| Foreword | p. xxxi |
| Introduction to IP Network Security | p. 1 |
| Introduction | p. 2 |
| What Role Does Security Play in a Network? | p. 2 |
| Goals | p. 2 |
| Philosophy | p. 6 |
| What if I Don't Deploy Security? | p. 7 |
| The Fundamentals of Networking | p. 8 |
| Where Does Security Fit in? | p. 9 |
| Network Access Layer Security | p. 10 |
| Internetwork Layer Security | p. 11 |
| Host-to-Host Layer Security | p. 14 |
| Process Application Layer Security | p. 17 |
| Authentication | p. 21 |
| OSI Model | p. 25 |
| How the OSI Model Works | p. 34 |
| Composition of a Data Packet | p. 44 |
| Security in TCP/IP | p. 45 |
| Cisco IP Security Hardware and Software | p. 46 |
| The Cisco Secure PIX Firewall | p. 46 |
| Cisco Secure Integrated Software | p. 49 |
| Cisco Secure Integrated VPN Software | p. 50 |
| The Cisco Secure VPN Client | p. 50 |
| Cisco Secure Access Control Server | p. 50 |
| Cisco Secure Scanner | p. 51 |
| Cisco Secure Intrusion Detection System | p. 51 |
| Cisco Secure Policy Manager | p. 52 |
| Cisco Secure Consulting Services | p. 53 |
| Summary | p. 54 |
| Solutions Fast Track | p. 56 |
| Frequently Asked Questions | p. 59 |
| What Are We Trying to Prevent? | p. 61 |
| Introduction | p. 62 |
| What Threats Face Your Network? | p. 64 |
| Loss of Confidentiality | p. 65 |
| Loss of Integrity | p. 65 |
| Loss of Availability | p. 65 |
| Sources of Threats | p. 66 |
| Malicious Mobile Code | p. 67 |
| Trojan Horses | p. 67 |
| Viruses | p. 67 |
| Worms | p. 68 |
| Current Malicious Code Threats | p. 70 |
| Current Malicious Code Impacts | p. 70 |
| Denial of Service | p. 71 |
| The Smurf Attack | p. 73 |
| The SYN Flood Attack | p. 74 |
| Distributed Denial of Service (DDoS) Attacks | p. 75 |
| Detecting Breaches | p. 76 |
| Initial Detection | p. 77 |
| Are Forensics Important? | p. 78 |
| What Are the Key Steps after a Breach Is Detected? | p. 79 |
| Preventing Attacks | p. 80 |
| Reducing Vulnerabilities | p. 81 |
| Providing a Simple Security Network Architecture | p. 82 |
| Developing a Culture of Security | p. 85 |
| Developing a Security Policy | p. 86 |
| Summary | p. 88 |
| Solutions Fast Track | p. 91 |
| Frequently Asked Questions | p. 94 |
| Cisco PIX Firewall | p. 97 |
| Introduction | p. 98 |
| Overview of the Security Features | p. 100 |
| Differences between PIX OS Version 4.x and Version 5.x | p. 104 |
| Differences between PIX OS Version 6.0 and Version 5.x | p. 106 |
| Initial Configuration | p. 109 |
| Installing the PIX Software | p. 109 |
| The Command-Line Interface | p. 115 |
| IP Configuration | p. 116 |
| Configuring NAT and PAT | p. 119 |
| Permit Traffic Through | p. 120 |
| Security Policy Configuration | p. 123 |
| Security Strategies | p. 125 |
| Identify the Security Services to Implement | p. 129 |
| Implementing the Network Security Policy | p. 131 |
| Confidentiality Configuration in PIX | p. 138 |
| PIX Configuration Examples | p. 140 |
| Protecting a Private Network | p. 140 |
| Protecting a Network Connected to the Internet | p. 142 |
| Protecting Server Access Using Authentication | p. 145 |
| Protecting Public Servers Connected to the Internet | p. 146 |
| Securing and Maintaining the PIX | p. 152 |
| System Journaling | p. 152 |
