Book description
A practical guide to creating a secure network infrastructure
Understand basic cryptography and security technologies
Identify the threats and common attacks to a network infrastructure
Learn how to create a security policy
Find out how to recover from a security breach
Study specific implementation scenarios for securing your network environment
Learn about advances in security technologies
Designing Network Security, Second Edition, is a practical guide designed to help you understand the fundamentals of securing your corporate network infrastructure. This book takes a comprehensive look at underlying security technologies, the process of creating a security policy, and the practical requirements necessary to implement a corporate security policy.
You will gain a thorough understanding of basic cryptography, the most widely deployed security technologies, and key emerging security technologies. You will be able to guide the architecture and implementation of a security policy for a corporate environment by knowing possible threats and vulnerabilities and understanding the steps required to perform a risk management assessment. Through the use of specific configuration examples, you will learn about the features required in network infrastructure equipment to implement the given security policy, including securing the internal corporate infrastructure, Internet access, and the remote access environment.
This new edition includes coverage of new security features including SSH on routers, switches, and the PIX(r) Firewall; enhancements to L2TP and IPSec; Cisco(r) LEAP for wireless networks; digital certificates; advanced AAA functionality; and Cisco Intrusion Detection System features and products. Additional practical examples include current security trends using VPN, wireless, and VoIP networking examples.
This book is part of the Networking Technology Series from Cisco Press(r), which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
Table of contents
- Copyright
- About the Author
- About the Technical Reviewers
- Acknowledgments
- Introduction
-
I. Security Fundamentals
- 1. Basic Cryptography
-
2. Security Technologies
- Identity Technologies
- Application Layer Security Protocols
- Transport Layer Security Protocols
- Network Layer Security
- Link-Layer Security Technologies
- Public Key Infrastructure and Distribution Models
- Summary
- Review Questions
-
3. Applying Security Technologies to Real Networks
- Virtual Private Networks (VPNs)
- Wireless Networks
- Voice over IP (VoIP) Networks
- Summary
- Review Questions
- 4. Routing Protocol Security
-
II. The Corporate Security Policy
-
5. Threats in an Enterprise Network
- Types of Threats
- Motivation of Threat
- Common Protocol Vulnerabilities
- Common Network Scenario Threats and Vulnerabilities
- Routing Protocols
- Social Engineering
- Summary
- Review Questions
- 6. Considerations for a Site Security Policy
-
7. Design and Implementation of the Corporate Security Policy
- Physical Security Controls
- Logical Security Controls
- Infrastructure and Data Integrity
- Data Confidentiality
- Security Policy Verification and Monitoring
- Policies and Procedures for Staff
- Security Awareness Training
- Summary
- Review Questions
- 8. Incident Handling
-
5. Threats in an Enterprise Network
-
III. Practical Implementation
- 9. Securing the Corporate Network Infrastructure
-
10. Securing Internet Access
- Internet Access Architecture
- External Screening Router Architecture
- Advanced Firewall Architecture
- Implementation Examples
- Summary
- Review Questions
- 11. Securing Remote Dial-In Access
- 12. Securing VPN, Wireless, and VoIP Networks
-
IV. Appendixes
-
A. Sources of Technical Information
-
Cryptography and Network Security Books
-
Firewall Books
-
Intrusion Detection Books
- IETF Working Groups and Sites for Standards and Drafts on Security Technologies Developed Through the IETF
- Documents on the Scope and Content of Network Security Policies
- Incident Response Teams
- Other Useful Sites for Security-Related Information
- Cisco Security Product Information
-
Cryptography and Network Security Books
-
B. Reporting and Prevention Guidelines: Industrial Espionage and Network Intrusions
- For Immediate Problems
- Reporting Options
- Conducting an Investigation
- Workplace Philosophy
- Written Plan
- Law and the Legal Process
- Computer and Network Systems
- Employees
- Methods of Safeguarding Proprietary Material
- Document Control
- Foreign/Competitor Contacts
- Managers and Supervisors
- Reporting Process—Rewards
- Intelligence-Gathering Methods
- Look for Weak Links
- California State Laws
- United States Code
- Examples of Cases in Santa Clara County (Silicon Valley)
- C. Port Numbers
-
D. Mitigating Distributed Denial-of-Service Attacks
- Understanding DoS/DDoS Attacks
- The Filtering and/or Rate-Limiting Issue
- Steps to Take Before a DDoS Attack Happens
- Steps to Take During a DDoS Attack
- Monitoring DoS Attacks with the VIP Console and NetFlow v1.0
- Tracking Spoofed IP Addresses Version 2.0
- Additional DOS Information
- E. Answers to Review Questions
- Glossary
-
A. Sources of Technical Information
Product information
- Title: Designing Network Security Second Edition
- Author(s):
- Release date: October 2003
- Publisher(s): Cisco Press
- ISBN: 9781587051173
You might also like
book
Computer Network Security
Developed in collaboration with a training and certification team from Cisco, Computer Network Security is an …
book
Network Security Assessment, 3rd Edition
How secure is your network? The best way to find out is to attack it, using …
book
Network Protocols for Security Professionals
Get to grips with network-based attacks and learn to defend your organization's network and network devices …
book
The Practice of Network Security Monitoring
Network security is not simply about building impenetrable walls — determined attackers will eventually overcome traditional …