Hardening Network Infrastructure
Shows network administrators and IT pros how to harden their network infrastructure against hackers.
1012880650
Hardening Network Infrastructure
Shows network administrators and IT pros how to harden their network infrastructure against hackers.
49.0
In Stock
5
1
Paperback
$49.00
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
49.0
In Stock
Overview
Shows network administrators and IT pros how to harden their network infrastructure against hackers.
Product Details
ISBN-13: | 9780072255027 |
---|---|
Publisher: | McGraw-Hill/Osborne Media |
Publication date: | 05/06/2004 |
Series: | Hardening |
Pages: | 580 |
Product dimensions: | 7.50(w) x 9.13(h) x 1.24(d) |
Table of Contents
Foreword | xv | |
Acknowledgments | xvii | |
Introduction | xix | |
Part I | Do This Now! | |
1 | Do These Six Things Before You Do Anything Else | 3 |
Review Your Network Design | 5 | |
Implement a Firewall | 9 | |
Application Proxies | 10 | |
Stateful Packet-Inspecting/Filtering Gateways | 10 | |
Hybrid Firewalls | 10 | |
Which Firewall Should You Implement? | 10 | |
Implement Access Control Lists | 11 | |
Turn Off Unnecessary Features and Services | 12 | |
Implement Virus Protection | 12 | |
Secure Your Wireless Connections | 14 | |
Summary | 14 | |
Part II | Take It from the Top: The Systematic Hardening Process | |
2 | Write a Security Policy | 19 |
The Role of a Security Policy | 20 | |
The Purpose of a Security Policy | 22 | |
Security Policy Components | 23 | |
Where to Start? | 23 | |
The Characteristics of a Good Security Policy | 27 | |
Security Policy Recommendations | 30 | |
Encryption Policy | 30 | |
Analog/ISDN Policy | 30 | |
Antivirus Policy | 30 | |
Audit, Vulnerability Assessment, and Risk Assessment Policy | 31 | |
Dial-in Policy | 31 | |
DMZ Policy | 31 | |
Extranet Policy | 31 | |
Wireless Communications Policy | 32 | |
VPN Policy | 32 | |
Firewall Security Policy | 32 | |
Router and Switch Security Policy | 33 | |
Remote Access Policy | 33 | |
Password Policy | 33 | |
Intrusion Detection/Prevention System Policy | 34 | |
Content-Filtering/Internet Policy | 34 | |
Enterprise-Monitoring Policy | 34 | |
Acceptable-Use Policy | 35 | |
Network Connection Policy | 35 | |
Network Documentation Policy | 35 | |
Why Security Policies Fail and How to Ensure Yours Won't | 35 | |
Security Is Viewed as a Barrier to Progress | 36 | |
Security Is a Learned Behavior | 36 | |
Security Is Rife with Unexpected Events and Occurrences | 36 | |
Your Security Policy Is Never Finished | 37 | |
Preventing the Failure | 37 | |
Summary | 37 | |
3 | Hardening Your Firewall | 39 |
Hardware-Based and Software-Based Firewalls | 40 | |
Hardening Remote Administration | 41 | |
Implementing Authentication and Authorization | 48 | |
Hardening the Underlying Operating System | 50 | |
Hardening Firewall Services and Protocols | 51 | |
Using Redundancy to Harden Your Firewall | 64 | |
Hardening Routing Protocols | 66 | |
Summary | 71 | |
4 | Hardening Your Network with Intrusion Detection and Prevention | 73 |
IDS/IPS Technologies | 74 | |
Host-Based Intrusion Detection/Prevention | 75 | |
Network-Based Intrusion Detection/Prevention | 76 | |
IDS/IPS Components | 77 | |
IDS/IPS Device Hardening | 78 | |
Hardening PureSecure on Microsoft Windows | 78 | |
Hardening Cisco IDS | 81 | |
IDS/IPS Deployments | 83 | |
Detection vs. Prevention | 84 | |
Sensor Placement | 85 | |
Sensor Placement in a Switched Network Infrastructure | 86 | |
IDS/IPS Tuning | 87 | |
Tuning PureSecure Sensors | 88 | |
Tuning Cisco IDS Sensors | 90 | |
IDS/IPS Logging, Alerting, and Blocking | 94 | |
Logging with PureSecure | 95 | |
Logging with Cisco IDS | 96 | |
Alerting with PureSecure | 98 | |
Alerting with Cisco IDS | 99 | |
Blocking Traffic Using Cisco IDS and Cisco PIX Firewalls | 103 | |
