5
1
Paperback
$49.00
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
49.0
In Stock
Overview
Shows network administrators and IT pros how to harden their network infrastructure against hackers.
Product Details
| ISBN-13: | 9780072255027 |
|---|---|
| Publisher: | McGraw-Hill/Osborne Media |
| Publication date: | 05/06/2004 |
| Series: | Hardening |
| Pages: | 580 |
| Product dimensions: | 7.50(w) x 9.13(h) x 1.24(d) |
Table of Contents
| Foreword | xv | |
| Acknowledgments | xvii | |
| Introduction | xix | |
| Part I | Do This Now! | |
| 1 | Do These Six Things Before You Do Anything Else | 3 |
| Review Your Network Design | 5 | |
| Implement a Firewall | 9 | |
| Application Proxies | 10 | |
| Stateful Packet-Inspecting/Filtering Gateways | 10 | |
| Hybrid Firewalls | 10 | |
| Which Firewall Should You Implement? | 10 | |
| Implement Access Control Lists | 11 | |
| Turn Off Unnecessary Features and Services | 12 | |
| Implement Virus Protection | 12 | |
| Secure Your Wireless Connections | 14 | |
| Summary | 14 | |
| Part II | Take It from the Top: The Systematic Hardening Process | |
| 2 | Write a Security Policy | 19 |
| The Role of a Security Policy | 20 | |
| The Purpose of a Security Policy | 22 | |
| Security Policy Components | 23 | |
| Where to Start? | 23 | |
| The Characteristics of a Good Security Policy | 27 | |
| Security Policy Recommendations | 30 | |
| Encryption Policy | 30 | |
| Analog/ISDN Policy | 30 | |
| Antivirus Policy | 30 | |
| Audit, Vulnerability Assessment, and Risk Assessment Policy | 31 | |
| Dial-in Policy | 31 | |
| DMZ Policy | 31 | |
| Extranet Policy | 31 | |
| Wireless Communications Policy | 32 | |
| VPN Policy | 32 | |
| Firewall Security Policy | 32 | |
| Router and Switch Security Policy | 33 | |
| Remote Access Policy | 33 | |
| Password Policy | 33 | |
| Intrusion Detection/Prevention System Policy | 34 | |
| Content-Filtering/Internet Policy | 34 | |
| Enterprise-Monitoring Policy | 34 | |
| Acceptable-Use Policy | 35 | |
| Network Connection Policy | 35 | |
| Network Documentation Policy | 35 | |
| Why Security Policies Fail and How to Ensure Yours Won't | 35 | |
| Security Is Viewed as a Barrier to Progress | 36 | |
| Security Is a Learned Behavior | 36 | |
| Security Is Rife with Unexpected Events and Occurrences | 36 | |
| Your Security Policy Is Never Finished | 37 | |
| Preventing the Failure | 37 | |
| Summary | 37 | |
| 3 | Hardening Your Firewall | 39 |
| Hardware-Based and Software-Based Firewalls | 40 | |
| Hardening Remote Administration | 41 | |
| Implementing Authentication and Authorization | 48 | |
| Hardening the Underlying Operating System | 50 | |
| Hardening Firewall Services and Protocols | 51 | |
| Using Redundancy to Harden Your Firewall | 64 | |
| Hardening Routing Protocols | 66 | |
| Summary | 71 | |
| 4 | Hardening Your Network with Intrusion Detection and Prevention | 73 |
| IDS/IPS Technologies | 74 | |
| Host-Based Intrusion Detection/Prevention | 75 | |
| Network-Based Intrusion Detection/Prevention | 76 | |
| IDS/IPS Components | 77 | |
| IDS/IPS Device Hardening | 78 | |
| Hardening PureSecure on Microsoft Windows | 78 | |
| Hardening Cisco IDS | 81 | |
| IDS/IPS Deployments | 83 | |
| Detection vs. Prevention | 84 | |
| Sensor Placement | 85 | |
| Sensor Placement in a Switched Network Infrastructure | 86 | |
| IDS/IPS Tuning | 87 | |
| Tuning PureSecure Sensors | 88 | |
| Tuning Cisco IDS Sensors | 90 | |
| IDS/IPS Logging, Alerting, and Blocking | 94 | |
| Logging with PureSecure | 95 | |
| Logging with Cisco IDS | 96 | |
| Alerting with PureSecure | 98 | |
| Alerting with Cisco IDS | 99 | |
| Blocking Traffic Using Cisco IDS and Cisco PIX Firewalls | 103 | |
| Summary | 104 | |
| 5 | Hardening VPN and Dial-in Remote Access | 105 |
| Hardening VPN Connectivity | 106 | |
| Different VPN Connection Types and Technologies | 107 | |
