5
1
Paperback
$49.00
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
49.0
In Stock
Overview
Shows network administrators and IT pros how to harden their network infrastructure against hackers.
Product Details
ISBN-13: | 9780072255027 |
---|---|
Publisher: | McGraw-Hill/Osborne Media |
Publication date: | 05/06/2004 |
Series: | Hardening |
Pages: | 580 |
Product dimensions: | 7.50(w) x 9.13(h) x 1.24(d) |
Table of Contents
Foreword | xv | |
Acknowledgments | xvii | |
Introduction | xix | |
Part I | Do This Now! | |
1 | Do These Six Things Before You Do Anything Else | 3 |
Review Your Network Design | 5 | |
Implement a Firewall | 9 | |
Application Proxies | 10 | |
Stateful Packet-Inspecting/Filtering Gateways | 10 | |
Hybrid Firewalls | 10 | |
Which Firewall Should You Implement? | 10 | |
Implement Access Control Lists | 11 | |
Turn Off Unnecessary Features and Services | 12 | |
Implement Virus Protection | 12 | |
Secure Your Wireless Connections | 14 | |
Summary | 14 | |
Part II | Take It from the Top: The Systematic Hardening Process | |
2 | Write a Security Policy | 19 |
The Role of a Security Policy | 20 | |
The Purpose of a Security Policy | 22 | |
Security Policy Components | 23 | |
Where to Start? | 23 | |
The Characteristics of a Good Security Policy | 27 | |
Security Policy Recommendations | 30 | |
Encryption Policy | 30 | |
Analog/ISDN Policy | 30 | |
Antivirus Policy | 30 | |
Audit, Vulnerability Assessment, and Risk Assessment Policy | 31 | |
Dial-in Policy | 31 | |
DMZ Policy | 31 | |
Extranet Policy | 31 | |
Wireless Communications Policy | 32 | |
VPN Policy | 32 | |
Firewall Security Policy | 32 | |
Router and Switch Security Policy | 33 | |
Remote Access Policy | 33 | |
Password Policy | 33 | |
Intrusion Detection/Prevention System Policy | 34 | |
Content-Filtering/Internet Policy | 34 | |
Enterprise-Monitoring Policy | 34 | |
Acceptable-Use Policy | 35 | |
Network Connection Policy | 35 | |
Network Documentation Policy | 35 | |
Why Security Policies Fail and How to Ensure Yours Won't | 35 | |
Security Is Viewed as a Barrier to Progress | 36 | |
Security Is a Learned Behavior | 36 | |
Security Is Rife with Unexpected Events and Occurrences | 36 | |
Your Security Policy Is Never Finished | 37 | |
Preventing the Failure | 37 | |
Summary | 37 | |
3 | Hardening Your Firewall | 39 |
Hardware-Based and Software-Based Firewalls | 40 | |
Hardening Remote Administration | 41 | |
Implementing Authentication and Authorization | 48 | |
Hardening the Underlying Operating System | 50 | |
Hardening Firewall Services and Protocols | 51 | |
Using Redundancy to Harden Your Firewall | 64 | |
Hardening Routing Protocols | 66 | |
Summary | 71 | |
4 | Hardening Your Network with Intrusion Detection and Prevention | 73 |
IDS/IPS Technologies | 74 | |
Host-Based Intrusion Detection/Prevention | 75 | |
Network-Based Intrusion Detection/Prevention | 76 | |
IDS/IPS Components | 77 | |
IDS/IPS Device Hardening | 78 | |
Hardening PureSecure on Microsoft Windows | 78 | |
Hardening Cisco IDS | 81 | |
IDS/IPS Deployments | 83 | |
Detection vs. Prevention | 84 | |
Sensor Placement | 85 | |
Sensor Placement in a Switched Network Infrastructure | 86 | |
IDS/IPS Tuning | 87 | |
Tuning PureSecure Sensors | 88 | |
Tuning Cisco IDS Sensors | 90 | |
IDS/IPS Logging, Alerting, and Blocking | 94 | |
Logging with PureSecure | 95 | |
Logging with Cisco IDS | 96 | |
Alerting with PureSecure | 98 | |
Alerting with Cisco IDS | 99 | |
Blocking Traffic Using Cisco IDS and Cisco PIX Firewalls | 103 | |
Summary | 104 | |
5 | Hardening VPN and Dial-in Remote Access | 105 |
Hardening VPN Connectivity | 106 | |
Different VPN Connection Types and Technologies | 107 | |