Summary | 104 | |
5 | Hardening VPN and Dial-in Remote Access | 105 |
Hardening VPN Connectivity | 106 | |
Different VPN Connection Types and Technologies | 107 | |
VPN Device-Hardening Methods | 110 | |
Hardening IPsec-Based VPNs | 135 | |
Hardening VPN Clients | 150 | |
Hardening Dial-in Remote Access | 151 | |
Summary | 153 | |
6 | Hardening Your Routers and Switches | 155 |
Hardening Management Access | 156 | |
Securing Console Access | 157 | |
Securing VTY Access | 158 | |
Securing Web-Based Management Access | 161 | |
Securing Auxiliary Access | 161 | |
Securing Privileged Mode Access | 162 | |
Implementing Usernames and AAA | 163 | |
Implementing Banners | 164 | |
Hardening Services and Features | 164 | |
Cisco Discovery Protocol (CDP) | 165 | |
TCP and UDP Small Servers | 165 | |
finger | 166 | |
Network Time Protocol (NTP) | 166 | |
bootp Server | 167 | |
Dynamic Host Configuration Protocol (DHCP) | 167 | |
Configuration Autoloading | 168 | |
Name Resolution | 168 | |
Proxy ARP | 169 | |
Directed Broadcasts | 169 | |
IP Source Routing | 169 | |
ICMP Redirects, Unreachables, and Mask Replies | 170 | |
syslog | 170 | |
Simple Network Management Protocol (SNMP) | 171 | |
Implementing Loopback Address | 173 | |
Disabling Unused Interfaces | 174 | |
Configuring Core Dumps | 175 | |
Hardening Router Technologies | 175 | |
Implementing Redundancy | 175 | |
Hardening Routing Protocols | 176 | |
Implementing Traffic Management | 181 | |
Implementing IPsec | 191 | |
Hardening Switch Technologies | 194 | |
Hardening VLANs | 194 | |
Hardening Services and Features | 198 | |
Summary | 204 | |
7 | Securing the Network with Content Filters | 205 |
Internet Content Filtering Architectures | 207 | |
Client-Based Content Filtering | 207 | |
Server-Based Content Filtering | 207 | |
Gateway-Based Content Filtering | 210 | |
Internet Content Filtering | 211 | |
Misuse of Resources | 211 | |
Preserving Network Bandwidth | 211 | |
Hostile Work Environment | 211 | |
Hostile Web Code (Java/ActiveX Applets) | 212 | |
Implementing Content Filtering | 212 | |
E-mail Content Filtering | 234 | |
Implementing Virus Protection | 235 | |
Filtering Attachments | 236 | |
Implementing Content Filtering | 237 | |
Implementing Spam Control | 238 | |
Summary | 239 | |
8 | Hardening Wireless LAN Connections | 241 |
Banning WLANs Without IT/Management Approval | 242 | |
Preventing Rogue APs | 242 | |
Implementing WLAN Discovery Procedures | 244 | |
Removing Rogue WAPs | 248 | |
Hardening Wireless Access Points | 248 | |
Hardening Remote Administration | 249 | |
Securely Configuring the Service Set Identifier (SSID) | 252 | |
Configuring Logging | 255 | |
Hardening Services | 255 | |
Restricting Wireless Mode | 258 | |
Using MAC Address Filtering | 259 | |
Hardening Wireless LAN Connections | 262 | |
Hardening Wired Equivalent Privacy (WEP) | 263 | |
Hardening WiFi Protected Access (WPA) | 266 | |
Hardening WLANS with Virtual Private Networks | 271 | |
Hardening Windows XP Wireless Clients | 271 | |
Hardening with WEP | 272 | |
Hardening with WPA Using Pre-shared Keys | 273 | |
Hardening with WPA Using RADIUS/802.1x | 274 | |
Summary | 276 | |
9 | Implementing AAA | 279 |
AAA Mechanisms | 280 | |
Remote Authentication Dial-In User Service (RADIUS) | 281 | |
Terminal Access Controller Access Control System (TACACS+) | 281 | |
Authentication and Access Control | 281 | |
AAA Authentication on IOS-Based Equipment | 282 | |
AAA Authentication on PIX Firewalls | 292 | |
Hardening Your Network with Authorization | 295 | |
Authorization on IOS-Based Devices | 295 | |
Authorization on PIX Firewalls | 297 | |
Hardening Your Network with Accounting | 300 | |
AAA Accounting on IOS-Based Equipment | 300 | |
AAA Accounting on PIX Firewalls | 301 | |
