You are previewing Self-Defending Networks: The Next Generation of Network Security.
O'Reilly logo
Self-Defending Networks: The Next Generation of Network Security

Book Description

Protect your network with self-regulating network security solutions that combat both internal and external threats.

  • Provides an overview of the security components used to design proactive network security

  • Helps network security professionals understand what the latest tools and techniques can do and how they interact

  • Presents detailed information on how to use integrated management to increase security

  • Includes a design guide with step-by-step implementation instructions

  • Self-Defending Networks: The Next Generation of Network Security helps networking professionals understand how to deploy an end-to-end, integrated network security solution. It presents a clear view of the various components that can be used throughout the network to not only monitor traffic but to allow the network itself to become more proactive in preventing and mitigating network attacks. This security primer provides unique insight into the entire range of Cisco security solutions, showing what each element is capable of doing and how all of the pieces work together to form an end-to-end Self-Defending Network. While other books tend to focus on individual security components, providing in-depth configuration guidelines for various devices and technologies, Self-Defending Networks instead presents a high-level overview of the entire range of technologies and techniques that comprise the latest thinking in proactive network security defenses. This book arms network security professionals with the latest information on the comprehensive suite of Cisco security tools and techniques. Network Admission Control, Network Infection Containment, Dynamic Attack Mitigation, DDoS Mitigation, Host Intrusion Prevention, and Integrated Security Management are all covered, providing the most complete overview of various security systems. It focuses on leveraging integrated management, rather than including a device-by-device manual to implement self-defending networks.