VPN Device-Hardening Methods | 110 | |
Hardening IPsec-Based VPNs | 135 | |
Hardening VPN Clients | 150 | |
Hardening Dial-in Remote Access | 151 | |
Summary | 153 | |
6 | Hardening Your Routers and Switches | 155 |
Hardening Management Access | 156 | |
Securing Console Access | 157 | |
Securing VTY Access | 158 | |
Securing Web-Based Management Access | 161 | |
Securing Auxiliary Access | 161 | |
Securing Privileged Mode Access | 162 | |
Implementing Usernames and AAA | 163 | |
Implementing Banners | 164 | |
Hardening Services and Features | 164 | |
Cisco Discovery Protocol (CDP) | 165 | |
TCP and UDP Small Servers | 165 | |
finger | 166 | |
Network Time Protocol (NTP) | 166 | |
bootp Server | 167 | |
Dynamic Host Configuration Protocol (DHCP) | 167 | |
Configuration Autoloading | 168 | |
Name Resolution | 168 | |
Proxy ARP | 169 | |
Directed Broadcasts | 169 | |
IP Source Routing | 169 | |
ICMP Redirects, Unreachables, and Mask Replies | 170 | |
syslog | 170 | |
Simple Network Management Protocol (SNMP) | 171 | |
Implementing Loopback Address | 173 | |
Disabling Unused Interfaces | 174 | |
Configuring Core Dumps | 175 | |
Hardening Router Technologies | 175 | |
Implementing Redundancy | 175 | |
Hardening Routing Protocols | 176 | |
Implementing Traffic Management | 181 | |
Implementing IPsec | 191 | |
Hardening Switch Technologies | 194 | |
Hardening VLANs | 194 | |
Hardening Services and Features | 198 | |
Summary | 204 | |
7 | Securing the Network with Content Filters | 205 |
Internet Content Filtering Architectures | 207 | |
Client-Based Content Filtering | 207 | |
Server-Based Content Filtering | 207 | |
Gateway-Based Content Filtering | 210 | |
Internet Content Filtering | 211 | |
Misuse of Resources | 211 | |
Preserving Network Bandwidth | 211 | |
Hostile Work Environment | 211 | |
Hostile Web Code (Java/ActiveX Applets) | 212 | |
Implementing Content Filtering | 212 | |
E-mail Content Filtering | 234 | |
Implementing Virus Protection | 235 | |
Filtering Attachments | 236 | |
Implementing Content Filtering | 237 | |
Implementing Spam Control | 238 | |
Summary | 239 | |
8 | Hardening Wireless LAN Connections | 241 |
Banning WLANs Without IT/Management Approval | 242 | |
Preventing Rogue APs | 242 | |
Implementing WLAN Discovery Procedures | 244 | |
Removing Rogue WAPs | 248 | |
Hardening Wireless Access Points | 248 | |
Hardening Remote Administration | 249 | |
Securely Configuring the Service Set Identifier (SSID) | 252 | |
Configuring Logging | 255 | |
Hardening Services | 255 | |
Restricting Wireless Mode | 258 | |
Using MAC Address Filtering | 259 | |
Hardening Wireless LAN Connections | 262 | |
Hardening Wired Equivalent Privacy (WEP) | 263 | |
Hardening WiFi Protected Access (WPA) | 266 | |
Hardening WLANS with Virtual Private Networks | 271 | |
Hardening Windows XP Wireless Clients | 271 | |
Hardening with WEP | 272 | |
Hardening with WPA Using Pre-shared Keys | 273 | |
Hardening with WPA Using RADIUS/802.1x | 274 | |
Summary | 276 | |
9 | Implementing AAA | 279 |
AAA Mechanisms | 280 | |
Remote Authentication Dial-In User Service (RADIUS) | 281 | |
Terminal Access Controller Access Control System (TACACS+) | 281 | |
Authentication and Access Control | 281 | |
AAA Authentication on IOS-Based Equipment | 282 | |
AAA Authentication on PIX Firewalls | 292 | |
Hardening Your Network with Authorization | 295 | |
Authorization on IOS-Based Devices | 295 | |
Authorization on PIX Firewalls | 297 | |
Hardening Your Network with Accounting | 300 | |
AAA Accounting on IOS-Based Equipment | 300 | |
AAA Accounting on PIX Firewalls | 301 | |
802.1x Port-Based Authentication | 302 | |
802.1x Network Device Roles | 302 | |
