Managing Cisco network security
/ Michael J. Wenstrom.
- Indianapolis, IN : Cisco Press, 2001
- xxxii, 789 p. : ill. ; 24 cm.
I. ESTABLISHING NETWORK SECURITY POLICY. 1. Evaluating Network Security Threats. Why We Need Network Security. Why We Have Security Issues. Security Threat Types. The Security Opportunity.2. Evaluating a Network Security Policy. The Importance of Protecting the Network. The Security Posture Assessment Process. Improving Your Security Posture. Network Security Case Studies. Case Study: Evaluating the XYZ Company Network Security Policy.3. Securing the Network Infrastructure. Campus Security Problems and Solutions. Securing the Physical Devices. Securing the Administrative Interface. Securing Router-to-Router Communications. Securing Ethernet Switches. Case Study: Configuring Basic Network Security.II. Dialup Security. 4. Examining Cisco AAA Security Technology. Securing Network Access by Using AAA. Authentication Methods. Authorization Methods. Accounting Methods. AAA Security Servers.5. Configuring the Network Access Server for AAA Security. The Remote Access Security Problem and Solution. The NAS AAA Configuration Process. Case Study: Configuring the NAS for AAA Security.6. Configuring CiscoSecure ACS and TACACS+/RADIUS. CiscoSecure ACS for Windows NT and UNIX. CiscoSecure ACS for Windows NT. CiscoSecure ACS for UNIX. Configuring TACACS+ for CiscoSecure ACS. Configuring RADIUS for CiscoSecure ACS. Double Authentication. Case Study: Configuring CSNT.III. SECURING THE INTERNET CONNECTION. 7. Configuring a Cisco Perimeter Router. Cisco Perimeter Security Systems. Controlling TCP/IP Services. Preventing Rerouting Attacks. Controlling Access. DoS Protection. Using Network Layer Encryption. Managing IP Addresses with NAT and PAT. Logging Perimeter Router Events. Case Study: Configuring a Cisco Perimeter Router.8. Configuring the Cisco IOS Firewall. Cisco IOS Firewall Security Problems and Solutions. Configuring Cisco IOS Firewall. Planning for Cisco IOS Firewall. Configuring CBAC. Cisco IOS Firewall Administration. Case Study: Configuring Cisco IOS Firewall.IV. CONFIGURING THE CISCOSECURE PIX FIREWALL. 9. PIX Firewall Basics. What Is the PIX Firewall? Getting Through the PIX Firewall from the Outside. PIX Firewall Models and Components. Configuring the PIX Firewall. A PIX Firewall Configuration Example. Case Study: Configuring NAT on the PIX Firewall to Protect the Identity of the Internal Network.10. Configuring Access Through the PIX Firewall. Configuring Outbound Access Control. Controlling Access to Inside Hosts. Case Study: Configuring the PIX Firewall for Secured Bidirectional Communication.11. Configuring Multiple Interfaces and AAA on the PIX Firewall. Configuring Access to Multiple Interfaces. Configuring User Authentication. Case Study: Configuring Multiple Interfaces and AAA on the PIX Firewall.12. Configuring Advanced PIX Firewall Features. Advanced Network Address Translation: NAT 0. Controlling Outbound Access. Configuring Java Applet Blocking and URL Filtering. Configuring FTP and URL Logging. Configuring SNMP. Configuring PIX Firewall Failover. Configuring VPN Features. CiscoSecure Policy Manager. PIX Firewall Maintenance. Case Study: Configuring Advanced PIX Firewall Features.V. CONFIGURING CISCO ENCRYPTION TECHNOLOGY. 13. Cisco Encryption Technology Overview. Encryption Solutions. Cisco IOS Cryptosystem Overview.14. Configuring Cisco Encryption Technology. Cisco Encryption Technology Basics. Configuring Cisco Encryption Technology. Diagnosing and Troubleshooting Cisco Encryption Technology. Encryption Implementation Considerations. The Encryption Export Policy. Planning for Encryption Job Aid. Configuration Procedures Job Aid.VI. CONFIGURING A VPN WITH IPSEC. 15. Understanding Cisco IPSec Support. Using IPSec to Enable a Secure VPN. What Is IPSec? How IPSec Works. Technologies Used in IPSec. Public Key Infrastructure and CA Support. IKE and IPSec Flow in Cisco IOS Software. Configuring IPSec Encryption Task Overview.16. Configuring Cisco IOS IPSec. Configuring Cisco IOS IPSec Using Preshared Keys for Authentication. Configuring Cisco IOS IPSec Using RSA-Encrypted Nonces for Authentication. Case Study: Configuring Cisco IOS IPSec for Preshared Keys.17. Configuring PIX Firewall IPSec Support. Task 1: Prepare for IPSec. Task 2: Configure IKE for Preshared Keys. Task 3: Configure IPSec. Task 4: Test and Verify the Overall IPSec Configuration. Case Study: Configuring PIX Firewall IPSec for Preshared Keys.18. Scaling Cisco IPSec Networks. Configuring CA Support in Cisco Routers and the PIX Firewall. Scaling Cisco VPNs.VII. APPENDIXES. Appendix A: XYZ Company Case Study Scenario. XYZ Company Overview. The Departments Involved. XYZ's Network Security Goal.Appendix B: An Example of an XYZ Company Network Security Policy. Statement of Authority and Scope. Acceptable Use Policy. Identification and Authentication Policy. Internet Access Policy. Campus Access Policy. Remote Access Policy. Incident-Handling Procedure.Appendix C: Configuring Standard and Extended Access Lists. IP Addressing and General Access List Concepts. Configuring Standard IP Access Lists. Configuring Extended IP Access Lists. Verifying Access List Configuration. Named IP Access Lists.Appendix D: Answers to Review Questions.