Network Security First-Step
Tom Thomas, Donald Stoddard (Paperback)
Ej i detta bibliotek
Kategori:
(Pubds)
Beskrivande text
Network Security first-step Second Edition Tom Thomas and Donald Stoddard Your first step into the world of network security - No security experience required
- Includes clear and easily understood explanations
- Makes learning easy
Your first step to network security begins here! - Learn how hacker attacks work, from start to finish
- Choose the right security solution for each type of risk
- Create clear and enforceable security policies, and keep them up to date
- Establish reliable processes for responding to security advisories
- Use encryption effectively, and recognize its limitations
- Secure your network with firewalls, routers, and other devices
- Prevent attacks aimed at wireless networks
No security experience required! Computer networks are indispensible, but they also are not secure. With the proliferation of security threats, many people and companies are looking for ways to increase the security of their networks and data. Before you can effectively implement security technologies and techniques, you need to make sense of this complex and quickly evolving world of hackers and malware, as well as the tools to combat them. Network Security First-Step, Second Edition explains the basics of network security in easy-to-grasp language that all of us can understand. This book takes you on a guided tour of the core technologies that make up and control network security. Whether you are looking to take your first step into a career in network security or simply are interested in gaining knowledge of the technology, this book is for you!
Introduction xxii Chapter 1 There Be Hackers Here! 1 Essentials First: Looking for a Target 2 Hacking Motivations 3 Targets of Opportunity 4 Are You a Target of Opportunity? 6 Targets of Choice 7 Are You a Target of Choice? 7 The Process of an Attack 9 Reconnaissance 9 Footprinting (aka Casing the Joint) 11 Scanning 18 Enumeration 23 Enumerating Windows 24 Gaining Access 26 Operating System Attacks 27 Application Attacks 27 Misconfiguration Attacks 28 Scripted Attacks 29 Escalating Privilege 30 Covering Tracks 31 Where Are Attacks Coming From? 32 Common Vulnerabilities, Threats, and Risks 33 Overview of Common Attacks and Exploits 36 Network Security Organizations 39 CERT Coordination Center 40 SANS 40 Center for Internet Security (CIS) 40 SCORE 41 Internet Storm Center 41 National Vulnerability Database 41 Security Focus 42 Learning from the Network Security Organizations 42 Chapter Summary 43 Chapter Review 43 Chapter 2 Security Policies 45 Responsibilities and Expectations 50 A Real-World Example 50 Who Is Responsible? You Are! 50 Legal Precedence 50 Internet Lawyers 51 Evolution of the Legal System 51 Criminal Prosecution 52 Real-World Example 52 Individuals Being Prosecuted 53 International Prosecution 53 Corporate Policies and Trust 53 Relevant Policies 54 User Awareness Education 54 Coming to a Balance 55 Corporate Policies 55 Acceptable Use Policy 57 Policy Overview 57 Purpose 58 Scope 58 General Use and Ownership 58 Security and Proprietary Information 59 Unacceptable Use 60 System and Network Activities 61 Email and Communications Activities 62 Enforcement 63 Conclusion 63 Password Policy 64 Overview 64 Purpose 64 Scope 64 General Policy 65 General Password Construction Guidelines 66 Password Protection Standards 67 Enforcement 68 Conclusion 68 Virtual Private Network (VPN) Security Policy 69 Purpose 69 Scope 69 Policy 70 Conclusion 71 