Managing Cisco Network Security

An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today's internetworked world

"There's no question that attacks on enterprise networks are increasing in frequency and sophistication..." -Mike Fuhrman, Cisco Systems Manager, Security Consulting

Managing Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco's security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.

• Security from a real-world perspective
• Key coverage of the new technologies offered by the Cisco including: 500 series of Cisco PIX Firewall, Cisco
• Intrusion Detection System, and the Cisco Secure Scanner
• Revised edition of a text popular with CCIP (Cisco Certified Internetwork Professional) students
• Expanded to include separate chapters on each of the security products offered by Cisco Systems

Inhalt

Chapter 1 Introduction to IP Network Security

Introduction

What Role Does Security Play in a Network?

Goals

Philosophy

What if I Don't Deploy Security?

The Fundamentals of Networking

Where Does Security Fit in?

Network Access Layer Security

Internetwork Layer Security

Host-to-Host Layer Security?

Process Application Layer Security

Authentication

OSI Model

How the OSI Model Works

Composition of a Data Packet

Security in TCP/IP

Cisco IP Security Hardware and Software

The Cisco Secure PIX Firewall

Cisco Secure Integrated Software

Cisco Secure Integrated VPN Software

The Cisco Secure VPN Client

Cisco Secure Access Control Server

Cisco Secure Scanner

Cisco Secure Intrusion Detection System

Cisco Secure Policy Manager

Cisco Secure Consulting Services

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 2 What are We Trying to Prevent?

Introduction

What Threats Face Your Network?

Loss of Confidentiality

Loss of Integrity

Loss of Availability

Sources of Threats

Malicious Mobile Code

Trojan Horses

Viruses

Worms

Current Malicious Code Threats

Current Malicious Code Impacts

Denial of Service

The Smurf Attack

The SYN Flood Attack

Distributed Denial of Service (DDoS) Attacks

Detecting Breaches

Initial Detection

are Forensics Important?

What are the Key Steps after a Breach

is Detected?

Preventing Attacks

Reducing Vulnerabilities

Providing a Simple Security Network Architecture

Developing a Culture of Security

Developing a Security Policy

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3 Cisco PIX Firewall

Introduction

Overview of the Security Features

Differences between PIX OS Version 4.x and Version 5.x

Differences between PIX OS Version 6.0 and Version 5.x

Initial Configuration

Installing the PIX Software

The Command-Line Interface

IP Configuration

Configuring NAT and PAT

Permit Traffic Through

Security Policy Configuration

Security Strategies

Identify the Security Services to Implement

Implementing the Network Security Policy

Confidentiality Configuration in PIX

PIX Configuration Examples

Protecting a Private Network

Protecting a Network Connected to the Internet

Protecting Server Access Using Authentication

Protecting Public Servers Connected to the Internet

Securing and Maintaining the PIX

System Journaling

Securing the PIX

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4 Traffic Filtering in the Cisco Internetwork Operating System

Introduction

Access Lists

Access List Operation

Types of Access Lists

Standard IP Access Lists

Extended IP Access Lists

Named Access Lists

Editing Access Lists

Problems with Access Lists

Lock-and-key Access Lists

Reflexive Access Lists

Building Reflexive Access Lists

Applying Reflexive Access Lists

Context-based Access Control

The Context-based Access Control Process

Configuring Context-based Access Control

Inspection Rules

Applying the Inspection Rule

Configuring Port to Application Mapping

Configuring PAM

Protecting a Private Network

Protecting a Network Connected to the Internet

Protecting Server Access Using Lock-and-key

Protecting Public Servers Connected to the Internet

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 5 Network Address Translation/Port Address Translation

Introduction

NAT Overview

Address Realm

RFC 1918 Private Addressing

NAT

Transparent Address Assignment

Transparent Routing

Public, Global, and External Networks

Private and Local Networks

Application Level Gateways

NAT Architectures

Traditional NAT or Outbound NAT

Port Address Translation

Static NAT

Twice NAT

Guidelines for Deploying NAT and PAT

IOS NAT Support for IP Telephony

H.323 v2 Support

CallManager Support

Session Initiation Protocol

Configuring NAT on Cisco IOS

Configuration Commands

Verification Commands

Configuring NAT between a Private Network and the Internet

Configuring NAT in a Network with DMZ

Considerations on NAT and PAT

IP Address Information in Data

Bundled Session Applications

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6 Cryptography

Introduction

Understanding Cryptography Concepts

History

Encryption Key Types

Learning about Standard Cryptographic Algorithms

Understanding Symmetric Algorithms

Understanding Asymmetric Algorithms

Understanding Brute Force

Brute Force Basics

Using Brute Force to Obtain Passwords

Knowing When Real Algorithms are Being Used Improperly

Bad Key Exchanges

Hashing Pieces Separately

Using a Short Password to Generate a Long Key

Improperly Stored Private or Secret Keys

Understanding Amateur Cryptography Attempts

Classifying the Ciphertext

Monoalphabetic Ciphers

Other Ways to Hide Information

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7 Cisco LocalDirector and DistributedDirector

Introduction

Improving Security Using Cisco LocalDirector

LocalDirector Technology Overview

LocalDirector Product Overview

LocalDirector Security Features

Filtering of Access Traffic

Using synguard to Protect against SYN Flood Attacks

Using NAT to Hide Real Addresses

Restricting Who is Authorized to Have Telnet Access to LocalDirector

Password Protection

Syslog Logging

Securing Geographically Dispersed Server Farms Using Cisco DistributedDirector

DistributedDirector Technology Overview

DistributedDirector Product Overview

DistributedDirector Security Features

Limiting the Source of DRP Queries

Authentication between DistributedDirector and DRP Agents

Password Protection

Syslog Logging

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 8 Virtual Private Networks and Remote Access

Introduction

Overview of the Different VPN Technologies

The Peer Model

The Overlay Model

Link Layer VPNs

…