Managing Cisco Network Security, 2nd Edition
Be the First to Write a Review and tell the world about this title!Books on similar topics, in best-seller order: Books from the same publisher, in best-seller order:
The Complete
Guide to Cisco Security
Information
security has become an extremely important topic over the past few years. In
today's environment the number of touch points between an organization's information
assets and the outside world has drastically increased. Millions of customers
interact via Web sites, employees and partners connect via Virtual Private Networks,
applications are outsourced to Application Service Providers (ASPs) and wireless
LANs are regularly deployed. A critical strategy for reducing security risks
is to practice defense-in-depth, and Cisco Systems has placed a high priority
on security and offers a wide range of security products. Managing Cisco Network
Security, Second Edition is important to anyone involved with Cisco networks,
as it provides practical information on using a broad spectrum of Cisco's security
products.
- Learn the
Key Steps to Take When a Breach Is Detected
Review the five steps of identification and classification, containment, eradication,
recovery, and follow-up.
- Master the
PIX Firewall Series of Products
Learn about the Cisco PIX 535, Cisco PIX 525, Cisco PIX 515E, Cisco PIX, and
Cisco PIX 501.
- Place Access
Lists
Review the options you have in applying access lists and achieving the same
affect on traffic flowing through the router.
- Understand
the Three Phases of Transparent Routing
Review the guidelines for deploying Network Address Translation (NAT).
- Understand
the LocalDirector Security Features
Secure Geographically Dispersed Server Farms Using DistributedDirector.
- Find an Overview
of the Different VPN Technologies
Use a Cisco VPN Concentrator and IPSec to securely send information to and
from both sides of the VPN.
- Cover Cisco
Authentication, Authorization, and Accounting (AAA)
Configure Cisco devices, including routers, access servers, firewalls, and
VPN gateways to act as an AAA client.
- Configure
the Features of the Content Services Switch (CSS)
Review the security features of CSS, including health checks for each new
flow, Access Control Lists, and NAT.
- Perform Dynamic
Intrusion Detection
Use the Cisco Secure Network Intrusion Detection System to perform real-time
intrusion detection.
- Look Ahead
to Cisco Wireless Security
Review the four steps of Wireless Equivalency Privacy (WEP) authorization.
- Register
for Your 1 Year Upgrade
The Syngress Solutions upgrade plan protects you from content obsolescence
and provides monthly mailings, whitepapers, and more!
TABLE
OF CONTENTS
Chapter
1 Introduction to IP
Network
Security
Introduction
What Role
Does Security Play in a Network?
Goals
Confidentiality
Integrity
Availability
Philosophy
What if
I Don't Deploy Security?
The Fundamentals
of Networking
Where
Does Security Fit in?
Network
Access Layer Security
Internetwork
Layer Security
Access
Control Lists
Host-to-Host
Layer Security
IPSec
Process
Application Layer Security
PGP
S-HTTP
Secure
Sockets Layer and Transport Layer Security
The Secure
Shell Protocol
Authentication
Terminal
Access Controller Access
System Plus
Remote
Dial-in User System
Kerberos
OSI Model
Layer
1: The Physical Layer
Layer
2: The Data-link Layer
Layer
3: The Network Layer
Layer
4: The Transport Layer
Layer
5: The Session Layer
Layer
6: The Presentation Layer
Layer
7: The Application Layer
How the
OSI Model Works
Transport
Layer Protocols
The Internet
Layer
The Network
Layer
Composition
of a Data Packet
Ethernet
Security
in TCP/IP
Cisco
IP Security Hardware and Software
The Cisco
Secure PIX Firewall
Cisco
Secure Integrated Software
Cisco
Secure Integrated VPN Software
The Cisco
Secure VPN Client
Cisco
Secure Access Control Server
Cisco
Secure Scanner
Cisco
Secure Intrusion Detection System
Cisco
Secure Policy Manager
Cisco
Secure Consulting Services
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
2 What Are We Trying to Prevent?
Introduction
What Threats
Face Your Network?