Wireless Communication Policy 71 Scope 72 Policy Statement 72 General Network Access Requirements 72 Lab and Isolated Wireless Device Requirements 72 Home Wireless Device Requirements 73 Enforcement 73 Definitions 73 Revision History 73 Extranet Connection Policy 74 Purpose 74 Scope 74 Security Review 75 Third-Party Connection Agreement 75 Business Case 75 Point of Contact 75 Establishing Connectivity 75 Modifying or Changing Connectivity and Access 76 Terminating Access 76 Conclusion 76 ISO Certification and Security 77 Delivery 77 ISO/IEC 27002 78 Sample Security Policies on the Internet 79 Industry Standards 79 Payment Card Industry Data Security Standard (PCI DSS) 80 Sarbanes-Oxley Act of 2002 (SOX) 80 Health Insurance Portability and Accounting Act (HIPAA) of 1996 81 Massachusetts 201: Standards for the Protection of Personal Information of Residents of the Commonwealth 81 SAS 70 Series 82 Chapter Summary 82 Chapter Review 83 Chapter 3 Processes and Procedures 85 Security Advisories and Alerts: Getting the Intel You Need to Stay Safe 86 Responding to Security Advisories 87 Step 1: Awareness 88 Step 2: Incident Response 90 Step 3: Imposing Your Will 95 Steps 4 and 5: Handling Network Software Updates (Best Practices) 96 Industry Best Practices 98 Use a Change Control Process 98 Read All Related Materials 98 Apply Updates as Needed 99 Testing 99 Uninstall 99 Consistency 99 Backup and Scheduled Downtime 100 Have a Back-Out Plan 100 Forewarn Helpdesk and Key User Groups 100 Donít Get More Than Two Service Packs Behind 100 Target Noncritical Servers/Users First 100 Service Pack Best Practices 101 Hotfix Best Practices 101 Service Pack Level Consistency 101 Latest Service Pack Versus Multiple Hotfixes 101 Security Update Best Practices 101 Apply Admin Patches to Install Build Areas 102 Apply Only on Exact Match 102 Subscribe to Email Notification 102 Summary 102 Chapter Review and Questions 104 Chapter 4 Network Security Standards and Guidelines 105 Cisco SAFE 2.0 106 Overview 106 Purpose 106 Cisco Validated Design Program 107 Branch/WAN Design Zone Guides 107 Campus Design Zone Guides 107 Data Center Design Zone Guides 108 Security Design Zone Guides 109 Cisco Best Practice Overview and Guidelines 110 Basic Cisco IOS Best Practices 110 Secure Your Passwords 110 Limit Administrative Access 111 Limit Line Access Controls 111 Limit Access to Inbound and Outbound Telnet (aka vty Port) 112 Establish Session Timeouts 113 Make Room Redundancy 113 Protect Yourself from Common Attacks 114 Firewall/ASAs 115 Encrypt Your Privileged User Account 115 Limit Access Control 116 Make Room for Redundant Systems 116 General Best Practices 117 Configuration Guides 117 Intrusion Prevention System (IPS) for IOS 117 NSA Security Configuration Guides 118 Cisco Systems 119 Switches Configuration Guide 119 VoIP/IP Telephony Security Configuration Guides 119 Microsoft Windows 119 Microsoft Windows Applications 120 Microsoft Windows 7/Vista/Server 2008 120 Microsoft Windows XP/Server 2003 121 Apple 121 Microsoft Security 121 Security Policies 121 Microsoft Windows XP Professional 122 Microsoft Windows Server 2003 122 Microsoft Windows 7 122 Windows Server 2008 123 Microsoft Security Compliance Manager 124 Chapter Summary 125 Chapter Link Toolbox Summary 125 Chapter 5 Overview of Security Technologies 127 Security First Design Concepts 128 Packet Filtering via ACLs 131 Grocery List Analogy 132 Limitations of Packet Filtering 136 Stateful Packet Inspection 136 Detailed Packet Flow Using SPI 138 Limitations of Stateful Packet Inspection 139 Network