| Securing the PIX | p. 154 |
| Summary | p. 157 |
| Solutions Fast Track | p. 157 |
| Frequently Asked Questions | p. 160 |
| Traffic Filtering in the Cisco Internetwork Operating System | p. 163 |
| Introduction | p. 164 |
| Access Lists | p. 164 |
| Access List Operation | p. 166 |
| Types of Access Lists | p. 167 |
| Standard IP Access Lists | p. 169 |
| Extended IP Access Lists | p. 176 |
| Named Access Lists | p. 189 |
| Editing Access Lists | p. 190 |
| Problems with Access Lists | p. 192 |
| Lock-and-key Access Lists | p. 193 |
| Reflexive Access Lists | p. 199 |
| Building Reflexive Access Lists | p. 202 |
| Applying Reflexive Access Lists | p. 205 |
| Context-based Access Control | p. 205 |
| The Context-based Access Control Process | p. 208 |
| Configuring Context-based Access Control | p. 208 |
| Inspection Rules | p. 211 |
| Applying the Inspection Rule | p. 212 |
| Configuring Port to Application Mapping | p. 213 |
| Configuring PAM | p. 213 |
| Protecting a Private Network | p. 214 |
| Protecting a Network Connected to the Internet | p. 217 |
| Protecting Server Access Using Lock-and-key | p. 219 |
| Protecting Public Servers Connected to the Internet | p. 221 |
| Summary | p. 227 |
| Solutions Fast Track | p. 227 |
| Frequently Asked Questions | p. 230 |
| Network Address Translation/Port Address Translation | p. 233 |
| Introduction | p. 234 |
| NAT Overview | p. 234 |
| Address Realm | p. 235 |
| RFC 1918 Private Addressing | p. 235 |
| NAT | p. 237 |
| Transparent Address Assignment | p. 237 |
| Transparent Routing | p. 238 |
| Public, Global, and External Networks | p. 240 |
| Private and Local Networks | p. 240 |
| Application Level Gateways | p. 240 |
| NAT Architectures | p. 241 |
| Traditional NAT or Outbound NAT | p. 241 |
| Port Address Translation | p. 243 |
| Static NAT | p. 245 |
| Twice NAT | p. 246 |
| Guidelines for Deploying NAT and PAT | p. 248 |
| IOS NAT Support for IP Telephony | p. 251 |
| H.323 v2 Support | p. 251 |
| CallManager Support | p. 252 |
| Session Initiation Protocol | p. 252 |
| Configuring NAT on Cisco IOS | p. 252 |
| Configuration Commands | p. 253 |
| Verification Commands | p. 258 |
| Configuring NAT between a Private Network and the Internet | p. 259 |
| Configuring NAT in a Network with DMZ | p. 261 |
| Considerations on NAT and PAT | p. 263 |
| IP Address Information in Data | p. 263 |
| Bundled Session Applications | p. 264 |
| Summary | p. 266 |
| Solutions Fast Track | p. 268 |
| Frequently Asked Questions | p. 271 |
| Cryptography | p. 273 |
| Introduction | p. 274 |
| Understanding Cryptography Concepts | p. 274 |
| History | p. 275 |
| Encryption Key Types | p. 275 |
| Learning about Standard Cryptographic Algorithms | p. 277 |
| Understanding Symmetric Algorithms | p. 278 |
| Understanding Asymmetric Algorithms | p. 282 |
| Understanding Brute Force | p. 285 |
| Brute Force Basics | p. 285 |
| Using Brute Force to Obtain Passwords | p. 286 |
| Knowing When Real Algorithms Are Being Used Improperly | p. 291 |
| Bad Key Exchanges | p. 291 |
| Hashing Pieces Separately | p. 292 |
| Using a Short Password to Generate a Long Key | p. 293 |
| Improperly Stored Private or Secret Keys | p. 294 |
| Understanding Amateur Cryptography Attempts | p. 296 |
| Classifying the Ciphertext | p. 297 |
| Monoalphabetic Ciphers | p. 299 |
| Other Ways to Hide Information | p. 299 |
| Summary | p. 307 |
| Solutions Fast Track | p. 308 |
| Frequently Asked Questions | p. 310 |
| Cisco LocalDirector and DistributedDirector | p. 313 |
| Introduction | p. 314 |
| Improving Security Using Cisco LocalDirector | p. 314 |
| LocalDirector Technology Overview | p. 315 |
| LocalDirector Product Overview | p. 315 |
| LocalDirector Security Features | p. 316 |
| Filtering of Access Traffic | p. 316 |
| Using synguard to Protect Against SYN Flood Attacks | p. 318 |
| Using NAT to Hide Real Addresses | p. 320 |
| Restricting Who Is Authorized to Have Telnet Access to LocalDirector | p. 321 |
| Password Protection | p. 321 |
| Syslog Logging | p. 322 |
| Securing Geographically Dispersed Server Farms Using Cisco DistributedDirector | p. 323 |
| DistributedDirector Technology Overview | p. 323 |
| DistributedDirector Product Overview | p. 326 |
| DistributedDirector Security Features | p. 326 |
| Limiting the Source of DRP Queries | p. 326 |
| Authentication between DistributedDirector and DRP Agents | p. 327 |
| Password Protection | p. 329 |
| Syslog Logging | p. 330 |
| Summary | p. 331 |
| Solutions Fast Track | p. 331 |
| Frequently Asked Questions | p. 333 |
| Virtual Private Networks and Remote Access | p. 335 |
| Introduction | p. 336 |
| Overview of the Different VPN Technologies | p. 336 |
| The Peer Model | p. 336 |
| The Overlay Model | p. 338 |
| Link Layer VPNs | p. 338 |
| Network Layer VPNs | p. 339 |
| Transport and Application Layer VPNs | p. 340 |
| Intranet VPNs | p. 340 |
| Extranet VPNs | p. 341 |
| Access VPNs | p. 341 |
| Layer 2 Transport Protocol | p. 342 |
| Configuring Cisco L2TP | p. 343 |
| IPSec | p. 345 |
| IPSec Architecture | p. 346 |
| IPSec and Cisco Encryption Technology | p. 357 |
| Configuring Cisco IPSec | p. 358 |
| Connecting IPSec Clients to Cisco IPSec | p. 373 |
| Summary | p. 376 |
| Solutions Fast Track | p. 376 |
| Frequently Asked Questions | p. 377 |
| Cisco Authentication, Authorization, and Accounting Mechanisms | p. 379 |
| Introduction | p. 380 |
| Cisco AAA Overview | p. 381 |
| AAA Authentication | p. 382 |
| AAA Authorization | p. 385 |
| AAA Accounting | p. 385 |
| AAA Benefits | p. 385 |
| Cisco AAA Mechanisms | p. 386 |
| Supported AAA Security Protocols | p. 387 |
| Configuring AAA Authentication | p. 407 |
| Authorization | p. 417 |
| Accounting | p. 424 |
| Typical RAS Configuration Using AAA | p. 431 |
| Typical Firewall Configuration Using AAA | p. 435 |
| Authentication Proxy | p. 439 |
| How the Authentication Proxy Works | p. 439 |
| Comparison with the Lock-and-key Feature | p. 440 |
| Benefits of Authentication Proxy | p. 441 |
| Restrictions of Authentication Proxy | p. 442 |
| Configuring Authentication Proxy | p. 442 |
| Summary | p. 448 |
| Solutions Fast Track | p. 449 |
| Frequently Asked Questions | p. 451 |
| Cisco Content Services Switch | p. 455 |
| Introduction | p. 456 |
| Overview of Cisco Content Services Switch | p. 456 |
| Cisco Content Services Switch Technology Overview | p. 457 |
| Cisco Content Services Switch Product Information | p. 457 |