Loss of
Confidentiality
Loss of
Integrity
Loss of
Availability
Sources
of Threats
Malicious
Mobile Code
Trojan
Horses
Viruses
Worms
Current
Malicious Code Threats
Current
Malicious Code Impacts
Denial
of Service
The Smurf
Attack
The SYN
Flood Attack
Distributed
Denial of Service (DDoS) Attacks
Detecting
Breaches
Initial
Detection
File System
Integrity Software
Network
Traffic Anomaly Tools
Are Forensics
Important?
What Are
the Key Steps after a Breach
Is Detected?
Preventing
Attacks
Reducing
Vulnerabilities
Providing
a Simple Security Network
Architecture
Developing
a Culture of Security
Developing
a Security Policy
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
3 Cisco PIX Firewall
Introduction
Overview
of the Security Features
Differences
between PIX OS Version 4.x
and Version 5.x
Differences
between PIX OS
Version 6.0 and Version 5.x
Cisco
PIX Device Manager
VPN Client
v3.x
CPU Utilization
Statistics
Dynamic
Shunning with Cisco
Intrusion Detection System
Port Address
Translations
Skinny
Protocol Support
Session
Initiation Protocol
Stateful
Sharing of HTTP (port 80)
Sessions
Ethernet
Interfaces
Initial
Configuration
Installing
the PIX Software
Connecting
to the PIX-Basic
Configuration
Identify
Each Interface
Installing
the IOS over TFTP
The Command-Line
Interface
IP Configuration
IP Addresses
Configuring
NAT and PAT
Permit
Traffic Through
Security
Policy Configuration
Security
Strategies
Deny Everything
that Is Not
Explicitly Permitted
Allow
Everything that Is Not
Explicitly Denied
Identify
the Resources to Protect
Demilitarized
Zone
Identify
the Security Services to Implement
Authentication
and Authorization
Access
Control
Confidentiality
URL, ActiveX,
and Java Filtering
Implementing
the Network Security Policy
Authentication
Configuration in PIX
Access
Control Configuration in PIX
Securing
Resources
Confidentiality
Configuration in PIX
URL, ActiveX,
and Java Filtering
PIX Configuration
Examples
Protecting
a Private Network
Protecting
a Network Connected to
the Internet
Protecting
Server Access Using
Authentication
Protecting
Public Servers Connected
to the Internet
Securing
and Maintaining the PIX
System
Journaling
Securing
the PIX
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
4 Traffic Filtering in the Cisco Internetwork Operating System
Introduction
Access
Lists
Access
List Operation
Types
of Access Lists
Standard
IP Access Lists
Source
Address and Wildcard Mask
Keywords
any and host
Keyword
Log
Applying
an Access List
Extended
IP Access Lists
Keywords
permit or deny
Protocol
Source
Address and Wildcard-mask
Destination
Address and Wildcard-mask
Source
and Destination Port Number
Established
Log and
Log-input
Named
Access Lists
Editing
Access Lists
Problems
with Access Lists
Lock-and-key
Access Lists
Reflexive
Access Lists
Building
Reflexive Access Lists
Applying
Reflexive Access Lists
Context-based
Access Control
The Context-based
Access Control Process
Configuring
Context-based Access Control
Inspection
Rules
Applying
the Inspection Rule
Configuring
Port to Application Mapping
Configuring
PAM
Protecting
a Private Network
Protecting
a Network Connected to
the Internet
Protecting
Server Access Using
Lock-and-key
Protecting
Public Servers Connected
to the Internet
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
5 Network Address
Translation/Port
Address Translation
Introduction
NAT Overview
Address
Realm
RFC 1918
Private Addressing
NAT
Transparent
Address Assignment
Transparent
Routing
Public,
Global, and External Networks
Private
and Local Networks
Application
Level Gateways
NAT Architectures
Traditional
NAT or Outbound NAT
Port Address
Translation
Static
NAT
Twice
NAT
Guidelines
for Deploying NAT and PAT
