Network Security Auditing

Network Security Auditing

by Chris Jackson
Network Security Auditing

Network Security Auditing

by Chris Jackson

eBook

$41.49  $54.99 Save 25% Current price is $41.49, Original price is $54.99. You Save 25%.

Available on Compatible NOOK Devices and the free NOOK Apps.
WANT A NOOK?  Explore Now

Related collections and offers


Overview

This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them.

 

Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach.

 

Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products.

 


Product Details

ISBN-13: 9781587059421
Publisher: Pearson Education
Publication date: 06/02/2010
Series: Networking Technology: Security
Sold by: Barnes & Noble
Format: eBook
Pages: 528
File size: 17 MB
Note: This product may take a few minutes to download.

About the Author

Christopher L. Jackson, CCIE No. 6256, is a security technical solutions architect in the U.S. Channels organization with Cisco and is focused on developing security consulting practices in the Cisco partner community. Throughout his career in internetworking, Chris has built secure networks that map to a strong security policy for a large number of organizations including UPS, GE, and Sprint. Chris is an active speaker on security for Cisco through TechwiseTV, conferences, and web casts. He has authored numerous whitepapers and is responsible for a number of Cisco initiatives to build stronger security partners through security practice building.

 

Chris is a highly certified individual with dual CCIEs (Routing and Switching & Security), CISSP, ISA, seven SANS GIAC certifications (GSNA, GCIH, GCFW, GCIA, GCUX, GCWN, and GSEC), and ITIL V3. Chris also holds a bachelors degree in business administration from McKendree College. Residing in Bradenton, Florida, Chris enjoys tinkering with his home automation system and playing with his ever-growing collection of electronic gadgets.

 

His wife Barbara and two children Caleb and Sydney are the joy of his life and proof that not everything has to plug into a wall outlet to be fun.

