Self-Defending Networks: The Next Generation of Network Security

Duane De Capite

  • 出版商: Cisco Press
  • 出版日期: 2006-09-10
  • 定價: $1,440
  • 售價: 2.8$399
  • 語言: 英文
  • 頁數: 264
  • 裝訂: Paperback
  • ISBN: 1587052539
  • ISBN-13: 9781587052538
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

相關主題

商品描述

Description 

Protect your network with self-regulating network security solutions that combat both internal and external threats.

  • Provides an overview of the security components used to design proactive network security
  • Helps network security professionals understand what the latest tools and techniques can do and how they interact
  • Presents detailed information on how to use integrated management to increase security
  • Includes a design guide with step-by-step implementation instructions

Self-Defending Networks: The Next Generation of Network Security helps networking professionals understand how to deploy an end-to-end, integrated network security solution. It presents a clear view of the various components that can be used throughout the network to not only monitor traffic but to allow the network itself to become more proactive in preventing and mitigating network attacks. This security primer provides unique insight into the entire range of Cisco security solutions, showing what each element is capable of doing and how all of the pieces work together to form an end-to-end Self-Defending Network. While other books tend to focus on individual security components, providing in-depth configuration guidelines for various devices and technologies, Self-Defending Networks instead presents a high-level overview of the entire range of technologies and techniques that comprise the latest thinking in proactive network security defenses. This book arms network security professionals with the latest information on the comprehensive suite of Cisco security tools and techniques. Network Admission Control, Network Infection Containment, Dynamic Attack Mitigation, DDoS Mitigation, Host Intrusion Prevention, and Integrated Security Management are all covered, providing the most complete overview of various security systems. It focuses on leveraging integrated management, rather than including a device-by-device manual to implement self-defending networks.

 

 

