Network Security Auditing

Network Security Auditing

4.66 (3 ratings by Goodreads)
By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 2 business days
When will my order arrive?

Description

This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them. Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach. Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products. This book arms you with detailed auditing checklists for each domain, realistic design insights for meeting auditing requirements, and practical guidance for using complementary solutions to improve any company's security posture. * Master the five pillars of security auditing: assessment, prevention, detection, reaction, and recovery.* Recognize the foundational roles of security policies, procedures, and standards.* Understand current laws related to hacking, cracking, fraud, intellectual property, spam, and reporting.* Analyze security governance, including the roles of CXOs, security directors, administrators, users, and auditors.* Evaluate people, processes, and technical security controls through a system-based approach.* Audit security services enabled through Cisco products.* Analyze security policy and compliance requirements for Cisco networks.* Assess infrastructure security and intrusion prevention systems.* Audit network access control and secure remote access systems.* Review security in clients, hosts, and IP communications.* Evaluate the performance of security monitoring and management systems. This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending networks.show more

Product details

  • Paperback | 528 pages
  • 186 x 226 x 30mm | 861.82g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587053527
  • 9781587053528
  • 1,551,210

About Chris Jackson

Christopher L. Jackson, CCIE No. 6256, is a security technical solutions architect in the U.S. Channels organization with Cisco and is focused on developing security consulting practices in the Cisco partner community. Throughout his career in internetworking, Chris has built secure networks that map to a strong security policy for a large number of organizations including UPS, GE, and Sprint. Chris is an active speaker on security for Cisco through TechwiseTV, conferences, and web casts. He has authored numerous whitepapers and is responsible for a number of Cisco initiatives to build stronger security partners through security practice building. Chris is a highly certified individual with dual CCIEs (Routing and Switching & Security), CISSP, ISA, seven SANS GIAC certifications (GSNA, GCIH, GCFW, GCIA, GCUX, GCWN, and GSEC), and ITIL V3. Chris also holds a bachelors degree in business administration from McKendree College. Residing in Bradenton, Florida, Chris enjoys tinkering with his home automation system and playing with his ever-growing collection of electronic gadgets. His wife Barbara and two children Caleb and Sydney are the joy of his life and proof that not everything has to plug into a wall outlet to be fun.show more

Back cover copy

This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them. Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach. Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products. This book arms you with detailed auditing checklists for each domain, realistic design insights for meeting auditing requirements, and practical guidance for using complementary solutions to improve any company's security posture. Master the five pillars of security auditing: assessment, prevention, detection, reaction, and recovery. Recognize the foundational roles of security policies, procedures, and standards. Understand current laws related to hacking, cracking, fraud, intellectual property, spam, and reporting. Analyze security governance, including the roles of CXOs, security directors, administrators, users, and auditors. Evaluate people, processes, and technical security controls through a system-based approach. Audit security services enabled through Cisco products. Analyze security policy and compliance requirements for Cisco networks. Assess infrastructure security and intrusion prevention systems. Audit network access control and secure remote access systems. Review security in clients, hosts, and IP communications. Evaluate the performance of security monitoring and management systems. This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending networks.show more