| Security Features of Cisco Content Services Switch | p. 459 |
| Flow Wall Security | p. 459 |
| Using Network Address Translation to Hide Real Addresses | p. 464 |
| Firewall Load Balancing | p. 465 |
| Password Protection | p. 468 |
| Disabling Telnet Access | p. 470 |
| Syslog Logging | p. 471 |
| Known Security Vulnerabilities | p. 471 |
| Summary | p. 474 |
| Solutions Fast Track | p. 475 |
| Frequently Asked Questions | p. 476 |
| Cisco Secure Scanner | p. 479 |
| Introduction | p. 480 |
| Minimum System Specifications for Secure Scanner | p. 481 |
| Searching the Network for Vulnerabilities | p. 483 |
| Identifying Network Addresses | p. 485 |
| Identifying Vulnerabilities | p. 487 |
| Scheduling the Session | p. 491 |
| Viewing the Results | p. 493 |
| Changing Axis Views | p. 495 |
| Drilling into Data | p. 497 |
| Pivoting Data | p. 498 |
| Zooming In and Out | p. 500 |
| Creating Charts | p. 501 |
| Saving Grid Views and Charts | p. 502 |
| Reports and Wizards | p. 503 |
| Keeping the System Up-to-Date | p. 504 |
| Summary | p. 508 |
| Solutions Fast Track | p. 508 |
| Frequently Asked Questions | p. 510 |
| Cisco Secure Policy Manager | p. 513 |
| Introduction | p. 514 |
| Overview of the Cisco Secure Policy Manager | p. 514 |
| The Benefits of Using Cisco Secure Policy Manager | p. 515 |
| Installation Requirements for the Cisco Secure Policy Manager | p. 516 |
| Features of the Cisco Secure Policy Manager | p. 518 |
| Cisco Firewall Management | p. 519 |
| VPN and IPSec Security Management | p. 520 |
| Security Policy Management | p. 522 |
| Network Security Deployment Options | p. 526 |
| Cisco Secure Policy Manager Device and Software Support | p. 526 |
| Using the Cisco Secure Policy Manager | p. 528 |
| Configuration | p. 528 |
| Summary | p. 535 |
| Solutions Fast Track | p. 535 |
| Frequently Asked Questions | p. 538 |
| Intrusion Detection | p. 541 |
| Introduction | p. 542 |
| What Is Intrusion Detection? | p. 542 |
| Types of IDSs | p. 543 |
| IDS Architecture | p. 543 |
| Why Should You Have an IDS? | p. 544 |
| Benefits of an IDS in a Network | p. 545 |
| Deploying an IDS in a Network | p. 547 |
| Difficulties in Deploying an IDS | p. 548 |
| IDS Tuning | p. 549 |
| Tuning | p. 551 |
| Network Attacks and Intrusions | p. 552 |
| Poor Network Perimeter/Device Security | p. 553 |
| Poor Physical Security | p. 556 |
| Application and Operating Software Weaknesses | p. 556 |
| Human Failure | p. 557 |
| Weaknesses in the IP Suite of Protocols | p. 558 |
| The Cisco Secure Network Intrusion Detection System | p. 565 |
| What Is the Cisco Secure Network Intrusion Detection System? | p. 566 |
| Before You Install | p. 569 |
| Director and Probe Setup | p. 570 |
| General Operation | p. 573 |
| nrConfigure | p. 574 |
| The Data Management Package | p. 576 |
| Cisco IOS Intrusion Detection Systems | p. 577 |
| Summary | p. 583 |
| Solutions Fast Track | p. 587 |
| Frequently Asked Questions | p. 589 |
| Network Security Management | p. 593 |
| Introduction | p. 594 |
| PIX Device Manager | p. 594 |
| PIX Device Manager Overview | p. 595 |
| Supported PIX Firewall Versions | p. 596 |
| Using PIX Device Manager | p. 598 |
| Configuration Examples | p. 606 |
| Cisco Works2000 Access Control List Manager | p. 617 |
