Premium Members Get 10% Off and Earn Rewards Find Out More
End-to-End Network Security: Defense-in-Depth

End-to-End Network Security

Defense-in-Depth

 

Best practices for assessing and improving network defenses and responding to security incidents

 

Omar Santos

 

Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity—all blurring the boundaries between the network and perimeter.

 

End-to-End Network Security is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds.

 

End-to-End Network Security provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters.

 

Adopting the techniques and strategies outlined in this book enables you to prevent day-zero attacks, improve your overall security posture, build strong policies, and deploy intelligent, self-defending networks.

 

“Within these pages, you will find many practical tools, both process related and technology related, that you can draw on to improve your risk mitigation strategies.”

 

—Bruce Murphy, Vice President, World Wide Security Practices, Cisco

 

Omar Santos is a senior network security engineer at Cisco®. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

 

  • Guard your network with firewalls, VPNs, and intrusion prevention systems
  • Control network access with AAA
  • Enforce security policies with Cisco Network Admission Control (NAC)
  • Learn how to perform risk and threat analysis
  • Harden your network infrastructure, security policies, and procedures against security threats
  • Identify and classify security threats
  • Trace back attacks to their source
  • Learn how to best react to security incidents
  • Maintain visibility and control over your network with the SAVE framework
  • Apply Defense-in-Depth principles to wireless networks, IP telephony networks, data centers, and IPv6 networks

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Networking: Security

Covers: Network security and incident response

 

1125702573
End-to-End Network Security: Defense-in-Depth

End-to-End Network Security

Defense-in-Depth

 

Best practices for assessing and improving network defenses and responding to security incidents

 

Omar Santos

 

Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity—all blurring the boundaries between the network and perimeter.

 

End-to-End Network Security is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds.

 

End-to-End Network Security provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters.

 

Adopting the techniques and strategies outlined in this book enables you to prevent day-zero attacks, improve your overall security posture, build strong policies, and deploy intelligent, self-defending networks.

 

“Within these pages, you will find many practical tools, both process related and technology related, that you can draw on to improve your risk mitigation strategies.”

 

—Bruce Murphy, Vice President, World Wide Security Practices, Cisco

 

Omar Santos is a senior network security engineer at Cisco®. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

 

  • Guard your network with firewalls, VPNs, and intrusion prevention systems
  • Control network access with AAA
  • Enforce security policies with Cisco Network Admission Control (NAC)
  • Learn how to perform risk and threat analysis
  • Harden your network infrastructure, security policies, and procedures against security threats
  • Identify and classify security threats
  • Trace back attacks to their source
  • Learn how to best react to security incidents
  • Maintain visibility and control over your network with the SAVE framework
  • Apply Defense-in-Depth principles to wireless networks, IP telephony networks, data centers, and IPv6 networks

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Networking: Security

Covers: Network security and incident response

 

47.99 In Stock
End-to-End Network Security: Defense-in-Depth

End-to-End Network Security: Defense-in-Depth

by Omar Santos
End-to-End Network Security: Defense-in-Depth

End-to-End Network Security: Defense-in-Depth

by Omar Santos

Overview

End-to-End Network Security

Defense-in-Depth

 

Best practices for assessing and improving network defenses and responding to security incidents

 

Omar Santos

 

Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity—all blurring the boundaries between the network and perimeter.

 

End-to-End Network Security is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds.

 

End-to-End Network Security provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters.

 

Adopting the techniques and strategies outlined in this book enables you to prevent day-zero attacks, improve your overall security posture, build strong policies, and deploy intelligent, self-defending networks.

 

“Within these pages, you will find many practical tools, both process related and technology related, that you can draw on to improve your risk mitigation strategies.”