Configuring 802.1x Authentication for IOS-Based Switches | 304 | |
Summary | 310 | |
10 | Hardening Your Network with Network Management | 311 |
Implementing a Network Management System (NMS) | 312 | |
Fault Management | 313 | |
Configuration Management | 330 | |
Performance Management | 333 | |
Accounting or Asset Management | 335 | |
Security Management | 335 | |
Hardening Your Network Management Protocols | 335 | |
Configuring IPsec on Microsoft Windows 2000 | 336 | |
Summary | 345 | |
11 | Implementing a Secure Perimeter | 347 |
DMZ Implementation Methods | 348 | |
Using a Multi-homed Firewall for Your DMZ | 349 | |
Using Dual Firewalls for Your DMZ | 351 | |
VLANs and DMZs | 353 | |
Internet Access Module | 354 | |
Traffic Flow Through the Internet Module | 354 | |
Firewall Implementation | 356 | |
VPN/Remote Access Module | 360 | |
Remote Access VPN Termination Segment | 361 | |
Site-to-Site VPN Termination Segment | 362 | |
Dial-in Remote User Termination Segment | 362 | |
NIDS/NIPS Deployment | 362 | |
WAN Access Module | 363 | |
Extranet Access Module | 364 | |
Wireless Access Module | 365 | |
E-Commerce Access Module | 366 | |
Web Services DMZ Segment | 366 | |
Application Services DMZ Segment | 367 | |
Database Services DMZ Segment | 367 | |
Summary | 368 | |
12 | Implementing a Secure Interior | 371 |
Using Virtual LANs (VLANs) to Segment the Network | 372 | |
Trust Model Enforcement | 373 | |
Using VLANs to Isolate Systems | 375 | |
Designing the Enterprise Campus | 375 | |
Core Module | 378 | |
Server Module | 378 | |
Building Distribution Module | 379 | |
Building Access Module | 381 | |
Management Module | 381 | |
Lab Module | 382 | |
Hardening Branch/Remote Offices | 383 | |
Summary | 384 | |
Part III | Once Is Never Enough! | |
13 | Auditing: Performing a Security Review | 389 |
Reviewing Your Security Policy | 391 | |
Is Your Security Policy Being Adhered To? | 391 | |
Does Your Security Policy Address All Known Threats to Your Environment? | 393 | |
Protecting Yourself from Future Exploits | 393 | |
Do You Have Adequate Prevention Mechanisms and Enforcement of Your Security Policy? | 396 | |
Reviewing Your Security Posture | 398 | |
Auditing Your Environment | 399 | |
Performing an Internal Audit | 400 | |
Using Nmap and Nessus to Perform a Basic Security Review | 405 | |
Performing an External Audit | 422 | |
Summary | 425 | |
14 | Managing Changes to Your Environment | 427 |
Implementing Change Control | 428 | |
Defining the Change Management Team | 428 | |
The Change Planning Proces | 432 | |
The Change Management Process | 438 | |
How to Ensure a Successful Change Control Process | 443 | |
Implementing a Patch and Update Policy | 445 | |
When to Use a Workaround, Hotfix, Patch, or an Upgrade | 447 | |
Staying Informed of Workarounds, Hotfixes, Patches, and Upgrades | 448 | |
Purchasing Maintenance and Support Agreements | 449 | |
Defining a Change Control Patch Policy | 450 | |
Writing Patch and Update Procedures | 451 | |
Changing the System Image | 452 | |
Changing the System Configuration | 464 | |
Changing the Application | 472 | |
Summary | 472 | |
Part IV | How to Succeed at Hardening Your Network Infrastructure | |
15 | Setting Perceptions and Justifying the Cost of Security | 477 |
Setting Perceptions and Expectations | 478 | |
Setting User Perceptions and Expectations | 479 | |
Setting Management Perceptions and Expectations | 485 | |
Justifying the Cost of Security | 488 | |
Risk Analysis | 488 | |
Summary | 497 | |
16 | Addressing Staffing and Training Issues | 499 |
Staffing Issues | 500 | |
Increasing Staff Headcount | 500 | |
Utilizing Contractors | 501 | |
O
From the B&N Reads Blog
Page 1 of
Related SubjectsCustomer Reviews |