End-to-End Network Security

End-to-End Network Security : Defense-in-Depth

3.8 (5 ratings by Goodreads)
By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 10 business days
When will my order arrive?

Description

End-to-End Network SecurityDefense-in-Depth Best practices for assessing and improving network defenses and responding to security incidents Omar Santos Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity-all blurring the boundaries between the network and perimeter. End-to-End Network Security is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds. End-to-End Network Security provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters. Adopting the techniques and strategies outlined in this book enables you to prevent day-zero attacks, improve your overall security posture, build strong policies, and deploy intelligent, self-defending networks. "Within these pages, you will find many practical tools, both process related and technology related, that you can draw on to improve your risk mitigation strategies." -Bruce Murphy, Vice President, World Wide Security Practices, Cisco Omar Santos is a senior network security engineer at Cisco (R). Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. Guard your network with firewalls, VPNs, and intrusion prevention systems Control network access with AAA Enforce security policies with Cisco Network Admission Control (NAC) Learn how to perform risk and threat analysis Harden your network infrastructure, security policies, and procedures against security threats Identify and classify security threats Trace back attacks to their source Learn how to best react to security incidents Maintain visibility and control over your network with the SAVE framework Apply Defense-in-Depth principles to wireless networks, IP telephony networks, data centers, and IPv6 networks This security book is part of the Cisco Press (R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: SecurityCovers: Network security and incident responseshow more

Product details

  • Paperback | 480 pages
  • 182.88 x 228.6 x 30.48mm | 771.1g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587053322
  • 9781587053320
  • 1,853,625

About Omar Santos

Omar Santos is a senior network security engineer and Incident Manager within the Product Security Incident Response Team (PSIRT) at Cisco. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the United States Marine Corps (USMC) and the U.S. Department of Defense (DoD). He is also the author of many Cisco online technical documents and configuration guidelines. Before his current role, Omar was a technical leader within the World Wide Security Practice and Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. He is an active member of the InfraGard organization. InfraGard is a cooperative undertaking that involves the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants. InfraGard is dedicated to increasing the security of the critical infrastructures of the United States of America. Omar has also delivered numerous technical presentations to Cisco customers and partners, as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of the Cisco Press books:Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting, and Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance.show more

Back cover copy

"End-to-End Network Security" "Defense-in-Depth" Best practices for assessing and improving network defenses and responding to security incidents Omar Santos Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity-all blurring the boundaries between the network and perimeter. "End-to-End Network Security" is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds. "End-to-End Network Security" provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters. Adopting the techniques and strategies outlined in this book enables you to prevent day-zero attacks, improve your overall security posture, build strong policies, and deploy intelligent, self-defending networks. "Within these pages, you will find many practical tools, both process related and technology related, that you can draw on to improve your risk mitigation strategies." -Bruce Murphy, Vice President, World Wide Security Practices, Cisco Omar Santos is a senior network security engineer at Cisco(R). Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. Guard your network with firewalls, VPNs, and intrusion prevention systems Control network access with AAA Enforce security policies with Cisco Network Admission Control (NAC) Learn how to perform risk and threat analysis Harden your network infrastructure, security policies, and procedures against security threats Identify and classify security threats Trace back attacks to their source Learn how to best react to security incidents Maintain visibility and control over your network with the SAVE framework Apply Defense-in-Depth principles to wireless networks, IP telephony networks, data centers, and IPv6 networks This security book is part of the Cisco Press(R) Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: Security Covers: Network security and incident response $55.00 USA / $63.00 CANshow more