 

—Bruce Murphy, Vice President, World Wide Security Practices, Cisco

 

Omar Santos is a senior network security engineer at Cisco®. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

 

  • Guard your network with firewalls, VPNs, and intrusion prevention systems
  • Control network access with AAA
  • Enforce security policies with Cisco Network Admission Control (NAC)
  • Learn how to perform risk and threat analysis
  • Harden your network infrastructure, security policies, and procedures against security threats
  • Identify and classify security threats
  • Trace back attacks to their source
  • Learn how to best react to security incidents
  • Maintain visibility and control over your network with the SAVE framework
  • Apply Defense-in-Depth principles to wireless networks, IP telephony networks, data centers, and IPv6 networks

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Networking: Security

Covers: Network security and incident response

 

Product Details

ISBN-13: 9780132796804
Publisher: Pearson Education
Publication date: 08/24/2007
Series: Networking Technology: Security
Sold by: Barnes & Noble
Format: eBook
Pages: 480
File size: 12 MB
Note: This product may take a few minutes to download.
Age Range: 18 Years

About the Author

Omar Santos is a senior network security engineer and Incident Manager within the Product Security Incident Response Team (PSIRT) at Cisco. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the United States Marine Corps (USMC) and the U.S. Department of Defense (DoD). He is also the author of many Cisco online technical documents and configuration guidelines. Before his current role, Omar was a technical leader within the World Wide Security Practice and Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. He is an active member of the InfraGard organization. InfraGard is a cooperative undertaking that involves the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants. InfraGard is dedicated to increasing the security of the critical infrastructures of the United States of America. Omar has also delivered numerous technical presentations to Cisco customers and partners, as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of the Cisco Press books:Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting, and Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance.

 

Table of Contents

Foreword xix

Introduction xx

 

Part I

Introduction to Network Security Solutions 3

Chapter 1

Overview of Network Security Technologies 5

Firewalls 5

Network Firewalls 6

Network Address Translation (NAT) 7

Stateful Firewalls 9

Deep Packet Inspection 10

Demilitarized Zones 10

Personal Firewalls 11

Virtual Private Networks (VPN) 12

Technical Overview of IPsec 14

Phase 1 14

Phase 2 16

SSL VPNs 18

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) 19

Pattern Matching 20

Protocol Analysis 21

Heuristic-Based Analysis 21

Anomaly-Based Analysis 21

Anomaly Detection Systems 22

Authentication, Authorization, and Accounting (AAA) and Identity Management 23

RADIUS 23

TACACS+ 25

Identity Management Concepts 26

Network Admission Control 27

NAC Appliance 27

NAC Framework 33

Routing Mechanisms as Security Tools 36

Summary 39

 

