Network Security First-Step

Network Security first-step Second Edition   Tom Thomas and Donald Stoddard   Your first step into the world of network security No security experience required Includes clear and easily understood explanations Makes learning easy   Your first step to network security begins here! Learn how hacker attacks work, from start to finish Choose the right security solution for each type of risk Create clear and enforceable security policies, and keep them up to date Establish reliable processes for responding to security advisories Use encryption effectively, and recognize its limitations Secure your network with firewalls, routers, and other devices Prevent attacks aimed at wireless networks   No security experience required!   Computer networks are indispensible, but they also are not secure. With the proliferation of security threats, many people and companies are looking for ways to increase the security of their networks and data. Before you can effectively implement security technologies and techniques, you need to make sense of this complex and quickly evolving world of hackers and malware, as well as the tools to combat them. Network Security First-Step, Second Edition explains the basics of network security in easy-to-grasp language that all of us can understand. This book takes you on a guided tour of the core technologies that make up and control network security. Whether you are looking to take your first step into a career in network security or simply are interested in gaining knowledge of the technology, this book is for you!  

Table of Contents:
Introduction xxii Chapter 1 There Be Hackers Here! 1 Essentials First: Looking for a Target 2 Hacking Motivations 3 Targets of Opportunity 4     Are You a Target of Opportunity? 6 Targets of Choice 7     Are You a Target of Choice? 7 The Process of an Attack 9     Reconnaissance 9     Footprinting (aka Casing the Joint) 11     Scanning 18     Enumeration 23         Enumerating Windows 24     Gaining Access 26         Operating System Attacks 27         Application Attacks 27         Misconfiguration Attacks 28         Scripted Attacks 29     Escalating Privilege 30     Covering Tracks 31 Where Are Attacks Coming From? 32 Common Vulnerabilities, Threats, and Risks 33 Overview of Common Attacks and Exploits 36 Network Security Organizations 39     CERT Coordination Center 40     SANS 40     Center for Internet Security (CIS) 40     SCORE 41     Internet Storm Center 41     National Vulnerability Database 41     Security Focus 42     Learning from the Network Security Organizations 42 Chapter Summary 43 Chapter Review 43 Chapter 2 Security Policies 45 Responsibilities and Expectations 50     A Real-World Example 50     Who Is Responsible? You Are! 50         Legal Precedence 50         Internet Lawyers 51         Evolution of the Legal System 51     Criminal Prosecution 52         Real-World Example 52         Individuals Being Prosecuted 53         International Prosecution 53 Corporate Policies and Trust 53     Relevant Policies 54     User Awareness Education 54     Coming to a Balance 55     Corporate Policies 55 Acceptable Use Policy 57     Policy Overview 57     Purpose 58     Scope 58     General Use and Ownership 58     Security and Proprietary Information 59     Unacceptable Use 60         System and Network Activities 61         Email and Communications Activities 62     Enforcement 63     Conclusion 63 Password Policy 64     Overview 64     Purpose 64     Scope 64     General Policy 65     General Password Construction Guidelines 66     Password Protection Standards 67     Enforcement 68     Conclusion 68 Virtual Private Network (VPN) Security Policy 69     Purpose 69     Scope 69     Policy 70     Conclusion 71 Wireless Communication Policy 71     Scope 72     Policy Statement 72         General Network Access Requirements 72         Lab and Isolated Wireless Device Requirements 72         Home Wireless Device Requirements 73     Enforcement 73     Definitions 73     Revision History 73 Extranet Connection Policy 74     Purpose 74     Scope 74     Security Review 75     Third-Party Connection Agreement 75     Business Case 75     Point of Contact 75     Establishing Connectivity 75     Modifying or Changing Connectivity and Access 76     Terminating Access 76     Conclusion 76 ISO Certification and Security 77     Delivery 77     ISO/IEC 27002 78     Sample Security Policies on the Internet 79 Industry Standards 79     Payment Card Industry Data Security Standard (PCI DSS) 80     Sarbanes-Oxley