Table of contents

Foreword xixIntroduction xx Part IIntroduction to Network Security Solutions 3Chapter 1Overview of Network Security Technologies 5Firewalls 5Network Firewalls 6Network Address Translation (NAT) 7Stateful Firewalls 9Deep Packet Inspection 10Demilitarized Zones 10Personal Firewalls 11Virtual Private Networks (VPN) 12Technical Overview of IPsec 14Phase 1 14Phase 2 16SSL VPNs 18Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) 19Pattern Matching 20Protocol Analysis 21Heuristic-Based Analysis 21Anomaly-Based Analysis 21Anomaly Detection Systems 22Authentication, Authorization, and Accounting (AAA) and Identity Management 23RADIUS 23TACACS+ 25Identity Management Concepts 26Network Admission Control 27NAC Appliance 27NAC Framework 33Routing Mechanisms as Security Tools 36Summary 39 Part IISecurity Lifestyle: Frameworks and Methodologies 41Chapter 2Preparation Phase 43Risk Analysis 43Threat Modeling 44Penetration Testing 46Social Engineering 49Security Intelligence 50Common Vulnerability Scoring System 50Base Metrics 51Temporal Metrics 51Environmental Metrics 52Creating a Computer Security Incident Response Team (CSIRT) 52Who Should Be Part of the CSIRT? 53Incident Response Collaborative Teams 54Tasks and Responsibilities of the CSIRT 54Building Strong Security Policies 54Infrastructure Protection 57Strong Device Access Control 59SSH Versus Telnet 59Local Password Management 61Configuring Authentication Banners 62Interactive Access Control 62Role-Based Command-Line Interface (CLI) Access in Cisco IOS 64Controlling SNMP Access 66Securing Routing Protocols 66Configuring Static Routing Peers 68Authentication 68Route Filtering 69Time-to-Live (TTL) Security Check 70Disabling Unnecessary Services on Network Components 70Cisco Discovery Protocol (CDP) 71Finger 72Directed Broadcast 72Maintenance Operations Protocol (MOP) 72BOOTP Server 73ICMP Redirects 73IP Source Routing 73Packet Assembler/Disassembler (PAD) 73Proxy Address Resolution Protocol (ARP) 73IDENT 74TCP and User Datagram Protocol (UDP) Small Servers 74IP Version 6 (IPv6) 75Locking Down Unused Ports on Network Access Devices 75Control Resource Exhaustion 75Resource Thresholding Notification 76CPU Protection 77Receive Access Control Lists (rACLs) 78Control Plane Policing (CoPP) 80Scheduler Allocate/Interval 81Policy Enforcement 81Infrastructure Protection Access Control Lists (iACLs) 82Unicast Reverse Path Forwarding (Unicast RPF) 83Automated Security Tools Within Cisco IOS 84Cisco IOS AutoSecure 84Cisco Secure Device Manager (SDM) 88Telemetry 89Endpoint Security 90Patch Management 90Cisco Security Agent (CSA) 92Network Admission Control 94Phased Approach 94Administrative Tasks 96Staff and Support 96Summary 97Chapter 3Identifying and Classifying Security Threats 99Network Visibility 101Telemetry and Anomaly Detection 108NetFlow 108Enabling NetFlow 111Collecting NetFlow Statistics from the CLI 112SYSLOG 115Enabling Logging (SYSLOG) on Cisco IOS Routers and Switches 115Enabling Logging Cisco Catalyst Switches Running CATOS 117Enabling Logging on Cisco ASA and Cisco PIX Security Appliances 117SNMP 118Enabling SNMP on Cisco IOS Devices 119Enabling SNMP on Cisco ASA and Cisco PIX Security Appliances 121Cisco Security Monitoring, Analysis and Response System (CS-MARS) 121Cisco Network Analysis Module (NAM) 125Open Source Monitoring Tools 126Cisco Traffic Anomaly Detectors and Cisco Guard DDoS MitigationAppliances 127Intrusion Detection and Intrusion Prevention Systems (IDS/IPS) 131The Importance of Signatures Updates 131The Importance of Tuning 133Anomaly Detection Within Cisco IPS Devices 137Summary 139Chapter 4Traceback 141Traceback in the Service Provider Environment 142Traceback in the Enterprise 147Summary 151Chapter 5Reacting to Security Incidents 153Adequate Incident-Handling Policies and Procedures 153Laws and Computer Crimes 155Security Incident Mitigation Tools 156Access Control Lists (ACL) 157Private VLANs 158Remotely Triggered Black Hole Routing 158Forensics 160Log Files 161Linux Forensics Tools 162Windows Forensics 164Summary 165Chapter 6Postmortem and Improvement 167Collected Incident Data 167Root-Cause Analysis and Lessons Learned 171Building an Action Plan 173Summary 174Chapter 7Proactive Security Framework 177SAVE Versus ITU-T X.805 178Identity and Trust 183AAA 183Cisco Guard Active Verification 185DHCP Snooping 186IP Source Guard 187Digital Certificates and PKI 188IKE 188Network Admission Control (NAC) 188Routing Protocol Authentication 189Strict Unicast RPF 189Visibility 189Anomaly Detection 190IDS/IPS 190Cisco Network Analysis Module (NAM) 191Layer 2 and Layer 3 Information (CDP, Routing Tables, CEF Tables) 191Correlation 192CS-MARS 193Arbor Peakflow SP and Peakflow X 193Cisco Security Agent Management Console (CSA-MC) BasicEvent