Part II

Security Lifestyle: Frameworks and Methodologies 41

Chapter 2

Preparation Phase 43

Risk Analysis 43

Threat Modeling 44

Penetration Testing 46

Social Engineering 49

Security Intelligence 50

Common Vulnerability Scoring System 50

Base Metrics 51

Temporal Metrics 51

Environmental Metrics 52

Creating a Computer Security Incident Response Team (CSIRT) 52

Who Should Be Part of the CSIRT? 53

Incident Response Collaborative Teams 54

Tasks and Responsibilities of the CSIRT 54

Building Strong Security Policies 54

Infrastructure Protection 57

Strong Device Access Control 59

SSH Versus Telnet 59

Local Password Management 61

Configuring Authentication Banners 62

Interactive Access Control 62

Role-Based Command-Line Interface (CLI) Access in Cisco IOS 64

Controlling SNMP Access 66

Securing Routing Protocols 66

Configuring Static Routing Peers 68

Authentication 68

Route Filtering 69

Time-to-Live (TTL) Security Check 70

Disabling Unnecessary Services on Network Components 70

Cisco Discovery Protocol (CDP) 71

Finger 72

Directed Broadcast 72

Maintenance Operations Protocol (MOP) 72

BOOTP Server 73

ICMP Redirects 73

IP Source Routing 73

Packet Assembler/Disassembler (PAD) 73

Proxy Address Resolution Protocol (ARP) 73

IDENT 74

TCP and User Datagram Protocol (UDP) Small Servers 74

IP Version 6 (IPv6) 75

Locking Down Unused Ports on Network Access Devices 75

Control Resource Exhaustion 75

Resource Thresholding Notification 76

CPU Protection 77

Receive Access Control Lists (rACLs) 78

Control Plane Policing (CoPP) 80

Scheduler Allocate/Interval 81

Policy Enforcement 81

Infrastructure Protection Access Control Lists (iACLs) 82

Unicast Reverse Path Forwarding (Unicast RPF) 83

Automated Security Tools Within Cisco IOS 84

Cisco IOS AutoSecure 84

Cisco Secure Device Manager (SDM) 88

Telemetry 89

Endpoint Security 90

Patch Management 90

Cisco Security Agent (CSA) 92

Network Admission Control 94

Phased Approach 94

Administrative Tasks 96

Staff and Support 96

Summary 97

Chapter 3

Identifying and Classifying Security Threats 99

Network Visibility 101

Telemetry and Anomaly Detection 108

NetFlow 108

Enabling NetFlow 111

Collecting NetFlow Statistics from the CLI 112

SYSLOG 115

Enabling Logging (SYSLOG) on Cisco IOS Routers and Switches 115

Enabling Logging Cisco Catalyst Switches Running CATOS 117

Enabling Logging on Cisco ASA and Cisco PIX Security Appliances 117

SNMP 118

Enabling SNMP on Cisco IOS Devices 119

Enabling SNMP on Cisco ASA and Cisco PIX Security Appliances 121

Cisco Security Monitoring, Analysis and Response System (CS-MARS) 121

Cisco Network Analysis Module (NAM) 125

Open Source Monitoring Tools 126

Cisco Traffic Anomaly Detectors and Cisco Guard DDoS Mitigation

Appliances 127

Intrusion Detection and Intrusion Prevention Systems (IDS/IPS) 131

The Importance of Signatures Updates 131

The Importance of Tuning 133

Anomaly Detection Within Cisco IPS Devices 137

Summary 139

Chapter 4

Traceback 141

Traceback in the Service Provider Environment 142

Traceback in the Enterprise 147

Summary 151

Chapter 5

Reacting to Security Incidents 153

Adequate Incident-Handling Policies and Procedures 153

Laws and Computer Crimes 155

Security Incident Mitigation Tools 156

Access Control Lists (ACL) 157

Private VLANs 158

Remotely Triggered Black Hole Routing 158

Forensics 160

Log Files 161

Linux Forensics Tools 162

Windows Forensics 164

Summary 165

Chapter 6

Postmortem and Improvement 167

Collected Incident Data 167

Root-Cause Analysis and Lessons Learned 171

Building an Action Plan 173

Summary 174

Chapter 7

Proactive Security Framework 177

SAVE Versus ITU-T X.805 178

Identity and Trust 183

AAA 183

Cisco Guard Active Verification 185

DHCP Snooping 186

IP Source Guard 187

Digital Certificates and PKI 188

IKE 188

Network Admission Control (NAC) 188

Routing Protocol Authentication 189

Strict Unicast RPF 189

Visibility 189

Anomaly Detection 190

IDS/IPS 190

Cisco Network Analysis Module (NAM) 191

Layer 2 and Layer 3 Information (CDP, Routing Tables, CEF Tables) 191

Correlation 192

CS-MARS 193

Arbor Peakflow SP and Peakflow X 193

Cisco Security Agent Management Console (CSA-MC) Basic

Event Correlation 193

Instrumentation and Management 193

Cisco Security Manager 195

Configuration Logger and Configuration Rollback 195

Embedded Device Managers 195

Cisco IOS XR XML Interface 196

SNMP and RMON 196

Syslog 196

Isolation and Virtualization 196

Cisco IOS Role-Based CLI Access (CLI Views) 197

Anomaly Detection Zones 198

Network Device Virtualization 198

Segmentation with VLANs 199

Segmentation with Firewalls 200

Segmentation with VRF/VRF-Lite 200

Policy Enforcement 202

Visualization Techniques 203

Summary 207

 

