Product Cover Image

Network Security First-Step, 2nd Edition

By Thomas M. Thomas, Donald Stoddard

Published by Cisco Press

Published Date: Dec 30, 2011

More Product Info

Description

Network Security first-step

Second Edition

 

Tom Thomas and Donald Stoddard

 

Your first step into the world of network security

  • No security experience required
  • Includes clear and easily understood explanations
  • Makes learning easy

Your first step to network security begins here!

  • Learn how hacker attacks work, from start to finish
  • Choose the right security solution for each type of risk
  • Create clear and enforceable security policies, and keep them up to date
  • Establish reliable processes for responding to security advisories
  • Use encryption effectively, and recognize its limitations
  • Secure your network with firewalls, routers, and other devices
  • Prevent attacks aimed at wireless networks

No security experience required!

 

Computer networks are indispensible, but they also are not secure. With the proliferation of security threats, many people and companies are looking for ways to increase the security of their networks and data. Before you can effectively implement security technologies and techniques, you need to make sense of this complex and quickly evolving world of hackers and malware, as well as the tools to combat them.

Network Security First-Step, Second Edition explains the basics of network security in easy-to-grasp language that all of us can understand. This book takes you on a guided tour of the core technologies that make up and control network security. Whether you are looking to take your first step into a career in network security or simply are interested in gaining knowledge of the technology, this book is for you!

Table of Contents

Introduction xxii

Chapter 1 There Be Hackers Here! 1

Essentials First: Looking for a Target 2

Hacking Motivations 3

Targets of Opportunity 4

    Are You a Target of Opportunity? 6

Targets of Choice 7

    Are You a Target of Choice? 7

The Process of an Attack 9

    Reconnaissance 9

    Footprinting (aka Casing the Joint) 11

    Scanning 18

    Enumeration 23

        Enumerating Windows 24

    Gaining Access 26

        Operating System Attacks 27

        Application Attacks 27

        Misconfiguration Attacks 28

        Scripted Attacks 29

    Escalating Privilege 30

    Covering Tracks 31

Where Are Attacks Coming From? 32

Common Vulnerabilities, Threats, and Risks 33

Overview of Common Attacks and Exploits 36

Network Security Organizations 39

    CERT Coordination Center 40

    SANS 40

    Center for Internet Security (CIS) 40

    SCORE 41

    Internet Storm Center 41

    National Vulnerability Database 41

    Security Focus 42

    Learning from the Network Security Organizations 42

Chapter Summary 43

Chapter Review 43

Chapter 2 Security Policies 45

Responsibilities and Expectations 50

    A Real-World Example 50

    Who Is Responsible? You Are! 50

        Legal Precedence 50

        Internet Lawyers 51

        Evolution of the Legal System 51

    Criminal Prosecution 52

        Real-World Example 52

        Individuals Being Prosecuted 53

        International Prosecution 53

Corporate Policies and Trust 53

    Relevant Policies 54

    User Awareness Education 54

    Coming to a Balance 55

    Corporate Policies 55

Acceptable Use Policy 57

    Policy Overview 57

    Purpose 58

    Scope 58

    General Use and Ownership 58

    Security and Proprietary Information 59

    Unacceptable Use 60

        System and Network Activities 61

        Email and Communications Activities 62

    Enforcement 63

    Conclusion 63

Password Policy 64

    Overview 64

    Purpose 64

    Scope 64

    General Policy 65

    General Password Construction Guidelines 66

    Password Protection Standards 67

    Enforcement 68

    Conclusion 68

Virtual Private Network (VPN) Security Policy 69

    Purpose 69

    Scope 69

    Policy 70

    Conclusion 71

Wireless Communication Policy 71

    Scope 72

    Policy Statement 72

        General Network Access Requirements 72

        Lab and Isolated Wireless Device Requirements 72

        Home Wireless Device Requirements 73

    Enforcement 73

    Definitions 73

    Revision History 73

Extranet Connection Policy 74

    Purpose 74

    Scope 74

    Security Review 75

    Third-Party Connection Agreement 75

    Business Case 75

    Point of Contact 75

    Establishing Connectivity 75

    Modifying or Changing Connectivity and Access 76

    Terminating Access 76

    Conclusion 76

ISO Certification and Security 77

    Delivery 77

    ISO/IEC 27002 78

    Sample Security Policies on the Internet 79

Industry Standards 79

    Payment Card Industry Data Security Standard (PCI DSS) 80

    Sarbanes-Oxley Act of 2002 (SOX) 80

    Health Insurance Portability and Accounting Act (HIPAA) of 1996 81

    Massachusetts 201: Standards for the Protection of Personal Information of Residents of the Commonwealth 81

