did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781587051753

Cisco Router Firewall Security

by
  • ISBN13:

    9781587051753

  • ISBN10:

    1587051753

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2004-08-10
  • Publisher: Cisco Press
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $72.99 Save up to $7.75
  • Digital
    $65.24
    Add to Cart

    DURATION
    PRICE

Supplemental Materials

What is included with this book?

Summary

Harden Routers with Cisco IOSR Firewalls to Ensure Network Perimeter Security

Author Biography

Richard A. Deal has 18 years experience in the computing and networking industry including networking, training, systems administration, and programming. In addition to a B.S. in mathematics and computer science from Grove City College, Richard holds many certifications from Cisco, including the CCNP and CCSP(tm) certifications. For the past seven years, Richard has operated his own company, The Deal Group, Inc., in Orlando, Florida.

Table of Contents

Introduction xxxii
Part I Security Overview and Firewalls 3(106)
Chapter 1 Security Threats
5(36)
Planning for Security
6(2)
Diverse Platforms
6(1)
Security Goals
7(1)
Causes of Security Problems
8(8)
Policy Definitions
9(4)
Policies: Business and Security
9(1)
People
10(1)
Enforcement
10(1)
Change Management
11(1)
Disaster Recovery
11(2)
Computer Technologies
13(2)
Network Protocol Weaknesses
13(1)
Operating System Weaknesses
14(1)
Network Equipment Weaknesses
15(1)
Equipment Configurations
15(1)
Types of Security Threats
16(2)
External and Internal Threats
16(1)
Unstructured and Structured Threats
17(1)
Categories of Threats
18(16)
Reconnaissance Attacks
19(3)
Scanning Attacks
19(1)
Eavesdropping Attacks
20(2)
Access Attacks
22(9)
Unauthorized Access Attack
23(1)
Data-Manipulation Attack
24(1)
Session Attacks
25(4)
Virus, Trojan Horse, and Worm Attacks
29(2)
Denial of Service Attacks
31(3)
Types of DoS Attacks
31(2)
DoS Attack-Prevention Methods
33(1)
Security Solutions
34(4)
Designing a Security Solution
34(1)
The Cisco Security Wheel
35(2)
Secure Your Network
36(1)
Monitor Your Security
36(1)
Test Your Security
37(1)
Improve Your Security
37(1)
Security Checklist
37(1)
Additional Information
38(1)
Summary
38(3)
Chapter 2 Introduction to Firewalls
41(68)
Firewall Overview
41(4)
Definition of a Firewall
42(1)
Firewall Protection
43(2)
Controlling Traffic and the OSI Reference Model
45(2)
OSI Reference Model Overview
45(1)
Firewalls and the OSI Reference Model
46(1)
Firewall Categories
47(34)
Packet-Filtering Firewalls
47(6)
Filtering Actions
48(1)
Filtering Information
49(2)
Advantages of Packet-Filtering Firewalls
51(1)
Limitations of Packet-Filtering Firewalls
52(1)
Uses for Packet-Filtering Firewalls
53(1)
Stateful Firewalls
53(11)
Problems with Packet-Filtering Firewalls
54(5)
State Table
59(2)
Advantages of Stateful Firewalls
61(1)
Limitations of Stateful Firewalls
61(3)
Uses for Stateful Firewalls
64(1)
Application Gateway Firewalls
64(8)
Authentication Process
65(1)
Authentication Methods
66(1)
Application Gateway Firewall Types
67(2)
Cut-Through Proxy Firewalls
69(1)
Advantages of Application Gateway Firewalls
70(1)
Limitations of Application Gateway Firewalls
70(1)
Other Types of Application Proxy Devices
71(1)
Uses for Application Gateway Firewalls
72(1)