    Table of Contents

    1. Copyright
      1. Dedications
    2. About the Author
    3. About the Contributing Author
    4. About the Technical Reviewers
    5. Acknowledgments
    6. Icons Used in This Book
    7. Command Syntax Conventions
    8. Foreword
    9. Introduction
      1. Goals and Methods
      2. Who Should Read This Book?
      3. How This Book Is Organized
    10. 1. Understanding Types of Network Attacks and Defenses
      1. Categorizing Network Attacks
        1. Virus
        2. Worm
        3. Trojan Horse
        4. Denial-of-Service
        5. Distributed Denial-of-Service
        6. Spyware
        7. Phishing
      2. Understanding Traditional Network Defenses
        1. Router Access Lists
        2. Firewalls
        3. Intrusion Detection Systems
        4. Virtual Private Networks
        5. Antivirus Programs
      3. Introducing Cisco Self-Defending Networks
        1. DDoS Mitigation
        2. Intrusion Prevention Systems
        3. Adaptive Security Appliance
        4. Incident Control Service
        5. Network Admission Control
        6. IEEE 802.1x
        7. Host Intrusion Prevention: CSA
        8. Cisco Security Centralized Management
      4. Summary
      5. References
    11. 2. Mitigating Distributed Denial-of-Service Attacks
      1. Understanding Types of DDoS Attacks
      2. DDoS Mitigation Overview
      3. Using Cisco Traffic Anomaly Detector
        1. Configuring the Traffic Anomaly Detector
        2. Zone Creation
        3. Traffic Anomaly Detector Zone Filters
        4. Policy Template
        5. Learning Phase
        6. Detecting and Reporting Traffic Anomalies
      4. Configuring Cisco Guard
        1. Bootstrapping
        2. Zone Creation and Synchronization
        3. Cisco Guard Zone Filters
        4. Zone Traffic Diversion
        5. Learning Phase
        6. Activating Zone Protection
        7. Generating Attack Reports
      5. Summary
      6. References
    12. 3. Cisco Adaptive Security Appliance Overview
      1. Antispoofing
      2. Intrusion Prevention Service
        1. Launch ASDM for IPS Configuration
        2. Configure Service Policy Rules
        3. Define IPS Signatures
      3. Protocol Inspection Services
      4. HTTP Inspection Engine
        1. TCP Map
        2. HTTP Map
      5. Configuring Content Security and Control Security
        1. Content Security and Control Services Module (CSC-SSM) Setup
        2. Web
          1. URL Blocking
          2. URL Filtering
          3. Scanning
          4. File Blocking
        3. Mail
          1. Scanning
          2. Antispam
          3. Content Filtering
        4. File Transfer
      6. Summary
      7. References
    13. 4. Cisco Incident Control Service
      1. Implementing Outbreak Management with Cisco ICS
        1. Outbreak Management Summary
        2. Information and Statistics on Network Threats from Trend Micro
        3. New Outbreak Management Task
        4. Outbreak Settings
      2. Displaying Outbreak Reports
        1. OPACL Settings
        2. Exception List
        3. Report Settings
        4. Watch List Settings
        5. Automatic Outbreak Management Task
      3. Displaying Devices
        1. Device List
        2. Add Device
      4. Viewing Logs
        1. Incident Log Query
        2. Event Log Query
        3. Outbreak Log Query
        4. Log Maintenance
      5. Summary
      6. References
    14. 5. Demystifying 802.1x
      1. Fundamentals of 802.1x
      2. Introducing Cisco Identity-Based Networking Services
      3. Machine Authentication
      4. 802.1. x and NAC
      5. Using EAP Types
        1. EAP MD5
        2. EAP TLS
        3. LEAP
        4. PEAP
        5. EAP FAST
      6. VPN and 802.1x
      7. Summary
      8. References
    15. 6. Implementing Network Admission Control
      1. Network Admission Control Overview
      2. NAC Framework Benefits
      3. NAC Framework Components
        1. Endpoint Security Application
        2. Posture Agent
        3. Network Access Devices
        4. Policy Server
        5. Management and Reporting Tools
      4. Operational Overview
        1. Network Admission for NAC-enabled Endpoints
          1. Endpoint Attempts to Access the Network
          2. NAD Notifies Policy Server
          3. Cisco Secure ACS Compares Endpoint to NAC Policy
          4. Cisco Secure ACS Forwards Information to Partner Policy Servers
          5. Cisco Secure ACS Makes a Decision
          6. Cisco Secure ACS Sends Enforcement Actions
          7. NAD Enforces Actions
          8. Posture Agent Actions
          9. Endpoint Polled for Change of Compliance
          10. Revalidation Process
        2. Network Admission for NAC Agentless Hosts
      5. Deployment Models
        1. LAN Access Compliance
        2. WAN Access Compliance
        3. Remote Access Compliance
      6. Summary
      7. References
    16. 7. Network Admission Control Appliance
      1. NAC Appliance Features
      2. NAC Appliance Manager
        1. Device Management
          1. CCA Servers
          2. Real IP Gateway
          3. Virtual IP Gateway
          4. NAT Gateway
          5. OOB Real IP Gateway, OOB Virtual IP Gateway, and OOB NAT Gateway
          6. Filters
          7. Clean Access
        2. Switch Management
        3. User Management
        4. Monitoring
        5. Administration
      3. Summary
      4. References
    17. 8. Managing the Cisco Security Agent
      1. Management Center for Cisco Security Agents
        1. Deploying Cisco Secure Agent Kits
        2. Displaying the End-Station Hostname in the Device Groups
        3. Reviewing Policies
        4. Attaching Rules to a Policy
        5. Generating and Deploying Rules
        6. Using Event Monitor
        7. Running Cisco Security Agent Analysis
      2. Cisco Security Agent
        1. Status
        2. System Security
      3. Summary
      4. References
    18. 9. Cisco Security Manager
      1. Getting Started
      2. Device View
        1. Add Device
        2. Configure Access Conrol Lists (ACLs) from Device View
        3. Configuring Interface Roles
        4. Apply Access Control List (ACL) Rules to Multiple Devices
        5. Invoking the Policy Query
        6. Using Analysis and Hit Count Functions
      3. Map View
        1. Showing Devices on the Topology Map
        2. Adding Cloud Networks and Hosts to the Topology Map
        3. Configuring Firewall Access Control List (ACLs) Rules from Topology Map
      4. Policy View
        1. Access Control List (ACL) Rules Security Policy
        2. Policy Inheritance and Mandatory Security Policies
      5. IPS Management
      6. Object Manager
      7. Value Override Per Device
      8. Summary
      9. References
    19. 10. Cisco Security Monitoring, Analysis, and Response System
      1. Understanding Cisco Security MARS Features
      2. Summary Dashboard
      3. Incidents
        1. Displaying Path of Incident and Mitigating the Attack
        2. Hotspot Graph and Attack Diagram
      4. Rules
      5. Query/Reports
      6. Management
      7. Admin
      8. Cisco Security Manager Linkages
      9. Summary
      10. References