New business practices and opportunities are driving a multitude of changes in all areas of enterprise networks, and as such, enterprise security is becoming more and more prevalent as enterprises try to understand and manage the risks associated with the rapid development of business applications deployed over the enterprise network. This coupled with the exponential growth of the Internet has presented a daunting security problem to most enterprises: How does the enterprise implement and update security defenses and practices in an attempt to reduce its vulnerability to exposure from security breaches?
In this book, I will attempt to bridge the gap between the theory and practice of network security and place much of its emphasis on securing the enterprise infrastructure, but first let me emphasize that there is no such thing as absolute security. The statement that a network is secure, is more often than not, misunderstood to mean that there is no possibility of a security breach. However, as you will see throughout this book, having a secure network means that the proper security mechanisms have been put in place in an attempt to reduce most of the risks enterprise assets are exposed to. I
have tried to include enough detail on the theories and protocols for reasonable comprehension so that the networking professional can make informed choices regarding security technologies.
Although the focus of this book is on the Cisco product offering, the principles apply to many other environments as well.
Introduction........................................................................................................................................4
Is this Book for You?................................................................................................................4
How to Use this Book...............................................................................................................4
The Little Black Book Philosophy.............................................................................................6
Chapter 1: Securing the Infrastructure............................................................................................7
In Brief......................................................................................................................................7
Enterprise Security Problems.............................................................................................7
Types of Threats................................................................................................................8
Enterprise Security Challenges..........................................................................................8
Enterprise Security Policy..................................................................................................9
Securing the Enterprise....................................................................................................10
Immediate Solutions..............................................................................................................14
Configuring Console Security...........................................................................................14
Configuring Telnet Security..............................................................................................16
Configuring Enable Mode Security...................................................................................17
Disabling Password Recovery.........................................................................................18
Configuring Privilege Levels for Users.............................................................................20
Configuring Password Encryption....................................................................................21
Configuring Banner Messages.........................................................................................22
Configuring SNMP Security.............................................................................................24
Configuring RIP Authentication........................................................................................25
Configuring EIGRP Authentication...................................................................................27
Configuring OSPF Authentication....................................................................................31
Configuring Route Filters.................................................................................................35
Suppressing Route Advertisements.................................................................................40
Chapter 2: AAA Security Technologies.........................................................................................43
In Brief....................................................................................................................................43
Access Control Security...................................................................................................43
AAA Protocols..................................................................................................................48
Cisco Secure Access Control Server...............................................................................53
Immediate Solutions..............................................................................................................56
Configuring TACACS+ Globally.......................................................................................56
Configuring TACACS+ Individually..................................................................................58
Configuring RADIUS Globally..........................................................................................61
Configuring RADIUS Individually.....................................................................................62
Configuring Authentication...............................................................................................64
Configuring Authorization.................................................................................................72
Configuring Accounting....................................................................................................75
Installing and Configuring Cisco Secure NT....................................................................78
Chapter 3: Perimeter Router Security............................................................................................85
In Brief....................................................................................................................................85
Defining Networks............................................................................................................85
Cisco Express Forwarding...............................................................................................86
Unicast Reverse Path Forwarding...................................................................................87
TCP Intercept...................................................................................................................87
Chapter 3: Perimeter Router Security
Network Address Translation...........................................................................................89
Committed Access Rate...................................................................................................90
Logging............................................................................................................................92
Immediate Solutions..............................................................................................................93
Configuring Cisco Express Forwarding............................................................................93
Configuring Unicast Reverse Path Forwarding................................................................95
Configuring TCP Intercept................................................................................................98
Configuring Network Address Translation (NAT)...........................................................103
Configuring Committed Access Rate (CAR)..................................................................116
Configuring Logging.......................................................................................................119
Chapter 4: IOS Firewall Feature Set.............................................................................................123
In Brief..................................................................................................................................123
Context−Based Access Control.....................................................................................123
Port Application Mapping...............................................................................................127
IOS Firewall Intrusion Detection.....................................................................................129
Immediate Solutions............................................................................................................131
Configuring Context−Based Access Control..................................................................131
Configuring Port Application Mapping............................................................................143
Configuring IOS Firewall Intrusion Detection.................................................................149
Chapter 5: Cisco Encryption Technology...................................................................................156
In Brief..................................................................................................................................156
Cryptography..................................................................................................................156
Benefits of Encryption....................................................................................................160
Symmetric and Asymmetric Key Encryption..................................................................160
Digital Signature Standard.............................................................................................166
Cisco Encryption Technology Overview.........................................................................167
Immediate Solutions............................................................................................................168
Configuring Cisco Encryption Technology.....................................................................168
Chapter 6: Internet Protocol Security..........................................................................................189
In Brief..................................................................................................................................189
IPSec Packet Types.......................................................................................................190
IPSec Modes of Operation.............................................................................................191
Key Management...........................................................................................................193
Encryption......................................................................................................................196
IPSec Implementations..................................................................................................197
Immediate Solutions............................................................................................................197
Configuring IPSec Using Pre−Shared Keys...................................................................198
Configuring IPSec Using Manual Keys..........................................................................214
Configuring Tunnel EndPoint Discovery........................................................................224
Chapter 7: Additional Access List Features...............................................................................231
In Brief..................................................................................................................................231
Wildcard Masks..............................................................................................................233
Standard Access Lists....................................................................................................234
Extended Access Lists...................................................................................................234
Reflexive Access Lists...................................................................................................235
Chapter 7: Additional Access List Features
Dynamic Access Lists....................................................................................................236
Additional Access List Features.....................................................................................238
Immediate Solutions............................................................................................................239
Configuring Standard IP Access Lists............................................................................239
Configuring Extended IP Access Lists...........................................................................242
Configuring Extended TCP Access Lists.......................................................................247
Configuring Named Access Lists...................................................................................250
Configuring Commented Access Lists...........................................................................252
Configuring Dynamic Access Lists.................................................................................254
Configuring Reflexive Access Lists................................................................................260
Configuring Time−Based Access Lists..........................................................................263
Appendix A: IOS Firewall IDS Signature List..............................................................................266
Appendix B: Securing Ethernet Switches...................................................................................272
Configuring Management Access........................................................................................272
Configuring Port Security.....................................................................................................273
Configuring Permit Lists.......................................................................................................275
Configuring AAA Support.....................................................................................................276
List of Figures................................................................................................................................281
List of Tables..................................................................................................................................283
List of Listings...............................................................................................................................284
Hosting: Drive (Descarga Directa Para Desktop y Mobile)
Archivo: Pdf
Idioma: Ingles
Peso: (2,69 MB)