Correlation 193Instrumentation and Management 193Cisco Security Manager 195Configuration Logger and Configuration Rollback 195Embedded Device Managers 195Cisco IOS XR XML Interface 196SNMP and RMON 196Syslog 196Isolation and Virtualization 196Cisco IOS Role-Based CLI Access (CLI Views) 197Anomaly Detection Zones 198Network Device Virtualization 198Segmentation with VLANs 199Segmentation with Firewalls 200Segmentation with VRF/VRF-Lite 200Policy Enforcement 202Visualization Techniques 203Summary 207 Part IIIDefense-In-Depth Applied 209Chapter 8Wireless Security 211Overview of Cisco Unified Wireless Network Architecture 212Authentication and Authorization of Wireless Users 216WEP 216WPA 218802.1x on Wireless Networks 219EAP with MD5 221Cisco LEAP 222EAP-TLS 223PEAP 223EAP Tunneled TLS Authentication Protocol (EAP-TTLS) 224EAP-FAST 224EAP-GTC 225Configuring 802.1x with EAP-FAST in the Cisco Unified Wireless Solution 226Configuring the WLC 226Configuring the Cisco Secure ACS Server for 802.1x and EAP-FAST 229Configuring the CSSC 233Lightweight Access Point Protocol (LWAPP) 236Wireless Intrusion Prevention System Integration 239Configuring IDS/IPS Sensors in the WLC 241Uploading and Configuring IDS/IPS Signatures 242Management Frame Protection (MFP) 243Precise Location Tracking 244Network Admission Control (NAC) in Wireless Networks 245NAC Appliance Configuration 246WLC Configuration 255Summary 259Chapter 9IP Telephony Security 261Protecting the IP Telephony Infrastructure 262Access Layer 266Distribution Layer 273Core 275Securing the IP Telephony Applications 275Protecting Cisco Unified CallManager 276Protecting Cisco Unified Communications Manager Express (CME) 277Protecting Cisco Unity 281Protecting Cisco Unity Express 287Protecting Cisco Personal Assistant 289Hardening the Cisco Personal Assistant Operating Environment 289Cisco Personal Assistant Server Security Policies 291Protecting Against Eavesdropping Attacks 293Summary 295Chapter 10Data Center Security 297Protecting the Data Center Against Denial of Service (DoS) Attacks and Worms 297SYN Cookies in Firewalls and Load Balancers 297Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) 300Cisco NetFlow in the Data Center 301Cisco Guard 302Data Center Infrastructure Protection 302Data Center Segmentation and Tiered Access Control 303Segmenting the Data Center with the Cisco FWSM 306Cisco FWSM Modes of Operation and Design Considerations 306Configuring the Cisco Catalyst Switch 309Creating Security Contexts in the Cisco FWSM 310Configuring the Interfaces on Each Security Context 312Configuring Network Address Translation 313Controlling Access with ACLs 317Virtual Fragment Reassembly 322Deploying Network Intrusion Detection and Prevention Systems 322Sending Selective Traffic to the IDS/IPS Devices 322Monitoring and Tuning 325Deploying the Cisco Security Agent (CSA) in the Data Center 325CSA Architecture 325Configuring Agent Kits 326Phased Deployment 326Summary 327Chapter 11IPv6 Security 329Reconnaissance 330Filtering in IPv6 331Filtering Access Control Lists (ACL) 331ICMP Filtering 332Extension Headers in IPv6 332Spoofing 333Header Manipulation and Fragmentation 333Broadcast Amplification or Smurf Attacks 334IPv6 Routing Security 334IPsec and IPv6 335Summary 336 Part IVCase Studies 339Chapter 12Case Studies 341Case Study of a Small Business 341Raleigh Office Cisco ASA Configuration 343Configuring IP Addressing and Routing 343Configuring PAT on the Cisco ASA 347Configuring Static NAT for the DMZ Servers 349Configuring Identity NAT for Inside Users 351Controlling Access 352Cisco ASA Antispoofing Configuration 353Blocking Instant Messaging 354Atlanta Office Cisco IOS Configuration 360Locking Down the Cisco IOS Router 360Configuring Basic Network Address Translation (NAT) 376Configuring Site-to-Site VPN 377Case Study of a Medium-Sized Enterprise 389Protecting the Internet Edge Routers 391Configuring the AIP-SSM on the Cisco ASA 391Configuring Active-Standby Failover on the Cisco ASA 394Configuring AAA on the Infrastructure Devices 400Case Study of a Large Enterprise 401Creating a New Computer Security Incident Response Team (CSIRT) 403Creating New Security Policies 404Physical Security Policy 404Perimeter Security Policy 404Device Security Policy 405Remote Access VPN Policy 405Patch Management Policy 406Change Management Policy 406Internet Usage Policy 406Deploying IPsec Remote Access VPN 406Configuring IPsec Remote Access VPN 408Configuring Load-Balancing 415Reacting to a Security Incident 418Identifying, Classifying, and Tracking the Security Incident or Attack 419Reacting to the Incident 419Postmortem 419Summary 420 Index422show more

Rating details

5 ratings
3.8 out of 5 stars
5 20% (1)
4 40% (2)
3 40% (2)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X