Address-Translation Firewalls
72(4)
Filtering Process
72(3)
Advantages of Address-Translation Firewalls
75(1)
Limitations of Address-Translation Firewalls
75(1)
Uses for Address-Translation Firewalls
76(1)
Host-Based Firewalls
76(3)
Advantages of Host-Based Firewalls
77(1)
Limitations of Host-Based Firewalls
78(1)
Uses for Host-Based Firewalls
79(1)
Hybrid Firewalls
79(1)
Firewalls and Other Services
80(1)
Firewall Design
81(21)
Design Guidelines
81(4)
Developing a Security Policy
81(1)
Designing Simple Solutions
82(1)
Using Devices Correctly
82(1)
Creating a Layered Defense
83(1)
Dealing with Internal Threats
84(1)
DMZ
85(6)
DMZ Rules and Traffic Flow
85(2)
DMZ Types
87(4)
Components
91(3)
Perimeter Router Component
91(1)
Firewall Component
92(1)
VPN Component
92(1)
IDS Component
92(2)
Component Placement
94(5)
Simple Firewall System Design
95(1)
Enhanced Firewall System Design
96(2)
Design Considerations
98(1)
Firewall Implementation
99(2)
Security Device Manager
99(2)
Implementing Firewall Features
101(1)
Firewall Administration and Management
101(1)
Cisco IOS Security
102(5)
Cisco IOS Uses
102(1)
Cisco IOS Security Features
103(2)
Cisco IOS Devices and Their Uses
105(1)
When to Use a Cisco IOS Firewall
105(2)
Summary
107(2)
Part II Managing Access to Routers 109(126)
Chapter 3 Accessing a Router
111(50)
Types of Authentication
111(6)
No Password Authentication
112(1)
Static Password Authentication
112(1)
Aging Password Authentication
113(1)
One-Time Password Authentication
114(1)
Token Card Services
115(2)
Methods of User EXEC Access
117(29)
Local Access: Console and Auxiliary
118(3)
Login Authentication Methods
119(1)
Login Connection Timeouts
120(1)
Remote Access
121(25)
VTY (Telnet)
121(2)
Secure Shell
123(4)
Web Browser
127(3)
HTTP with SSL
130(9)
SNMP
139(7)
Privileged EXEC Access
146(6)
Passwords
146(1)
Privilege Levels
146(6)
Restricting Levels
146(3)
Password Levels
149(1)
Local Authentication Database
150(2)
Other Access Items
152(4)
Encrypting Passwords
152(1)
Banners
153(8)
Banner Guidelines
153(1)
Banner Configuration
154(2)
Example Configuration
156(3)
Summary
159(2)
Chapter 4 Disabling Unnecessary Services
161(40)
Disabling Global Services
161(12)
Cisco Discovery Protocol
162(1)
TCP and UDP Small Servers
163(1)
Finger
164(1)
IdentD
165(1)
IP Source Routing
166(1)
FTP and TFTP
167(1)
HTTP
167(1)
SNMP
168(1)
Name Resolution
169(1)
BootP
170(1)
DHCP
171(1)
PAD
172(1)
Configuration Autoloading
172(1)
Disabling Interface Services
173(10)
CDP on Insecure Interfaces
173(1)
Proxy ARP
174(2)
Directed Broadcasts
176(1)
ICMP Messages
177(4)
ICMP Unreachables
177(1)
ICMP Redirects
178(2)
ICMP Mask Replies
180(1)
Maintenance Operation Protocol
181(1)
VTYs
181(1)
Unused Interfaces
182(1)
Manual Configuration Example of Disabling Services on a Perimeter Router
183(1)
AutoSecure
184(15)
Securing Planes
185(2)
The Management Plane
185(1)
The Forwarding Plane
186(1)
AutoSecure Configuration
187(14)
Starting up AutoSecure
187(1)
Going Through a Sample Script
188(10)
Verifying AutoSecure's Configuration
198(1)
Using Additional Commands
198(1)
Summary
199(2)
Chapter 5 Authentication, Authorization, and Accounting
201(34)
AAA Overview
201(12)
AAA Functions
202(1)
Enabling AAA
202(1)
Security Protocols
203(10)
TACACS+
203(2)
RADIUS
205(3)
Server Groupings
208(1)