Part III

Defense-In-Depth Applied 209

Chapter 8

Wireless Security 211

Overview of Cisco Unified Wireless Network Architecture 212

Authentication and Authorization of Wireless Users 216

WEP 216

WPA 218

802.1x on Wireless Networks 219

EAP with MD5 221

Cisco LEAP 222

EAP-TLS 223

PEAP 223

EAP Tunneled TLS Authentication Protocol (EAP-TTLS) 224

EAP-FAST 224

EAP-GTC 225

Configuring 802.1x with EAP-FAST in the Cisco Unified Wireless Solution 226

Configuring the WLC 226

Configuring the Cisco Secure ACS Server for 802.1x and EAP-FAST 229

Configuring the CSSC 233

Lightweight Access Point Protocol (LWAPP) 236

Wireless Intrusion Prevention System Integration 239

Configuring IDS/IPS Sensors in the WLC 241

Uploading and Configuring IDS/IPS Signatures 242

Management Frame Protection (MFP) 243

Precise Location Tracking 244

Network Admission Control (NAC) in Wireless Networks 245

NAC Appliance Configuration 246

WLC Configuration 255

Summary 259

Chapter 9

IP Telephony Security 261

Protecting the IP Telephony Infrastructure 262

Access Layer 266

Distribution Layer 273

Core 275

Securing the IP Telephony Applications 275

Protecting Cisco Unified CallManager 276

Protecting Cisco Unified Communications Manager Express (CME) 277

Protecting Cisco Unity 281

Protecting Cisco Unity Express 287

Protecting Cisco Personal Assistant 289

Hardening the Cisco Personal Assistant Operating Environment 289

Cisco Personal Assistant Server Security Policies 291

Protecting Against Eavesdropping Attacks 293

Summary 295

Chapter 10

Data Center Security 297

Protecting the Data Center Against Denial of Service (DoS) Attacks and Worms 297

SYN Cookies in Firewalls and Load Balancers 297

Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) 300

Cisco NetFlow in the Data Center 301

Cisco Guard 302

Data Center Infrastructure Protection 302

Data Center Segmentation and Tiered Access Control 303

Segmenting the Data Center with the Cisco FWSM 306

Cisco FWSM Modes of Operation and Design Considerations 306

Configuring the Cisco Catalyst Switch 309

Creating Security Contexts in the Cisco FWSM 310

Configuring the Interfaces on Each Security Context 312

Configuring Network Address Translation 313

Controlling Access with ACLs 317

Virtual Fragment Reassembly 322

Deploying Network Intrusion Detection and Prevention Systems 322

Sending Selective Traffic to the IDS/IPS Devices 322

Monitoring and Tuning 325

Deploying the Cisco Security Agent (CSA) in the Data Center 325

CSA Architecture 325

Configuring Agent Kits 326

Phased Deployment 326

Summary 327

Chapter 11

IPv6 Security 329

Reconnaissance 330

Filtering in IPv6 331

Filtering Access Control Lists (ACL) 331

ICMP Filtering 332

Extension Headers in IPv6 332

Spoofing 333

Header Manipulation and Fragmentation 333

Broadcast Amplification or Smurf Attacks 334

IPv6 Routing Security 334

IPsec and IPv6 335

Summary 336

 

Part IV

Case Studies 339

Chapter 12

Case Studies 341

Case Study of a Small Business 341

Raleigh Office Cisco ASA Configuration 343

Configuring IP Addressing and Routing 343

Configuring PAT on the Cisco ASA 347

Configuring Static NAT for the DMZ Servers 349

Configuring Identity NAT for Inside Users 351

Controlling Access 352

Cisco ASA Antispoofing Configuration 353

Blocking Instant Messaging 354

Atlanta Office Cisco IOS Configuration 360

Locking Down the Cisco IOS Router 360

Configuring Basic Network Address Translation (NAT) 376

Configuring Site-to-Site VPN 377

Case Study of a Medium-Sized Enterprise 389

Protecting the Internet Edge Routers 391

Configuring the AIP-SSM on the Cisco ASA 391

Configuring Active-Standby Failover on the Cisco ASA 394

Configuring AAA on the Infrastructure Devices 400

Case Study of a Large Enterprise 401

Creating a New Computer Security Incident Response Team (CSIRT) 403

Creating New Security Policies 404

Physical Security Policy 404

Perimeter Security Policy 404

Device Security Policy 405

Remote Access VPN Policy 405

Patch Management Policy 406

Change Management Policy 406

Internet Usage Policy 406

Deploying IPsec Remote Access VPN 406

Configuring IPsec Remote Access VPN 408

Configuring Load-Balancing 415

Reacting to a Security Incident 418

Identifying, Classifying, and Tracking the Security Incident or Attack 419

Reacting to the Incident 419

Postmortem 419

Summary 420

 

Index

422

Preface

Introduction

The network security lifecycle requires specialized support and a commitment to best practice standards. In this book, you will learn best practices that draw upon disciplined processes, frameworks, expert advice, and proven technologies that will help you protect your infrastructure and organization. You will learn end-to-end security best practices, from strategy development to operations and optimization.