    SAS 70 Series 82

Chapter Summary 82

Chapter Review 83

Chapter 3 Processes and Procedures 85

Security Advisories and Alerts: Getting the Intel You Need to Stay Safe 86

    Responding to Security Advisories 87

        Step 1: Awareness 88

        Step 2: Incident Response 90

        Step 3: Imposing Your Will 95

        Steps 4 and 5: Handling Network Software Updates (Best Practices) 96

Industry Best Practices 98

    Use a Change Control Process 98

    Read All Related Materials 98

    Apply Updates as Needed 99

    Testing 99

    Uninstall 99

    Consistency 99

    Backup and Scheduled Downtime 100

    Have a Back-Out Plan 100

    Forewarn Helpdesk and Key User Groups 100

    Don’t Get More Than Two Service Packs Behind 100

    Target Noncritical Servers/Users First 100

    Service Pack Best Practices 101

    Hotfix Best Practices 101

        Service Pack Level Consistency 101

        Latest Service Pack Versus Multiple Hotfixes 101

    Security Update Best Practices 101

        Apply Admin Patches to Install Build Areas 102

        Apply Only on Exact Match 102

        Subscribe to Email Notification 102

Summary 102

Chapter Review and Questions 104

Chapter 4 Network Security Standards and Guidelines 105

Cisco SAFE 2.0 106

    Overview 106

    Purpose 106

Cisco Validated Design Program 107

    Branch/WAN Design Zone Guides 107

    Campus Design Zone Guides 107

    Data Center Design Zone Guides 108

    Security Design Zone Guides 109

Cisco Best Practice Overview and Guidelines 110

    Basic Cisco IOS Best Practices 110

        Secure Your Passwords 110

        Limit Administrative Access 111

        Limit Line Access Controls 111

        Limit Access to Inbound and Outbound Telnet (aka vty Port) 112

        Establish Session Timeouts 113

        Make Room Redundancy 113

        Protect Yourself from Common Attacks 114

    Firewall/ASAs 115

        Encrypt Your Privileged User Account 115

        Limit Access Control 116

        Make Room for Redundant Systems 116

        General Best Practices 117

        Configuration Guides 117

        Intrusion Prevention System (IPS) for IOS 117

NSA Security Configuration Guides 118

    Cisco Systems 119

        Switches Configuration Guide 119

        VoIP/IP Telephony Security Configuration Guides 119

    Microsoft Windows 119

        Microsoft Windows Applications 120

        Microsoft Windows 7/Vista/Server 2008 120

        Microsoft Windows XP/Server 2003 121

    Apple 121

Microsoft Security 121

    Security Policies 121

        Microsoft Windows XP Professional 122

        Microsoft Windows Server 2003 122

        Microsoft Windows 7 122

        Windows Server 2008 123

    Microsoft Security Compliance Manager 124

Chapter Summary 125

Chapter Link Toolbox Summary 125

Chapter 5 Overview of Security Technologies 127

Security First Design Concepts 128

Packet Filtering via ACLs 131

    Grocery List Analogy 132

    Limitations of Packet Filtering 136

Stateful Packet Inspection 136

    Detailed Packet Flow Using SPI 138

    Limitations of Stateful Packet Inspection 139

Network Address Translation (NAT) 140

    Increasing Network Security 142

    NAT’s Limitations 143

Proxies and Application-Level Protection 144

    Limitations of Proxies 146

Content Filters 147

    Limitations of Content Filtering 150

Public Key Infrastructure 150

    PKI’s Limitations 151

Reputation-Based Security 152

    Reactive Filtering Can’t Keep Up 154

    Cisco Web Reputation Solution 155

AAA Technologies 156

    Authentication 156

    Authorization 157

    Accounting 157

    Remote Authentication Dial-In User Service (RADIUS) 158

    Terminal Access Controller Access Control System (TACACS) 159

    TACACS+ Versus RADIUS 160

Two-Factor Authentication/Multifactor Authentication 161

    IEEE 802.1x: Network Access Control (NAC) 162

        Network Admission Control 163

    Cisco TrustSec 164

        Solution Overview 164

        Cisco Identity Services Engine 166

Chapter Summary 168

Chapter Review Questions 168

Chapter 6 Security Protocols 169

Triple DES Encryption 171

    Encryption Strength 171

    Limitations of 3DES 172

Advanced Encryption Standard (AES) 172

    Different Encryption Strengths 173

    Limitations of AES 173

Message Digest 5 Algorithm 173

    MD5 Hash in Action 175

Secure Hash Algorithm (SHA Hash) 175

    Types of SHA 176

        SHA-1 176

        SHA-2 176

Point-to-Point Tunneling Protocol (PPTP) 177

    PPTP Functionality 177

    Limitations of PPTP 178

Layer 2 Tunneling Protocol (L2TP) 179

    L2TP Versus PPTP 180

    Benefits of L2TP 180

    L2TP Operation 181

Secure Shell (SSH) 182

    SSH Versus Telnet 184

    SSH Operation 186

    Tunneling and Port Forwarding 187

    Limitations of SSH 188

SNMP v3 188

    Security Built In 189

Chapter Summary 192

Chapter Review Questions 192

Chapter 7 Firewalls 193

Firewall Frequently Asked Questions 194

    Who Needs a Firewall? 195

    Why Do I Need a Firewall? 195

    Do I Have Anything Worth Protecting? 195

What Does a Firewall Do? 196

Firewalls Are “The Security Policy” 197

We Do Not Have a Security Policy 200

Firewall Operational Overview 200

    Firewalls in Action 202

    Implementing a Firewall 203

    Determine the Inbound Access Policy 205

    Determine Outbound Access Policy 206

Essentials First: Life in the DMZ 206

Case Studies 208

    Case Study: To DMZ or Not to DMZ? 208

Firewall Limitations 214

Chapter Summary 215

Chapter Review Questions 216

Chapter 8 Router Security 217

Edge Router as a Choke Point 221

    Limitations of Choke Routers 223

Routers Running Zone Based Firewall 224

    Zone-Based Policy Overview 225

    Zone-Based Policy Configuration Model 226

    Rules for Applying Zone-Based Policy Firewall 226

    Designing Zone-Based Policy Network Security 227

    Using IPsec VPN with Zone-Based Policy Firewall 228

Intrusion Detection with Cisco IOS 229

    When to Use the FFS IDS 230

    FFS IDS Operational Overview 231

    FFS Limitations 233

Secure IOS Template 234

Routing Protocol Security 251

    OSPF Authentication 251

        Benefits of OSPF Neighbor Authentication 252

        When to Deploy OSPF Neighbor Authentication 252

        How OSPF Authentication Works 253

Chapter Summary 254

Chapter Review Questions 255

Chapter 9 IPsec Virtual Private Networks (VPNs) 257

Analogy: VPNs Securely Connect IsLANds 259

VPN Overview 261

    VPN Benefits and Goals 263

    VPN Implementation Strategies 264

    Split Tunneling 265

Overview of IPsec VPNs 265

    Authentication and Data Integrity 268

    Tunneling Data 269

    VPN Deployment with Layered Security 270

    IPsec Encryption Modes 271

        IPsec Tunnel Mode 271

        Transport Mode 272

    IPsec Family of Protocols 272

    Security Associations 273

    ISAKMP Overview 273

    Internet Key Exchange (IKE) Overview 274

        IKE Main Mode 274

        IKE Aggressive Mode 275

    IPsec Security Association (IPsec SA) 275

    IPsec Operational Overview 276

        IKE Phase 1 277

        IKE Phase 2 278

        Perfect Forward Secrecy 278

        Diffie-Hellman Algorithm 279

Router Configuration as VPN Peer 281

    Configuring ISAKMP 281

        Preshared Keys 282

    Configuring the ISAKMP Protection Suite 282

    Configuring the ISAKMP Key 283

    Configuring IPsec 284

        Step 1: Create the Extended ACL 284

        Step 2: Create the IPsec Transforms 284

        Step 3: Create the Crypto Map 285

        Step 4: Apply the Crypto Map to an Interface 286

Firewall VPN Configuration for Client Access 286