Address Translation (NAT) 140 Increasing Network Security 142 NATís Limitations 143 Proxies and Application-Level Protection 144 Limitations of Proxies 146 Content Filters 147 Limitations of Content Filtering 150 Public Key Infrastructure 150 PKIís Limitations 151 Reputation-Based Security 152 Reactive Filtering Canít Keep Up 154 Cisco Web Reputation Solution 155 AAA Technologies 156 Authentication 156 Authorization 157 Accounting 157 Remote Authentication Dial-In User Service (RADIUS) 158 Terminal Access Controller Access Control System (TACACS) 159 TACACS+ Versus RADIUS 160 Two-Factor Authentication/Multifactor Authentication 161 IEEE 802.1x: Network Access Control (NAC) 162 Network Admission Control 163 Cisco TrustSec 164 Solution Overview 164 Cisco Identity Services Engine 166 Chapter Summary 168 Chapter Review Questions 168 Chapter 6 Security Protocols 169 Triple DES Encryption 171 Encryption Strength 171 Limitations of 3DES 172 Advanced Encryption Standard (AES) 172 Different Encryption Strengths 173 Limitations of AES 173 Message Digest 5 Algorithm 173 MD5 Hash in Action 175 Secure Hash Algorithm (SHA Hash) 175 Types of SHA 176 SHA-1 176 SHA-2 176 Point-to-Point Tunneling Protocol (PPTP) 177 PPTP Functionality 177 Limitations of PPTP 178 Layer 2 Tunneling Protocol (L2TP) 179 L2TP Versus PPTP 180 Benefits of L2TP 180 L2TP Operation 181 Secure Shell (SSH) 182 SSH Versus Telnet 184 SSH Operation 186 Tunneling and Port Forwarding 187 Limitations of SSH 188 SNMP v3 188 Security Built In 189 Chapter Summary 192 Chapter Review Questions 192 Chapter 7 Firewalls 193 Firewall Frequently Asked Questions 194 Who Needs a Firewall? 195 Why Do I Need a Firewall? 195 Do I Have Anything Worth Protecting? 195 What Does a Firewall Do? 196 Firewalls Are ìThe Security Policyî 197 We Do Not Have a Security Policy 200 Firewall Operational Overview 200 Firewalls in Action 202 Implementing a Firewall 203 Determine the Inbound Access Policy 205 Determine Outbound Access Policy 206 Essentials First: Life in the DMZ 206 Case Studies 208 Case Study: To DMZ or Not to DMZ? 208 Firewall Limitations 214 Chapter Summary 215 Chapter Review Questions 216 Chapter 8 Router Security 217 Edge Router as a Choke Point 221 Limitations of Choke Routers 223 Routers Running Zone Based Firewall 224 Zone-Based Policy Overview 225 Zone-Based Policy Configuration Model 226 Rules for Applying Zone-Based Policy Firewall 226 Designing Zone-Based Policy Network Security 227 Using IPsec VPN with Zone-Based Policy Firewall 228 Intrusion Detection with Cisco IOS 229 When to Use the FFS IDS 230 FFS IDS Operational Overview 231 FFS Limitations 233 Secure IOS Template 234 Routing Protocol Security 251 OSPF Authentication 251 Benefits of OSPF Neighbor Authentication 252 When to Deploy OSPF Neighbor Authentication 252 How OSPF Authentication Works 253 Chapter Summary 254 Chapter Review Questions 255 Chapter 9 IPsec Virtual Private Networks (VPNs) 257 Analogy: VPNs Securely Connect IsLANds 259 VPN Overview 261 VPN Benefits and Goals 263 VPN Implementation Strategies 264 Split Tunneling 265 Overview of IPsec VPNs 265 Authentication and Data Integrity 268 Tunneling Data 269 VPN Deployment with Layered Security 270 IPsec Encryption Modes 271 IPsec Tunnel Mode 271 Transport Mode 272 IPsec Family of Protocols 272 Security Associations 273 ISAKMP Overview 273 Internet Key Exchange (IKE) Overview 274 IKE Main Mode 274 IKE Aggressive Mode 275 IPsec Security Association (IPsec SA) 275 IPsec Operational Overview 276 IKE Phase 1 277 IKE Phase 2 278 Perfect Forward Secrecy 