IOS NAT
Support for IP Telephony
H.323
v2 Support
CallManager
Support
Session
Initiation Protocol
Configuring
NAT on Cisco IOS
Configuration
Commands
Verification
Commands
Configuring
NAT between a Private
Network and the Internet
Configuring
NAT in a Network with DMZ
Considerations
on NAT and PAT
IP Address
Information in Data
Bundled
Session Applications
Peer-to-Peer
Applications
IP Fragmentation
with PAT en Route
Applications
Requiring Retention
of Address Mapping
IPSec
and IKE
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
6 Cryptography
Introduction
Understanding
Cryptography Concepts
History
Encryption
Key Types
Learning
about Standard Cryptographic
Algorithms
Understanding
Symmetric Algorithms
DES
AES (Rijndael)
IDEA
Understanding
Asymmetric Algorithms
Diffie-Hellman
RSA
Understanding
Brute Force
Brute
Force Basics
Using
Brute Force to Obtain Passwords
L0phtcrack
Crack
John the
Ripper
Knowing
When Real Algorithms Are
Being Used Improperly
Bad Key
Exchanges
Hashing
Pieces Separately
Using
a Short Password to Generate
a Long Key
Improperly
Stored Private or Secret Keys
Understanding
Amateur Cryptography Attempts
Classifying
the Ciphertext
Frequency
Analysis
Ciphertext
Relative Length Analysis
Similar
Plaintext Analysis
Monoalphabetic
Ciphers
Other
Ways to Hide Information
XOR
UUEncode
Base64
Compression
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
7 Cisco LocalDirector and DistributedDirector
Introduction
Improving
Security Using Cisco LocalDirector
LocalDirector
Technology Overview
LocalDirector
Product Overview
LocalDirector
Security Features
Filtering
of Access Traffic
Using
synguard to Protect Against
SYN Flood Attacks
Using
NAT to Hide Real Addresses
Restricting
Who Is Authorized to
Have Telnet Access to LocalDirector
Password
Protection
The enable
Password
The telnet
Password
Syslog
Logging
Securing
Geographically Dispersed Server Farms
Using Cisco DistributedDirector
DistributedDirector
Technology Overview
DistributedDirector
Product Overview
DistributedDirector
Security Features
Limiting
the Source of DRP Queries
Authentication
between DistributedDirector
and DRP Agents
The key
chain Command
The key
Command
The key-string
Command
Password
Protection
The enable
secret Password
The enable
Password
The telnet
Password
Syslog
Logging
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
8 Virtual Private Networks
and
Remote Access
Introduction
Overview
of the Different VPN Technologies
The Peer
Model
The Overlay
Model
Link Layer
VPNs
Network
Layer VPNs
Tunneling
VPNs
Virtual
Private Dial Networks
Controlled
Route Leaking
Transport
and Application Layer VPNs
Intranet
VPNs
Extranet
VPNs
Access
VPNs
Layer
2 Transport Protocol
Configuring
Cisco L2TP
An LAC
Configuration Example
A LNS
Configuration Example
IPSec
IPSec
Architecture
Security
Associations
Anti-replay
Feature
A Security
Policy Database
Authentication
Header
Encapsulating
Security Payload
Manual
IPSec
Internet
Key Exchange
Authentication
Methods
IKE and
Certificate Authorities
IPSec
limitations
Network
Performance
Network
Troubleshooting
IPSec
and Cisco Encryption Technology
Configuring
Cisco IPSec
IPSec
Manual Keying Configuration
IPSec
over GRE Tunnel Configuration
Connecting
IPSec Clients to Cisco IPSec
Cisco
Secure VPN Client
Windows
2000
Linux
FreeS/WAN
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
9 Cisco Authentication,
Authorization,
and Accounting
Mechanisms
Introduction
Cisco
AAA Overview
AAA Authentication
AAA Authorization
AAA Accounting
AAA Benefits
Cisco
AAA Mechanisms
Supported
AAA Security Protocols
RADIUS
TACACS+
Kerberos
Choosing
RADIUS, TACAS+, or
Kerberos
Configuring
AAA Authentication
Configuring
Login Authentication
