 57Purpose 58Scope 58General Use and Ownership 58Security and Proprietary Information 59Unacceptable Use 60System and Network Activities 61Email and Communications Activities 62Enforcement 63Conclusion 63Password Policy 64Overview 64Purpose 64Scope 64General Policy 65General Password Construction Guidelines 66Password Protection Standards 67Enforcement 68Conclusion 68Virtual Private Network (VPN) Security Policy 69Purpose 69Scope 69Policy 70Conclusion 71Wireless Communication Policy 71Scope 72Policy Statement 72General Network Access Requirements 72Lab and Isolated Wireless Device Requirements 72Home Wireless Device Requirements 73Enforcement 73Definitions 73Revision History 73Extranet Connection Policy 74Purpose 74Scope 74Security Review 75Third-Party Connection Agreement 75Business Case 75Point of Contact 75Establishing Connectivity 75Modifying or Changing Connectivity and Access 76Terminating Access 76Conclusion 76ISO Certification and Security 77Delivery 77ISO/IEC 27002 78Sample Security Policies on the Internet 79Industry Standards 79Payment Card Industry Data Security Standard (PCI DSS) 80Sarbanes-Oxley Act of 2002 (SOX) 80Health Insurance Portability and Accounting Act (HIPAA) of 1996 81Massachusetts 201: Standards for the Protection of Personal Information of Residents of the Commonwealth 81SAS 70 Series 82Chapter Summary 82Chapter Review 83Chapter 3 Processes and Procedures 85Security Advisories and Alerts: Getting the Intel You Need to Stay Safe 86Responding to Security Advisories 87Step 1: Awareness 88Step 2: Incident Response 90Step 3: Imposing Your Will 95Steps 4 and 5: Handling Network Software Updates (Best Practices) 96Industry Best Practices 98Use a Change Control Process 98Read All Related Materials 98Apply Updates as Needed 99Testing 99Uninstall 99Consistency 99Backup and Scheduled Downtime 100Have a Back-Out Plan 100Forewarn Helpdesk and Key User Groups 100Don't Get More Than Two Service Packs Behind 100Target Noncritical Servers/Users First 100Service Pack Best Practices 101Hotfix Best Practices 101Service Pack Level Consistency 101Latest Service Pack Versus Multiple Hotfixes 101Security Update Best Practices 101Apply Admin Patches to Install Build Areas 102Apply Only on Exact Match 102Subscribe to Email Notification 102Summary 102Chapter Review and Questions 104Chapter 4 Network Security Standards and Guidelines 105Cisco SAFE 2.0 106Overview 106Purpose 106Cisco Validated Design Program 107Branch/WAN Design Zone Guides 107Campus Design Zone Guides 107Data Center Design Zone Guides 108Security Design Zone Guides 109Cisco Best Practice Overview and Guidelines 110Basic Cisco IOS Best Practices 110Secure Your Passwords 110Limit Administrative Access 111Limit Line Access Controls 111Limit Access to Inbound and Outbound Telnet (aka vty Port) 112Establish Session Timeouts 113Make Room Redundancy 113Protect Yourself from Common Attacks 114Firewall/ASAs 115Encrypt Your Privileged User Account 115Limit Access Control 116Make Room for Redundant Systems 116General Best Practices 117Configuration Guides 117Intrusion Prevention System (IPS) for IOS 117NSA Security Configuration Guides 118Cisco Systems 119Switches Configuration Guide 119VoIP/IP Telephony Security Configuration Guides 119Microsoft Windows 119Microsoft Windows Applications 120Microsoft Windows 7/Vista/Server 2008 120Microsoft Windows XP/Server 2003 121Apple 121Microsoft Security 121Security Policies 121Microsoft Windows XP Professional 122Microsoft Windows Server 2003 122Microsoft Windows 7 122Windows Server 2008 123Microsoft Security Compliance Manager 