Network Security Auditing


This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them.

Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security ...

See more details below
Other sellers (Paperback)
  • All (6) from $54.62   
  • New (5) from $54.62   
  • Used (1) from $59.58   
Network Security Auditing

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study

Want a NOOK? Explore Now

NOOK Book (eBook)
$31.99 price
(Save 42%)$56.00 List Price


This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them.

Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach.

Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products.

This book arms you with detailed auditing checklists for each domain, realistic design insights for meeting auditing requirements, and practical guidance for using complementary solutions to improve any company’s security posture.

  • Master the five pillars of security auditing: assessment, prevention, detection, reaction, and recovery.
  • Recognize the foundational roles of security policies, procedures, and standards.
  • Understand current laws related to hacking, cracking, fraud, intellectual property, spam, and reporting.
  • Analyze security governance, including the roles of CXOs, security directors, administrators, users, and auditors.
  • Evaluate people, processes, and technical security controls through a system-based approach.
  • Audit security services enabled through Cisco products.
  • Analyze security policy and compliance requirements for Cisco networks.
  • Assess infrastructure security and intrusion prevention systems.
  • Audit network access control and secure remote access systems.
  • Review security in clients, hosts, and IP communications.
  • Evaluate the performance of security monitoring and management systems.

This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending networks.

Read More Show Less

Product Details

  • ISBN-13: 9781587053528
  • Publisher: Cisco Press
  • Publication date: 6/18/2010
  • Series: Networking Technology: Security Series
  • Pages: 488
  • Sales rank: 1,323,548
  • Product dimensions: 7.30 (w) x 9.00 (h) x 1.20 (d)

Meet the Author

Christopher L. Jackson, CCIE No. 6256, is a security technical solutions architect in the U.S. Channels organization with Cisco and is focused on developing security consulting practices in the Cisco partner community. Throughout his career in internetworking, Chris has built secure networks that map to a strong security policy for a large number of organizations including UPS, GE, and Sprint. Chris is an active speaker on security for Cisco through TechwiseTV, conferences, and web casts. He has authored numerous whitepapers and is responsible for a number of Cisco initiatives to build stronger security partners through security practice building.

Chris is a highly certified individual with dual CCIEs (Routing and Switching & Security), CISSP, ISA, seven SANS GIAC certifications (GSNA, GCIH, GCFW, GCIA, GCUX, GCWN, and GSEC), and ITIL V3. Chris also holds a bachelors degree in business administration from McKendree College. Residing in Bradenton, Florida, Chris enjoys tinkering with his home automation system and playing with his ever-growing collection of electronic gadgets. His

wife Barbara and two children Caleb and Sydney are the joy of his life and proof that not everything has to plug into a wall outlet to be fun.