This book covers the six-step methodology of incident readiness and response. You must take a proactive approach to security; an approach that starts with assessment to identify and categorize your risks. In addition, you need to understand the network security technical details in relation to security policy and incident response procedures. This book covers numerous best practices that will help you orchestrate a long-term strategy for your organization.

Who Should Read This Book?

The answer to this question is simple—everyone. The principles and best practices covered in this book apply to every organization. Anyone interested in network security should become familiar with the information included in this book—from network and security engineers to management and executives. This book covers not only numerous technical topics and scenarios, but also covers a wide range of operational best practices in addition to risk analysis and threat modeling.

How This Book Is Organized

Part I of this book includes Chapter 1 which covers an introduction to security technologies and products. In Part II, which encompasses Chapters 2 through 7, you will learn the six-step methodology of incident readiness and response. PartIII includes Chapters 8 through 11 which cover strategies used to protect wireless networks, IP telephony implementations, data centers, and IPv6 networks. Real-life case studies are covered in Part IV which contains Chapter 12.

The following is a chapter-by-chapter summary of the contents of the book.

Part I, "Introduction to Network Security Solutions," includes:


  • Chapter 1, "Overview of Network Security Technologies." This chapter covers an introduction to security technologies and products. It starts with an overview of how to place firewalls to provide perimeter security and network segmentation while enforcing configured policies. It then dives into virtual private network (VPN) technologies and protocols—including IP Security (IPsec) and Secure Socket Layer (SSL). In addition, this chapter covers different technologies such as intrusion detection systems (IDS), intrusion protection systems (IPS), anomaly detection systems, and network telemetry features that can help you identify and classify security threats. Authentication, authorization, and accounting (AAA) offers different solutions that provide access control to network resources. This chapter introduces AAA and identity management concepts. Furthermore, it includes an overview of the Cisco Network Admission Control solutions that are used to enforce security policy compliance on all devices that are designed to access network computing resources, thereby limiting damage from emerging security threats. Routing techniques can be used as security tools. This chapter provides examples of different routing techniques, such as Remotely Triggered Black Hole (RTBH) routing and sinkholes that are used to increase the security of the network and to react to new threats.

Part II, "Security Lifecycle: Frameworks and Methodologies," includes:

  • Chapter 2, "Preparation Phase." This chapter covers numerous best practices on how to better prepare your network infrastructure, security policies, procedures, and organization as a whole against security threats and vulnerabilities. This is one of the most important chapters of this book. It starts by teaching you risk analysis and threat modeling techniques. You will also learn guidelines on how to create strong security policies and how to create Computer Security Incident Response Teams (CSIRT). Topics such as security intelligence and social engineering are also covered in this chapter. You will learn numerous tips on how to increase the security of your network infrastructure devices using several best practices to protect the control, management, and data plane. Guidelines on how to better secure end-user systems and servers are also covered in this chapter.

  • Chapter 3, "Identifying and Classifying Security Threats." This chapter covers the next two phases of the six-step methodology for incident response—identification and classification of security threats. You will learn how important it is to have complete network visibility and control to successfully identify and classify security threats in a timely fashion. This chapter covers different technologies and tools such as Cisco NetFlow, SYSLOG, SNMP, and others which can be used to obtain information from your network and detect anomalies that might be malicious activity. You will also learn how to use event correlation tools such as CS-MARS and open source monitoring systems in conjunction with NetFlow to allow you to gain better visibility into your network. In addition, this chapter covers details about anomaly detection, IDS, and IPS solutions by providing tips on IPS/IDS tuning and the new anomaly detection features supported by Cisco IPS.

  • Chapter 4, "Traceback." Tracing back the source of attacks, infected hosts in worm outbreaks, or any other security incident can be overwhelming for many network administrators and security professionals. Attackers can use hundreds or thousands of botnets or zombies that can greatly complicate traceback and hinder mitigation once traceback succeeds. This chapter covers several techniques that can help you successfully trace back the sources of such threats. It covers techniques used by service providers and enterprises.

  • Chapter 5, "Reacting to Security Incidents." This chapter covers several techniques that you can use when reacting to security incidents. It is extremely important for organizations to have adequate incident handling policies and procedures in place. This chapter shows you several tips on how to make sure that your policies and procedures are adequate to successfully respond to security incidents. You will also learn general information about different laws and practices to use when investigating security incidents and computer crimes. In addition, this chapter includes details about different tools you can use to mitigate attacks and other security incidents with your network infrastructure components including several basic computer forensics topics.

