Network Security First-Step

Network Security First-Step

5 (1 rating by Goodreads)
By (author)  , By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 3 business days
When will my order arrive?


Network Security first-step

Second Edition

Tom Thomas and Donald Stoddard

Your first step into the world of network security

No security experience required
Includes clear and easily understood explanations
Makes learning easy

Your first step to network security begins here!

Learn how hacker attacks work, from start to finish
Choose the right security solution for each type of risk
Create clear and enforceable security policies, and keep them up to date
Establish reliable processes for responding to security advisories
Use encryption effectively, and recognize its limitations
Secure your network with firewalls, routers, and other devices
Prevent attacks aimed at wireless networks

No security experience required!

Computer networks are indispensible, but they also are not secure. With the proliferation of security threats, many people and companies are looking for ways to increase the security of their networks and data. Before you can effectively implement security technologies and techniques, you need to make sense of this complex and quickly evolving world of hackers and malware, as well as the tools to combat them.

Network Security First-Step, Second Edition explains the basics of network security in easy-to-grasp language that all of us can understand. This book takes you on a guided tour of the core technologies that make up and control network security. Whether you are looking to take your first step into a career in network security or simply are interested in gaining knowledge of the technology, this book is for you!
show more

Product details

  • Paperback | 552 pages
  • 184 x 230 x 34mm | 839.14g
  • Cisco Press
  • Indianapolis, United States
  • English
  • 2nd edition
  • ill
  • 158720410X
  • 9781587204104
  • 1,689,463

Table of contents

Introduction xxii

Chapter 1 There Be Hackers Here! 1

Essentials First: Looking for a Target 2

Hacking Motivations 3

Targets of Opportunity 4

Are You a Target of Opportunity? 6

Targets of Choice 7

Are You a Target of Choice? 7

The Process of an Attack 9

Reconnaissance 9

Footprinting (aka Casing the Joint) 11

Scanning 18

Enumeration 23

Enumerating Windows 24

Gaining Access 26

Operating System Attacks 27

Application Attacks 27

Misconfiguration Attacks 28

Scripted Attacks 29

Escalating Privilege 30

Covering Tracks 31

Where Are Attacks Coming From? 32

Common Vulnerabilities, Threats, and Risks 33

Overview of Common Attacks and Exploits 36

Network Security Organizations 39

CERT Coordination Center 40


Center for Internet Security (CIS) 40


Internet Storm Center 41

National Vulnerability Database 41

Security Focus 42

Learning from the Network Security Organizations 42

Chapter Summary 43

Chapter Review 43

Chapter 2 Security Policies 45

Responsibilities and Expectations 50

A Real-World Example 50

Who Is Responsible? You Are! 50

Legal Precedence 50

Internet Lawyers 51

Evolution of the Legal System 51

Criminal Prosecution 52

Real-World Example 52

Individuals Being Prosecuted 53

International Prosecution 53

Corporate Policies and Trust 53

Relevant Policies 54

User Awareness Education 54

Coming to a Balance 55

Corporate Policies 55

Acceptable Use Policy 57

Policy Overview 57

Purpose 58

Scope 58

General Use and Ownership 58

Security and Proprietary Information 59

Unacceptable Use 60

System and Network Activities 61

Email and Communications Activities 62

Enforcement 63

Conclusion 63

Password Policy 64

Overview 64

Purpose 64

Scope 64

General Policy 65

General Password Construction Guidelines 66

Password Protection Standards 67

Enforcement 68

Conclusion 68

Virtual Private Network (VPN) Security Policy 69

Purpose 69

Scope 69

Policy 70

Conclusion 71

Wireless Communication Policy 71

Scope 72

Policy Statement 72

General Network Access Requirements 72

Lab and Isolated Wireless Device Requirements 72

Home Wireless Device Requirements 73

Enforcement 73

Definitions 73

Revision History 73

Extranet Connection Policy 74

Purpose 74

Scope 74

Security Review 75

Third-Party Connection Agreement 75

Business Case 75

Point of Contact 75

Establishing Connectivity 75

Modifying or Changing Connectivity and Access 76

Terminating Access 76

Conclusion 76

ISO Certification and Security 77

Delivery 77

ISO/IEC 27002 78

Sample Security Policies on the Internet 79

Industry Standards 79

Payment Card Industry Data Security Standard (PCI DSS) 80

Sarbanes-Oxley Act of 2002 (SOX) 80

Health Insurance Portability and Accounting Act (HIPAA) of 1996 81

Massachusetts 201: Standards for the Protection of Personal Information of Residents of the Commonwealth 81

