end-to-end network security - defense-in-depth

469 529 0
end-to-end network security - defense-in-depth

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

[...]... the network during normal operations or during the course of a security incident or an anomaly in the network xxiii Part III, Defense-In-Depth Applied,” includes: • Chapter 8, “Wireless Security. ” When designing and deploying wireless networks, it is important to consider the unique security challenges that can be inherited This chapter includes best practices to use when deploying wireless networks... Chapter 12 The following is a chapter-by-chapter summary of the contents of the book Part I, “Introduction to Network Security Solutions,” includes: • Chapter 1, “Overview of Network Security Technologies.” This chapter covers an introduction to security technologies and products It starts with an overview of how to place firewalls to provide perimeter security and network segmentation while enforcing... their corporate network Figure 1-5 illustrates a site-to-site IPsec tunnel between two sites (corporate headquarters and a branch office), as well as a remote access VPN from a telecommuter working from home Figure 1-5 Site-to-Site and Remote Access VPN Example Corporate Headquarters IP se c Tu n ne l Branch Office Internet IPsec Tunnel Cisco ASAs are used in the example shown in Figure 1-5 The Cisco ASA... President World Wide Security Practice Cisco xx Introduction The network security lifecycle requires specialized support and a commitment to best practice standards In this book, you will learn best practices that draw upon disciplined processes, frameworks, expert advice, and proven technologies that will help you protect your infrastructure and organization You will learn end-to-end security best practices,... Access (CLI Views) Anomaly Detection Zones 198 Network Device Virtualization 198 Segmentation with VLANs 199 Segmentation with Firewalls 200 Segmentation with VRF/VRF-Lite 200 Policy Enforcement 202 Visualization Techniques Summary 207 203 195 197 191 xiv Part III Defense-In-Depth Applied 209 Chapter 8 Wireless Security 211 Overview of Cisco Unified Wireless Network Architecture 212 Authentication and... Wireless Users 216 WEP 216 WPA 218 802.1x on Wireless Networks 219 EAP with MD5 221 Cisco LEAP 222 EAP-TLS 223 PEAP 223 EAP Tunneled TLS Authentication Protocol (EAP-TTLS) 224 EAP-FAST 224 EAP-GTC 225 Configuring 802.1x with EAP-FAST in the Cisco Unified Wireless Solution Configuring the WLC 226 Configuring the Cisco Secure ACS Server for 802.1x and EAP-FAST 229 Configuring the CSSC 233 Lightweight Access... to Network Security Solutions Chapter 1 Overview of Network Security Technologies This chapter covers the following topics: • • • • • • • Firewalls Virtual Private Networks (VPN) Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) Anomaly Detection Systems Authentication, Authorization, and Accounting (AAA) and Identity Management Network Admission Control Routing Mechanisms as Security. .. important for all network security professionals This knowledge will help them to configure and manage the security of their networks accurately and effectively TIP Several network firewall solutions offer user and application policy enforcement that provides multivector attack protection for different types of security threats They often provide logging capabilities that allow the security administrators... Configuring Basic Network Address Translation (NAT) Configuring Site-to-Site VPN 377 Case Study of a Medium-Sized Enterprise 389 Protecting the Internet Edge Routers 391 Configuring the AIP-SSM on the Cisco ASA 391 Configuring Active-Standby Failover on the Cisco ASA Configuring AAA on the Infrastructure Devices 400 376 394 Case Study of a Large Enterprise 401 Creating a New Computer Security Incident... sinkholes that are used to increase the security of the network and to react to new threats Part II, Security Lifecycle: Frameworks and Methodologies,” includes: • Chapter 2, “Preparation Phase.” This chapter covers numerous best practices on how to better prepare your network infrastructure, security policies, procedures, and organization as a whole against security threats and vulnerabilities This . Street Indianapolis, Indiana 46240 USA Cisco Press End-to-End Network Security Defense-in-Depth Omar Santos ii End-to-End Network Security Defense-in-Depth Omar Santos Copyright© 2008 Cisco Systems,. Congress Cataloging-in-Publication Data: Santos, Omar. End-to-end network security : defense-in-depth / Omar Santos. p. cm. ISBN 97 8-1 -5 870 5-3 3 2-0 (pbk.) 1. Computer networks Security measures 005.8—dc22 2007028287 ISBN-10: 1-5 870 5-3 3 2-2 ISBN-13: 97 8-1 -5 870 5-3 3 2-0 Warning and Disclaimer This book is designed to provide information about end-to-end network security. Every effort has