Table of Contents

Introduction    xxi

Chapter 1 The Principles of Auditing    1

Security Fundamentals: The Five Pillars    1

Assessment    2

Prevention    3

Detection    3

Reaction    4

Recovery    4

Building a Security Program    4

Policy    5

Procedures    6

Standards    7

Security Controls    7

Administrative Controls    7

Technical Controls    8

Physical Controls    8

Preventative Controls    8

Detective Controls    8

Corrective Controls    8

Recovery Controls    9

Managing Risk    9

Risk Assessment    10

Risk Mitigation    14

Risk in the Fourth Dimension    16

How, What, and Why You Audit    17

Audit Charter    17

Engagement Letter    18

Types of Audits    19

Security Review    19

Security Assessment    19

Security Audit    20

The Role of the Auditor    20

Places Where Audits Occur    21

Policy Level    21

Procedure Level    21

Control Level    22

The Auditing Process    22

Planning Phase: Audit Subject, Objective, and Scope    22

Research Phase: Planning, Audit Procedures, and Evaluation Criteria    23

Data Gathering Phase: Checklists, Tools, and Evidence    23

Data Analysis Phase: Analyze, Map, and Recommend    24

Audit Report Phase: Write, Present, and File the Audit Report    24

Follow-Up Phase: Follow up, Follow up, Follow up!    25

Summary    25

References in This Chapter    26

Chapter 2 Information Security and the Law    27

IT Security Laws    27

Hacking, Cracking, and Fraud Laws    29

Computer Fraud and Abuse Act    29

Access Device Statute    31

Electronic Communications Privacy Act    34

Title I: Wiretap Act    34

Title II: Stored Communications Act    37

Title III: Pen/Trap Statute    38

Intellectual Property Laws    39

Digital Millennium Copyright Act    39

Economic Espionage Act    41

CAN-SPAM Act of    2003    42

State and Local Laws    43

Reporting a Crime    44

Regulatory Compliance Laws    46

SOX    46

HIPAA    48

Privacy Rule    50

Security Rule    51

Transactions and Code Sets Standard Rule    52

Identifiers Rule    52

Enforcement Rule    52

GLBA    54

PCI DSS    55

Summary    59

References in This Chapter    60

Federal Hacking Laws    60

State Laws    60

Chapter 3 Information Security Governance, Frameworks, and Standards    61

Understanding Information Security Governance    61

People: Roles and Responsibilities    64

Information Security Governance Organizational Structure    65

Board of Directors    65

Security Steering Committee    65

CEO or Executive Management    66

CIO/CISO    66

Security Director    66

Security Analyst    66

Security Architect    66

Security Engineer    67

Systems Administrator    67

Database Administrator    67

IS Auditor    67

End User    67

Spotting Weaknesses in the People Aspect of Security    67

Process: Security Governance Frameworks    68

COSO    68

Control Environment    69

Risk Assessment    70

Control Activities    70

Information and Communication    70

Monitoring    70

COBIT    71

ITIL    75

Technology: Standards Procedures and Guidelines    76

ISO    27000 Series of Standards    76

NIST    78

Center for Internet Security    80

NSA    80

DISA    81

SANS    82

ISACA    83

Cisco Security Best Practices    84

Summary    85

References in This Chapter    86

Web Resources    86

Chapter 4 Auditing Tools and Techniques    87

Evaluating Security Controls    87

Auditing Security Practices    89

Testing Security Technology    91

Security Testing Frameworks    92

OSSTMM    93

ISSAF    93

NIST    800-115    94

OWASAP    94

Security Auditing Tools    95

Service Mapping Tools    96

Nmap    96

Hping    100

Vulnerability Assessment Tools    101

Nessus    101

RedSeal SRM    105

Packet Capture Tools    111

Tcpdump    111

Wireshark/Tshark    114

Penetration Testing Tools    116

Core Impact    116

Metasploit    120

BackTrack    127

Summary    128

References in This Chapter    128

Security Testing Frameworks    128

Security Testing Tools    129

Chapter 5 Auditing Cisco Security Solutions    131

Auditors and Technology    131

Security as a System    132

Cisco Security Auditing Domains    133

Policy, Compliance, and Management    134

Infrastructure Security    135

Perimeter Intrusion Prevention    136

Access Control    136

Secure Remote Access    137

Endpoint Protection    138

Unified Communications    139

Defining the Audit Scope of a Domain    139

Identifying Security Controls to Assess    141

Mapping Security Controls to Cisco Solutions    143

The Audit Checklist    144

Summary    150

Chapter 6 Policy, Compliance, and Management    153

Do You Know Where Your Policy Is?    153

Auditing Security Policies    154

Standard Policies    158