Using AAA
Configuring
PPP Authentication
Using AAA
Enabling
Password Protection for
Privileged EXEC Mode
Authorization
Configure
Authorization
TACACS+
Configuration Example
Accounting
Configuring
Accounting
Suppress
Generation of Accounting
Records for Null Username Sessions
RADIUS
Configuration Example
Typical
RAS Configuration Using AAA
Typical
Firewall Configuration Using AAA
Authentication
Proxy
How the
Authentication Proxy Works
Comparison
with the Lock-and-key Feature
Benefits
of Authentication Proxy
Restrictions
of Authentication Proxy
Configuring
Authentication Proxy
Configuring
the HTTP Server
Configuring
the Authentication Proxy
Authentication
Proxy Configuration
Example
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
10 Cisco Content Services Switch
Introduction
Overview
of Cisco Content Services Switch
Cisco
Content Services Switch Technology
Overview
Cisco
Content Services Switch Product
Information
Security
Features of Cisco Content Services
Switch
FlowWall
Security
Example
of Nimda Virus Filtering
without Access Control Lists
Using
Network Address Translation to
Hide Real Addresses
Firewall
Load Balancing
Example
of Firewall Load Balancing
with Static Routes
Password
Protection
The User
Access Level
The SuperUser
Access Level
Disabling
Telnet Access
Syslog
Logging
Known
Security Vulnerabilities
Cisco
Bug ID CSCdt08730
Cisco
Bug ID CSCdt12748
Cisco
Bug ID CSCdu20931
Cisco
Bug ID CSCdt32570
Cisco
Bug ID CSCdt64682
Multiple
SSH Vulnerabilities
Malformed
SNMP Message Handling
Vulnerabilities
CodeRed
Impact
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
11 Cisco Secure Scanner
Introduction
Minimum
System Specifications for Secure
Scanner
Searching
the Network for Vulnerabilities
Identifying
Network Addresses
Identifying
Vulnerabilities
Scheduling
the Session
Viewing
the Results
Changing
Axis Views
Drilling
into Data
Pivoting
Data
Zooming
In and Out
Creating
Charts
Saving
Grid Views and Charts
Reports
and Wizards
Keeping
the System Up-to-Date
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
12 Cisco Secure Policy Manager
Introduction
Overview
of the Cisco Secure Policy Manager
The Benefits
of Using Cisco Secure Policy
Manager
Installation
Requirements for the Cisco
Secure Policy Manager
Features
of the Cisco Secure Policy Manager
Cisco
Firewall Management
VPN and
IPSec Security Management
Security
Policy Management
Security
Policy Definition
Security
Policy Enforcement
Security
Policy Auditing
Network
Security Deployment Options
Cisco
Secure Policy Manager Device
and Software Support
Using
the Cisco Secure Policy Manager
Configuration
CSPM Configuration
Example
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
13 Intrusion Detection
Introduction
What Is
Intrusion Detection?
Types
of IDSs
IDS Architecture
Why Should
You Have an IDS?
Benefits
of an IDS in a Network
Reduce
the Risk of a Systems
Compromise
Identifying
Errors of Configuration
Optimize
Network Traffic
Documenting
Existing Threat Levels
for Planning or Resource Allocation
Changing
User Behavior
Deploying
an IDS in a Network
Sensor
Placement
Difficulties
in Deploying an IDS
IDS Tuning
Tuning
Turn It
Up
Tone It
Down
Network
Attacks and Intrusions
Poor Network
Perimeter/Device Security
Packet
Decoders
Scanner
Programs
Network
Topology
Unattended
Modems
Poor Physical
Security
Application
and Operating Software
Weaknesses
Software
Bugs
Getting
Passwords-Easy Ways
of Cracking Programs
Human
Failure
Poorly
Configured Systems
Information
Leaks
Malicious
Users
Weaknesses
in the IP Suite of Protocols
Layer
7 Attacks
Layer
3 and Layer 4 Attacks
The Cisco
Secure Network Intrusion
Detection System
What Is
the Cisco Secure Network
Intrusion Detection System?