278 Diffie-Hellman Algorithm 279 Router Configuration as VPN Peer 281 Configuring ISAKMP 281 Preshared Keys 282 Configuring the ISAKMP Protection Suite 282 Configuring the ISAKMP Key 283 Configuring IPsec 284 Step 1: Create the Extended ACL 284 Step 2: Create the IPsec Transforms 284 Step 3: Create the Crypto Map 285 Step 4: Apply the Crypto Map to an Interface 286 Firewall VPN Configuration for Client Access 286 Step 1: Define Interesting Traffic 288 Step 2: IKE Phase 1[udp port 500] 288 Step 3: IKE Phase 2 288 Step 4: Data Transfer 289 Step 5: Tunnel Termination 289 SSL VPN Overview 289 Comparing SSL and IPsec VPNs 290 Which to Deploy: Choosing Between IPsec and SSL VPNs 292 Remote-Access VPN Security Considerations 293 Steps to Securing the Remote-Access VPN 294 Cisco AnyConnect VPN Secure Mobility Solution 295 Chapter Summary 296 Chapter Review Questions 297 Chapter 10 Wireless Security 299 Essentials First: Wireless LANs 301 What Is Wi-Fi? 302 Benefits of Wireless LANs 303 Wireless Equals Radio Frequency 303 Wireless Networking 304 Modes of Operation 305 Coverage 306 Bandwidth Availability 307 WarGames Wirelessly 307 Warchalking 308 Wardriving 309 Warspamming 311 Warspying 312 Wireless Threats 312 Sniffing to Eavesdrop and Intercept Data 313 Denial-of-Service Attacks 315 Rogue/Unauthorized Access Points 316 Misconfiguration and Bad Behavior 317 AP Deployment Guidelines 317 Wireless Security 318 Service Set Identifier (SSID) 318 Device and Access Point Association 319 Wired Equivalent Privacy (WEP) 319 WEP Limitations and Weaknesses 320 MAC Address Filtering 320 Extensible Authentication Protocol (EAP) 321 LEAP 322 EAP-TLS 322 EAP-PSK 323 EAP-TTLS 323 Essential Wireless Security 323 Essentials First: Wireless Hacking Tools 325 NetStumbler 325 Wireless Packet Sniffers 326 Aircrack-ng 327 OmniPeek 327 Wireshark 329 Chapter Summary 329 Chapter Review Questions 330 Chapter 11 Intrusion Detection and Honeypots 331 Essentials First: Intrusion Detection 333 IDS Functional Overview 335 Host Intrusion Detection System 340 Network Intrusion Detection System 341 Wireless IDS 343 Network Behavior Analysis 344 How Are Intrusions Detected? 345 Signature or Pattern Detection 346 Anomaly-Based Detection 346 Stateful Protocol Analysis 347 Combining Methods 347 Intrusion Prevention 347 IDS Products 348 Snort! 348 Limitations of IDS 350 Essentials First: Honeypots 354 Honeypot Overview 354 Honeypot Design Strategies 356 Honeypot Limitations 357 Chapter Summary 357 Chapter Review Questions 357 Chapter 12 Tools of the Trade 359 Essentials First: Vulnerability Analysis 361 Fundamental Attacks 361 IP Spoofing/Session Hijacking 362 Packet Analyzers 363 Denial of Service (DoS) Attacks 363 Other Types of Attacks 366 Back Doors 368 Security Assessments and Penetration Testing 370 Internal Vulnerability and Penetration Assessment 370 Assessment Methodology 371 External Penetration and Vulnerability Assessment 371 Assessment Methodology 372 Physical Security Assessment 373 Assessment Methodology 373 Miscellaneous Assessments 374 Assessment Providers 375 Security Scanners 375 Features and Benefits of Vulnerability Scanners 376 Freeware Security Scanners 376 Metasploit 376 NMAP 376 SAINT 377 Nessus 377 Retina Version 5.11.10 380 CORE IMPACT Pro (a Professional Penetration Testing Product) 382 In Their Own Words 383 Scan and Detection Accuracy 384 Documentation 384 Documentation and Support 386 Vulnerability Updates 386 Chapter Summary 386 Chapter Review Questions 387 Appendix A Answers to Review Questions 389 9781587204104 TOC 11/30/2011
|