SAS 70 Series 82

Chapter Summary 82

Chapter Review 83

Chapter 3 Processes and Procedures 85

Security Advisories and Alerts: Getting the Intel You Need to Stay Safe 86

Responding to Security Advisories 87

Step 1: Awareness 88

Step 2: Incident Response 90

Step 3: Imposing Your Will 95

Steps 4 and 5: Handling Network Software Updates (Best Practices) 96

Industry Best Practices 98

Use a Change Control Process 98

Read All Related Materials 98

Apply Updates as Needed 99

Testing 99

Uninstall 99

Consistency 99

Backup and Scheduled Downtime 100

Have a Back-Out Plan 100

Forewarn Helpdesk and Key User Groups 100

Don't Get More Than Two Service Packs Behind 100

Target Noncritical Servers/Users First 100

Service Pack Best Practices 101

Hotfix Best Practices 101

Service Pack Level Consistency 101

Latest Service Pack Versus Multiple Hotfixes 101

Security Update Best Practices 101

Apply Admin Patches to Install Build Areas 102

Apply Only on Exact Match 102

Subscribe to Email Notification 102

Summary 102

Chapter Review and Questions 104

Chapter 4 Network Security Standards and Guidelines 105

Cisco SAFE 2.0 106

Overview 106

Purpose 106

Cisco Validated Design Program 107

Branch/WAN Design Zone Guides 107

Campus Design Zone Guides 107

Data Center Design Zone Guides 108

Security Design Zone Guides 109

Cisco Best Practice Overview and Guidelines 110

Basic Cisco IOS Best Practices 110

Secure Your Passwords 110

Limit Administrative Access 111

Limit Line Access Controls 111

Limit Access to Inbound and Outbound Telnet (aka vty Port) 112

Establish Session Timeouts 113

Make Room Redundancy 113

Protect Yourself from Common Attacks 114

Firewall/ASAs 115

Encrypt Your Privileged User Account 115

Limit Access Control 116

Make Room for Redundant Systems 116

General Best Practices 117

Configuration Guides 117

Intrusion Prevention System (IPS) for IOS 117

NSA Security Configuration Guides 118

Cisco Systems 119

Switches Configuration Guide 119

VoIP/IP Telephony Security Configuration Guides 119

Microsoft Windows 119

Microsoft Windows Applications 120

Microsoft Windows 7/Vista/Server 2008 120

Microsoft Windows XP/Server 2003 121

Apple 121

Microsoft Security 121

Security Policies 121

Microsoft Windows XP Professional 122

Microsoft Windows Server 2003 122

Microsoft Windows 7 122

Windows Server 2008 123

Microsoft Security Compliance Manager 124

Chapter Summary 125

Chapter Link Toolbox Summary 125

Chapter 5 Overview of Security Technologies 127

Security First Design Concepts 128

Packet Filtering via ACLs 131

Grocery List Analogy 132

Limitations of Packet Filtering 136

Stateful Packet Inspection 136

Detailed Packet Flow Using SPI 138

Limitations of Stateful Packet Inspection 139

Network Address Translation (NAT) 140

Increasing Network Security 142

NAT's Limitations 143

Proxies and Application-Level Protection 144

Limitations of Proxies 146

Content Filters 147

Limitations of Content Filtering 150

Public Key Infrastructure 150

PKI's Limitations 151

Reputation-Based Security 152

Reactive Filtering Can't Keep Up 154

Cisco Web Reputation Solution 155

AAA Technologies 156

Authentication 156

Authorization 157

Accounting 157

Remote Authentication Dial-In User Service (RADIUS) 158

Terminal Access Controller Access Control System (TACACS) 159


Two-Factor Authentication/Multifactor Authentication 161

IEEE 802.1x: Network Access Control (NAC) 162

Network Admission Control 163

Cisco TrustSec 164

Solution Overview 164

Cisco Identity Services Engine 166

Chapter Summary 168

Chapter Review Questions 168

Chapter 6 Security Protocols 169

Triple DES Encryption 171

Encryption Strength 171

Limitations of 3DES 172

Advanced Encryption Standard (AES) 172

Different Encryption Strengths 173

Limitations of AES 173

Message Digest 5 Algorithm 173

MD5 Hash in Action 175

Secure Hash Algorithm (SHA Hash) 175

Types of SHA 176

SHA-1 176

SHA-2 176

Point-to-Point Tunneling Protocol (PPTP) 177

PPTP Functionality 177

Limitations of PPTP 178

Layer 2 Tunneling Protocol (L2TP) 179

L2TP Versus PPTP 180

Benefits of L2TP 180

L2TP Operation 181

Secure Shell (SSH) 182

SSH Versus Telnet 184