The Probe
The Director
The Cisco
Secure Policy Manager
The Post
Office
Before
You Install
Director
and Probe Setup
Director
Installation
Director
Configuration
Probe
Installation
Completing
the Probe Installation
General
Operation
nrConfigure
Configuring
Logging from a Router
to a Sensor
Configuring
Intrusion Detection
on Sensors
Customizing
the NSDB
Upgrading
the NSDB
The Data
Management Package
An E-mail
Notification Example
Cisco
IOS Intrusion Detection Systems
Configuring
Cisco IOS IDS Features
Associated
Commands
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
14 Network Security
Management
Introduction
PIX Device
Manager
PIX Device
Manager Overview
PIX Device
Manager Benefits
Supported
PIX Firewall Versions
PIX Device
Requirements
Requirements
for a Host Running
the PIX Device Management Client
Using
PIX Device Manager
Configuring
the PIX Device Manager
Installing
the PIX Device Manager
Configuration
Examples
Connecting
to the PIX with PDM
Configuring
Basic Firewall Properties
Implementing
Network Address
Translation
Allowing
Inbound Traffic from
External Sources
CiscoWorks2000
Access Control List Manager
ACL Manager
Overview
ACL Manager
Device and Software
Support
Installation
Requirements for ACL Manager
ACL Manager
Features
Using
a Structured Access Control
List Security Policy
Decreasing
Deployment Time for
Access Control Lists
Ensure
Consistency of Access
Control Lists
Keep Track
of Changes Made on
the Network
Troubleshooting
and Error Recovery
The Basic
Operation of ACL Manager
Using
Templates and Defining Classes
Using
DiffViewer
Using
the Optimizer and the Hits
Optimizer
Using
ACL Manager
Configuring
the ACL Manager
Installing
the ACL Manager and
Associated Software
Configuration
Example: Creating ACLs
with ACLM
Cisco
Secure Policy Manager
Cisco
Secure Access Control Server
Overview
of the Cisco Secure Access
Control Server
Benefits
of the Cisco Secure Access
Control Server
Authentication
Authorization
Accounting
Installation
Requirements for the
Cisco Access Control Server
Features
of Cisco Secure ACS
Placing
Cisco Secure ACS in the
Network
Cisco
Secure ACS Device and Software
Support
Using
Cisco Secure ACS
Installing
Cisco Secure ACS
Configuration
Configuration
Example: Adding
and Configuring a AAA Client
Summary
Solutions
Fast Track
Frequently
Asked Questions
Chapter
15 Looking Ahead:
Cisco
Wireless Security
Introduction
Understanding
Security Fundamentals
and Principles of Protection
Ensuring
Confidentiality
Ensuring
Integrity
Ensuring
Availability
Ensuring
Privacy
Ensuring
Authentication
Extensible
Authentication
Protocol (EAP)
An Introduction
to the 802.1x Standard
Per-Packet
Authentication
Cisco
Light Extensible Authentication
Protocol
Configuration
and Deployment of LEAP
Ensuring
Authorization
MAC Filtering
What Is
a MAC Address?
Where
in the Authentication/Association
Process Does MAC Filtering Occur?
Determining
MAC Filtering Is Enabled
MAC Spoofing
Ensuring
Non-Repudiation
Accounting
and Audit Trails
Using
Encryption
Encrypting
Voice Data
Encrypting
Data Systems
Reviewing
the Role of Policy
Identifying
Resources
Understanding
Classification Criteria
Implementing
Policy
Addressing
the Issues with Policy
Implementing
WEP
Defining
WEP
Creating
Privacy with WEP
The WEP
Authentication Process
WEP Benefits
and Advantages
WEP Disadvantages
The Security
Implications of
Using WEP
Implementing
WEP on the Cisco
Aironet AP 340
Exploiting
WEP
Security
of 64-Bit versus 128-Bit Keys
Acquiring
a WEP Key
Addressing
Common Risks and Threats
Finding
a Target
Finding
Weaknesses in a Target
Exploiting
Those Weaknesses
Sniffing,
Interception, and Eavesdropping
Defining
Sniffing
Sample
Sniffing Tools
Sniffing
Case Scenario
Protecting
Against Sniffing and
Eavesdropping
Spoofing
and Unauthorized Access
Defining
Spoofing
Sample
Spoofing Tools
Protecting
Against Spoofing and
Unauthorized Attacks
Network
Hijacking and Modification
Defining
Hijacking
Sample
Hijacking Tools
Hijacking
Case Scenario
Protection
against Network Hijacking
and Modification
Denial
of Service and Flooding Attacks
Defining
DoS and Flooding
Sample
DoS Tools
DoS and
Flooding Case Scenario
Protecting
Against DoS and Flooding Attacks
Summary
Solutions
Fast Track
Frequently
Asked Questions
Index
|