Table of contents

Introduction xxi Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars 1 Assessment 2 Prevention 3 Detection 3 Reaction 4 Recovery 4 Building a Security Program 4 Policy 5 Procedures 6 Standards 7 Security Controls 7 Administrative Controls 7 Technical Controls 8 Physical Controls 8 Preventative Controls 8 Detective Controls 8 Corrective Controls 8 Recovery Controls 9 Managing Risk 9 Risk Assessment 10 Risk Mitigation 14 Risk in the Fourth Dimension 16 How, What, and Why You Audit 17 Audit Charter 17 Engagement Letter 18 Types of Audits 19 Security Review 19 Security Assessment 19 Security Audit 20 The Role of the Auditor 20 Places Where Audits Occur 21 Policy Level 21 Procedure Level 21 Control Level 22 The Auditing Process 22 Planning Phase: Audit Subject, Objective, and Scope 22 Research Phase: Planning, Audit Procedures, and Evaluation Criteria 23 Data Gathering Phase: Checklists, Tools, and Evidence 23 Data Analysis Phase: Analyze, Map, and Recommend 24 Audit Report Phase: Write, Present, and File the Audit Report 24 Follow-Up Phase: Follow up, Follow up, Follow up! 25 Summary 25 References in This Chapter 26 Chapter 2 Information Security and the Law 27 IT Security Laws 27 Hacking, Cracking, and Fraud Laws 29 Computer Fraud and Abuse Act 29 Access Device Statute 31 Electronic Communications Privacy Act 34 Title I: Wiretap Act 34 Title II: Stored Communications Act 37 Title III: Pen/Trap Statute 38 Intellectual Property Laws 39 Digital Millennium Copyright Act 39 Economic Espionage Act 41 CAN-SPAM Act of 2003 42 State and Local Laws 43 Reporting a Crime 44 Regulatory Compliance Laws 46 SOX 46 HIPAA 48 Privacy Rule 50 Security Rule 51 Transactions and Code Sets Standard Rule 52 Identifiers Rule 52 Enforcement Rule 52 GLBA 54 PCI DSS 55 Summary 59 References in This Chapter 60 Federal Hacking Laws 60 State Laws 60 Chapter 3 Information Security Governance, Frameworks, and Standards 61 Understanding Information Security Governance 61 People: Roles and Responsibilities 64 Information Security Governance Organizational Structure 65 Board of Directors 65 Security Steering Committee 65 CEO or Executive Management 66 CIO/CISO 66 Security Director 66 Security Analyst 66 Security Architect 66 Security Engineer 67 Systems Administrator 67 Database Administrator 67 IS Auditor 67 End User 67 Spotting Weaknesses in the People Aspect of Security 67 Process: Security Governance Frameworks 68 COSO 68 Control Environment 69 Risk Assessment 70 Control Activities 70 Information and Communication 70 Monitoring 70 COBIT 71 ITIL 75 Technology: Standards Procedures and Guidelines 76 ISO 27000 Series of Standards 76 NIST 78 Center for Internet Security 80 NSA 80 DISA 81 SANS 82 ISACA 83 Cisco Security Best Practices 84 Summary 85 References in This Chapter 86 Web Resources 86 Chapter 4 Auditing Tools and Techniques 87 Evaluating Security Controls 87 Auditing Security Practices 89 Testing Security Technology 91 Security Testing Frameworks 92 OSSTMM 93 ISSAF 93 NIST 800-115 94 OWASAP 94 Security Auditing Tools 95 Service Mapping Tools 96 Nmap 96 Hping 100 Vulnerability Assessment Tools 101 Nessus 101 RedSeal SRM 105 Packet Capture Tools 111 Tcpdump 111 Wireshark/Tshark 114 Penetration Testing Tools 116 Core Impact 116 Metasploit 120 BackTrack 127 Summary 128 References in This Chapter 128 Security Testing Frameworks 128 Security Testing Tools 129 Chapter 5 Auditing Cisco Security Solutions 131 Auditors and Technology 131 Security as a System 132 Cisco Security Auditing Domains 133 Policy, Compliance, and Management 134 Infrastructure Security 135 Perimeter Intrusion Prevention 136 Access Control 136 Secure Remote Access 137 Endpoint Protection 138 Unified Communications 139 Defining the Audit Scope of a Domain 139 Identifying Security Controls to Assess 141 Mapping Security Controls to Cisco Solutions 143 The Audit Checklist 144 Summary 150 Chapter 6 Policy, Compliance, and Management 153 Do You Know Where Your Policy Is? 153 Auditing Security Policies 154 Standard Policies 158 Acceptable Use 158 Minimum Access 158 Network