Troubleshooting TACACS+ and RADIUS
209(2)
Server Protocol Example Configuration
211(1)
Comparison of TACACS+ and RADIUS
212(1)
Authentication
213(8)
Methods of Authentication
213(3)
Authentication Configuration
216(3)
User EXEC Authentication
216(1)
Privileged EXEC Authentication
217(1)
Username and Password Prompts
218(1)
Login Banners
218(1)
Login Attempts
219(1)
Authentication Troubleshooting
219(1)
Authentication Example
220(1)
Authorization
221(5)
Methods of Authorization
222(1)
Authorization Configuration
222(2)
Executing Commands
223(1)
Executing Configuration Commands
224(1)
Authorization Troubleshooting
224(1)
Authorization Example
225(1)
Accounting
226(5)
Methods of Accounting
226(1)
Accounting Configuration
227(3)
Enabling Accounting
227(2)
Suppressing Null Username Records
229(1)
Enabling Broadcast Accounting
229(1)
Accounting Troubleshooting
230(1)
Accounting Example
230(1)
Secure Copy
231(2)
Preparation for SCP
231(1)
SCP Configuration
232(1)
SCP Troubleshooting
232(1)
SCP Example
232(1)
Summary
233(2)
Part III Nonstateful Filtering Technologies 235(114)
Chapter 6 Access List Introduction
237(22)
Access List Overview
237(12)
ACLs and Filtering
238(1)
Simple ACL Example
238(1)
Types of ACLs
239(2)
Processing ACLs
241(8)
Conditions
241(1)
Matches on Conditions
241(1)
ACL Flowchart
242(1)
Statement Order in ACLs
243(3)
ACL Rules and Restrictions
246(1)
Placement of ACLs
247(2)
Basic ACL Configuration
249(5)
Creating ACLs
250(1)
Activating ACLs
251(1)
Editing ACLs
252(2)
Wildcard Masks
254(3)
Converting a Subnet Mask to a Wildcard Mask
254(2)
Wildcard Mask Mistakes
256(1)
Summary
257(2)
Chapter 7 Basic Access Lists
259(90)
Types of ACLs
259(30)
Standard ACLs
260(4)
Numbered Standard ACLs
261(1)
Named Standard ACLs
262(1)
Standard ACL Examples
263(1)
Extended ACLs
264(14)
Numbered Extended ACLs
264(9)
Named Extended ACLs
273(1)
Extended ACL Examples
273(5)
ACL Verification
278(2)
Fragments and Extended ACLs
280(5)
Fragmentation Process
280(1)
Fragmentation and Filtering Issues
281(1)
Filtering Fragments
282(1)
Fragment Filtering Example
283(2)
Timed ACLs
285(4)
Creating Time Ranges
285(2)
Activating Time Ranges
287(1)
Using Distributed Timed ACLs
287(1)
Example of Timed ACL
288(1)
Additional ACL Features
289(12)
ACL Remarks
290(1)
Logging Updates
291(1)
IP Accounting and ACLs
292(3)
Configuration of Accounting
292(1)
Restriction of Accounting Information
293(2)
Turbo ACLs
295(1)
Sequenced ACLs
296(5)
ACLs and Sequencing
297(1)
Resequencing ACLs
298(1)
Deleting an Entry in a Sequenced ACL
299(1)
Inserting an Entry in a Sequenced ACL
299(2)
Protection Against Attacks
301(31)
Bogon Blocking and Spoofing
301(6)
Ingress Filtering
302(3)
Egress Filtering
305(2)
DoS and Distributed DoS Attacks
307(7)
TCP SYN Floods
307(1)
Smurf and Fraggle Attacks
308(6)
Simple Reconnaissance Attacks
314(3)
Ingress Filtering of ICMP Traffic
314(1)
Egress Filtering of ICMP Traffic
315(1)
Traceroute
316(1)
Distributed DoS Attacks
317(8)
DDoS Components
317(1)
DDoS Process
317(2)
The Five Main DDoS Attacks
319(6)
Trojan Horses
325(2)
Trojan Horse ACLs
325(2)
Other Prevention Methods
327(1)
Worms
327(5)
Solutions to Worm Problems
328(1)
SQL Slammer Worm
328(2)
Deloder Worm
330(1)
The Microsoft RPC Service and Worms
330(2)
Blocking Unnecessary Services
332(15)
An Uphill Battle
332(1)
Instant-Messenger Products