Act of 2002 (SOX) 80     Health Insurance Portability and Accounting Act (HIPAA) of 1996 81     Massachusetts 201: Standards for the Protection of Personal Information of Residents of the Commonwealth 81     SAS 70 Series 82 Chapter Summary 82 Chapter Review 83 Chapter 3 Processes and Procedures 85 Security Advisories and Alerts: Getting the Intel You Need to Stay Safe 86     Responding to Security Advisories 87         Step 1: Awareness 88         Step 2: Incident Response 90         Step 3: Imposing Your Will 95         Steps 4 and 5: Handling Network Software Updates (Best Practices) 96 Industry Best Practices 98     Use a Change Control Process 98     Read All Related Materials 98     Apply Updates as Needed 99     Testing 99     Uninstall 99     Consistency 99     Backup and Scheduled Downtime 100     Have a Back-Out Plan 100     Forewarn Helpdesk and Key User Groups 100     Don’t Get More Than Two Service Packs Behind 100     Target Noncritical Servers/Users First 100     Service Pack Best Practices 101     Hotfix Best Practices 101         Service Pack Level Consistency 101         Latest Service Pack Versus Multiple Hotfixes 101     Security Update Best Practices 101         Apply Admin Patches to Install Build Areas 102         Apply Only on Exact Match 102         Subscribe to Email Notification 102 Summary 102 Chapter Review and Questions 104 Chapter 4 Network Security Standards and Guidelines 105 Cisco SAFE 2.0 106     Overview 106     Purpose 106 Cisco Validated Design Program 107     Branch/WAN Design Zone Guides 107     Campus Design Zone Guides 107     Data Center Design Zone Guides 108     Security Design Zone Guides 109 Cisco Best Practice Overview and Guidelines 110     Basic Cisco IOS Best Practices 110         Secure Your Passwords 110         Limit Administrative Access 111         Limit Line Access Controls 111         Limit Access to Inbound and Outbound Telnet (aka vty Port) 112         Establish Session Timeouts 113         Make Room Redundancy 113         Protect Yourself from Common Attacks 114     Firewall/ASAs 115         Encrypt Your Privileged User Account 115         Limit Access Control 116         Make Room for Redundant Systems 116         General Best Practices 117         Configuration Guides 117         Intrusion Prevention System (IPS) for IOS 117 NSA Security Configuration Guides 118     Cisco Systems 119         Switches Configuration Guide 119         VoIP/IP Telephony Security Configuration Guides 119     Microsoft Windows 119         Microsoft Windows Applications 120         Microsoft Windows 7/Vista/Server 2008 120         Microsoft Windows XP/Server 2003 121     Apple 121 Microsoft Security 121     Security Policies 121         Microsoft Windows XP Professional 122         Microsoft Windows Server 2003 122         Microsoft Windows 7 122         Windows Server 2008 123     Microsoft Security Compliance Manager 124 Chapter Summary 125 Chapter Link Toolbox Summary 125 Chapter 5 Overview of Security Technologies 127 Security First Design Concepts 128 Packet Filtering via ACLs 131     Grocery List Analogy 132     Limitations of Packet Filtering 136 Stateful Packet Inspection 136     Detailed Packet Flow Using SPI 138     Limitations of Stateful Packet Inspection 139 Network Address Translation (NAT) 140     Increasing Network Security 142     NAT’s Limitations 143 Proxies and Application-Level Protection 144     Limitations of Proxies 146 Content Filters 147     Limitations of Content Filtering 150 Public Key Infrastructure 150     PKI’s Limitations 151 Reputation-Based Security 152     Reactive Filtering Can’t Keep Up 154     Cisco Web Reputation Solution 155 AAA Technologies 156     Authentication 156     Authorization 157     Accounting 157     Remote Authentication Dial-In User Service (RADIUS) 158     Terminal Access Controller Access Control System (TACACS) 159     TACACS+ Versus RADIUS 160 Two-Factor Authentication/Multifactor Authentication 161     IEEE 802.1x: Network Access Control (NAC) 162         Network Admission Control 163     Cisco TrustSec 164         Solution Overview 164         Cisco Identity Services Engine 166 Chapter Summary 168 Chapter Review Questions 168 Chapter 6 Security Protocols 169 Triple DES Encryption 171     Encryption Strength 171     Limitations of 3DES 172 Advanced Encryption Standard (AES) 172     Different Encryption Strengths 173     Limitations of AES 173 Message Digest 5 Algorithm 173     MD5 Hash in Action 175 Secure Hash Algorithm (SHA Hash) 175     Types of SHA 176         SHA-1 176         SHA-2 176 Point-to-Point Tunneling Protocol (PPTP) 177     PPTP Functionality 177     Limitations of PPTP 178 Layer 2 Tunneling Protocol (L2TP) 179     L2TP Versus PPTP 180     Benefits of L2TP 180     L2TP Operation 181 Secure Shell (SSH) 182     SSH Versus Telnet 184     SSH Operation 186     Tunneling and Port Forwarding 187     Limitations of SSH 188 SNMP v3 188     Security Built In 189 Chapter Summary 192 Chapter Review Questions 192 Chapter 7 Firewalls 193 Firewall Frequently Asked Questions 194     Who Needs a Firewall? 