    Step 1: Define Interesting Traffic 288

    Step 2: IKE Phase 1[udp port 500] 288

    Step 3: IKE Phase 2 288

    Step 4: Data Transfer 289

    Step 5: Tunnel Termination 289

SSL VPN Overview 289

Comparing SSL and IPsec VPNs 290

Which to Deploy: Choosing Between IPsec and SSL VPNs 292

Remote-Access VPN Security Considerations 293

    Steps to Securing the Remote-Access VPN 294

        Cisco AnyConnect VPN Secure Mobility Solution 295

Chapter Summary 296

Chapter Review Questions 297

Chapter 10 Wireless Security 299

Essentials First: Wireless LANs 301

    What Is Wi-Fi? 302

    Benefits of Wireless LANs 303

    Wireless Equals Radio Frequency 303

Wireless Networking 304

    Modes of Operation 305

    Coverage 306

    Bandwidth Availability 307

WarGames Wirelessly 307

    Warchalking 308

    Wardriving 309

    Warspamming 311

    Warspying 312

Wireless Threats 312

    Sniffing to Eavesdrop and Intercept Data 313

    Denial-of-Service Attacks 315

    Rogue/Unauthorized Access Points 316

    Misconfiguration and Bad Behavior 317

        AP Deployment Guidelines 317

        Wireless Security 318

    Service Set Identifier (SSID) 318

    Device and Access Point Association 319

    Wired Equivalent Privacy (WEP) 319

        WEP Limitations and Weaknesses 320

    MAC Address Filtering 320

Extensible Authentication Protocol (EAP) 321

    LEAP 322

    EAP-TLS 322

    EAP-PSK 323

    EAP-TTLS 323

Essential Wireless Security 323

Essentials First: Wireless Hacking Tools 325

    NetStumbler 325

    Wireless Packet Sniffers 326

    Aircrack-ng 327

    OmniPeek 327

    Wireshark 329

Chapter Summary 329

Chapter Review Questions 330

Chapter 11 Intrusion Detection and Honeypots 331

Essentials First: Intrusion Detection 333

    IDS Functional Overview 335

        Host Intrusion Detection System 340

        Network Intrusion Detection System 341

        Wireless IDS 343

        Network Behavior Analysis 344

How Are Intrusions Detected? 345

    Signature or Pattern Detection 346

    Anomaly-Based Detection 346

    Stateful Protocol Analysis 347

    Combining Methods 347

    Intrusion Prevention 347

    IDS Products 348

        Snort! 348

    Limitations of IDS 350

Essentials First: Honeypots 354

    Honeypot Overview 354

    Honeypot Design Strategies 356

    Honeypot Limitations 357

Chapter Summary 357

Chapter Review Questions 357

Chapter 12 Tools of the Trade 359

Essentials First: Vulnerability Analysis 361

    Fundamental Attacks 361

        IP Spoofing/Session Hijacking 362

        Packet Analyzers 363

        Denial of Service (DoS) Attacks 363

        Other Types of Attacks 366

        Back Doors 368

Security Assessments and Penetration Testing 370

    Internal Vulnerability and Penetration Assessment 370

        Assessment Methodology 371

    External Penetration and Vulnerability Assessment 371

        Assessment Methodology 372

    Physical Security Assessment 373

        Assessment Methodology 373

    Miscellaneous Assessments 374

        Assessment Providers 375

Security Scanners 375

    Features and Benefits of Vulnerability Scanners 376

    Freeware Security Scanners 376

        Metasploit 376

        NMAP 376

        SAINT 377

        Nessus 377

        Retina Version 5.11.10 380

CORE IMPACT Pro (a Professional Penetration Testing Product) 382

    In Their Own Words 383

    Scan and Detection Accuracy 384

    Documentation 384

    Documentation and Support 386

    Vulnerability Updates 386

Chapter Summary 386

Chapter Review Questions 387

Appendix A Answers to Review Questions 389

 

9781587204104   TOC   11/30/2011

 

Purchase Info

ISBN-10: 1-58720-414-2

ISBN-13: 978-1-58720-414-2

Format: Safari PTG

This publication is not currently for sale.