Network Security Auditing

Network Security Auditing

4.5 (4 ratings by Goodreads)
By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 10 business days
When will my order arrive?

Description

This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them. Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach. Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products. This book arms you with detailed auditing checklists for each domain, realistic design insights for meeting auditing requirements, and practical guidance for using complementary solutions to improve any company's security posture.Master the five pillars of security auditing: assessment, prevention, detection, reaction, and recovery.Recognize the foundational roles of security policies, procedures, and standards.Understand current laws related to hacking, cracking, fraud, intellectual property, spam, and reporting.Analyze security governance, including the roles of CXOs, security directors, administrators, users, and auditors.Evaluate people, processes, and technical security controls through a system-based approach.Audit security services enabled through Cisco products.Analyze security policy and compliance requirements for Cisco networks.Assess infrastructure security and intrusion prevention systems.Audit network access control and secure remote access systems.Review security in clients, hosts, and IP communications.Evaluate the performance of security monitoring and management systems.This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending networks.
show more

Product details

  • Paperback | 528 pages
  • 186 x 226 x 30mm | 861.82g
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587053527
  • 9781587053528
  • 1,675,589

Back cover copy

This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them. Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach. Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products. This book arms you with detailed auditing checklists for each domain, realistic design insights for meeting auditing requirements, and practical guidance for using complementary solutions to improve any company's security posture. Master the five pillars of security auditing: assessment, prevention, detection, reaction, and recovery. Recognize the foundational roles of security policies, procedures, and standards. Understand current laws related to hacking, cracking, fraud, intellectual property, spam, and reporting. Analyze security governance, including the roles of CXOs, security directors, administrators, users, and auditors. Evaluate people, processes, and technical security controls through a system-based approach. Audit security services enabled through Cisco products. Analyze security policy and compliance requirements for Cisco networks. Assess infrastructure security and intrusion prevention systems. Audit network access control and secure remote access systems. Review security in clients, hosts, and IP communications. Evaluate the performance of security monitoring and management systems. This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending networks.
show more

About Chris Jackson

Christopher L. Jackson, CCIE No. 6256, is a security technical solutions architect in the U.S. Channels organization with Cisco and is focused on developing security consulting practices in the Cisco partner community. Throughout his career in internetworking, Chris has built secure networks that map to a strong security policy for a large number of organizations including UPS, GE, and Sprint. Chris is an active speaker on security for Cisco through TechwiseTV, conferences, and web casts. He has authored numerous whitepapers and is responsible for a number of Cisco initiatives to build stronger security partners through security practice building. Chris is a highly certified individual with dual CCIEs (Routing and Switching & Security), CISSP, ISA, seven SANS GIAC certifications (GSNA, GCIH, GCFW, GCIA, GCUX, GCWN, and GSEC), and ITIL V3. Chris also holds a bachelors degree in business administration from McKendree College. Residing in Bradenton, Florida, Chris enjoys tinkering with his home automation system and playing with his ever-growing collection of electronic gadgets. Hiswife Barbara and two children Caleb and Sydney are the joy of his life and proof that not everything has to plug into a wall outlet to be fun.
show more