Access 158 Remote Access 159 Internet Access 159 User Account Management 159 Data Classification 159 Change Management 160 Server Security 161 Mobile Devices 161 Guest Access 161 Physical Security 161 Password Policy 162 Malware Protection 162 Incident Handling 162 Audit Policy 162 Software Licensing 162 Electronic Monitoring and Privacy 163 Policies for Regulatory and Industry Compliance 163 Cisco Policy Management and Monitoring Tools 165 Cisco MARS 165 Cisco Configuration Professional 167 Cisco Security Manager 169 Cisco Network Compliance Manager 171 Checklist 174 Summary 176 References in This Chapter 176 Chapter 7 Infrastructure Security 177 Infrastructure Threats 177 Unauthorized Access 177 Denial of Service 178 Traffic Capture 178 Layer 2 Threats 179 Network Service Threats 180 Policy Review 180 Infrastructure Operational Review 181 The Network Map and Documentation 182 Logical Diagrams 182 Physical Diagrams 182 Asset Location and Access Requirements 182 Data Flow and Traffic Analysis 183 Administrative Accounts 183 Configuration Management 184 Vulnerability Management 184 Disaster Recovery 184 Wireless Operations 185 Infrastructure Architecture Review 185 Management Plane Auditing 186 Cisco Device Management Access 187 Syslog 193 NTP 194 Netflow 195 Control Plane Auditing 196 IOS Hardening 196 Routing Protocols 198 Protecting the Control Plane 199 Data Plane Auditing 201 Access Control Lists 202 iACLs 202 Unicast Reverse Path Forwarding 203 Layer 2 Security 204 VTP 204 Port Security 205 DHCP Snooping 205 Dynamic ARP Inspection 206 IP Source Guard 206 Disable Dynamic Trunking 206 Protecting Spanning Tree 207 Switch Access Controls Lists 208 Protect Unused Ports 209 Wireless Security 210 Wireless Network Architecture 210 Cisco Adaptive Wireless Intrusion Prevention System 211 Protecting Wireless Access 212 Wireless Service Availability 213 Rogue Access Point Detection 214 General Network Device Security Best Practices 216 Technical Testing 217 Router Testing 219 Switch Testing 221 Wireless Testing 225 Checklist 230 Summary 235 References in This Chapter 236 Chapter 8 Perimeter Intrusion Prevention 237 Perimeter Threats and Risk 237 Policy Review 238 Perimeter Operations Review 239 Management and Change Control 239 Monitoring and Incident Handling 240 Perimeter Architecture Review 242 What Are You Protecting? 243 Perimeter Design Review 243 Logical Architecture 244 Physical Architecture 245 What Is the Risk? 246 Good Design Practices 247 Auditing Firewalls 247 Review Firewall Design 248 Simple Firewall 248 Screening Router and Firewall 248 Firewall with DMZ 249 Firewall with DMZ and Services Network 249 High Availability Firewall 250 IOS Firewall Deployment 250 Review Firewall Configuration 251 Firewall Modes of Operation 252 Firewall Virtualization 253 Filtering Methods 253 Network Address Translation 255 Secure Management 256 Logging 256 Other Configuration Checks 256 Review Rule Base 257 Cisco Firewall Rule Basics 257 Rule Review 259 Rule Optimization 260 The ASA Modular Policy Framework and Application Inspection 261 IOS Zone-Based Firewall 263 Auditing IPS 265 How IPS Works 266 Review IPS Deployment 268 Review IPS Configuration 269 Protect the Management Interface 271 Administrative Access and Authentication 271 NTP Configuration 274 Signature Updates 274 Event Logging 275 Review IPS Signatures 276 Signature Definitions 276 Event Action Rules 277 Target Value Rating 277 IOS IPS 278 Technical Control Testing 279 Firewall Rule Testing 279 Testing the IPS 281 Conducting an IPS Test 282 Reviewing the Logs 284 Checklist 284 Summary 287 References in This Chapter 288 Chapter 9 Access Control 289 Fundamentals of Access Control 289 Identity and Authentication 290 Access Control Threats and Risks 291 Access Control Policy 292 Access Control Operational Review 293 Identity Operational Good Practices 293 Authorization and Accounting Practices 294 Administrative Users 296 Classification of Assets 297 Access Control Architecture Review 297 Identity and Access Control Technologies 298 Network Admission Control 298 NAC Components 