Table of Contents

Foreword

    Introduction

Chapter 1    Understanding Types of Network Attacks and Defenses

    Categorizing Network Attacks

        Virus

        Worm

        Trojan Horse

        Denial-of-Service

        Distributed Denial-of-Service

        Spyware

        Phishing

    Understanding Traditional Network Defenses

        Router Access Lists

        Firewalls

        Intrusion Detection Systems

        Virtual Private Networks

        Antivirus Programs

    Introducing Cisco Self-Defending Networks

        DDoS Mitigation

        Intrusion Prevention Systems

        Adaptive Security Appliance

        Incident Control Service

        Network Admission Control

        IEEE 802.1x

        Host Intrusion Prevention: CSA

        Cisco Security Centralized Management

    Summary

    References

Chapter 2    Mitigating Distributed Denial-of-Service Attacks

    Understanding Types of DDoS Attacks

    DDoS Mitigation Overview

    Using Cisco Traffic Anomaly Detector

        Configuring the Traffic Anomaly Detector

        Zone Creation

        Traffic Anomaly Detector Zone Filters

        Policy Template

        Learning Phase

        Detecting and Reporting Traffic Anomalies

    Configuring Cisco Guard

        Bootstrapping

        Zone Creation and Synchronization

        Cisco Guard Zone Filters

        Zone Traffic Diversion

        Learning Phase

        Activating Zone Protection

        Generating Attack Reports

    Summary

    References

Chapter 3    Cisco Adaptive Security Appliance Overview

    Antispoofing

    Intrusion Prevention Service

        Launch ASDM for IPS Configuration

        Configure Service Policy Rules

        Define IPS Signatures

    Protocol Inspection Services

    HTTP Inspection Engine

        TCP Map

        HTTP Map

    Configuring Content Security and Control Security

        Content Security and Control Services Module (CSC-SSM) Setup

        Web

            URL Blocking

            URL Filtering

            Scanning

            File Blocking

        Mail

        Scanning

        Antispam

        Content Filtering

    File Transfer

    Summary

    References

Chapter 4    Cisco Incident Control Service

    Implementing Outbreak Management with Cisco ICS

        Outbreak Management Summary

        Information and Statistics on Network Threats from Trend Micro

        New Outbreak Management Task

        Outbreak Settings

    Displaying Outbreak Reports

        OPACL Settings

        Exception List

        Report Settings

        Watch List Settings

        Automatic Outbreak Management Task

    Displaying Devices

        Device List

        Add Device

    Viewing Logs

        Incident Log Query

        Event Log Query

        Outbreak Log Query

        Log Maintenance

    Summary

    References

Chapter 5    Demystifying 802.1x

    Fundamentals of 802.1x

    Introducing Cisco Identity-Based Networking Services

    Machine Authentication

    802.1x and NAC

    Using EAP Types

        EAP MD5

        EAP TLS

        LEAP

        PEAP

        EAP FAST

    VPN and 802.1x

    Summary

    References

Chapter 6    Implementing Network Admission Control

    Network Admission Control Overview

    NAC Framework Benefits

    NAC Framework Components

        Endpoint Security Application

        Posture Agent

        Network Access Devices

        Policy Server

        Management and Reporting Tools

    Operational Overview

    Network Admission for NAC-enabled Endpoints

        Endpoint Attempts to Access the Network

        NAD Notifies Policy Server

        Cisco Secure ACS Compares Endpoint to NAC Policy

        Cisco Secure ACS Forwards Information to Partner Policy Servers

        Cisco Secure ACS Makes a Decision

        Cisco Secure ACS Sends Enforcement Actions

        NAD Enforces Actions

        Posture Agent Actions

        Endpoint Polled for Change of Compliance

        Revalidation Process

    Network Admission for NAC Agentless Hosts

    Deployment Models

        LAN Access Compliance

        WAN Access Compliance

        Remote Access Compliance

    Summary

    References

Chapter 7    Network Admission Control Appliance

    NAC Appliance Features

    NAC Appliance Manager

    Device Management

        CCA Servers

        Filters

        Clean Access

    Switch Management

    User Management

    Monitoring

    Administration

    Summary

    References

Chapter 8    Managing the Cisco Security Agent

    Management Center for Cisco Security Agents

        Deploying Cisco Secure Agent Kits

        Displaying the End-Station Hostname in the Device Groups

        Reviewing Policies

        Attaching Rules to a Policy

        Generating and Deploying Rules

        Using Event Monitor

        Running Cisco Security Agent Analysis

    Cisco Security Agent

        Status

        System Security

    Summary

    References

Chapter 9    Cisco Security Manager

    Getting Started

    Device View

        Add Device

        Configure Access Conrol Lists (ACLs) from Device View

        Configuring Interface Roles

        Apply Access Control List (ACL) Rules to Multiple Devices

        Invoking the Policy Query

        Using Analysis and Hit Count Functions

    Map View

        Showing Devices on the Topology Map

        Adding Cloud Networks and Hosts to the Topology Map

        Configuring Firewall Access Control List (ACLs) Rules from Topology Map

    Policy View

        Access Control List (ACL) Rules Security Policy

        Policy Inheritance and Mandatory Security Policies

    IPS Management

    Object Manager

    Value Override Per Device

    Summary

    References

Chapter 10    Cisco Security Monitoring, Analysis, and Response System

    Understanding Cisco Security MARS Features

    Summary Dashboard

    Incidents

        Displaying Path of Incident and Mitigating the Attack

        Hotspot Graph and Attack Diagram

    Rules

    Query/Reports

    Management

    Admin

    Cisco Security Manager Linkages

    Summary

    References

商品描述(中文翻譯)

描述

保護您的網絡,使用自我調節的網絡安全解決方案來對抗內部和外部威脅。

提供了一個概述,介紹了用於設計主動網絡安全的安全組件。

幫助網絡安全專業人員了解最新的工具和技術可以做什麼以及它們如何互動。

提供了如何使用集成管理來增加安全性的詳細信息。

包括一個設計指南,提供逐步實施指示。

《自我防禦網絡:下一代網絡安全》幫助網絡專業人員了解如何部署端到端的集成網絡安全解決方案。它清晰地介紹了可以在整個網絡中使用的各種組件,不僅可以監控流量,還可以使網絡本身更主動地防止和緩解網絡攻擊。這本安全入門書提供了對思科安全解決方案的全面了解,展示了每個元素能夠做什麼以及所有組件如何共同形成一個端到端的自我防禦網絡。儘管其他書籍往往專注於個別的安全組件,為各種設備和技術提供深入的配置指南,《自我防禦網絡》則提供了對主動網絡安全防禦的最新思維中所涵蓋的技術和技巧的高層次概述。本書為網絡安全專業人員提供了關於思科安全工具和技術全面套件的最新信息。網絡入場控制、網絡感染遏制、動態攻擊緩解、分散式拒絕服務攻擊緩解、主機入侵防止和集成安全管理都有所涉及,提供了各種安全系統的最完整概述。它專注於利用集成管理,而不是包含一個設備逐個設備的手冊來實施自我防禦網絡。

目錄

前言

簡介