Table of contents

Introduction xxiChapter 1 The Principles of Auditing 1Security Fundamentals: The Five Pillars 1Assessment 2Prevention 3Detection 3Reaction 4Recovery 4Building a Security Program 4Policy 5Procedures 6Standards 7Security Controls 7Administrative Controls 7Technical Controls 8Physical Controls 8Preventative Controls 8Detective Controls 8Corrective Controls 8Recovery Controls 9Managing Risk 9Risk Assessment 10Risk Mitigation 14Risk in the Fourth Dimension 16How, What, and Why You Audit 17Audit Charter 17Engagement Letter 18Types of Audits 19Security Review 19Security Assessment 19Security Audit 20The Role of the Auditor 20Places Where Audits Occur 21Policy Level 21Procedure Level 21Control Level 22The Auditing Process 22Planning Phase: Audit Subject, Objective, and Scope 22Research Phase: Planning, Audit Procedures, and Evaluation Criteria 23Data Gathering Phase: Checklists, Tools, and Evidence 23Data Analysis Phase: Analyze, Map, and Recommend 24Audit Report Phase: Write, Present, and File the Audit Report 24Follow-Up Phase: Follow up, Follow up, Follow up! 25Summary 25References in This Chapter 26Chapter 2 Information Security and the Law 27IT Security Laws 27Hacking, Cracking, and Fraud Laws 29Computer Fraud and Abuse Act 29Access Device Statute 31Electronic Communications Privacy Act 34Title I: Wiretap Act 34Title II: Stored Communications Act 37Title III: Pen/Trap Statute 38Intellectual Property Laws 39Digital Millennium Copyright Act 39Economic Espionage Act 41CAN-SPAM Act of 2003 42State and Local Laws 43Reporting a Crime 44Regulatory Compliance Laws 46SOX 46HIPAA 48Privacy Rule 50Security Rule 51Transactions and Code Sets Standard Rule 52Identifiers Rule 52Enforcement Rule 52GLBA 54PCI DSS 55Summary 59References in This Chapter 60Federal Hacking Laws 60State Laws 60Chapter 3 Information Security Governance, Frameworks, and Standards 61Understanding Information Security Governance 61People: Roles and Responsibilities 64Information Security Governance Organizational Structure 65Board of Directors 65Security Steering Committee 65CEO or Executive Management 66CIO/CISO 66Security Director 66Security Analyst 66Security Architect 66Security Engineer 67Systems Administrator 67Database Administrator 67IS Auditor 67End User 67Spotting Weaknesses in the People Aspect of Security 67Process: Security Governance Frameworks 68COSO 68Control Environment 69Risk Assessment 70Control Activities 70Information and Communication 70Monitoring 70COBIT 71ITIL 75Technology: Standards Procedures and Guidelines 76ISO 27000 Series of Standards 76NIST 78Center for Internet Security 80NSA 80DISA 81SANS 82ISACA 83Cisco Security Best Practices 84Summary 85References in This Chapter 86Web Resources 86Chapter 4 Auditing Tools and Techniques 87Evaluating Security Controls 87Auditing Security Practices 89Testing Security Technology 91Security Testing Frameworks 92OSSTMM 93ISSAF 93NIST 800-115 94OWASAP 94Security Auditing Tools 95Service Mapping Tools 96Nmap 96Hping 100Vulnerability Assessment Tools 101Nessus 101RedSeal SRM 105Packet Capture Tools 111Tcpdump 111Wireshark/Tshark 114Penetration Testing Tools 116Core Impact 116Metasploit 120BackTrack 127Summary 128References in This Chapter 128Security Testing Frameworks 128Security Testing Tools 129Chapter 5 Auditing Cisco Security Solutions 131Auditors and Technology 131Security as a System 132Cisco Security Auditing Domains 133Policy, Compliance, and Management 134Infrastructure Security 135Perimeter Intrusion Prevention 136Access Control 136Secure Remote Access 137Endpoint Protection 138Unified Communications 139Defining the Audit Scope of a Domain 139Identifying Security Controls to Assess 141Mapping Security Controls to Cisco Solutions 143The Audit Checklist 144Summary 150Chapter 6 Policy, Compliance, and Management 153Do You Know Where Your Policy Is? 153Auditing Security Policies 154Standard Policies 158Acceptable Use 158Minimum Access 