124Chapter Summary 125Chapter Link Toolbox Summary 125Chapter 5 Overview of Security Technologies 127Security First Design Concepts 128Packet Filtering via ACLs 131Grocery List Analogy 132Limitations of Packet Filtering 136Stateful Packet Inspection 136Detailed Packet Flow Using SPI 138Limitations of Stateful Packet Inspection 139Network Address Translation (NAT) 140Increasing Network Security 142NAT's Limitations 143Proxies and Application-Level Protection 144Limitations of Proxies 146Content Filters 147Limitations of Content Filtering 150Public Key Infrastructure 150PKI's Limitations 151Reputation-Based Security 152Reactive Filtering Can't Keep Up 154Cisco Web Reputation Solution 155AAA Technologies 156Authentication 156Authorization 157Accounting 157Remote Authentication Dial-In User Service (RADIUS) 158Terminal Access Controller Access Control System (TACACS) 159TACACS+ Versus RADIUS 160Two-Factor Authentication/Multifactor Authentication 161IEEE 802.1x: Network Access Control (NAC) 162Network Admission Control 163Cisco TrustSec 164Solution Overview 164Cisco Identity Services Engine 166Chapter Summary 168Chapter Review Questions 168Chapter 6 Security Protocols 169Triple DES Encryption 171Encryption Strength 171Limitations of 3DES 172Advanced Encryption Standard (AES) 172Different Encryption Strengths 173Limitations of AES 173Message Digest 5 Algorithm 173MD5 Hash in Action 175Secure Hash Algorithm (SHA Hash) 175Types of SHA 176SHA-1 176SHA-2 176Point-to-Point Tunneling Protocol (PPTP) 177PPTP Functionality 177Limitations of PPTP 178Layer 2 Tunneling Protocol (L2TP) 179L2TP Versus PPTP 180Benefits of L2TP 180L2TP Operation 181Secure Shell (SSH) 182SSH Versus Telnet 184SSH Operation 186Tunneling and Port Forwarding 187Limitations of SSH 188SNMP v3 188Security Built In 189Chapter Summary 192Chapter Review Questions 192Chapter 7 Firewalls 193Firewall Frequently Asked Questions 194Who Needs a Firewall? 195Why Do I Need a Firewall? 195Do I Have Anything Worth Protecting? 195What Does a Firewall Do? 196Firewalls Are “The Security Policy” 197We Do Not Have a Security Policy 200Firewall Operational Overview 200Firewalls in Action 202Implementing a Firewall 203Determine the Inbound Access Policy 205Determine Outbound Access Policy 206Essentials First: Life in the DMZ 206Case Studies 208Case Study: To DMZ or Not to DMZ? 208Firewall Limitations 214Chapter Summary 215Chapter Review Questions 216Chapter 8 Router Security 217Edge Router as a Choke Point 221Limitations of Choke Routers 223Routers Running Zone Based Firewall 224Zone-Based Policy Overview 225Zone-Based Policy Configuration Model 226Rules for Applying Zone-Based Policy Firewall 226Designing Zone-Based Policy Network Security 227Using IPsec VPN with Zone-Based Policy Firewall 228Intrusion Detection with Cisco IOS 229When to Use the FFS IDS 230FFS IDS Operational Overview 231FFS Limitations 233Secure IOS Template 234Routing Protocol Security 251OSPF Authentication 251Benefits of OSPF Neighbor Authentication 252When to Deploy OSPF Neighbor Authentication 252How OSPF Authentication Works 253Chapter Summary 254Chapter Review Questions 255Chapter 9 IPsec Virtual Private Networks (VPNs) 257Analogy: VPNs Securely Connect IsLANds 259VPN Overview 261VPN Benefits and Goals 263VPN Implementation Strategies 264Split Tunneling 265Overview of IPsec VPNs 265Authentication and Data Integrity 268Tunneling Data 269VPN Deployment with Layered Security 270IPsec Encryption Modes 271IPsec Tunnel Mode 271Transport Mode 272IPsec Family of Protocols 272Security Associations 273ISAKMP Overview 