802.1x Port-Based Authentication | 302 | |
802.1x Network Device Roles | 302 | |
Configuring 802.1x Authentication for IOS-Based Switches | 304 | |
Summary | 310 | |
10 | Hardening Your Network with Network Management | 311 |
Implementing a Network Management System (NMS) | 312 | |
Fault Management | 313 | |
Configuration Management | 330 | |
Performance Management | 333 | |
Accounting or Asset Management | 335 | |
Security Management | 335 | |
Hardening Your Network Management Protocols | 335 | |
Configuring IPsec on Microsoft Windows 2000 | 336 | |
Summary | 345 | |
11 | Implementing a Secure Perimeter | 347 |
DMZ Implementation Methods | 348 | |
Using a Multi-homed Firewall for Your DMZ | 349 | |
Using Dual Firewalls for Your DMZ | 351 | |
VLANs and DMZs | 353 | |
Internet Access Module | 354 | |
Traffic Flow Through the Internet Module | 354 | |
Firewall Implementation | 356 | |
VPN/Remote Access Module | 360 | |
Remote Access VPN Termination Segment | 361 | |
Site-to-Site VPN Termination Segment | 362 | |
Dial-in Remote User Termination Segment | 362 | |
NIDS/NIPS Deployment | 362 | |
WAN Access Module | 363 | |
Extranet Access Module | 364 | |
Wireless Access Module | 365 | |
E-Commerce Access Module | 366 | |
Web Services DMZ Segment | 366 | |
Application Services DMZ Segment | 367 | |
Database Services DMZ Segment | 367 | |
Summary | 368 | |
12 | Implementing a Secure Interior | 371 |
Using Virtual LANs (VLANs) to Segment the Network | 372 | |
Trust Model Enforcement | 373 | |
Using VLANs to Isolate Systems | 375 | |
Designing the Enterprise Campus | 375 | |
Core Module | 378 | |
Server Module | 378 | |
Building Distribution Module | 379 | |
Building Access Module | 381 | |
Management Module | 381 | |
Lab Module | 382 | |
Hardening Branch/Remote Offices | 383 | |
Summary | 384 | |
Part III | Once Is Never Enough! | |
13 | Auditing: Performing a Security Review | 389 |
Reviewing Your Security Policy | 391 | |
Is Your Security Policy Being Adhered To? | 391 | |
Does Your Security Policy Address All Known Threats to Your Environment? | 393 | |
Protecting Yourself from Future Exploits | 393 | |
Do You Have Adequate Prevention Mechanisms and Enforcement of Your Security Policy? | 396 | |
Reviewing Your Security Posture | 398 | |
Auditing Your Environment | 399 | |
Performing an Internal Audit | 400 | |
Using Nmap and Nessus to Perform a Basic Security Review | 405 | |
Performing an External Audit | 422 | |
Summary | 425 | |
14 | Managing Changes to Your Environment | 427 |
Implementing Change Control | 428 | |
Defining the Change Management Team | 428 | |
The Change Planning Proces | 432 | |
The Change Management Process | 438 | |
How to Ensure a Successful Change Control Process | 443 | |
Implementing a Patch and Update Policy | 445 | |
When to Use a Workaround, Hotfix, Patch, or an Upgrade | 447 | |
Staying Informed of Workarounds, Hotfixes, Patches, and Upgrades | 448 | |
Purchasing Maintenance and Support Agreements | 449 | |
Defining a Change Control Patch Policy | 450 | |
Writing Patch and Update Procedures | 451 | |
Changing the System Image | 452 | |
Changing the System Configuration | 464 | |
Changing the Application | 472 | |
Summary | 472 | |
Part IV | How to Succeed at Hardening Your Network Infrastructure | |
15 | Setting Perceptions and Justifying the Cost of Security | 477 |
Setting Perceptions and Expectations | 478 | |
Setting User Perceptions and Expectations | 479 | |
Setting Management Perceptions and Expectations | 485 | |
Justifying the Cost of Security | 488 | |
Risk Analysis | 488 | |
Summary | 497 | |
16 | Addressing Staffing and Training Issues | 499 |
Staffing Issues | 500 | |
Increasing Staff Headcount | 500 | |
Utilizing Contractors | 501 | |
O
From the B&N Reads Blog
Page 1 of
Related SubjectsCustomer Reviews |