Cisco Network Security (Hardcover)

James Pike

  • 出版商: Prentice Hall
  • 出版日期: 2001-09-06
  • 定價: $1,650
  • 售價: 6.0$990
  • 語言: 英文
  • 頁數: 320
  • 裝訂: Hardcover
  • ISBN: 0130915181
  • ISBN-13: 9780130915184
  • 相關分類: Cisco資訊安全
  • 立即出貨(限量) (庫存=4)

買這商品的人也買了...

商品描述

The practical, authoritative Cisco network security implementation guide!

Finally, there's a single source for practical, hands-on guidance on implementing and configuring the most important elements of Cisco network security!

Leading network security consultant James Pike offers step-by-step guidance for implementing and configuring key Cisco security products-including in-depth guidance on using PIX firewalls. Coverage includes:

  • Essential Cisco security terminology, technologies, and design criteria
  • Comprehensive, start-to-finish techniques for deploying IPSec security in VPN environments
  • Easy to understand introductions to Cisco Secure IDS/Net Ranger intrusion detection, Cisco Secure Scanner/NetSonar scanning, and Cisco Secure Access Control System access control

No other book brings together this much Cisco security information: step-by-step tutorials, in-depth reference material, critical data for configuration, and expert guidance for decision making. Whatever your role in securing Cisco networks, Cisco Network Security will instantly become your #1 resource.

Table of Contents

1. Understanding Security Risk and Threats.

Technology Weaknesses. Protocol. Operating Systems. Networking Equipment. Firewall “Holes” . Configuration Weaknesses. Policy Weaknesses. Sources of Security Threats. Thrill Seekers and Adventurers. Competitors. Thieves. Enemies or Spies. Hostile Employees. Hostile Former Employer. Other Employee Sources. Threats to Network Security. Electronic Eavesdropping. Denial of Service. Unauthorized Access. Session Replay. Session Hijacking. Impersonation. Malicious Destruction. Repudiation. Viruses, Trojan Horses, and Worms. Rerouting. What Are We To Do? What Needs Protection? What Is the Nature of the Risk? What Kind of Protection Is Necessary? How Much Can You Afford to Spend?


2. Security Architecture.

Goals of the Security Policy. Confidentiality and Privacy of Data. Availability of the Data. Integrity of the Data. Identity Authentication and Authorization. Nonrepudiation. Physical Security. Cabling. Switches. Routers. Basic Network Security. Passwords. Network Security Solutions. Perimeter Routers—First Layer of Defense. Firewalls—Perimeter Reinforcement. Virtual Private Networks. Data Privacy and Integrity. Vulnerability Assessment. Intrusion Detection. Access Controls and Identity. Security Policy Management and Enforcement.


3. First Line of Defense—The Perimeter Router.

Passwords. Privileged Users. Basic Users. Disable EXEC-Mode. Establish a Line-Specific Password. Establish User-Specific Passwords. Limit Access Using Access Lists as Filters. Other Issues. Router Services and Protocols. Simple Network Management Protocol. HTTP. TCP/IP Services. Disable IP Source Route. Disable Non-Essential TCP and UDP Services. Disable the Finger Service. Disable Proxy ARP. Disable Directed Broadcasts. Disable the Cisco Discovery Protocol. Disable ICMP Redirects. Disable the Network Time Protocol. Disable ICMP Unreachables Messages. Traffic Management. Access Control Lists (ACL). Router-Based Attack Protection. Routing Protocols. Audit Trails and Logging.


4. Firewalls.

The Protocols of the Internet. IP—The Internet Protocol. TCP—The Transmission Control Protocol. UDP—The User Datagram Protocol. TCP and UDP Ports. What Is a Network Firewall? What Kind of Protection Does a Firewall Provide? Protection and Features a Firewall Can Provide. What a Firewall Doesn't Protect Against. Firewall Design Approaches. Network Level Firewalls. Application Layer Firewalls. Network Design with Firewalls. The Classic Firewall Design. The Contemporary Design. Router-Based Firewalls.