Acceptable Use    158

Minimum Access    158

Network Access    158

Remote Access    159

Internet Access    159

User Account Management    159

Data Classification    159

Change Management    160

Server Security    161

Mobile Devices    161

Guest Access    161

Physical Security    161

Password Policy    162

Malware Protection    162

Incident Handling    162

Audit Policy    162

Software Licensing    162

Electronic Monitoring and Privacy    163

Policies for Regulatory and Industry Compliance    163

Cisco Policy Management and Monitoring Tools    165

Cisco MARS    165

Cisco Configuration Professional    167

Cisco Security Manager    169

Cisco Network Compliance Manager    171

Checklist    174

Summary    176

References in This Chapter    176

Chapter 7 Infrastructure Security    177

Infrastructure Threats    177

Unauthorized Access    177

Denial of Service    178

Traffic Capture    178

Layer    2 Threats    179

Network Service Threats    180

Policy Review    180

Infrastructure Operational Review    181

The Network Map and Documentation    182

Logical Diagrams    182

Physical Diagrams    182

Asset Location and Access Requirements    182

Data Flow and Traffic Analysis    183

Administrative Accounts    183

Configuration Management    184

Vulnerability Management    184

Disaster Recovery    184

Wireless Operations    185

Infrastructure Architecture Review    185

Management Plane Auditing    186

Cisco Device Management Access    187

Syslog    193

NTP    194

Netflow    195

Control Plane Auditing    196

IOS Hardening    196

Routing Protocols    198

Protecting the Control Plane    199

Data Plane Auditing    201

Access Control Lists    202

iACLs    202

Unicast Reverse Path Forwarding    203

Layer    2 Security    204

VTP    204

Port Security    205

DHCP Snooping    205

Dynamic ARP Inspection    206

IP Source Guard    206

Disable Dynamic Trunking    206

Protecting Spanning Tree    207

Switch Access Controls Lists    208

Protect Unused Ports    209

Wireless Security    210

Wireless Network Architecture    210

Cisco Adaptive Wireless Intrusion Prevention System    211

Protecting Wireless Access    212

Wireless Service Availability    213

Rogue Access Point Detection    214

General Network Device Security Best Practices    216

Technical Testing    217

Router Testing    219

Switch Testing    221

Wireless Testing    225

Checklist    230

Summary    235

References in This Chapter    236

Chapter 8 Perimeter Intrusion Prevention    237

Perimeter Threats and Risk    237

Policy Review    238

Perimeter Operations Review    239

Management and Change Control    239

Monitoring and Incident Handling    240

Perimeter Architecture Review    242

What Are You Protecting?    243

Perimeter Design Review    243

Logical Architecture    244

Physical Architecture    245

What Is the Risk?    246

Good Design Practices    247

Auditing Firewalls    247

Review Firewall Design    248

Simple Firewall    248

Screening Router and Firewall    248

Firewall with DMZ    249

Firewall with DMZ and Services Network    249

High Availability Firewall    250

IOS Firewall Deployment    250

Review Firewall Configuration    251

Firewall Modes of Operation    252

Firewall Virtualization    253

Filtering Methods    253

Network Address Translation    255

Secure Management    256

Logging    256

Other Configuration Checks    256

Review Rule Base    257

Cisco Firewall Rule Basics    257

Rule Review    259

Rule Optimization    260

The ASA Modular Policy Framework and Application

Inspection    261

IOS Zone-Based Firewall    263

Auditing IPS    265

How IPS Works    266

Review IPS Deployment    268

Review IPS Configuration    269

Protect the Management Interface    271

Administrative Access and Authentication    271

NTP Configuration    274

Signature Updates    274

Event Logging    275

Review IPS Signatures    276

Signature Definitions    276

Event Action Rules    277

Target Value Rating    277

IOS IPS    278

Technical Control Testing    279

Firewall Rule Testing    279

Testing the IPS    281

Conducting an IPS Test    282

Reviewing the Logs    284

Checklist    284

Summary    287

References in This Chapter    288

Chapter 9 Access Control    289

Fundamentals of Access Control    289

Identity and Authentication    290

Access Control Threats and Risks    291

Access Control Policy    292

Access Control Operational Review    293

Identity Operational Good Practices    293

Authorization and Accounting Practices    294

Administrative Users    296

Classification of Assets    297

Access Control Architecture Review    297

Identity and Access Control Technologies    298