Read More Show Less

Table of Contents

Introduction xxi

Chapter 1 The Principles of Auditing 1

Security Fundamentals: The Five Pillars 1

Assessment 2

Prevention 3

Detection 3

Reaction 4

Recovery 4

Building a Security Program 4

Policy 5

Procedures 6

Standards 7

Security Controls 7

Administrative Controls 7

Technical Controls 8

Physical Controls 8

Preventative Controls 8

Detective Controls 8

Corrective Controls 8

Recovery Controls 9

Managing Risk 9

Risk Assessment 10

Risk Mitigation 14

Risk in the Fourth Dimension 16

How, What, and Why You Audit 17

Audit Charter 17

Engagement Letter 18

Types of Audits 19

Security Review 19

Security Assessment 19

Security Audit 20

The Role of the Auditor 20

Places Where Audits Occur 21

Policy Level 21

Procedure Level 21

Control Level 22

The Auditing Process 22

Planning Phase: Audit Subject, Objective, and Scope 22

Research Phase: Planning, Audit Procedures, and Evaluation Criteria 23

Data Gathering Phase: Checklists, Tools, and Evidence 23

Data Analysis Phase: Analyze, Map, and Recommend 24

Audit Report Phase: Write, Present, and File the Audit Report 24

Follow-Up Phase: Follow up, Follow up, Follow up! 25

Summary 25

References in This Chapter 26

Chapter 2 Information Security and the Law 27

IT Security Laws 27

Hacking, Cracking, and Fraud Laws 29

Computer Fraud and Abuse Act 29

Access Device Statute 31

Electronic Communications Privacy Act 34

Title I: Wiretap Act 34

Title II: Stored Communications Act 37

Title III: Pen/Trap Statute 38

Intellectual Property Laws 39

Digital Millennium Copyright Act 39

Economic Espionage Act 41

CAN-SPAM Act of 2003 42

State and Local Laws 43

Reporting a Crime 44

Regulatory Compliance Laws 46

SOX 46


Privacy Rule 50

Security Rule 51

Transactions and Code Sets Standard Rule 52

Identifiers Rule 52

Enforcement Rule 52



Summary 59

References in This Chapter 60

Federal Hacking Laws 60

State Laws 60

Chapter 3 Information Security Governance, Frameworks, and Standards 61

Understanding Information Security Governance 61

People: Roles and Responsibilities 64

Information Security Governance Organizational Structure 65

Board of Directors 65

Security Steering Committee 65

CEO or Executive Management 66


Security Director 66

Security Analyst 66

Security Architect 66

Security Engineer 67

Systems Administrator 67

Database Administrator 67

IS Auditor 67

End User 67

Spotting Weaknesses in the People Aspect of Security 67

Process: Security Governance Frameworks 68


Control Environment 69

Risk Assessment 70

Control Activities 70

Information and Communication 70

Monitoring 70



Technology: Standards Procedures and Guidelines 76

ISO 27000 Series of Standards 76


Center for Internet Security 80

NSA 80




Cisco Security Best Practices 84

Summary 85

References in This Chapter 86

Web Resources 86

Chapter 4 Auditing Tools and Techniques 87

Evaluating Security Controls 87

Auditing Security Practices 89

Testing Security Technology 91

Security Testing Frameworks 92



NIST 800-115 94


Security Auditing Tools 95

Service Mapping Tools 96

Nmap 96

Hping 100

Vulnerability Assessment Tools 101

Nessus 101

RedSeal SRM 105

Packet Capture Tools 111

Tcpdump 111

Wireshark/Tshark 114

Penetration Testing Tools 116

Core Impact 116

Metasploit 120

BackTrack 127

Summary 128

References in This Chapter 128

Security Testing Frameworks 128

Security Testing Tools 129

Chapter 5 Auditing Cisco Security Solutions 131

Auditors and Technology 131

Security as a System 132

Cisco Security Auditing Domains 133

Policy, Compliance, and Management 134

Infrastructure Security 135

Perimeter Intrusion Prevention 136

Access Control 136

Secure Remote Access 137

Endpoint Protection 138

Unified Communications 139

Defining the Audit Scope of a Domain 139

Identifying Security Controls to Assess 141

Mapping Security Controls to Cisco Solutions 143

The Audit Checklist 144

Summary 150

Chapter 6 Policy, Compliance, and Management 153

Do You Know Where Your Policy Is? 153

Auditing Security Policies 154

Standard Policies 158

Acceptable Use 158

Minimum Access 158

Network Access 158

Remote Access 159