333(5)
AOL Instant Messenger
333(1)
ICQ
334(1)
Microsoft MSN Messenger
335(1)
Yahoo! Messenger
336(2)
Apple iChat
338(1)
File Sharing: Peer-to-Peer Products
338(13)
Prevention and Detection
339(1)
Napster
340(1)
Kazaa and Morpheus
341(1)
Gnutella
343(1)
IMesh
343(1)
WinMX
344(1)
AudioGalaxy
345(1)
eDonkey2000
346(1)
Summary
347(2)
Part IV Stateful and Advanced Filtering Technologies 349(122)
Chapter 8 Reflexive Access Lists
351(30)
Overview of Reflexive ACLs
351(14)
Extended Versus Reflexive ACLs
352(5)
How Extended ACLs Handle Returning ICMP Traffic
352(1)
How Extended ACLs Handle Returning UDP Traffic
353(1)
How Extended ACLs Handle Returning TCP Traffic
354(1)
How RACLs Handle Returning Traffic
355(2)
Reflexive ACLs in Action
357(4)
Steps in Processing Traffic
357(1)
Traffic Leaving the Network
358(1)
Building the RACL
358(1)
Traffic Returning to the Network
359(1)
Removing RACL Entries
360(1)
Limitations of Reflexive ACLs
361(4)
Stateful Issues
362(1)
Application Issues
362(3)
Configuring Reflexive ACLs
365(9)
Interface Selection
365(3)
Two-Interface Example
365(1)
Three-Interface Example
366(2)
Configuration Commands
368(6)
Building the RACL
368(3)
Referencing the RACL
371(1)
ACL Activation
372(1)
Optional Commands
373(1)
RACL Verification
373(1)
Reflexive ACL Examples
374(5)
Simple RACL Example
374(1)
Two-Interface RACL Example
375(1)
Three-Interface RACL Example
375(4)
Summary
379(2)
Chapter 9 Context-Based Access Control
381(44)
Cisco IOS Firewall Features
381(1)
CBAC Functions
382(1)
Filtering Traffic
382(1)
Inspecting Traffic
383(1)
Detecting Intrusions
383(1)
Generating Alerts and Audits
383(1)
Operation of CBAC
383(7)
Basic Operation
384(1)
CBAC Enhancements over RACLs
385(1)
TCP Traffic
385(1)
UDP Traffic
386(1)
ICMP Traffic
386(1)
Extra Connections
387(3)
Embedded Addressing Information
387(2)
Application Inspection
389(1)
DoS Detection and Prevention
389(1)
Supported Protocols for CBAC
390(5)
RTSP Applications
390(2)
H.323 Applications
392(1)
Skinny Support
393(1)
SIP Support
394(1)
CBAC Performance
395(2)
Throughput Improvement Feature
396(1)
Connections Per Second Improvement Feature
396(1)
CPU Utilization Improvement Feature
397(1)
CBAC Limitations
397(1)
CBAC Configuration
398(17)
Step 1: Interface Selection
399(1)
Step 2: ACL Configuration
399(1)
Step 3: Global Timeouts
400(1)
Step 4: Port Application Mapping
401(4)
PAM Table
402(1)
PAM Configuration
403(1)
PAM Verification
404(1)
PAM Examples
404(1)
Step 5: Inspection Rules
405(5)
Inspection Rule Components
405(1)
Generic TCP and UDP Inspection
406(1)
ICMP Inspection
407(1)
HTTP Inspection
407(1)
RPC Inspection
408(1)
SMTP Inspection
408(1)
Fragment Inspection
409(1)
Skinny Inspection
409(1)
Step 6: Inspection Activation
410(1)
Step 7: Troubleshooting CBAC
410(5)
show commands
411(2)
debug commands
413(1)
Alerts and Audits
414(1)
CBAC Removal
415(1)
CBAC Examples
415(8)
Simple Example
415(2)
Two-Interface CBAC Example
417(1)
Three-Interface CBAC Example
418(5)
Summary
423(2)
Chapter 10 Filtering Web and Application Traffic
425(46)
Java Applets
425(3)
Java Inspection
425(1)
Java Blocking
426(1)
Java Blocking Example
426(2)
URL Filtering
428(16)
Operation of URL Filtering
429(1)
Advantages and Limitations of URL Filtering
430(2)
Advantages of URL Filtering
430(1)
Restrictions of URL Filtering