195     Why Do I Need a Firewall? 195     Do I Have Anything Worth Protecting? 195 What Does a Firewall Do? 196 Firewalls Are “The Security Policy” 197 We Do Not Have a Security Policy 200 Firewall Operational Overview 200     Firewalls in Action 202     Implementing a Firewall 203     Determine the Inbound Access Policy 205     Determine Outbound Access Policy 206 Essentials First: Life in the DMZ 206 Case Studies 208     Case Study: To DMZ or Not to DMZ? 208 Firewall Limitations 214 Chapter Summary 215 Chapter Review Questions 216 Chapter 8 Router Security 217 Edge Router as a Choke Point 221     Limitations of Choke Routers 223 Routers Running Zone Based Firewall 224     Zone-Based Policy Overview 225     Zone-Based Policy Configuration Model 226     Rules for Applying Zone-Based Policy Firewall 226     Designing Zone-Based Policy Network Security 227     Using IPsec VPN with Zone-Based Policy Firewall 228 Intrusion Detection with Cisco IOS 229     When to Use the FFS IDS 230     FFS IDS Operational Overview 231     FFS Limitations 233 Secure IOS Template 234 Routing Protocol Security 251     OSPF Authentication 251         Benefits of OSPF Neighbor Authentication 252         When to Deploy OSPF Neighbor Authentication 252         How OSPF Authentication Works 253 Chapter Summary 254 Chapter Review Questions 255 Chapter 9 IPsec Virtual Private Networks (VPNs) 257 Analogy: VPNs Securely Connect IsLANds 259 VPN Overview 261     VPN Benefits and Goals 263     VPN Implementation Strategies 264     Split Tunneling 265 Overview of IPsec VPNs 265     Authentication and Data Integrity 268     Tunneling Data 269     VPN Deployment with Layered Security 270     IPsec Encryption Modes 271         IPsec Tunnel Mode 271         Transport Mode 272     IPsec Family of Protocols 272     Security Associations 273     ISAKMP Overview 273     Internet Key Exchange (IKE) Overview 274         IKE Main Mode 274         IKE Aggressive Mode 275     IPsec Security Association (IPsec SA) 275     IPsec Operational Overview 276         IKE Phase 1 277         IKE Phase 2 278         Perfect Forward Secrecy 278         Diffie-Hellman Algorithm 279 Router Configuration as VPN Peer 281     Configuring ISAKMP 281         Preshared Keys 282     Configuring the ISAKMP Protection Suite 282     Configuring the ISAKMP Key 283     Configuring IPsec 284         Step 1: Create the Extended ACL 284         Step 2: Create the IPsec Transforms 284         Step 3: Create the Crypto Map 285         Step 4: Apply the Crypto Map to an Interface 286 Firewall VPN Configuration for Client Access 286     Step 1: Define Interesting Traffic 288     Step 2: IKE Phase 1[udp port 500] 288     Step 3: IKE Phase 2 288     Step 4: Data Transfer 289     Step 5: Tunnel Termination 289 SSL VPN Overview 289 Comparing SSL and IPsec VPNs 290 Which to Deploy: Choosing Between IPsec and SSL VPNs 292 Remote-Access VPN Security Considerations 293     Steps to Securing the Remote-Access VPN 294         Cisco AnyConnect VPN Secure Mobility Solution 295 Chapter Summary 296 Chapter Review Questions 297 Chapter 10 Wireless Security 299 Essentials First: Wireless LANs 301     What Is Wi-Fi? 302     Benefits of Wireless LANs 303     Wireless Equals Radio Frequency 303 Wireless Networking 304     Modes of Operation 305     Coverage 306     Bandwidth Availability 307 WarGames Wirelessly 307     Warchalking 308     Wardriving 309     Warspamming 311     Warspying 312 Wireless Threats 312     Sniffing to Eavesdrop and Intercept Data 313     Denial-of-Service Attacks 315     Rogue/Unauthorized Access Points 316     Misconfiguration and Bad Behavior 317         AP Deployment Guidelines 317         Wireless Security 318     Service Set Identifier (SSID) 318     Device and Access Point Association 319     Wired Equivalent Privacy (WEP) 319         WEP Limitations and Weaknesses 320     MAC Address Filtering 320 Extensible Authentication Protocol (EAP) 321     LEAP 322     EAP-TLS 322     EAP-PSK 323     EAP-TTLS 323 Essential Wireless Security 323 Essentials First: Wireless Hacking Tools 325     NetStumbler 325     Wireless Packet Sniffers 326     Aircrack-ng 327     OmniPeek 327     Wireshark 329 Chapter Summary 329 Chapter Review Questions 330 Chapter 11 Intrusion Detection and Honeypots 331 Essentials First: Intrusion Detection 333     IDS Functional Overview 335         Host Intrusion Detection System 340         Network Intrusion Detection System 341         Wireless IDS 343         Network Behavior Analysis 344 How Are Intrusions Detected? 