  • Chapter 6, "Postmortem and Improvement." It is highly recommended that you complete a postmortem after responding to security incidents. This postmortem should identify the strengths and weaknesses of the incident response effort. With this analysis, you can identify weaknesses in systems, infrastructure defenses, or policies that allowed the incident to take place. In addition, a postmortem helps you identify problems with communication channels, interfaces, and procedures that hampered the efficient resolution of the reported problem. This chapter covers several tips on creating postmortems and executing post-incident tasks. It includes guidelines for collecting post-incident data, documenting lessons learned during the incident, and building action plans to close gaps that are identified.

  • Chapter 7, "Proactive Security Framework." This chapter covers the Security Assessment, Validation, and Execution (SAVE) framework. SAVE, formerly known as the Cisco Operational Process Model (COPM), is a framework initially developed for service providers, but its practices are applied to enterprises and organizations. This chapter provides examples of techniques and practices that can allow you to gain and maintain visibility and control over the network during normal operations or during the course of a security incident or an anomaly in the network.

Part III, "Defense-In-Depth Applied," includes:

  • Chapter 8, "Wireless Security." When designing and deploying wireless networks, it is important to consider the unique security challenges that can be inherited. This chapter includes best practices to use when deploying wireless networks. You will learn different types of authentication mechanisms, including 802.1x, which is used to enhance the security of wireless networks. In addition, this chapter includes an overview of the Lightweight Access Point Protocol (LWAPP), Cisco Location Services, Management Frame Protection (MFP), and other wireless features to consider when designing security within your wireless infrastructure. The chapter concludes with step-by-step configuration examples of the integration of IPS and the Cisco NAC Appliance on the Cisco Unified Wireless Network solution.

  • Chapter 9, "IP Telephony Security." IP Telephony solutions are being deployed at a fast rate in many organizations. The cost savings introduced with Voice over IP (VoIP) solutions are significant. On the other hand, these benefits can be heavily impacted if you do not have the appropriate security mechanisms in place. In this chapter, you will learn several techniques used to increase the security of IP Telephony networks. This chapter covers how to secure different IP telephony components such as the Cisco Unified CallManager, Cisco Unified CME, Cisco Unity, Cisco Unity Express, and Cisco Unified Personal Assistant. In addition, it covers several ways to protect against voice eavesdropping attacks.

  • Chapter 10, "Data Center Security." In this chapter, you will learn the security strategies, technologies, and products designed to protect against attacks on your data center from both inside and outside the enterprise. Integrated security technologies, including secure connectivity, threat defense, and trust and identity management systems, create a Defense-in-Depth strategy to protect each application and server environment across the consolidated IP, storage, and interconnect data center networking infrastructure. Configuration examples of different solutions such as the Firewall Services Module (FWSM), the Intrusion Detection/Prevention System Module (IDSM), and the Application Control Engine (ACE) module for the Catalyst 6500 series switches are covered in detail. This chapter also covers the use of Layer 2 to Layer 7 security features in infrastructure components to successfully identify, classify, and mitigate security threats within the data center.

  • Chapter 11, "IPv6 Security." This chapter covers an introduction to security topics in Internet Protocol Version 6 (IPv6) implementations. Although it is assumed that you already have a rudimentary understanding of IPv6, this chapter covers basic IPv6 topics. This chapter details the most common IPv6 security threats and the best practices that many organizations adopt to protect their IPv6 infrastructure. IPsec in IPv6 is also covered, with guidelines on how to configure Cisco IOS routers to terminate IPsec in IPv6 networks.

Part IV, "Case Studies," includes:

  • Chapter 12, "Case Studies." This chapter covers several case studies representing small, medium-sized, and large-scale enterprises. Detailed example configurations and implementation strategies of best practices learned in earlier chapters are covered to enhance learning.


© Copyright Pearson Education. All rights reserved.

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Internet & World Wide Web
Networking & Telecommunications
Internet & World Wide Web - General & Miscellaneous
Security - Computer Networks
Computers
Internet & World Wide Web
Networking & Telecommunications
Internet & World Wide Web - General & Miscellaneous
Security - Computer Networks

Customer Reviews