431(1)
URL Filtering Implementation
432(7)
Content Server Location
432(1)
URL Filtering Setup
433(6)
URL Filtering Verification
439(3)
show Commands
440(2)
debug Commands
442(1)
URL Filtering Example
442(2)
Network-Based Application Recognition
444(25)
Components of QoS
444(1)
NBAR and Classification
445(6)
Classification Process
445(2)
NBAR and Traffic Filtering
447(1)
Supported Protocols and Applications
447(4)
NBAR Restrictions and Limitations
451(1)
Basic NBAR Configuration
451(9)
Step 1: Enable CEF
452(1)
Step 2: Specify Nonstandard Ports
452(2)
Step 3: Classify Traffic
454(3)
Step 4: Download PDLMs
457(1)
Step 5: Define a Traffic Policy
458(1)
Step 6: Activate the Traffic Policy
459(1)
Step 7: Filter Marked Traffic
459(1)
NBAR Verification
460(3)
Class Maps
460(1)
Policy Maps
460(2)
Traffic Flow and NBAR
462(1)
NBAR Examples
463(10)
NBAR and Code Red
463(3)
NBAR and Nimda
466(1)
NBAR and P2P Programs
467(2)
Summary
469(2)
Part V Address Translation and Firewalls 471(78)
Chapter 11 Address Translation
473(36)
Address Translation Overview
473(3)
Private Addresses
473(1)
Address Translation
474(2)
Advantages of Address Translation
475(1)
Disadvantages of Address Translation
475(1)
How Address Translation Works
476(8)
Terms Used in Address Translation
476(1)
Performing Address Translation
477(6)
Network Address Translation
477(2)
Overlapping Addresses
479(1)
Address Overloading
480(2)
Traffic Distribution and Load Balancing
482(1)
Limitations of Address Translation
483(1)
Address Translation Configuration
484(21)
Configuration of NAT
484(5)
Static NAT
485(2)
Dynamic NAT
487(2)
Configuration of PAT
489(2)
Configuration of Port Address Redirection
491(2)
Dealing with Overlapping Addresses
493(4)
Static Translation
494(2)
Dynamic Translation
496(1)
Configuration of Traffic Distribution
497(2)
Configuration of Translation Limits
499(2)
Setting Connection Limits
500(1)
Setting Timeout Limits
500(1)
Verifying and Troubleshooting Address Translation
501(8)
show Commands
501(2)
clear Commands
503(1)
debug ip nat Command
504(1)
NAT and CBAC Example
505(2)
Summary
507(2)
Chapter 12 Address Translation Issues
509(40)
Embedded Addressing Information
509(5)
Problem with Embedding Addressing information
510(1)
Supported Protocols and Applications
511(1)
Nonstandard Port Numbers
512(2)
IP NAT Service Configuration
513(1)
P NAT Service Example
513(1)
Controlling Address Translation
514(7)
Using ACLs
514(1)
Using Route Maps: Dynamic Translations
515(5)
Problems with ACLs and Address Translation
516(1)
Route Map Configuration
517(3)
Using Route Maps: Static Translations
520(1)
Address Translation and Redundancy
521(14)
Static NAT Redundancy with HSRP
522(4)
HSRP Redundancy Process
522(2)
HSRP Redundancy Configuration
524(1)
HSRP Redundancy Example
525(1)
Stateful Address Translation Failover
526(9)
Stateful Failover Features and Restrictions
526(1)
SNAT with HSRP
527(4)
SNAT Without HSRP
531(3)
SNAT Verification
534(1)
Traffic Distribution with Server Load Balancing
535(11)
SLB Process
536(4)
Load-Balancing Algorithms
538(2)
SLB Advantages and Limitations
540(1)
SLB Configuration
540(4)
Required SLB Commands
541(1)
Optional SLB Commands
542(2)
SLB Verification
544(1)
SLB Example
545(1)
Summary
546(3)
Part VI Managing Access Through Routers 549(84)
Chapter 13 Lock-and-Key Access Lists