345     Signature or Pattern Detection 346     Anomaly-Based Detection 346     Stateful Protocol Analysis 347     Combining Methods 347     Intrusion Prevention 347     IDS Products 348         Snort! 348     Limitations of IDS 350 Essentials First: Honeypots 354     Honeypot Overview 354     Honeypot Design Strategies 356     Honeypot Limitations 357 Chapter Summary 357 Chapter Review Questions 357 Chapter 12 Tools of the Trade 359 Essentials First: Vulnerability Analysis 361     Fundamental Attacks 361         IP Spoofing/Session Hijacking 362         Packet Analyzers 363         Denial of Service (DoS) Attacks 363         Other Types of Attacks 366         Back Doors 368 Security Assessments and Penetration Testing 370     Internal Vulnerability and Penetration Assessment 370         Assessment Methodology 371     External Penetration and Vulnerability Assessment 371         Assessment Methodology 372     Physical Security Assessment 373         Assessment Methodology 373     Miscellaneous Assessments 374         Assessment Providers 375 Security Scanners 375     Features and Benefits of Vulnerability Scanners 376     Freeware Security Scanners 376         Metasploit 376         NMAP 376         SAINT 377         Nessus 377         Retina Version 5.11.10 380 CORE IMPACT Pro (a Professional Penetration Testing Product) 382     In Their Own Words 383     Scan and Detection Accuracy 384     Documentation 384     Documentation and Support 386     Vulnerability Updates 386 Chapter Summary 386 Chapter Review Questions 387 Appendix A Answers to Review Questions 389   9781587204104   TOC   11/30/2011  

About the Author :
Tom Thomas, CCIE No. 9360, claims he never works because he loves what he does. When you meet him, you will agree!   Throughout his many years in the networking industry, Tom has taught thousands of people how networking works and the secrets of the life of a packet. Tom is the author or coauthor of 18 books on networking, including the acclaimed OSPF Network Design Solutions, published by Cisco Press and now in its second edition. Beyond his many books, Tom also has taught computer and networking skills through his roles as an instructor and training-course developer.   In addition to holding the Cisco Certified Internetwork Expert (CCIE) certification–the pinnacle of networking certifications–Tom holds Cisco CCNP Security, CCDA, and CCNA certifications and is a certified Cisco Systems instructor (CCSI). These certifications support his industry-proven, problem-solving skills through technical leadership with demonstrated persistence and the ability to positively assist businesses in leveraging IT resources in support of their core business. He has also completed his Master of Science degree in network architecture and is looking at a doctorate next.   Tom currently is the CIO of Qoncert, a Cisco Gold Partner in Southern Florida that has an affiliated arm known as CCPrep.com, a Cisco Learning Partner, where he provides strategic direction and a little hands-on for customers of all types.   Donald Stoddard began his career in information technology in 1998, designing networks and implementing security for schools in North Dakota and South Dakota. He then went on to design and implement Geographical Information Systems (GIS) for a firm in Denver, Colorado. While there, he earned his Bachelor of Science degree in computer information systems management from Colorado Christian University. From Colorado, he then moved south, learned the ins-and-outs of Cisco VoIP, and began working through designing and securing VoIP solutions throughout the southeast. Don holds Microsoft MCSA and Linux+ and Security+ certifications and is presently wading through the CISSP material.   Currently, Don works for the Department of the Navy as the Information Assurance Officer for one of the premier Navy research and development labs, where he provides certification and accreditation guidance for the various projects being developed for implementation and deployment.