273Internet Key Exchange (IKE) Overview 274IKE Main Mode 274IKE Aggressive Mode 275IPsec Security Association (IPsec SA) 275IPsec Operational Overview 276IKE Phase 1 277IKE Phase 2 278Perfect Forward Secrecy 278Diffie-Hellman Algorithm 279Router Configuration as VPN Peer 281Configuring ISAKMP 281Preshared Keys 282Configuring the ISAKMP Protection Suite 282Configuring the ISAKMP Key 283Configuring IPsec 284Step 1: Create the Extended ACL 284Step 2: Create the IPsec Transforms 284Step 3: Create the Crypto Map 285Step 4: Apply the Crypto Map to an Interface 286Firewall VPN Configuration for Client Access 286Step 1: Define Interesting Traffic 288Step 2: IKE Phase 1[udp port 500] 288Step 3: IKE Phase 2 288Step 4: Data Transfer 289Step 5: Tunnel Termination 289SSL VPN Overview 289Comparing SSL and IPsec VPNs 290Which to Deploy: Choosing Between IPsec and SSL VPNs 292Remote-Access VPN Security Considerations 293Steps to Securing the Remote-Access VPN 294Cisco AnyConnect VPN Secure Mobility Solution 295Chapter Summary 296Chapter Review Questions 297Chapter 10 Wireless Security 299Essentials First: Wireless LANs 301What Is Wi-Fi? 302Benefits of Wireless LANs 303Wireless Equals Radio Frequency 303Wireless Networking 304Modes of Operation 305Coverage 306Bandwidth Availability 307WarGames Wirelessly 307Warchalking 308Wardriving 309Warspamming 311Warspying 312Wireless Threats 312Sniffing to Eavesdrop and Intercept Data 313Denial-of-Service Attacks 315Rogue/Unauthorized Access Points 316Misconfiguration and Bad Behavior 317AP Deployment Guidelines 317Wireless Security 318Service Set Identifier (SSID) 318Device and Access Point Association 319Wired Equivalent Privacy (WEP) 319WEP Limitations and Weaknesses 320MAC Address Filtering 320Extensible Authentication Protocol (EAP) 321LEAP 322EAP-TLS 322EAP-PSK 323EAP-TTLS 323Essential Wireless Security 323Essentials First: Wireless Hacking Tools 325NetStumbler 325Wireless Packet Sniffers 326Aircrack-ng 327OmniPeek 327Wireshark 329Chapter Summary 329Chapter Review Questions 330Chapter 11 Intrusion Detection and Honeypots 331Essentials First: Intrusion Detection 333IDS Functional Overview 335Host Intrusion Detection System 340Network Intrusion Detection System 341Wireless IDS 343Network Behavior Analysis 344How Are Intrusions Detected? 345Signature or Pattern Detection 346Anomaly-Based Detection 346Stateful Protocol Analysis 347Combining Methods 347Intrusion Prevention 347IDS Products 348Snort! 348Limitations of IDS 350Essentials First: Honeypots 354Honeypot Overview 354Honeypot Design Strategies 356Honeypot Limitations 357Chapter Summary 357Chapter Review Questions 357Chapter 12 Tools of the Trade 359Essentials First: Vulnerability Analysis 361Fundamental Attacks 361IP Spoofing/Session Hijacking 362Packet Analyzers 363Denial of Service (DoS) Attacks 363Other Types of Attacks 366Back Doors 368Security Assessments and Penetration Testing 370Internal Vulnerability and Penetration Assessment 370Assessment Methodology 371External Penetration and Vulnerability Assessment 371Assessment Methodology 372Physical Security Assessment 373Assessment Methodology 373Miscellaneous Assessments 374Assessment Providers 375Security Scanners 375Features and Benefits of Vulnerability Scanners 376Freeware Security Scanners 376Metasploit 376NMAP 376SAINT 377Nessus 377Retina Version 5.11.10 380CORE IMPACT Pro (a Professional Penetration Testing Product) 382In Their Own Words 383Scan and Detection Accuracy 384Documentation 384Documentation and Support 386Vulnerability Updates 386Chapter Summary 386Chapter Review Questions 387