End-to-End Network Security: Defense-in-Depth View Larger Image | Omar Santos
Cisco Press, Paperback, Published August 2007, 400 pages, ISBN 1587053322 | List Price: $55.00
Our Price: $42.95
You Save: $12.05 (22% Off)
| | | Availability: Out-Of-Stock |
Read an excerpt:
Chapter 3: Identifying and Classifying Security Threats
Excerpt provided courtesy of by Cisco Press. Copyright © Pearson Education, Cisco Press. Written permission from the publisher is required for any use of this material.
|
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - LAN Switch Security: What Hackers Know About Your Switches; Eric Vyncke, et al, $46.50, 22% Off!
- Cisco ASA, PIX, and FWSM Firewall Handbook; David Hucaby, $50.50, 22% Off!
- Security Monitoring with Cisco Security MARS; Gary Halleen, et al, $46.50, 22% Off!
- Network Management: Accounting and Performance Strategies; Benoit Claise, et al, $54.50, 22% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
Best practices for assessing and improving network defenses
and responding to security incidents
Information security practices have evolved from Internet
perimeter protection to an in-depth defense model in which multiple countermeasures
are layered throughout the infrastructure to address vulnerabilities and attacks.
This is necessary due to increased attack frequency, diverse attack sophistication,
and the rapid nature of attack velocity -- all blurring the boundaries between
the network and perimeter.
End-to-End Network Security is designed to counter
the new generation of complex threats. Adopting this robust security strategy
defends against highly sophisticated attacks that can occur at multiple locations
in your network. The ultimate goal is to deploy a set of security capabilities
that together create an intelligent, self-defending network that identifies
attacks as they occur, generates alerts as appropriate, and then automatically
responds.
End-to-End Network Security provides you with
a comprehensive look at the mechanisms to counter threats to each part of
your network. The book starts with a review of network security technologies
then covers the six-step methodology for incident response and best practices
from proactive security frameworks. Later chapters cover wireless network
security, IP telephony security, data center security, and IPv6 security.
Finally, several case studies representing small, medium, and large enterprises
provide detailed example configurations and implementation strategies of best
practices learned in earlier chapters.
Adopting the techniques and strategies outlined in this
book enables you to prevent day-zero attacks, improve your overall security
posture, build strong policies, and deploy intelligent, self-defending networks.
"Within these pages, you will find many practical tools, both process
related and technology related, that you can draw on to improve your risk mitigation
strategies."
-- Bruce Murphy, Vice President, World Wide Security Practices, Cisco
- Guard your network with firewalls, VPNs, and intrusion prevention systems
- Control network access with AAA
- Enforce security policies with Cisco Network Admission Control (NAC)
- Learn how to perform risk and threat analysis
- Harden your network infrastructure, security policies, and procedures
against security threats
- Identify and classify security threats
- Trace back attacks to their source
- Learn how to best react to security incidents
- Maintain visibility and control over your network with the SAVE framework
- Apply Defense-in-Depth principles to wireless networks, IP telephony networks,
data centers, and IPv6 networks
This security book is part of the Cisco Press Networking
Technology Series. Security titles from Cisco Press help networking professionals
secure critical data and resources, prevent and mitigate network attacks,
and build end-to-end self-defending networks.
Table of Contents
Foreword xix
Introduction xx
Part I
Introduction to Network
Security Solutions 3
Chapter 1
Overview of Network Security
Technologies 5
Firewalls 5
Network Firewalls 6
Network Address Translation
(NAT) 7
Stateful Firewalls 9
Deep Packet Inspection
10
Demilitarized Zones 10
Personal Firewalls 11
Virtual Private Networks
(VPN) 12
Technical Overview of
IPsec 14
Phase 1 14
Phase 2 16
SSL VPNs 18
Intrusion Detection Systems
(IDS) and Intrusion Prevention Systems (IPS) 19
Pattern Matching 20
Protocol Analysis 21
Heuristic-Based Analysis
21
Anomaly-Based Analysis
21
Anomaly Detection Systems
22
Authentication, Authorization,
and Accounting (AAA) and Identity Management 23
RADIUS 23
TACACS+ 25
Identity Management Concepts
26
Network Admission Control
27
NAC Appliance 27
NAC Framework 33