Internet Access 159

User Account Management 159

Data Classification 159

Change Management 160

Server Security 161

Mobile Devices 161

Guest Access 161

Physical Security 161

Password Policy 162

Malware Protection 162

Incident Handling 162

Audit Policy 162

Software Licensing 162

Electronic Monitoring and Privacy 163

Policies for Regulatory and Industry Compliance 163

Cisco Policy Management and Monitoring Tools 165

Cisco MARS 165

Cisco Configuration Professional 167

Cisco Security Manager 169

Cisco Network Compliance Manager 171

Checklist 174

Summary 176

References in This Chapter 176

Chapter 7 Infrastructure Security 177

Infrastructure Threats 177

Unauthorized Access 177

Denial of Service 178

Traffic Capture 178

Layer 2 Threats 179

Network Service Threats 180

Policy Review 180

Infrastructure Operational Review 181

The Network Map and Documentation 182

Logical Diagrams 182

Physical Diagrams 182

Asset Location and Access Requirements 182

Data Flow and Traffic Analysis 183

Administrative Accounts 183

Configuration Management 184

Vulnerability Management 184

Disaster Recovery 184

Wireless Operations 185

Infrastructure Architecture Review 185

Management Plane Auditing 186

Cisco Device Management Access 187

Syslog 193

NTP 194

Netflow 195

Control Plane Auditing 196

IOS Hardening 196

Routing Protocols 198

Protecting the Control Plane 199

Data Plane Auditing 201

Access Control Lists 202

iACLs 202

Unicast Reverse Path Forwarding 203

Layer 2 Security 204

VTP 204

Port Security 205

DHCP Snooping 205

Dynamic ARP Inspection 206

IP Source Guard 206

Disable Dynamic Trunking 206

Protecting Spanning Tree 207

Switch Access Controls Lists 208

Protect Unused Ports 209

Wireless Security 210

Wireless Network Architecture 210

Cisco Adaptive Wireless Intrusion Prevention System 211

Protecting Wireless Access 212

Wireless Service Availability 213

Rogue Access Point Detection 214

General Network Device Security Best Practices 216

Technical Testing 217

Router Testing 219

Switch Testing 221

Wireless Testing 225

Checklist 230

Summary 235

References in This Chapter 236

Chapter 8 Perimeter Intrusion Prevention 237

Perimeter Threats and Risk 237

Policy Review 238

Perimeter Operations Review 239

Management and Change Control 239

Monitoring and Incident Handling 240

Perimeter Architecture Review 242

What Are You Protecting? 243

Perimeter Design Review 243

Logical Architecture 244

Physical Architecture 245

What Is the Risk? 246

Good Design Practices 247

Auditing Firewalls 247

Review Firewall Design 248

Simple Firewall 248

Screening Router and Firewall 248

Firewall with DMZ 249

Firewall with DMZ and Services Network 249

High Availability Firewall 250

IOS Firewall Deployment 250

Review Firewall Configuration 251

Firewall Modes of Operation 252

Firewall Virtualization 253

Filtering Methods 253

Network Address Translation 255

Secure Management 256

Logging 256

Other Configuration Checks 256

Review Rule Base 257

Cisco Firewall Rule Basics 257

Rule Review 259

Rule Optimization 260

The ASA Modular Policy Framework and Application

Inspection 261

IOS Zone-Based Firewall 263

Auditing IPS 265

How IPS Works 266

Review IPS Deployment 268

Review IPS Configuration 269

Protect the Management Interface 271

Administrative Access and Authentication 271

NTP Configuration 274

Signature Updates 274

Event Logging 275

Review IPS Signatures 276

Signature Definitions 276

Event Action Rules 277

Target Value Rating 277


Technical Control Testing 279

Firewall Rule Testing 279

Testing the IPS 281

Conducting an IPS Test 282

Reviewing the Logs 284

Checklist 284

Summary 287

References in This Chapter 288

Chapter 9 Access Control 289

Fundamentals of Access Control 289

Identity and Authentication 290

Access Control Threats and Risks 291

Access Control Policy 292

Access Control Operational Review 293

Identity Operational Good Practices 293

Authorization and Accounting Practices 294

Administrative Users 296

Classification of Assets 297

Access Control Architecture Review 297

Identity and Access Control Technologies 298

Network Admission Control 298