| VPN Device-Hardening Methods | 110 | |
| Hardening IPsec-Based VPNs | 135 | |
| Hardening VPN Clients | 150 | |
| Hardening Dial-in Remote Access | 151 | |
| Summary | 153 | |
| 6 | Hardening Your Routers and Switches | 155 |
| Hardening Management Access | 156 | |
| Securing Console Access | 157 | |
| Securing VTY Access | 158 | |
| Securing Web-Based Management Access | 161 | |
| Securing Auxiliary Access | 161 | |
| Securing Privileged Mode Access | 162 | |
| Implementing Usernames and AAA | 163 | |
| Implementing Banners | 164 | |
| Hardening Services and Features | 164 | |
| Cisco Discovery Protocol (CDP) | 165 | |
| TCP and UDP Small Servers | 165 | |
| finger | 166 | |
| Network Time Protocol (NTP) | 166 | |
| bootp Server | 167 | |
| Dynamic Host Configuration Protocol (DHCP) | 167 | |
| Configuration Autoloading | 168 | |
| Name Resolution | 168 | |
| Proxy ARP | 169 | |
| Directed Broadcasts | 169 | |
| IP Source Routing | 169 | |
| ICMP Redirects, Unreachables, and Mask Replies | 170 | |
| syslog | 170 | |
| Simple Network Management Protocol (SNMP) | 171 | |
| Implementing Loopback Address | 173 | |
| Disabling Unused Interfaces | 174 | |
| Configuring Core Dumps | 175 | |
| Hardening Router Technologies | 175 | |
| Implementing Redundancy | 175 | |
| Hardening Routing Protocols | 176 | |
| Implementing Traffic Management | 181 | |
| Implementing IPsec | 191 | |
| Hardening Switch Technologies | 194 | |
| Hardening VLANs | 194 | |
| Hardening Services and Features | 198 | |
| Summary | 204 | |
| 7 | Securing the Network with Content Filters | 205 |
| Internet Content Filtering Architectures | 207 | |
| Client-Based Content Filtering | 207 | |
| Server-Based Content Filtering | 207 | |
| Gateway-Based Content Filtering | 210 | |
| Internet Content Filtering | 211 | |
| Misuse of Resources | 211 | |
| Preserving Network Bandwidth | 211 | |
| Hostile Work Environment | 211 | |
| Hostile Web Code (Java/ActiveX Applets) | 212 | |
| Implementing Content Filtering | 212 | |
| E-mail Content Filtering | 234 | |
| Implementing Virus Protection | 235 | |
| Filtering Attachments | 236 | |
| Implementing Content Filtering | 237 | |
| Implementing Spam Control | 238 | |
| Summary | 239 | |
| 8 | Hardening Wireless LAN Connections | 241 |
| Banning WLANs Without IT/Management Approval | 242 | |
| Preventing Rogue APs | 242 | |
| Implementing WLAN Discovery Procedures | 244 | |
| Removing Rogue WAPs | 248 | |
| Hardening Wireless Access Points | 248 | |
| Hardening Remote Administration | 249 | |
| Securely Configuring the Service Set Identifier (SSID) | 252 | |
| Configuring Logging | 255 | |
| Hardening Services | 255 | |
| Restricting Wireless Mode | 258 | |
| Using MAC Address Filtering | 259 | |
| Hardening Wireless LAN Connections | 262 | |
| Hardening Wired Equivalent Privacy (WEP) | 263 | |
| Hardening WiFi Protected Access (WPA) | 266 | |
| Hardening WLANS with Virtual Private Networks | 271 | |
| Hardening Windows XP Wireless Clients | 271 | |
| Hardening with WEP | 272 | |
| Hardening with WPA Using Pre-shared Keys | 273 | |
| Hardening with WPA Using RADIUS/802.1x | 274 | |
| Summary | 276 | |
| 9 | Implementing AAA | 279 |
| AAA Mechanisms | 280 | |
| Remote Authentication Dial-In User Service (RADIUS) | 281 | |
| Terminal Access Controller Access Control System (TACACS+) | 281 | |
| Authentication and Access Control | 281 | |
| AAA Authentication on IOS-Based Equipment | 282 | |
| AAA Authentication on PIX Firewalls | 292 | |
| Hardening Your Network with Authorization | 295 | |
| Authorization on IOS-Based Devices | 295 | |
| Authorization on PIX Firewalls | 297 | |
| Hardening Your Network with Accounting | 300 | |
| AAA Accounting on IOS-Based Equipment | 300 | |
| AAA Accounting on PIX Firewalls | 301 | |
| 802.1x Port-Based Authentication | 302 | |
| 802.1x Network Device Roles | 302 | |