551(16)
Lock-and-Key Overview
551(3)
Lock-and-Key and Normal ACLs
551(1)
When to Use Lock-and-Key
552(1)
Lock-and-Key Benefits
552(1)
Lock-and-Key Process
553(1)
Lock-and-Key Configuration
554(9)
Configuration Steps
555(5)
Step 1: Create Your Extended ACL
555(3)
Step 2: Define Your Authentication Method
558(1)
Step 3: Enable Lock-and-Key Authentication
559(1)
Allowing Remote Administration Access
560(2)
Telnet Solution
560(1)
SSH Solution
561(1)
Local Database Solution
562(1)
Verification and Troubleshooting
562(1)
Lock-and-Key Example
563(2)
Summary
565(2)
Chapter 14 Authentication Proxy
567(30)
Introduction to AP
567(8)
AP Features
568(1)
AP Process
569(4)
AP Process Example
570(2)
AP Authentication and JavaScript
572(1)
AP Usage
573(1)
When to Use AP
573(1)
Where to Use AP
573(1)
Limitations of AP
574(1)
AP Configuration
575(9)
Configuring AAA on Your Router
576(1)
Configuring AAA on Your Server
576(3)
AP Service
577(1)
User Authorization Profiles
578(1)
Preparing for HTTP or HTTPS
579(1)
HTTP Configuration Tasks
579(1)
Configuration Tasks for HTTPS
579(1)
Configuring AP Policies
580(2)
AP Policy Definitions
580(1)
AP Policy Activation
581(1)
Tuning AP
582(1)
Protecting Against Access Attacks
583(1)
Verifying and Troubleshooting AP
584(3)
show Commands
584(2)
clear Commands
586(1)
debug Commands
587(1)
AP Examples
587(8)
Simple AP Example
587(3)
Complex AP Example: CBAC and NAT
590(5)
Summary
595(2)
Chapter 15 Routing Protocol Protection
597(36)
Static and Black Hole Routing
597(7)
Static Routes
597(1)
Null Routes
598(3)
Policy-Based Routing
601(3)
Interior Gateway Protocol Security
604(13)
Authentication
604(2)
Supported Routing Protocols
605(1)
Authentication Process
605(1)
RIPv2
606(2)
EIGRP
608(1)
OSPF
608(1)
IS-IS
609(3)
Group 1 Steps: Authentication Keys
610(1)
Group 2 Steps: IS-IS Authentication
610(1)
Group 3 Steps: Using Authentication
610(1)
IS-IS Authentication Example
611(1)
Other Tools
612(2)
Passive Interfaces
612(1)
ACL Filters
613(1)
HSRP
614(3)
BGP Security
617(8)
Authentication
617(1)
Route Flap Dampening
618(2)
BGP Routing Example
620(5)
Reverse-Path Forwarding (Unicast Traffic)
625(6)
RPF Process
625(2)
ACL Enhancements
626(1)
Statistics
627(1)
RPF Usage
627(1)
RPF Limitations
628(1)
RPF Configuration
629(1)
RPF Verification
630(1)
Unicast RPF Example
631(1)
Summary
631(2)
Part VII Detecting and Preventing Attacks 633(112)
Chapter 16 Intrusion-Detection System
635(26)
IDS Introduction
635(7)
IDS Implementations
635(2)
Profiles
636(1)
Signatures
636(1)
Complications with IDS Systems
637(1)
IDS Solutions
637(3)
Network-Based Solutions
638(1)
Host-Based Solutions
639(1)
Host-Based Versus Network-Based
640(1)
IDS Concerns
640(2)
Installed Components
640(1)
Detecting Intrusions
641(1)
Responding to Intrusions
641(1)
IDS Signatures
642(2)
Signature Implementations
642(1)
Signature Structures
642(1)
Basic Classification
643(1)
Cisco Signature Categories
643(1)
Cisco Router IDS Solution
644(8)
Signature Support
644(7)
Router IDS Process
651(1)
Memory and Performance Issues
652(1)
IDS Configuration
652(6)
Step 1: Initialization Configuration
652(1)
Step 2: Logging and PostOffice Configuration
653(1)
Step 3: Audit Rule Configuration and Activation
654(3)
Global Policies
655(1)
Specific Policies
655(1)
Signature Policies
655(1)
Protection Policies
656(1)
