15%
47.90
CHF40.70
Download steht sofort bereit
An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today's internetworked world
"There's no question that attacks on enterprise networks are increasing in frequency and sophistication..." -Mike Fuhrman, Cisco Systems Manager, Security Consulting
Managing Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco's security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.
Inhalt
Chapter 1 Introduction to IP Network Security
Introduction
What Role Does Security Play in a Network?
Goals
Philosophy
What if I Don't Deploy Security?
The Fundamentals of Networking
Where Does Security Fit in?
Network Access Layer Security
Internetwork Layer Security
Host-to-Host Layer Security?
Process Application Layer Security
Authentication
OSI Model
How the OSI Model Works
Composition of a Data Packet
Security in TCP/IP
Cisco IP Security Hardware and Software
The Cisco Secure PIX Firewall
Cisco Secure Integrated Software
Cisco Secure Integrated VPN Software
The Cisco Secure VPN Client
Cisco Secure Access Control Server
Cisco Secure Scanner
Cisco Secure Intrusion Detection System
Cisco Secure Policy Manager
Cisco Secure Consulting Services
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 What are We Trying to Prevent?
Introduction
What Threats Face Your Network?
Loss of Confidentiality
Loss of Integrity
Loss of Availability
Sources of Threats
Malicious Mobile Code
Trojan Horses
Viruses
Worms
Current Malicious Code Threats
Current Malicious Code Impacts
Denial of Service
The Smurf Attack
The SYN Flood Attack
Distributed Denial of Service (DDoS) Attacks
Detecting Breaches
Initial Detection
are Forensics Important?
What are the Key Steps after a Breach
is Detected?
Preventing Attacks
Reducing Vulnerabilities
Providing a Simple Security Network Architecture
Developing a Culture of Security
Developing a Security Policy
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Cisco PIX Firewall
Introduction
Overview of the Security Features
Differences between PIX OS Version 4.x and Version 5.x
Differences between PIX OS Version 6.0 and Version 5.x
Initial Configuration
Installing the PIX Software
The Command-Line Interface
IP Configuration
Configuring NAT and PAT
Permit Traffic Through
Security Policy Configuration
Security Strategies
Identify the Security Services to Implement
Implementing the Network Security Policy
Confidentiality Configuration in PIX
PIX Configuration Examples
Protecting a Private Network
Protecting a Network Connected to the Internet
Protecting Server Access Using Authentication
Protecting Public Servers Connected to the Internet
Securing and Maintaining the PIX
System Journaling
Securing the PIX
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Traffic Filtering in the Cisco Internetwork Operating System
Introduction
Access Lists
Access List Operation
Types of Access Lists
Standard IP Access Lists
Extended IP Access Lists
Named Access Lists
Editing Access Lists
Problems with Access Lists
Lock-and-key Access Lists
Reflexive Access Lists
Building Reflexive Access Lists
Applying Reflexive Access Lists
Context-based Access Control
The Context-based Access Control Process
Configuring Context-based Access Control
Inspection Rules
Applying the Inspection Rule
Configuring Port to Application Mapping
Configuring PAM
Protecting a Private Network
Protecting a Network Connected to the Internet
Protecting Server Access Using Lock-and-key
Protecting Public Servers Connected to the Internet
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Network Address Translation/Port Address Translation
Introduction
NAT Overview
Address Realm
RFC 1918 Private Addressing
NAT
Transparent Address Assignment
Transparent Routing
Public, Global, and External Networks
Private and Local Networks
Application Level Gateways
NAT Architectures
Traditional NAT or Outbound NAT
Port Address Translation
Static NAT
Twice NAT
Guidelines for Deploying NAT and PAT
IOS NAT Support for IP Telephony
H.323 v2 Support
CallManager Support
Session Initiation Protocol
Configuring NAT on Cisco IOS
Configuration Commands
Verification Commands
Configuring NAT between a Private Network and the Internet
Configuring NAT in a Network with DMZ
Considerations on NAT and PAT
IP Address Information in Data
Bundled Session Applications
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Cryptography
Introduction
Understanding Cryptography Concepts
History
Encryption Key Types
Learning about Standard Cryptographic Algorithms
Understanding Symmetric Algorithms
Understanding Asymmetric Algorithms
Understanding Brute Force
Brute Force Basics
Using Brute Force to Obtain Passwords
Knowing When Real Algorithms are Being Used Improperly
Bad Key Exchanges
Hashing Pieces Separately
Using a Short Password to Generate a Long Key
Improperly Stored Private or Secret Keys
Understanding Amateur Cryptography Attempts
Classifying the Ciphertext
Monoalphabetic Ciphers
Other Ways to Hide Information
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Cisco LocalDirector and DistributedDirector
Introduction
Improving Security Using Cisco LocalDirector
LocalDirector Technology Overview
LocalDirector Product Overview
LocalDirector Security Features
Filtering of Access Traffic
Using synguard to Protect against SYN Flood Attacks
Using NAT to Hide Real Addresses
Restricting Who is Authorized to Have Telnet Access to LocalDirector
Password Protection
Syslog Logging
Securing Geographically Dispersed Server Farms Using Cisco DistributedDirector
DistributedDirector Technology Overview
DistributedDirector Product Overview
DistributedDirector Security Features
Limiting the Source of DRP Queries
Authentication between DistributedDirector and DRP Agents
Password Protection
Syslog Logging
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Virtual Private Networks and Remote Access
Introduction
Overview of the Different VPN Technologies
The Peer Model
The Overlay Model
Link Layer VPNs
…