Network Admission Control    298

NAC Components    299

How NAC Works    300

NAC Deployment Considerations    302

NAC Posture Assessment    303

Identity-Based Networking Services    304

Deployment Methods    305

NAC Guest Server    306

NAC Profiler    306

Technical Testing    308

Authentication and Identity Handling    308

Posture Assessment Testing    309

Testing for Weak Authentication    309

Checklist    313

Summary    315

References in This Chapter    315

Chapter 10 Secure Remote Access    317

Defining the Network Edge    317

VPN Fundamentals    318

Confidentiality    319

Symmetric Encryption    320

Asymmetric Encryption    321

Integrity    323

Authentication and Key Management    324

IPsec, SSL, and dTLS    326

IPsec    326

Secure Socket Layer    328

Datagram Transport Layer Security (dTLS)    329

Remote Access Threats and Risks    329

Remote Access Policies    330

Remote Access Operational Review    331

VPN Device Provisioning    331

Mobile Access Provisioning    332

Mobile User Role-Based Access Control    333

Monitoring and Incident Handling    333

Remote Access Architecture Review    333

Site-to-Site VPN Technologies    335

Easy VPN    335

IPsec and Generic Router Encapsulation (GRE)    336

Dynamic Multipoint VPN (DMVPN)    336

Multi Protocol Label Switching (MPLS) and Virtual Routing and

Forwarding (VRF) VPNs    337

GETVPN    339

Mobile User Access VPN    340

IPsec Client    341

Clientless SSL VPN    341

Cisco Secure Desktop    342

SSL Full Tunneling Client    344

VPN Network Placement    345

VPN Access Controls    346

Site-to-Site Access Controls    346

Mobile User Access Controls    347

Remote Access Good Practices    348

Technical Testing    350

Authentication    350

IPsec    351

SSL    352

Site-to-Site Access Control Testing    353

Mobile User Access Control Testing    353

Monitoring and Log Review    354

Checklist    354

Summary    358

References in This Chapter    358

Chapter 11 Endpoint Protection    359

Endpoint Risks    359

Endpoint Threats    360

Malware    360

Web-Based Threats    362

Social Networking and Web    2.0    365

E-Mail Threats    366

Data Loss Threats    367

Policy Review    368

Endpoint Protection Operational Control Review    370

Current Threat Intelligence    370

Vulnerability and Patch Management    373

Monitoring and Incident Handling    373

Security Awareness Program    374

Endpoint Architecture Review    374

Cisco Security Intelligence Operations    375

SensorBase    375

Cisco Threat Operations Center    375

Dynamic Update Function    376

Web Controls    376

Web Security Appliance    376

ASA    378

IPS    379

CSA    380

E-Mail Controls    380

E-Mail Policy Enforcement    381

E-Mail Authentication    381

Data Loss Prevention    383

Web    383

E-Mail    384

Client    385

Patch Management    386

Monitoring    386

Web    386

E-Mail    388

MARS    388

Technical Testing    388

Acceptable Use Enforcement    388

Malware Detection and Quarantine    389

SPAM, Phishing, and E-Mail Fraud    390

Encryption    390

Patch Management and Enforcement    390

Data Loss Prevention Testing    391

Detection and Response    391

Checklist    391

Summary    396

References in This Chapter    396

Chapter 12 Unified Communications    397

Unified Communications Risks    397

VoIP Threats    399

Denial of Service    399

Confidentiality    401

Fraud    401

UC Policy and Standards Review    403

UC Operational Control Review    404

User and Phone Provisioning    404

Change Management    405

Asset Management    405

Call Detail Record Review    406

Administrative Access    406

Vulnerability Management    406

Security Event Monitoring and Log Review    407

Disaster Recovery    408

UC Architecture Review    408

Unified Communications Fundamentals    409

H.323    410

MGCP    412

SCCP    412

SIP    413

Session Border Controller    415

RTP and SRTP    416

Call Processing    416

Infrastructure Controls    418

Switch Security    418

ACLs and Firewalling    420

IPS    421

Gateway Protection    422

Site to Site    422

Wireless    423

Call Control Protection    423

Communications Manager Hardening    423

Authentication, Integrity, and Encryption    424

Phone Proxy    426

Secure SIP Trunking    426

Toll Fraud Prevention    428

Application Controls    431

Voice Endpoint Controls    432

Monitoring and Management    433

Technical Testing    434

VLAN Separation    434

Eavesdropping    436

Gateway    438

Toll Fraud    438

Monitoring and Incident Detection    438

Checklist    439

Summary    444

References in This Chapter    445

From the B&N Reads Blog

Customer Reviews