| Configuring 802.1x Authentication for IOS-Based Switches | 304 | |
| Summary | 310 | |
| 10 | Hardening Your Network with Network Management | 311 |
| Implementing a Network Management System (NMS) | 312 | |
| Fault Management | 313 | |
| Configuration Management | 330 | |
| Performance Management | 333 | |
| Accounting or Asset Management | 335 | |
| Security Management | 335 | |
| Hardening Your Network Management Protocols | 335 | |
| Configuring IPsec on Microsoft Windows 2000 | 336 | |
| Summary | 345 | |
| 11 | Implementing a Secure Perimeter | 347 |
| DMZ Implementation Methods | 348 | |
| Using a Multi-homed Firewall for Your DMZ | 349 | |
| Using Dual Firewalls for Your DMZ | 351 | |
| VLANs and DMZs | 353 | |
| Internet Access Module | 354 | |
| Traffic Flow Through the Internet Module | 354 | |
| Firewall Implementation | 356 | |
| VPN/Remote Access Module | 360 | |
| Remote Access VPN Termination Segment | 361 | |
| Site-to-Site VPN Termination Segment | 362 | |
| Dial-in Remote User Termination Segment | 362 | |
| NIDS/NIPS Deployment | 362 | |
| WAN Access Module | 363 | |
| Extranet Access Module | 364 | |
| Wireless Access Module | 365 | |
| E-Commerce Access Module | 366 | |
| Web Services DMZ Segment | 366 | |
| Application Services DMZ Segment | 367 | |
| Database Services DMZ Segment | 367 | |
| Summary | 368 | |
| 12 | Implementing a Secure Interior | 371 |
| Using Virtual LANs (VLANs) to Segment the Network | 372 | |
| Trust Model Enforcement | 373 | |
| Using VLANs to Isolate Systems | 375 | |
| Designing the Enterprise Campus | 375 | |
| Core Module | 378 | |
| Server Module | 378 | |
| Building Distribution Module | 379 | |
| Building Access Module | 381 | |
| Management Module | 381 | |
| Lab Module | 382 | |
| Hardening Branch/Remote Offices | 383 | |
| Summary | 384 | |
| Part III | Once Is Never Enough! | |
| 13 | Auditing: Performing a Security Review | 389 |
| Reviewing Your Security Policy | 391 | |
| Is Your Security Policy Being Adhered To? | 391 | |
| Does Your Security Policy Address All Known Threats to Your Environment? | 393 | |
| Protecting Yourself from Future Exploits | 393 | |
| Do You Have Adequate Prevention Mechanisms and Enforcement of Your Security Policy? | 396 | |
| Reviewing Your Security Posture | 398 | |
| Auditing Your Environment | 399 | |
| Performing an Internal Audit | 400 | |
| Using Nmap and Nessus to Perform a Basic Security Review | 405 | |
| Performing an External Audit | 422 | |
| Summary | 425 | |
| 14 | Managing Changes to Your Environment | 427 |
| Implementing Change Control | 428 | |
| Defining the Change Management Team | 428 | |
| The Change Planning Proces | 432 | |
| The Change Management Process | 438 | |
| How to Ensure a Successful Change Control Process | 443 | |
| Implementing a Patch and Update Policy | 445 | |
| When to Use a Workaround, Hotfix, Patch, or an Upgrade | 447 | |
| Staying Informed of Workarounds, Hotfixes, Patches, and Upgrades | 448 | |
| Purchasing Maintenance and Support Agreements | 449 | |
| Defining a Change Control Patch Policy | 450 | |
| Writing Patch and Update Procedures | 451 | |
| Changing the System Image | 452 | |
| Changing the System Configuration | 464 | |
| Changing the Application | 472 | |
| Summary | 472 | |
| Part IV | How to Succeed at Hardening Your Network Infrastructure | |
| 15 | Setting Perceptions and Justifying the Cost of Security | 477 |
| Setting Perceptions and Expectations | 478 | |
| Setting User Perceptions and Expectations | 479 | |
| Setting Management Perceptions and Expectations | 485 | |
| Justifying the Cost of Security | 488 | |
| Risk Analysis | 488 | |
| Summary | 497 | |
| 16 | Addressing Staffing and Training Issues | 499 |
| Staffing Issues | 500 | |
| Increasing Staff Headcount | 500 | |
| Utilizing Contractors | 501 | |
| O
From the B&N Reads Blog
Page 1 of
Related SubjectsCustomer Reviews |