| ACL Manager Overview | p. 617 |
| Installation Requirements for ACL Manager | p. 619 |
| ACL Manager Features | p. 620 |
| The Basic Operation of ACL Manager | p. 623 |
| Using ACL Manager | p. 626 |
| Configuration Example: Creating ACLs with ACLM | p. 628 |
| Cisco Secure Policy Manager | p. 632 |
| Cisco Secure Access Control Server | p. 633 |
| Overview of the Cisco Secure Access Control Server | p. 633 |
| Benefits of the Cisco Secure Access Control Server | p. 634 |
| Features of Cisco Secure ACS | p. 637 |
| Cisco Secure ACS Device and Software Support | p. 639 |
| Using Cisco Secure ACS | p. 641 |
| Configuration Example: Adding and Configuring a AAA Client | p. 643 |
| Summary | p. 646 |
| Solutions Fast Track | p. 646 |
| Frequently Asked Questions | p. 648 |
| Looking Ahead: Cisco Wireless Security | p. 649 |
| Introduction | p. 650 |
| Understanding Security Fundamentals and Principles of Protection | p. 651 |
| Ensuring Confidentiality | p. 651 |
| Ensuring Integrity | p. 653 |
| Ensuring Availability | p. 654 |
| Ensuring Privacy | p. 655 |
| Ensuring Authentication | p. 655 |
| Ensuring Authorization | p. 670 |
| MAC Filtering | p. 672 |
| What Is a MAC Address? | p. 672 |
| Where in the Authentication/Association Process Does MAC Filtering Occur? | p. 673 |
| Determining MAC Filtering Is Enabled | p. 674 |
| MAC Spoofing | p. 674 |
| Ensuring Non-Repudiation | p. 675 |
| Accounting and Audit Trails | p. 678 |
| Using Encryption | p. 679 |
| Reviewing the Role of Policy | p. 681 |
| Identifying Resources | p. 683 |
| Understanding Classification Criteria | p. 685 |
| Implementing Policy | p. 686 |
| Addressing the Issues with Policy | p. 689 |
| Implementing WEP | p. 691 |
| Defining WEP | p. 691 |
| Creating Privacy with WEP | p. 692 |
| The WEP Authentication Process | p. 693 |
| WEP Benefits and Advantages | p. 693 |
| WEP Disadvantages | p. 694 |
| Implementing WEP on the Cisco Aironet AP 340 | p. 694 |
| Exploiting WEP | p. 695 |
| Security of 64-Bit versus 128-Bit Keys | p. 696 |
| Acquiring a WEP Key | p. 696 |
| Addressing Common Risks and Threats | p. 697 |
| Finding a Target | p. 698 |
| Finding Weaknesses in a Target | p. 698 |
| Exploiting Those Weaknesses | p. 700 |
| Sniffing, Interception, and Eavesdropping | p. 701 |
| Defining Sniffing | p. 701 |
| Sample Sniffing Tools | p. 701 |
| Sniffing Case Scenario | p. 702 |
| Protecting Against Sniffing and Eavesdropping | p. 704 |
| Spoofing and Unauthorized Access | p. 704 |
| Defining Spoofing | p. 704 |
| Sample Spoofing Tools | p. 705 |
| Protecting Against Spoofing and Unauthorized Attacks | p. 706 |
| Network Hijacking and Modification | p. 706 |
| Defining Hijacking | p. 707 |
| Sample Hijacking Tools | p. 708 |
| Hijacking Case Scenario | p. 708 |
| Protection against Network Hijacking and Modification | p. 708 |
| Denial of Service and Flooding Attacks | p. 709 |
| Defining DoS and Flooding | p. 709 |
| Sample DoS Tools | p. 710 |
| DoS and Flooding Case Scenario | p. 710 |
| Protecting Against DoS and Flooding Attacks | p. 711 |
| Summary | p. 712 |
| Solutions Fast Track | p. 713 |
| Frequently Asked Questions | p. 718 |
| Index | p. 721 |
| Table of Contents provided by Syndetics. All Rights Reserved. |