5. The Cisco Secure PIX Firewall.

Security Levels. The Adaptive Security Algorithm. Network Address Translation. PIX Firewall Features. Defense Against Network Attacks. Special Applications and Protocols. Controlling Traffic through the PIX Firewall. Controlling Inbound Traffic with Conduits. Cut-Through-Proxy. AAA Support via RADIUS and TACACS+.


6. Configuring the PIX Firewall.

Getting Started. Provision for Routing. Configuring the PIX Firewall. Identifying the Interfaces. Permitting Access from the Inside. Establish PIX Firewall Routes. Permitting Access from the Outside. Testing and Remote Administration. Controlling Outbound Access. Java Applet Filtering. Authentication and Authorization. Inbound Connections. Outbound Connections. Logging Events. Syslog. Standby PIX Firewalls with Failover.


7. Router-Based Firewalls.

Access Lists. Standard Access Lists. Extended Access Lists. Guidelines for Access Lists. Cisco Secure Integrated Software. Cisco Secure Integrated Software Architecture. CBAC and Stateful Packet Filtering. CBAC Supported Applications. Other Restrictions of CBAC. CSIS—Other Features. Configuring CBAC. Other Considerations.


8. Introduction to Encryption Techniques.

Symmetric Key Encryption. Data Encryption Standard. Advanced Encryption Standard and Others. Key Management. Asymmetric Key Encryption. How Public-Key Encryption Works. Comparing Symmetric versus Asymmetric Methods. The Diffie-Hellman Algorithm. Perfect Forward Secrecy. RSA Public-Key Encryption. Message Authentication Codes.


9. Introduction to IPSec.

Where to Apply Encryption. Data Link Layer. Network Layer. Transport Layer. Application Layer. Goals. Overview of IPSec. IPSec Details. AH—The Authentication Header. ESP—The Encapsulating Security Payload. Modes. SA, SPI, and SPD Defined. Key Management. Internet Key Exchange. IKE, ISAKMP, OAKLEY, and the DOI. Basic Key Exchange. IKE Phase 1. IKE Phase 2. IPSec Documentation.


10. Configuring IPSec.

Step 1—Planning for IPSec. Step 2—Configuring Internet Key Exchange (IKE). Configuring Manual Keys. Dynamic Key Management. PFS and SA Lifetimes. Other IKE Configuration Options. Command Syntax for IKE. Step 3—Defining Transform Sets. Configuring Transform Sets. Step 4—Create Crypto Access lists. Step 5—Creating Crypto Maps. Step 6—Applying Crypto Maps to an Interface. Step 7—Test and Verify. Sample Configurations. Sample Configuration #1—IPSec Manual Keys. Sample Configuration #2—IKE with PreShared Key.


11. Virtual Private Networks—VPNs.

Motivation for VPNs. Why VPNs. VPN Applications. VPN Technologies. PPTP. L2TP. IPSec. Authentication Limitations.


12. Cisco's Other Security Products.

Access Control. Vulnerability Assessment. Phase One—Network Mapping. Phase Two—Data Collection. Phase Three—Data Analysis. Phase Four—Vulnerability Confirmation. Phase Five—Data Presentation and Navigation. Phase Six—Reporting. Intrusion Detection. Reacting to Alerts.


Index.

商品描述(中文翻譯)

實用且權威的思科網路安全實施指南!

終於有一本實用的、實際操作指南,可以指導您在思科網路安全中實施和配置最重要的元素!

領先的網路安全顧問詹姆斯·派克(James Pike)提供了逐步指導,以實施和配置關鍵的思科安全產品,包括深入指導如何使用PIX防火牆。內容包括:

- 必要的思科安全術語、技術和設計準則
- 在VPN環境中部署IPSec安全的全面技術
- 簡單易懂的介紹思科安全入侵檢測、思科安全掃描和思科安全存取控制系統的訪問控制

沒有其他書籍能夠匯集這麼多思科安全資訊:逐步教程、深入參考資料、配置關鍵數據和專家指導,幫助您做出決策。無論您在保護思科網路方面的角色如何,思科網路安全將立即成為您的首選資源。

目錄:
1. 了解安全風險和威脅
2. 安全架構
3. 第一道防線-邊界路由器
4. 防火牆

(此處省略了詳細內容)