Policy Activation
656(1)
IDS Verification
657(1)
IDS Example
658(1)
Summary
659(2)
Chapter 17 DoS Protection
661(44)
Detecting DoS Attacks
661(17)
Common Attacks
661(1)
Symptoms of Attacks
662(1)
Examining CPU Utilization to Detect DoS Attacks
663(2)
Using ACLs to Detect DoS Attacks
665(7)
ACL Counters
665(1)
Specific ACL Entries
666(2)
ACL Logging
668(1)
Smurf Example
668(2)
Damage Limitations
670(1)
Finding the Attacker
670(2)
Using NetFlow to Detect DoS Attacks
672(7)
NetFlow Overview
672(1)
NetFlow Configuration
673(1)
Examining and Clearing NetFlow Statistics
673(2)
NetFlow and DoS Attacks
675(3)
CEF Switching
678(1)
TCP Intercept
679(8)
TCP SYN Flood Attacks
679(1)
TCP Intercept Modes
679(2)
Intercept Mode
680(1)
Watch Mode
681(1)
TCP Intercept Configuration and Verification
681(5)
Enabling TCP Intercept
681(1)
Defining the Mode
682(1)
Changing the Timers
682(1)
Changing the Thresholds
683(1)
Changing the Drop Method
684(1)
Verifying Your Configuration
684(2)
TCP Intercept Example
686(1)
CBAC and DoS Attacks
687(5)
Timeouts and Thresholds
687(3)
Setting Connection Timeouts
688(1)
Setting Connection Thresholds
688(2)
CBAC DoS Prevention Verification
690(1)
CBAC Example Configuration
690(2)
Rate Limiting
692(11)
ICMP Rate Limiting
692(2)
Using Other Solutions
692(1)
Using the ICMP Rate-Limiting Feature
693(1)
CAR
694(6)
CAR Configuration
694(2)
Verifying CAR
696(1)
Rate Limiting for ICMP and Smurf Attacks
697(1)
Rate Limiting for TCP SYN and Other TCP Floods
698(1)
How to Choose a Rate Limit
698(1)
Rate Limiting for W32.Blaster Worm
699(1)
NBAR
700(5)
Smurf Example
700(2)
W32.Blaster Worm Example
702(1)
Summary
703(2)
Chapter 18 Logging Events
705(40)
Basic Logging
705(13)
Log Message Format
706(1)
Basic Logging Configuration
706(2)
Enabling Logging
706(1)
Configuring Synchronous Logging
706(2)
Logging Destinations
708(5)
Severity Levels
708(1)
Line Logging
709(1)
Internal Buffer Logging
710(1)
Syslog Server Logging
710(3)
SNMP Logging
713(1)
Other Logging Commands
713(3)
Date and Time Stamps
714(1)
Sequence Numbers
714(1)
Rate Limits
715(1)
Logging Verification
716(2)
show logging Command
716(1)
show logging history Command
717(1)
Logging and Error Counts
718(1)
Time and Date and the Cisco IOS
718(14)
Router Time Sources
719(1)
Hardware Clock
719(1)
Software Clock
719(1)
Manual Time and Date Configuration
720(2)
Time Zone
720(1)
Daylight Saving Time
720(1)
Software Clock Settings
721(1)
Hardware Clock Settings
722(1)
Network Time Protocol Overview
722(1)
Time Distribution
722(1)
Simple Network Time Protocol
723(1)
Router Client Configuration for NTP
723(2)
Poll-Based Configuration
724(1)
Broadcast-Based Configuration
725(1)
SNTP Configuration
725(1)
Router Server Configuration for NTP
725(2)
Distributing Timing Information
726(1)
Configuring an External Clock
726(1)
Setting Up the NTP Server
727(1)
NTP Security
727(2)
Access Groups
728(1)
Authentication
728(1)
Other NTP Commands
729(1)
NTP Verification
730(1)
NTP Commands
730(1)
SNTP Command
731(1)
NTP Configuration Example
731(1)
Embedded Syslog Manager
732(8)
ESM Overview
733(1)
ESM Filter Modules
733(5)
Input Process
734(2)
Filtering Process
736(1)
Example Filter Modules
737(1)
Introduction to ESM Setup and Configuration
738(2)
Specifying Filter Modules
739(1)
Using Filter Modules
739(1)
Verifying Your ESM Configuration