299 How NAC Works 300 NAC Deployment Considerations 302 NAC Posture Assessment 303 Identity-Based Networking Services 304 Deployment Methods 305 NAC Guest Server 306 NAC Profiler 306 Technical Testing 308 Authentication and Identity Handling 308 Posture Assessment Testing 309 Testing for Weak Authentication 309 Checklist 313 Summary 315 References in This Chapter 315 Chapter 10 Secure Remote Access 317 Defining the Network Edge 317 VPN Fundamentals 318 Confidentiality 319 Symmetric Encryption 320 Asymmetric Encryption 321 Integrity 323 Authentication and Key Management 324 IPsec, SSL, and dTLS 326 IPsec 326 Secure Socket Layer 328 Datagram Transport Layer Security (dTLS) 329 Remote Access Threats and Risks 329 Remote Access Policies 330 Remote Access Operational Review 331 VPN Device Provisioning 331 Mobile Access Provisioning 332 Mobile User Role-Based Access Control 333 Monitoring and Incident Handling 333 Remote Access Architecture Review 333 Site-to-Site VPN Technologies 335 Easy VPN 335 IPsec and Generic Router Encapsulation (GRE) 336 Dynamic Multipoint VPN (DMVPN) 336 Multi Protocol Label Switching (MPLS) and Virtual Routing and Forwarding (VRF) VPNs 337 GETVPN 339 Mobile User Access VPN 340 IPsec Client 341 Clientless SSL VPN 341 Cisco Secure Desktop 342 SSL Full Tunneling Client 344 VPN Network Placement 345 VPN Access Controls 346 Site-to-Site Access Controls 346 Mobile User Access Controls 347 Remote Access Good Practices 348 Technical Testing 350 Authentication 350 IPsec 351 SSL 352 Site-to-Site Access Control Testing 353 Mobile User Access Control Testing 353 Monitoring and Log Review 354 Checklist 354 Summary 358 References in This Chapter 358 Chapter 11 Endpoint Protection 359 Endpoint Risks 359 Endpoint Threats 360 Malware 360 Web-Based Threats 362 Social Networking and Web 2.0 365 E-Mail Threats 366 Data Loss Threats 367 Policy Review 368 Endpoint Protection Operational Control Review 370 Current Threat Intelligence 370 Vulnerability and Patch Management 373 Monitoring and Incident Handling 373 Security Awareness Program 374 Endpoint Architecture Review 374 Cisco Security Intelligence Operations 375 SensorBase 375 CiscoThreat Operations Center 375 Dynamic Update Function 376 Web Controls 376 Web Security Appliance 376 ASA 378 IPS 379 CSA 380 E-Mail Controls 380 E-Mail Policy Enforcement 381 E-Mail Authentication 381 Data Loss Prevention 383 Web 383 E-Mail 384 Client 385 Patch Management 386 Monitoring 386 Web 386 E-Mail 388 MARS 388 Technical Testing 388 Acceptable Use Enforcement 388 Malware Detection and Quarantine 389 SPAM, Phishing, and E-Mail Fraud 390 Encryption 390 Patch Management and Enforcement 390 Data Loss Prevention Testing 391 Detection and Response 391 Checklist 391 Summary 396 References in This Chapter 396 Chapter 12 Unified Communications 397 Unified Communications Risks 397 VoIP Threats 399 Denial of Service 399 Confidentiality 401 Fraud 401 UC Policy and Standards Review 403 UC Operational Control Review 404 User and Phone Provisioning 404 Change Management 405 Asset Management 405 Call Detail Record Review 406 Administrative Access 406 Vulnerability Management 406 Security Event Monitoring and Log Review 407 Disaster Recovery 408 UC Architecture Review 408 Unified Communications Fundamentals 409 H.323 410 MGCP 412 SCCP 412 SIP 413 Session Border Controller 415 RTP and SRTP 416 Call Processing 416 Infrastructure Controls 418 Switch Security 418 ACLs and Firewalling 420 IPS 421 Gateway Protection 422 Site to Site 422 Wireless 423 Call Control Protection 423 Communications Manager Hardening 423 Authentication, Integrity, and Encryption 424 Phone Proxy 426 Secure SIP Trunking 426 Toll Fraud Prevention 428 Application Controls 431 Voice Endpoint Controls 432 Monitoring and Management 433 Technical Testing 434 VLAN Separation 434 Eavesdropping 436 Gateway 438 Toll Fraud 438 Monitoring and Incident Detection 438 Checklist 439 Summary 444 References in This Chapter 445show more

Rating details

3 ratings
4.66 out of 5 stars
5 67% (2)
4 33% (1)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X