158Network Access 158Remote Access 159Internet Access 159User Account Management 159Data Classification 159Change Management 160Server Security 161Mobile Devices 161Guest Access 161Physical Security 161Password Policy 162Malware Protection 162Incident Handling 162Audit Policy 162Software Licensing 162Electronic Monitoring and Privacy 163Policies for Regulatory and Industry Compliance 163Cisco Policy Management and Monitoring Tools 165Cisco MARS 165Cisco Configuration Professional 167Cisco Security Manager 169Cisco Network Compliance Manager 171Checklist 174Summary 176References in This Chapter 176Chapter 7 Infrastructure Security 177Infrastructure Threats 177Unauthorized Access 177Denial of Service 178Traffic Capture 178Layer 2 Threats 179Network Service Threats 180Policy Review 180Infrastructure Operational Review 181The Network Map and Documentation 182Logical Diagrams 182Physical Diagrams 182Asset Location and Access Requirements 182Data Flow and Traffic Analysis 183Administrative Accounts 183Configuration Management 184Vulnerability Management 184Disaster Recovery 184Wireless Operations 185Infrastructure Architecture Review 185Management Plane Auditing 186Cisco Device Management Access 187Syslog 193NTP 194Netflow 195Control Plane Auditing 196IOS Hardening 196Routing Protocols 198Protecting the Control Plane 199Data Plane Auditing 201Access Control Lists 202iACLs 202Unicast Reverse Path Forwarding 203Layer 2 Security 204VTP 204Port Security 205DHCP Snooping 205Dynamic ARP Inspection 206IP Source Guard 206Disable Dynamic Trunking 206Protecting Spanning Tree 207Switch Access Controls Lists 208Protect Unused Ports 209Wireless Security 210Wireless Network Architecture 210Cisco Adaptive Wireless Intrusion Prevention System 211Protecting Wireless Access 212Wireless Service Availability 213Rogue Access Point Detection 214General Network Device Security Best Practices 216Technical Testing 217Router Testing 219Switch Testing 221Wireless Testing 225Checklist 230Summary 235References in This Chapter 236Chapter 8 Perimeter Intrusion Prevention 237Perimeter Threats and Risk 237Policy Review 238Perimeter Operations Review 239Management and Change Control 239Monitoring and Incident Handling 240Perimeter Architecture Review 242What Are You Protecting? 243Perimeter Design Review 243Logical Architecture 244Physical Architecture 245What Is the Risk? 246Good Design Practices 247Auditing Firewalls 247Review Firewall Design 248Simple Firewall 248Screening Router and Firewall 248Firewall with DMZ 249Firewall with DMZ and Services Network 249High Availability Firewall 250IOS Firewall Deployment 250Review Firewall Configuration 251Firewall Modes of Operation 252Firewall Virtualization 253Filtering Methods 253Network Address Translation 255Secure Management 256Logging 256Other Configuration Checks 256Review Rule Base 257Cisco Firewall Rule Basics 257Rule Review 259Rule Optimization 260The ASA Modular Policy Framework and ApplicationInspection 261IOS Zone-Based Firewall 263Auditing IPS 265How IPS Works 266Review IPS Deployment 268Review IPS Configuration 269Protect the Management Interface 271Administrative Access and Authentication 271NTP Configuration 274Signature Updates 274Event Logging 275Review IPS Signatures 276Signature Definitions 276Event Action Rules 277Target Value Rating 277IOS IPS 278Technical Control Testing 279Firewall Rule Testing 279Testing the IPS 281Conducting an IPS Test 282Reviewing the Logs 284Checklist 284Summary 287References in This Chapter 288Chapter 9 Access Control 289Fundamentals of Access Control 289Identity and Authentication 290Access Control Threats and Risks 291Access Control Policy 292Access Control Operational Review 293Identity Operational Good Practices 293Authorization and Accounting Practices 294Administrative Users 296Classification of Assets 297Access Control Architecture Review 297Identity and Access Control Technologies 298Network Admission Control 298NAC