740(1)
Additional Logging Information
740(3)
What to Look For
741(1)
Additional Tools
741(6)
Rotating Syslog Log Files
741(1)
Examining Log File Contents
742(1)
Summary
743(2)
Part VIII Virtual Private Networks 745(62)
Chapter 19 IPSec Site-to-Site Connections
747(38)
IPSec Preparation
747(3)
Basic Tasks
747(2)
External ACL
749(1)
IKE Phase 1: Management Connection
750(3)
Enabling ISAKMP/IKE
750(1)
Defining IKE Phase 1 Policies
751(2)
Policy Commands
751(2)
Policy Verification
753(1)
IKE Phase 1 Peer Authentication
753(13)
Identity Type
754(1)
Authentication with Preshared Keys
754(1)
Authentication with RSA Encrypted Nonces
755(2)
RSA Manual Key Generation
755(1)
Peer Key Configuration
756(1)
Authentication with Certificates
757(9)
Certificates and CAs
757(1)
Simple Certificate Enrollment Protocol
758(1)
Certificate Revocation List
759(1)
Certificate Enrollment and Configuration Process
759(6)
Removing Your Router's Certificate
765(1)
Removing Your Router's RSA Keys
765(1)
IKE Phase 2: Data Connection
766(9)
Step 1: Building a Crypto ACL
766(1)
Step 2: Creating a Transform Set
767(3)
Transform Set Protection Parameters
767(1)
Transform Set Connection Modes
768(1)
Transform Set Verification
769(1)
Step 3: Creating a Crypto Map
770(3)
Crypto Map Rules
770(1)
Crypto Map Types
771(1)
Static Crypto Map Entries
771(1)
Entry Commands
772(1)
Step 4: Activating a Crypto Map
773(1)
Step 5: Verifying a Crypto Map Configuration
774(1)
IPSec Connection Troubleshooting
775(5)
Examining SAs
775(3)
Using debug Commands
778(2)
Clearing Connections
780(1)
L2L Example
780(3)
Summary
783(2)
Chapter 20 IPSec Remote-Access Connections
785(22)
Remote Access Overview
785(4)
EasyVPN Introduction
786(1)
EasyVPN IPSec Support
787(1)
EasyVPN Features
787(2)
IPSec Remote-Access Connection Process
789(4)
Step 1: The EVC Initiates an IPSec Connection
789(1)
Step 2: The EVC Sends the IKE Phase 1 Policies
790(1)
Step 3: The EVS Accepts an IKE Phase 1 Policy
790(1)
Step 4: The EVS Authenticates the User
790(1)
Step 5: The EVS Performs IKE Mode Config
791(1)
Step 6: The EVS Handles Routing with RRI
791(2)
Step 7: The IPSec Devices Build the Data Connections
793(1)
IPSec Remote-Access EVS Setup
793(9)
Configuration Process
793(1)
Task 1: Authentication Policies
793(1)
Task 2: Group Policies
794(3)
Task 3: IKE Phase 1 Policies
797(1)
Task 4: Dynamic Crypto Maps
798(3)
Overview of Dynamic Crypto Maps
798(1)
Creating a Dynamic Crypto Map
799(1)
Using a Dynamic Crypto Map
800(1)
Verifying a Dynamic Crypto Map
800(1)
Task 5: Static Crypto Map
801(1)
Task 6: Remote-Access Verification
802(1)
IPSec Remote Access Example
802(3)
Summary
805(2)
Part IX Case Study 807(38)
Chapter 21 Case Study
809(36)
Company Profile
809(3)
Corporate Office
809(3)
Perimeter Router
809(2)
Internal Router
811(1)
Branch Office
812(1)
Remote-Access Users
812(1)
Proposal
812(1)
Case Study Configuration
813(29)
Basic Configuration
813(2)
Unnecessary Services and SSH
815(2)
AAA
817(3)
Access Control Lists
820(5)
CBAC and Web Filtering
825(2)
Address Translation
827(3)
Routing
830(2)
Intrusion-Detection System
832(1)
Connection Attacks and CBAC
832(1)
Rate Limiting
833(2)
NTP and Syslog
835(1)
Site-to-Site VPN
836(3)
Remote-Access VPNs
839(3)
Summary
842(3)
Index 845

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program