The Practice of Network Security: Deployment Strategies for Production Environments

Hardcover (Print)
Buy Used
Buy Used from BN.com
$37.49
(Save 25%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Hardcover)
  • All (15) from $1.99   
  • New (6) from $31.39   
  • Used (9) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$31.39
Seller since 2008

Feedback rating:

(17632)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Brand New, Perfect Condition, Please allow 4-14 business days for delivery. 100% Money Back Guarantee, Over 1,000,000 customers served.

Ships from: Westminster, MD

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$31.40
Seller since 2007

Feedback rating:

(23432)

Condition: New
BRAND NEW

Ships from: Avenel, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$35.00
Seller since 2006

Feedback rating:

(341)

Condition: New
Upper Saddle River, NJ 2002 Hard cover New. BRAND NEW. Contains: Illustrations. Prentice Hall Series in Computer Networking and Distributed Systems. Audience: General/trade.

Ships from: Northbrook, IL

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$57.06
Seller since 2014

Feedback rating:

(3)

Condition: New
New

Ships from: Idyllwild, CA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$60.00
Seller since 2005

Feedback rating:

(45)

Condition: New
2002 Hard cover NEW. Hardcover edition. ISBN 0130462233. New. No dust jacket as issued. NEW. Hardcover edition. ISBN 0130462233. NEW. Hardcover edition. ISBN 0130462233. NEW. ... Hardcover edition. ISBN 0130462233. Read more Show Less

Ships from: San Marino, CA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$63.00
Seller since 2010

Feedback rating:

(7)

Condition: New
12-26-02 other 1 BRAND NEW! ONLY Expedited orders are shipped with tracking number! *WE DO NOT SHIP TO PO BOX* Please allow up to 14 days delivery for order with standard ... shipping. SHIPPED FROM MULTIPLE LOCATIONS. Read more Show Less

Ships from: San Jose, CA

Usually ships in 1-2 business days

  • Canadian
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

In The Practice of Network Security, former UUNet networkarchitect Allan Liska shows how to secure enterprise networks in thereal world - where you're constantly under attack and you don't alwaysget the support you need. Liska addresses every facet of networksecurity, including defining security models, access control,Web/DNS/email security, remote access and VPNs, wireless LAN/WANsecurity, monitoring, logging, attack response, and more. Includes adetailed case study on redesigning an insecure enterprise network formaximum security.
Read More Show Less

Product Details

Meet the Author

ALLAN LISKA is a Security Engineer with Symantec's Enterprise Security Services division. Prior to that Mr. Liska spent six years at WorldCom, where he served as a network architect for WorldCom's hosting division. He is also a CISSP who has written about network management, administration, and Web-server security.

Read More Show Less

Read an Excerpt

Introduction

As I am writing this introduction an alert has just come inabout a newly discovered vulnerability in Cisco’s CatOS. Thevulnerability, a buffer overflow in the CatOS HTTP daemon, is one that iscommonly found on devices that have stripped down HTTP daemons used formanagement purposes.

A couple of years ago this vulnerability would not haveraised too many eyebrows. After all, how often is a device within the networkinfrastructure attacked? Attacks are targeted toward servers, and insecureworkstations not routers, switches, firewalls, or other network infrastructure,right? That’s not the case any more. As networks have become more complexso have the attackers that try to infiltrate them. Network security is nolonger simply about protecting servers and workstations. Network security nowrequires a holistic understanding of the network, and an awareness ofvulnerabilities both at the edge and in the core.

As attackers have become more sophisticated, so have thetools they use to infiltrate networks. These tools, most freely available, havefiltered down to chat rooms and “warez” web sites, making it easierfor less knowledgeable users to launch an attack against a network, or multiplenetworks. Attacks against networks are now routinely launched by disgruntledteens, angry customers, ex-employees, or someone who just wants to see if itcan be done.

All these changes have combined to make the job of securityand network professionals much more difficult. The number of devices that mustbe protected has increased, while the security budget has remained the same orshrunk.  Security administratorsmust now spend time determining whether an attack isorchestrated by someonewho knows what they are doing and is trying to gain access to confidentialinformation, or some kid who wants to test out the last Denial of Service (DoS)tool.

In addition to these problems there is often a blending ofthe roles that security, network and server administrators play in protectingthe network. Separating the responsibilities of different groups, whileensuring that communication between the groups still occurs is an importantresponsibility.Purpose of This Book

Throughout this book there are real world examples ofattacks used against networks, and suggestions for ways to protect networksagainst these attacks. However, it is important to keep in mind that a book isstatic; information within these pages is designed as a guideline, to helpadministrators develop a network security strategy.

Because each network is unique, it is impossible to deliveran all-encompassing strategy in a single book. Using the fundamentals providedin this book can help administrators find holes in current security strategies,or even start a discussion about security within the company.

I know that many people who pick up this book and thumbthrough it are going to think, at first glance, that much of what is listedhere is a waste of time. Many network administrators are too busy pluggingholes in the network to take the time to develop a security strategy, and theidea of trying to work with senior management to explain something ascomplicated as a DoS attack seems impossible. As difficult as these two taskmight seem, they are both important because, in the long run, they make the jobof securing the network easier.

Putting a security process in place helps to refine theroles that different groups will play in the security process; it also servesto divide up the work that needs to be done when securing a network. A securityprocess can also help create security baselines that make the job ofadministering a network much easier.

The purpose of this book is to make the job of securing thenetwork easier. By offering suggestions, based on real world experience, of howto streamline the security process and some common mistakes to watch for, thisbook can be used to help create a unique security strategy for yourorganization.

This book should not be used alone. If your organization isserious about having a current and complete security strategy you should use asmany tools as possible. In addition to this book, I would recommend thefollowing books:

  • Network Security: Private Communication in a Public World, by Charlie Kaufman, Radia Perlman, and Mike Speciner
  • Applied Cryptography: Protocols, Algorithms, and Source Code in C, by Bruce Schneier

Of course, books should not be your only source of securityinformation, the world of security changes too fast to rely solely on books forinformation. It is important to work with your server and network vendors tokeep up to date on the latest vulnerabilities, and the recommended fixes.Vendors also have a lot of insight and advice about current best securitypractices for their products.

Finally, using the Internet as a tool to keep up to datewith the latest security information can be important. As with any informationon the Internet it is usually a good idea to get a second opinion. There is alot of really good security information, but there is also a lot of badinformation and some that is just wrong. Usually surveying the top security websites, as well as vendor web sites can provide you with enough goodinformation. Some of the security sites I recommend and personally use are (inno particular order):

  • Security Focus (http://www.securityfocus.com/)
  • The SANS Institute (http://www.sans.org/)
  • Network Security Library (http://www.secinf.net/)
  • CERT® Coordination Center (http://www.cert.org/)
  • Insecure.Org (http://www.insecure.org/)
  • Computer Incident Advisory Capability (http://www.ciac.org/)

The information on these web sites is usually reliable andcan help you keep your network protected.The Complaint Department

Knowing network and security engineers they way I do, I knowthere are going to be people who have complaints about things in this book.Some will feel I should have mentioned a tool that I did not, or that advice Igave was wrong.

If you are one of those people, I want you to tell me. Youcan e-mail me at allan@allan.org with any suggestions, flames, criticisms, or evenif you want to compliment the work.

As I said before, the world of security is constantlychanging, no doubt there will be a second and third edition of this book, andyour comments can help make those next editions even better, so I welcome them.

Read More Show Less

Table of Contents

1. Defining the Scope.

What is Network Security? What Types of Network Security Are Important? What Is the Cost of Lax Security Policies? Where Is the Network Vulnerable? The Network. Summary.

2. Security Mode.

Choosing a Security Mode. OCTAVE. Build Asset-Based Threat Profiles. Identify Infrastructure Vulnerabilities. Evaluate Security Strategy and Plans. Summary.

3. Understanding Types of Attacks.

Sniffing and Port Scanning. Exploits. Spoofing. Distributed Denial of Service Attacks. Viruses and Worms. Summary.

4. Routing.

The Router on the Network. The Basics. Disabling Unused Services. Redundancy. Securing Routing Protocols. Limit Access to Routers. Change Default Passwords! Summary.

5. Switching.

The Switch on the Network. Multilayer Switching. VLANs. Spanning Tree. MAC Addressing. Restricting Access to Switches. Summary.

6. Authentication, Authorization, and Accounting.

Kerberos. RADIUS. TACACS+. Summary.

7. Remote Access and VPNs.

VPN Solutions. IP VPN Security. Dial-In Security Access. DSL and Cable VPN Security. Encrypting Remote Sessions. The VPN on the Network. Summary.

8. Wireless Wide Area Networks.

Wireless WAN Security Issues. Spread Spectrum Technology. Location. Summary.

9. Wireless Local Area Networks.

Access Point Security. SSID. WEP. MAC Address Filtering.RADIUS Authentication. WLAN VPN. 802.11i92. Summary.

10. Firewalls and Intrusion Detection Systems.

The Purpose of the Firewall. What a Firewall Cannot Do. Types of Firewalls. Layer 2 Firewalls. Intrusion Detection Systems. Summary.

11. The DMZ.

DMZ Network Design. Multiple DMZ Design. DMZ Rulesets. Summary.

12. Server Security.

General Server Security Guidelines. Backups. Web Server Security. Mail Server Security. Outsourcing. Summary.

13. DNS Security.

Securing Your Domain Name. A Secure BIND Installation. Limit Access to Domain Information. DNS Outsourcing. Djbdns. Summary.

14. Workstation Security.

General Workstation Security Guidelines. Virus and Worm Scanning. Administrative Access. Remote Login. Summary.

15. Managing Network Security.

Enforcing Security Policies. Understanding Network Security Risks. Avoiding Common Mistakes. Summary.

16. Monitoring.

What to Monitor. SNMP. Centralizing the Monitoring Process. Summary.

17. Logging.

Protecting Against Log-Altering Attacks. Syslog Servers. Sifting Through Logged Data. Summary.