NAC Components 299

How NAC Works 300

NAC Deployment Considerations 302

NAC Posture Assessment 303

Identity-Based Networking Services 304

Deployment Methods 305

NAC Guest Server 306

NAC Profiler 306

Technical Testing 308

Authentication and Identity Handling 308

Posture Assessment Testing 309

Testing for Weak Authentication 309

Checklist 313

Summary 315

References in This Chapter 315

Chapter 10 Secure Remote Access 317

Defining the Network Edge 317

VPN Fundamentals 318

Confidentiality 319

Symmetric Encryption 320

Asymmetric Encryption 321

Integrity 323

Authentication and Key Management 324

IPsec, SSL, and dTLS 326

IPsec 326

Secure Socket Layer 328

Datagram Transport Layer Security (dTLS) 329

Remote Access Threats and Risks 329

Remote Access Policies 330

Remote Access Operational Review 331

VPN Device Provisioning 331

Mobile Access Provisioning 332

Mobile User Role-Based Access Control 333

Monitoring and Incident Handling 333

Remote Access Architecture Review 333

Site-to-Site VPN Technologies 335

Easy VPN 335

IPsec and Generic Router Encapsulation (GRE) 336

Dynamic Multipoint VPN (DMVPN) 336

Multi Protocol Label Switching (MPLS) and Virtual Routing and

Forwarding (VRF) VPNs 337


Mobile User Access VPN 340

IPsec Client 341

Clientless SSL VPN 341

Cisco Secure Desktop 342

SSL Full Tunneling Client 344

VPN Network Placement 345

VPN Access Controls 346

Site-to-Site Access Controls 346

Mobile User Access Controls 347

Remote Access Good Practices 348

Technical Testing 350

Authentication 350

IPsec 351

SSL 352

Site-to-Site Access Control Testing 353

Mobile User Access Control Testing 353

Monitoring and Log Review 354

Checklist 354

Summary 358

References in This Chapter 358

Chapter 11 Endpoint Protection 359

Endpoint Risks 359

Endpoint Threats 360

Malware 360

Web-Based Threats 362

Social Networking and Web 2.0 365

E-Mail Threats 366

Data Loss Threats 367

Policy Review 368

Endpoint Protection Operational Control Review 370

Current Threat Intelligence 370

Vulnerability and Patch Management 373

Monitoring and Incident Handling 373

Security Awareness Program 374

Endpoint Architecture Review 374

Cisco Security Intelligence Operations 375

SensorBase 375

Cisco Threat Operations Center 375

Dynamic Update Function 376

Web Controls 376

Web Security Appliance 376

ASA 378

IPS 379

CSA 380

E-Mail Controls 380

E-Mail Policy Enforcement 381

E-Mail Authentication 381

Data Loss Prevention 383

Web 383

E-Mail 384

Client 385

Patch Management 386

Monitoring 386

Web 386

E-Mail 388

MARS 388

Technical Testing 388

Acceptable Use Enforcement 388

Malware Detection and Quarantine 389

SPAM, Phishing, and E-Mail Fraud 390

Encryption 390

Patch Management and Enforcement 390

Data Loss Prevention Testing 391

Detection and Response 391

Checklist 391

Summary 396

References in This Chapter 396

Chapter 12 Unified Communications 397

Unified Communications Risks 397

VoIP Threats 399

Denial of Service 399

Confidentiality 401

Fraud 401

UC Policy and Standards Review 403

UC Operational Control Review 404

User and Phone Provisioning 404

Change Management 405

Asset Management 405

Call Detail Record Review 406

Administrative Access 406

Vulnerability Management 406

Security Event Monitoring and Log Review 407

Disaster Recovery 408

UC Architecture Review 408

Unified Communications Fundamentals 409

H.323 410

MGCP 412

SCCP 412

SIP 413

Session Border Controller 415

RTP and SRTP 416

Call Processing 416

Infrastructure Controls 418

Switch Security 418

ACLs and Firewalling 420

IPS 421

Gateway Protection 422

Site to Site 422

Wireless 423

Call Control Protection 423

Communications Manager Hardening 423

Authentication, Integrity, and Encryption 424

Phone Proxy 426

Secure SIP Trunking 426

Toll Fraud Prevention 428

Application Controls 431

Voice Endpoint Controls 432

Monitoring and Management 433

Technical Testing 434

VLAN Separation 434

Eavesdropping 436

Gateway 438

Toll Fraud 438

Monitoring and Incident Detection 438

Checklist 439

Summary 444

References in This Chapter 445

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)