Components 299How NAC Works 300NAC Deployment Considerations 302NAC Posture Assessment 303Identity-Based Networking Services 304Deployment Methods 305NAC Guest Server 306NAC Profiler 306Technical Testing 308Authentication and Identity Handling 308Posture Assessment Testing 309Testing for Weak Authentication 309Checklist 313Summary 315References in This Chapter 315Chapter 10 Secure Remote Access 317Defining the Network Edge 317VPN Fundamentals 318Confidentiality 319Symmetric Encryption 320Asymmetric Encryption 321Integrity 323Authentication and Key Management 324IPsec, SSL, and dTLS 326IPsec 326Secure Socket Layer 328Datagram Transport Layer Security (dTLS) 329Remote Access Threats and Risks 329Remote Access Policies 330Remote Access Operational Review 331VPN Device Provisioning 331Mobile Access Provisioning 332Mobile User Role-Based Access Control 333Monitoring and Incident Handling 333Remote Access Architecture Review 333Site-to-Site VPN Technologies 335Easy VPN 335IPsec and Generic Router Encapsulation (GRE) 336Dynamic Multipoint VPN (DMVPN) 336Multi Protocol Label Switching (MPLS) and Virtual Routing andForwarding (VRF) VPNs 337GETVPN 339Mobile User Access VPN 340IPsec Client 341Clientless SSL VPN 341Cisco Secure Desktop 342SSL Full Tunneling Client 344VPN Network Placement 345VPN Access Controls 346Site-to-Site Access Controls 346Mobile User Access Controls 347Remote Access Good Practices 348Technical Testing 350Authentication 350IPsec 351SSL 352Site-to-Site Access Control Testing 353Mobile User Access Control Testing 353Monitoring and Log Review 354Checklist 354Summary 358References in This Chapter 358Chapter 11 Endpoint Protection 359Endpoint Risks 359Endpoint Threats 360Malware 360Web-Based Threats 362Social Networking and Web 2.0 365E-Mail Threats 366Data Loss Threats 367Policy Review 368Endpoint Protection Operational Control Review 370Current Threat Intelligence 370Vulnerability and Patch Management 373Monitoring and Incident Handling 373Security Awareness Program 374Endpoint Architecture Review 374Cisco Security Intelligence Operations 375SensorBase 375CiscoThreat Operations Center 375Dynamic Update Function 376Web Controls 376Web Security Appliance 376ASA 378IPS 379CSA 380E-Mail Controls 380E-Mail Policy Enforcement 381E-Mail Authentication 381Data Loss Prevention 383Web 383E-Mail 384Client 385Patch Management 386Monitoring 386Web 386E-Mail 388MARS 388Technical Testing 388Acceptable Use Enforcement 388Malware Detection and Quarantine 389SPAM, Phishing, and E-Mail Fraud 390Encryption 390Patch Management and Enforcement 390Data Loss Prevention Testing 391Detection and Response 391Checklist 391Summary 396References in This Chapter 396Chapter 12 Unified Communications 397Unified Communications Risks 397VoIP Threats 399Denial of Service 399Confidentiality 401Fraud 401UC Policy and Standards Review 403UC Operational Control Review 404User and Phone Provisioning 404Change Management 405Asset Management 405Call Detail Record Review 406Administrative Access 406Vulnerability Management 406Security Event Monitoring and Log Review 407Disaster Recovery 408UC Architecture Review 408Unified Communications Fundamentals 409H.323 410MGCP 412SCCP 412SIP 413Session Border Controller 415RTP and SRTP 416Call Processing 416Infrastructure Controls 418Switch Security 418ACLs and Firewalling 420IPS 421Gateway Protection 422Site to Site 422Wireless 423Call Control Protection 423Communications Manager Hardening 423Authentication, Integrity, and Encryption 424Phone Proxy 426Secure SIP Trunking 426Toll Fraud Prevention 428Application Controls 431Voice Endpoint Controls 432Monitoring and Management 433Technical Testing 434VLAN Separation 434Eavesdropping 436Gateway 438Toll Fraud 438Monitoring and Incident Detection 438Checklist 439Summary 444References in This Chapter 445
show more

Rating details

4 ratings
4.5 out of 5 stars
5 50% (2)
4 50% (2)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X