Routing Mechanisms as
Security Tools 36
Summary 39
Part II
Security Lifestyle: Frameworks
and Methodologies 41
Chapter 2
Preparation Phase 43
Risk Analysis 43
Threat Modeling 44
Penetration Testing 46
Social Engineering 49
Security Intelligence
50
Common Vulnerability
Scoring System 50
Base Metrics 51
Temporal Metrics 51
Environmental Metrics
52
Creating a Computer Security
Incident Response Team (CSIRT) 52
Who Should Be Part of
the CSIRT? 53
Incident Response Collaborative
Teams 54
Tasks and Responsibilities
of the CSIRT 54
Building Strong Security
Policies 54
Infrastructure Protection
57
Strong Device Access
Control 59
SSH Versus Telnet 59
Local Password Management
61
Configuring Authentication
Banners 62
Interactive Access Control
62
Role-Based Command-Line
Interface (CLI) Access in Cisco IOS 64
Controlling SNMP Access
66
Securing Routing Protocols
66
Configuring Static Routing
Peers 68
Authentication 68
Route Filtering 69
Time-to-Live (TTL) Security
Check 70
Disabling Unnecessary
Services on Network Components 70
Cisco Discovery Protocol
(CDP) 71
Finger 72
Directed Broadcast 72
Maintenance Operations
Protocol (MOP) 72
BOOTP Server 73
ICMP Redirects 73
IP Source Routing 73
Packet Assembler/Disassembler
(PAD) 73
Proxy Address Resolution
Protocol (ARP) 73
IDENT 74
TCP and User Datagram
Protocol (UDP) Small Servers 74
IP Version 6 (IPv6) 75
Locking Down Unused Ports
on Network Access Devices 75
Control Resource Exhaustion
75
Resource Thresholding
Notification 76
CPU Protection 77
Receive Access Control
Lists (rACLs) 78
Control Plane Policing
(CoPP) 80
Scheduler Allocate/Interval
81
Policy Enforcement 81
Infrastructure Protection
Access Control Lists (iACLs) 82
Unicast Reverse Path
Forwarding (Unicast RPF) 83
Automated Security Tools
Within Cisco IOS 84
Cisco IOS AutoSecure
84
Cisco Secure Device Manager
(SDM) 88
Telemetry 89
Endpoint Security 90
Patch Management 90
Cisco Security Agent
(CSA) 92
Network Admission Control
94
Phased Approach 94
Administrative Tasks
96
Staff and Support 96
Summary 97
Chapter 3
Identifying and Classifying
Security Threats 99
Network Visibility 101
Telemetry and Anomaly
Detection 108
NetFlow 108
Enabling NetFlow 111
Collecting NetFlow Statistics
from the CLI 112
SYSLOG 115
Enabling Logging (SYSLOG)
on Cisco IOS Routers and Switches 115
Enabling Logging Cisco
Catalyst Switches Running CATOS 117
Enabling Logging on Cisco
ASA and Cisco PIX Security Appliances 117
SNMP 118
Enabling SNMP on Cisco
IOS Devices 119
Enabling SNMP on Cisco
ASA and Cisco PIX Security Appliances 121
Cisco Security Monitoring,
Analysis and Response System (CS-MARS) 121
Cisco Network Analysis
Module (NAM) 125
Open Source Monitoring
Tools 126
Cisco Traffic Anomaly
Detectors and Cisco Guard DDoS Mitigation
Appliances 127
Intrusion Detection and
Intrusion Prevention Systems (IDS/IPS) 131
The Importance of Signatures
Updates 131
The Importance of Tuning
133
Anomaly Detection Within
Cisco IPS Devices 137
Summary 139
Chapter 4
Traceback 141
Traceback in the Service
Provider Environment 142
Traceback in the Enterprise
147
Summary 151
Chapter 5
Reacting to Security
Incidents 153
Adequate Incident-Handling
Policies and Procedures 153
Laws and Computer Crimes
155
Security Incident Mitigation
Tools 156
Access Control Lists
(ACL) 157
Private VLANs 158
Remotely Triggered Black
Hole Routing 158
Forensics 160
Log Files 161
Linux Forensics Tools
162
Windows Forensics 164
Summary 165
Chapter 6
Postmortem and Improvement
167
Collected Incident Data
167
Root-Cause Analysis and
Lessons Learned 171
Building an Action Plan
173
Summary 174
Chapter 7
Proactive Security Framework
177
SAVE Versus ITU-T X.805
178
Identity and Trust 183
AAA 183
Cisco Guard Active Verification
185
DHCP Snooping 186
IP Source Guard 187
Digital Certificates
and PKI 188
IKE 188
Network Admission Control
(NAC) 188
Routing Protocol Authentication
189
Strict Unicast RPF 189
Visibility 189
Anomaly Detection 190
IDS/IPS 190
Cisco Network Analysis
Module (NAM) 191
Layer 2 and Layer 3 Information
(CDP, Routing Tables, CEF Tables) 191
Correlation 192
CS-MARS 193
Arbor Peakflow SP and
Peakflow X 193
Cisco Security Agent
Management Console (CSA-MC) Basic
Event Correlation 193
Instrumentation and Management
193
Cisco Security Manager
195
Configuration Logger
and Configuration Rollback 195
Embedded Device Managers
195
Cisco IOS XR XML Interface
196
SNMP and RMON 196
Syslog 196
Isolation and Virtualization
196
Cisco IOS Role-Based
CLI Access (CLI Views) 197
Anomaly Detection Zones
198
Network Device Virtualization
198
Segmentation with VLANs
199
Segmentation with Firewalls
200
Segmentation with VRF/VRF-Lite
200
Policy Enforcement 202
Visualization Techniques
203
Summary 207
Part III