SSH Operation 186

Tunneling and Port Forwarding 187

Limitations of SSH 188

SNMP v3 188

Security Built In 189

Chapter Summary 192

Chapter Review Questions 192

Chapter 7 Firewalls 193

Firewall Frequently Asked Questions 194

Who Needs a Firewall? 195

Why Do I Need a Firewall? 195

Do I Have Anything Worth Protecting? 195

What Does a Firewall Do? 196

Firewalls Are "The Security Policy" 197

We Do Not Have a Security Policy 200

Firewall Operational Overview 200

Firewalls in Action 202

Implementing a Firewall 203

Determine the Inbound Access Policy 205

Determine Outbound Access Policy 206

Essentials First: Life in the DMZ 206

Case Studies 208

Case Study: To DMZ or Not to DMZ? 208

Firewall Limitations 214

Chapter Summary 215

Chapter Review Questions 216

Chapter 8 Router Security 217

Edge Router as a Choke Point 221

Limitations of Choke Routers 223

Routers Running Zone Based Firewall 224

Zone-Based Policy Overview 225

Zone-Based Policy Configuration Model 226

Rules for Applying Zone-Based Policy Firewall 226

Designing Zone-Based Policy Network Security 227

Using IPsec VPN with Zone-Based Policy Firewall 228

Intrusion Detection with Cisco IOS 229

When to Use the FFS IDS 230

FFS IDS Operational Overview 231

FFS Limitations 233

Secure IOS Template 234

Routing Protocol Security 251

OSPF Authentication 251

Benefits of OSPF Neighbor Authentication 252

When to Deploy OSPF Neighbor Authentication 252

How OSPF Authentication Works 253

Chapter Summary 254

Chapter Review Questions 255

Chapter 9 IPsec Virtual Private Networks (VPNs) 257

Analogy: VPNs Securely Connect IsLANds 259

VPN Overview 261

VPN Benefits and Goals 263

VPN Implementation Strategies 264

Split Tunneling 265

Overview of IPsec VPNs 265

Authentication and Data Integrity 268

Tunneling Data 269

VPN Deployment with Layered Security 270

IPsec Encryption Modes 271

IPsec Tunnel Mode 271

Transport Mode 272

IPsec Family of Protocols 272

Security Associations 273

ISAKMP Overview 273

Internet Key Exchange (IKE) Overview 274

IKE Main Mode 274

IKE Aggressive Mode 275

IPsec Security Association (IPsec SA) 275

IPsec Operational Overview 276

IKE Phase 1 277

IKE Phase 2 278

Perfect Forward Secrecy 278

Diffie-Hellman Algorithm 279

Router Configuration as VPN Peer 281

Configuring ISAKMP 281

Preshared Keys 282

Configuring the ISAKMP Protection Suite 282

Configuring the ISAKMP Key 283

Configuring IPsec 284

Step 1: Create the Extended ACL 284

Step 2: Create the IPsec Transforms 284

Step 3: Create the Crypto Map 285

Step 4: Apply the Crypto Map to an Interface 286

Firewall VPN Configuration for Client Access 286

Step 1: Define Interesting Traffic 288

Step 2: IKE Phase 1[udp port 500] 288

Step 3: IKE Phase 2 288

Step 4: Data Transfer 289

Step 5: Tunnel Termination 289

SSL VPN Overview 289

Comparing SSL and IPsec VPNs 290

Which to Deploy: Choosing Between IPsec and SSL VPNs 292

Remote-Access VPN Security Considerations 293

Steps to Securing the Remote-Access VPN 294

Cisco AnyConnect VPN Secure Mobility Solution 295

Chapter Summary 296

Chapter Review Questions 297

Chapter 10 Wireless Security 299

Essentials First: Wireless LANs 301

What Is Wi-Fi? 302

Benefits of Wireless LANs 303

Wireless Equals Radio Frequency 303

Wireless Networking 304

Modes of Operation 305

Coverage 306

Bandwidth Availability 307

WarGames Wirelessly 307

Warchalking 308

Wardriving 309

Warspamming 311

Warspying 312

Wireless Threats 312

Sniffing to Eavesdrop and Intercept Data 313

Denial-of-Service Attacks 315

Rogue/Unauthorized Access Points 316

Misconfiguration and Bad Behavior 317

AP Deployment Guidelines 317

Wireless Security 318

Service Set Identifier (SSID) 318

Device and Access Point Association 319

Wired Equivalent Privacy (WEP) 319

WEP Limitations and Weaknesses 320

MAC Address Filtering 320

Extensible Authentication Protocol (EAP) 321

LEAP 322




Essential Wireless Security 323

Essentials First: Wireless Hacking Tools 325

NetStumbler 325

Wireless Packet Sniffers 326

Aircrack-ng 327

OmniPeek 327

Wireshark 329

Chapter Summary 329

Chapter Review Questions 330

Chapter 11 Intrusion Detection and Honeypots 331

Essentials First: Intrusion Detection 333

IDS Functional Overview 335

Host Intrusion Detection System 340

Network Intrusion Detection System 341

Wireless IDS 343

Network Behavior Analysis 344

How Are Intrusions Detected? 345

Signature or Pattern Detection 346

Anomaly-Based Detection 346

Stateful Protocol Analysis 347

Combining Methods 347

Intrusion Prevention 347

IDS Products 348

Snort! 348

Limitations of IDS 350

Essentials First: Honeypots 354

Honeypot Overview 354

Honeypot Design Strategies 356

Honeypot Limitations 357

Chapter Summary 357

Chapter Review Questions 357

Chapter 12 Tools of the Trade 359

Essentials First: Vulnerability Analysis 361

Fundamental Attacks 361

IP Spoofing/Session Hijacking 362

Packet Analyzers 363

Denial of Service (DoS) Attacks 363

Other Types of Attacks 366

Back Doors 368

Security Assessments and Penetration Testing 370

Internal Vulnerability and Penetration Assessment 370

Assessment Methodology 371

External Penetration and Vulnerability Assessment 371

Assessment Methodology 372

Physical Security Assessment 373

Assessment Methodology 373

Miscellaneous Assessments 374

Assessment Providers 375

Security Scanners 375

Features and Benefits of Vulnerability Scanners 376

Freeware Security Scanners 376

Metasploit 376

NMAP 376


Nessus 377

Retina Version 5.11.10 380

CORE IMPACT Pro (a Professional Penetration Testing Product) 382

In Their Own Words 383

Scan and Detection Accuracy 384

Documentation 384

Documentation and Support 386

Vulnerability Updates 386

Chapter Summary 386

Chapter Review Questions 387

Appendix A Answers to Review Questions 389

9781587204104 TOC 11/30/2011
show more

About Thomas M. Thomas

Tom Thomas, CCIE No. 9360, claims he never works because he loves what he does. When you meet him, you will agree!

Throughout his many years in the networking industry, Tom has taught thousands of people how networking works and the secrets of the life of a packet. Tom is the author or coauthor of 18 books on networking, including the acclaimed OSPF Network Design Solutions, published by Cisco Press and now in its second edition. Beyond his many books, Tom also has taught computer and networking skills through his roles as an instructor and training-course developer.

In addition to holding the Cisco Certified Internetwork Expert (CCIE) certification-the pinnacle of networking certifications-Tom holds Cisco CCNP Security, CCDA, and CCNA certifications and is a certified Cisco Systems instructor (CCSI). These certifications support his industry-proven, problem-solving skills through technical leadership with demonstrated persistence and the ability to positively assist businesses in leveraging IT resources in support of their core business. He has also completed his Master of Science degree in network architecture and is looking at a doctorate next.

Tom currently is the CIO of Qoncert, a Cisco Gold Partner in Southern Florida that has an affiliated arm known as, a Cisco Learning Partner, where he provides strategic direction and a little hands-on for customers of all types.

Donald Stoddard began his career in information technology in 1998, designing networks and implementing security for schools in North Dakota and South Dakota. He then went on to design and implement Geographical Information Systems (GIS) for a firm in Denver, Colorado. While there, he earned his Bachelor of Science degree in computer information systems management from Colorado Christian University. From Colorado, he then moved south, learned the ins-and-outs of Cisco VoIP, and began working through designing and securing VoIP solutions throughout the southeast. Don holds Microsoft MCSA and Linux+ and Security+ certifications and is presently wading through the CISSP material.

Currently, Don works for the Department of the Navy as the Information Assurance Officer for one of the premier Navy research and development labs, where he provides certification and accreditation guidance for the various projects being developed for implementation and deployment.
show more

Rating details

1 ratings
5 out of 5 stars
5 100% (1)
4 0% (0)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X