18. Responding to an Attack.

Creating a Response Chain of Command. Take Notes and Gather Evidence. Contain and Investigate the Problem. Remove the Problem. Contact Appropriate Parties. Prepare a Postmortem. Summary.

Read More Show Less

Preface

Introduction

As I am writing this introduction an alert has just come inabout a newly discovered vulnerability in Cisco’s CatOS. Thevulnerability, a buffer overflow in the CatOS HTTP daemon, is one that iscommonly found on devices that have stripped down HTTP daemons used formanagement purposes.

A couple of years ago this vulnerability would not haveraised too many eyebrows. After all, how often is a device within the networkinfrastructure attacked? Attacks are targeted toward servers, and insecureworkstations not routers, switches, firewalls, or other network infrastructure,right? That’s not the case any more. As networks have become more complexso have the attackers that try to infiltrate them. Network security is nolonger simply about protecting servers and workstations. Network security nowrequires a holistic understanding of the network, and an awareness ofvulnerabilities both at the edge and in the core.

As attackers have become more sophisticated, so have thetools they use to infiltrate networks. These tools, most freely available, havefiltered down to chat rooms and “warez” web sites, making it easierfor less knowledgeable users to launch an attack against a network, or multiplenetworks. Attacks against networks are now routinely launched by disgruntledteens, angry customers, ex-employees, or someone who just wants to see if itcan be done.

All these changes have combined to make the job of securityand network professionals much more difficult. The number of devices that mustbe protected has increased, while the security budget has remained the same orshrunk. Security administratorsmust now spend time determining whether an attack is orchestrated by someonewho knows what they are doing and is trying to gain access to confidentialinformation, or some kid who wants to test out the last Denial of Service (DoS)tool.

In addition to these problems there is often a blending ofthe roles that security, network and server administrators play in protectingthe network. Separating the responsibilities of different groups, whileensuring that communication between the groups still occurs is an importantresponsibility.

Purpose of This Book

Throughout this book there are real world examples ofattacks used against networks, and suggestions for ways to protect networksagainst these attacks. However, it is important to keep in mind that a book isstatic; information within these pages is designed as a guideline, to helpadministrators develop a network security strategy.

Because each network is unique, it is impossible to deliveran all-encompassing strategy in a single book. Using the fundamentals providedin this book can help administrators find holes in current security strategies,or even start a discussion about security within the company.

I know that many people who pick up this book and thumbthrough it are going to think, at first glance, that much of what is listedhere is a waste of time. Many network administrators are too busy pluggingholes in the network to take the time to develop a security strategy, and theidea of trying to work with senior management to explain something ascomplicated as a DoS attack seems impossible. As difficult as these two taskmight seem, they are both important because, in the long run, they make the jobof securing the network easier.

Putting a security process in place helps to refine theroles that different groups will play in the security process; it also servesto divide up the work that needs to be done when securing a network. A securityprocess can also help create security baselines that make the job ofadministering a network much easier.

The purpose of this book is to make the job of securing thenetwork easier. By offering suggestions, based on real world experience, of howto streamline the security process and some common mistakes to watch for, thisbook can be used to help create a unique security strategy for yourorganization.

This book should not be used alone. If your organization isserious about having a current and complete security strategy you should use asmany tools as possible. In addition to this book, I would recommend thefollowing books:

  • Network Security: Private Communication in a Public World, by Charlie Kaufman, Radia Perlman, and Mike Speciner
  • Applied Cryptography: Protocols, Algorithms, and Source Code in C, by Bruce Schneier

Of course, books should not be your only source of securityinformation, the world of security changes too fast to rely solely on books forinformation. It is important to work with your server and network vendors tokeep up to date on the latest vulnerabilities, and the recommended fixes.Vendors also have a lot of insight and advice about current best securitypractices for their products.

Finally, using the Internet as a tool to keep up to datewith the latest security information can be important. As with any informationon the Internet it is usually a good idea to get a second opinion. There is alot of really good security information, but there is also a lot of badinformation and some that is just wrong. Usually surveying the top security websites, as well as vendor web sites can provide you with enough goodinformation. Some of the security sites I recommend and personally use are (inno particular order):

  • Security Focus (http://www.securityfocus.com/)
  • The SANS Institute (http://www.sans.org/)
  • Network Security Library (http://www.secinf.net/)
  • CERT® Coordination Center (http://www.cert.org/)
  • Insecure.Org (http://www.insecure.org/)
  • Computer Incident Advisory Capability (http://www.ciac.org/)

The information on these web sites is usually reliable andcan help you keep your network protected.

The Complaint Department

Knowing network and security engineers they way I do, I knowthere are going to be people who have complaints about things in this book.Some will feel I should have mentioned a tool that I did not, or that advice Igave was wrong.

If you are one of those people, I want you to tell me. Youcan e-mail me at allan@allan.org with any suggestions, flames, criticisms, or evenif you want to compliment the work.

As I said before, the world of security is constantlychanging, no doubt there will be a second and third edition of this book, andyour comments can help make those next editions even better, so I welcome them.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)