Defense-In-Depth Applied
209
Chapter 8
Wireless Security 211
Overview of Cisco Unified
Wireless Network Architecture 212
Authentication and Authorization
of Wireless Users 216
WEP 216
WPA 218
802.1x on Wireless Networks
219
EAP with MD5 221
Cisco LEAP 222
EAP-TLS 223
PEAP 223
EAP Tunneled TLS Authentication
Protocol (EAP-TTLS) 224
EAP-FAST 224
EAP-GTC 225
Configuring 802.1x with
EAP-FAST in the Cisco Unified Wireless Solution 226
Configuring the WLC 226
Configuring the Cisco
Secure ACS Server for 802.1x and EAP-FAST 229
Configuring the CSSC
233
Lightweight Access Point
Protocol (LWAPP) 236
Wireless Intrusion Prevention
System Integration 239
Configuring IDS/IPS Sensors
in the WLC 241
Uploading and Configuring
IDS/IPS Signatures 242
Management Frame Protection
(MFP) 243
Precise Location Tracking
244
Network Admission Control
(NAC) in Wireless Networks 245
NAC Appliance Configuration
246
WLC Configuration 255
Summary 259
Chapter 9
IP Telephony Security
261
Protecting the IP Telephony
Infrastructure 262
Access Layer 266
Distribution Layer 273
Core 275
Securing the IP Telephony
Applications 275
Protecting Cisco Unified
CallManager 276
Protecting Cisco Unified
Communications Manager Express (CME) 277
Protecting Cisco Unity
281
Protecting Cisco Unity
Express 287
Protecting Cisco Personal
Assistant 289
Hardening the Cisco Personal
Assistant Operating Environment 289
Cisco Personal Assistant
Server Security Policies 291
Protecting Against Eavesdropping
Attacks 293
Summary 295
Chapter 10
Data Center Security
297
Protecting the Data Center
Against Denial of Service (DoS) Attacks and Worms 297
SYN Cookies in Firewalls
and Load Balancers 297
Intrusion Prevention
Systems (IPS) and Intrusion Detection Systems (IDS) 300
Cisco NetFlow in the
Data Center 301
Cisco Guard 302
Data Center Infrastructure
Protection 302
Data Center Segmentation
and Tiered Access Control 303
Segmenting the Data Center
with the Cisco FWSM 306
Cisco FWSM Modes of Operation
and Design Considerations 306
Configuring the Cisco
Catalyst Switch 309
Creating Security Contexts
in the Cisco FWSM 310
Configuring the Interfaces
on Each Security Context 312
Configuring Network Address
Translation 313
Controlling Access with
ACLs 317
Virtual Fragment Reassembly
322
Deploying Network Intrusion
Detection and Prevention Systems 322
Sending Selective Traffic
to the IDS/IPS Devices 322
Monitoring and Tuning
325
Deploying the Cisco Security
Agent (CSA) in the Data Center 325
CSA Architecture 325
Configuring Agent Kits
326
Phased Deployment 326
Summary 327
Chapter 11
IPv6 Security 329
Reconnaissance 330
Filtering in IPv6 331
Filtering Access Control
Lists (ACL) 331
ICMP Filtering 332
Extension Headers in
IPv6 332
Spoofing 333
Header Manipulation and
Fragmentation 333
Broadcast Amplification
or Smurf Attacks 334
IPv6 Routing Security
334
IPsec and IPv6 335
Summary 336
Part IV
Case Studies 339
Chapter 12
Case Studies 341
Case Study of a Small
Business 341
Raleigh Office Cisco
ASA Configuration 343
Configuring IP Addressing
and Routing 343
Configuring PAT on the
Cisco ASA 347
Configuring Static NAT
for the DMZ Servers 349
Configuring Identity
NAT for Inside Users 351
Controlling Access 352
Cisco ASA Antispoofing
Configuration 353
Blocking Instant Messaging
354
Atlanta Office Cisco
IOS Configuration 360
Locking Down the Cisco
IOS Router 360
Configuring Basic Network
Address Translation (NAT) 376
Configuring Site-to-Site
VPN 377
Case Study of a Medium-Sized
Enterprise 389
Protecting the Internet
Edge Routers 391
Configuring the AIP-SSM
on the Cisco ASA 391
Configuring Active-Standby
Failover on the Cisco ASA 394
Configuring AAA on the
Infrastructure Devices 400
Case Study of a Large
Enterprise 401
Creating a New Computer
Security Incident Response Team (CSIRT) 403
Creating New Security
Policies 404
Physical Security Policy
404
Perimeter Security Policy
404
Device Security Policy
405
Remote Access VPN Policy
405
Patch Management Policy
406
Change Management Policy
406
Internet Usage Policy
406
Deploying IPsec Remote
Access VPN 406
Configuring IPsec Remote
Access VPN 408
Configuring Load-Balancing
415
Reacting to a Security
Incident 418
Identifying, Classifying,
and Tracking the Security Incident or Attack 419
Reacting to the Incident
419
Postmortem 419
Summary 420
Index
About the Author
Omar Santos is a senior network security engineer at Cisco. Omar has designed,
implemented, and supported numerous secure networks for Fortune 500 companies
and the U.S. government. Prior to his current role, he was a technical leader
within the World Wide Security Practice and the Cisco Technical Assistance Center
(TAC), where he taught, led, and mentored many engineers within both organizations.
|