Ngày đăng: 25/03/2014, 11:14

Từ khóa liên quan

Mục lục

  • End-to-End Network Security

    • Contents

    • Foreword

    • Introduction

    • Part I: Introduction to Network Security Solutions

      • Chapter 1 Overview of Network Security Technologies

        • Firewalls

        • Virtual Private Networks (VPN)

        • Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

        • Anomaly Detection Systems

        • Authentication, Authorization, and Accounting (AAA) and Identity Management

        • Network Admission Control

        • Routing Mechanisms as Security Tools

        • Summary

    • Part II: Security Lifestyle: Frameworks and Methodologies

      • Chapter 2 Preparation Phase

        • Risk Analysis

        • Social Engineering

        • Security Intelligence

        • Creating a Computer Security Incident Response Team (CSIRT)

        • Building Strong Security Policies

        • Infrastructure Protection

        • Endpoint Security

        • Network Admission Control

        • Summary

      • Chapter 3 Identifying and Classifying Security Threats

        • Network Visibility

        • Telemetry and Anomaly Detection

        • Intrusion Detection and Intrusion Prevention Systems (IDS/IPS)

        • Summary

      • Chapter 4 Traceback

        • Traceback in the Service Provider Environment

        • Traceback in the Enterprise

        • Summary

      • Chapter 5 Reacting to Security Incidents

        • Adequate Incident-Handling Policies and Procedures

        • Laws and Computer Crimes

        • Security Incident Mitigation Tools

        • Forensics

        • Summary

      • Chapter 6 Postmortem and Improvement

        • Collected Incident Data

        • Root-Cause Analysis and Lessons Learned

        • Building an Action Plan

        • Summary

      • Chapter 7 Proactive Security Framework

        • SAVE Versus ITU-T X.805

        • Identity and Trust

        • Visibility

        • Correlation

        • Instrumentation and Management

        • Isolation and Virtualization

        • Policy Enforcement

        • Visualization Techniques

        • Summary

    • Part III: Defense-In-Depth Applied

      • Chapter 8 Wireless Security

        • Overview of Cisco Unified Wireless Network Architecture

        • Authentication and Authorization of Wireless Users

        • Lightweight Access Point Protocol (LWAPP)

        • Wireless Intrusion Prevention System Integration

        • Management Frame Protection (MFP)

        • Precise Location Tracking

        • Network Admission Control (NAC) in Wireless Networks

        • Summary

      • Chapter 9 IP Telephony Security

        • Protecting the IP Telephony Infrastructure

        • Securing the IP Telephony Applications

        • Protecting Against Eavesdropping Attacks

        • Summary

      • Chapter 10 Data Center Security

        • Protecting the Data Center Against Denial of Service (DoS) Attacks and Worms

        • Data Center Segmentation and Tiered Access Control

        • Deploying Network Intrusion Detection and Prevention Systems

        • Deploying the Cisco Security Agent (CSA) in the Data Center

        • Summary

      • Chapter 11 IPv6 Security

        • Reconnaissance

        • Filtering in IPv6

        • Spoofing

        • Header Manipulation and Fragmentation

        • Broadcast Amplification or Smurf Attacks

        • IPv6 Routing Security

        • IPsec and IPv6

        • Summary

    • Part IV Case Studies

      • Chapter 12 Case Studies

        • Case Study of a Small Business

        • Case Study of a Medium-Sized Enterprise

        • Case Study of a Large Enterprise

        • Summary

    • Index

      • A

      • B

      • C

      • D

      • E

      • F

      • G

      • H

      • I

      • L

      • M

      • N

      • O

      • P

      • Q

      • R

      • S

      • T

      • U

      • V

      • W

      • Z

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan