The Practice of Network Security

The Practice of Network Security : Deployment Strategies for Production Environments

By (author) 

List price: US$49.99

Currently unavailable

We can notify you when this item is back in stock

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks


This book is designed to address vulnerabilities in a network at all levels. Hence, it will cover WAN security, router and switch security, wireless network security, server and workstation security, and even remote access security. It covers best practices in major security tasks including developing a security model, monitoring for and logging security breaches, and responding to an attack. Liska also covers where a firewall should be placed in a network, and the purpose of a DMZ. Part 1: Introduction - provides the scope of network security, and helps a network administrator develop a security strategy, including providing numbers for revenue lost because of security incidents. Part 2: The Network - covers LAN and WAN security concerns. The idea is to restrict access into the network and prevent problems that occur in one area of the network from affecting others. Part 3: Firewalls - where to place them and the need for a DMZ. Part 4: Servers and Workstations - covers some of the fundamental problems with securing servers and workstations. Part 5: Monitoring and responding to attacks. It covers monitoring the network, what to look for, how to log information, and what to do if a network is attacked. Part 6: Bringing it all Together - take the network initially deployed, and demonstrate how the network has been better secured.
show more

Product details

  • Hardback | 416 pages
  • 184.4 x 242.8 x 34.8mm | 453.6g
  • Prentice Hall
  • Upper Saddle River, United States
  • English
  • 0130462233
  • 9780130462237

Back cover copy

Enterprise security for real netadmins in the real worldThis book shows how to secure an enterprise network in the real world--when you're on the front lines, constantly under attack, and you don't always get the support you need. Symantec security engineer and former UUNet network architect Allan Liska addresses every facet of network security, from risk profiling through access control, Web/email security through day-to-day monitoring. He systematically identifies today's most widespread security mistakes and vulnerabilities--and offers realistic solutions you can begin implementing right away.Coverage Includes:

Quantifying security risks and "selling" security throughout the organizationDefining security models that reflect your company's philosophy Translating your security model into effective, enforceable policiesMaking your routers and switches your first lines of network defenseControlling access via authentication, authorization, and accountingConfiguring secure VPNs and remote access Securing wireless LANs and WANsEstablishing a DMZ between your network and the public InternetSecuring Web/application servers, DNS servers, email servers, and file/print serversImplementing effective day-to-day network security administration, monitoring, and loggingResponding to attacks: detect, isolate, halt, report, and prosecute Liska integrates these techniques in an end-to-end case study, showing you how to redesign an insecure enterprise network for maximum security--one step at a time.
show more

Table of contents

1. Defining the Scope. What is Network Security? What Types of Network Security Are Important? What Is the Cost of Lax Security Policies? Where Is the Network Vulnerable? The Network. Summary.2. Security Mode. Choosing a Security Mode. OCTAVE. Build Asset-Based Threat Profiles. Identify Infrastructure Vulnerabilities. Evaluate Security Strategy and Plans. Summary.3. Understanding Types of Attacks. Sniffing and Port Scanning. Exploits. Spoofing. Distributed Denial of Service Attacks. Viruses and Worms. Summary.4. Routing. The Router on the Network. The Basics. Disabling Unused Services. Redundancy. Securing Routing Protocols. Limit Access to Routers. Change Default Passwords! Summary.5. Switching. The Switch on the Network. Multilayer Switching. VLANs. Spanning Tree. MAC Addressing. Restricting Access to Switches. Summary.6. Authentication, Authorization, and Accounting. Kerberos. RADIUS. TACACS+. Summary.7. Remote Access and VPNs. VPN Solutions. IP VPN Security. Dial-In Security Access. DSL and Cable VPN Security. Encrypting Remote Sessions. The VPN on the Network. Summary.8. Wireless Wide Area Networks. Wireless WAN Security Issues. Spread Spectrum Technology. Location. Summary.9. Wireless Local Area Networks. Access Point Security. SSID. WEP. MAC Address Filtering.RADIUS Authentication. WLAN VPN. 802.11i92. Summary.10. Firewalls and Intrusion Detection Systems. The Purpose of the Firewall. What a Firewall Cannot Do. Types of Firewalls. Layer 2 Firewalls. Intrusion Detection Systems. Summary.11. The DMZ. DMZ Network Design. Multiple DMZ Design. DMZ Rulesets. Summary.12. Server Security. General Server Security Guidelines. Backups. Web Server Security. Mail Server Security. Outsourcing. Summary.13. DNS Security. Securing Your Domain Name. A Secure BIND Installation. Limit Access to Domain Information. DNS Outsourcing. Djbdns. Summary.14. Workstation Security. General Workstation Security Guidelines. Virus and Worm Scanning. Administrative Access. Remote Login. Summary.15. Managing Network Security. Enforcing Security Policies. Understanding Network Security Risks. Avoiding Common Mistakes. Summary.16. Monitoring. What to Monitor. SNMP. Centralizing the Monitoring Process. Summary.17. Logging. Protecting Against Log-Altering Attacks. Syslog Servers. Sifting Through Logged Data. Summary.18. Responding to an Attack. Creating a Response Chain of Command. Take Notes and Gather Evidence. Contain and Investigate the Problem. Remove the Problem. Contact Appropriate Parties. Prepare a Postmortem. Summary.
show more

About Allan Liska

ALLAN LISKA is a Security Engineer with Symantec's Enterprise Security Services division. Prior to that Mr. Liska spent six years at WorldCom, where he served as a network architect for WorldCom's hosting division. He is also a CISSP who has written about network management, administration, and Web-server security.
show more