What is included with this book?
Omar Santos is a senior network security engineer and Incident Manager within the Product Security Incident Response Team (PSIRT) at Cisco. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the United States Marine Corps (USMC) and the U.S. Department of Defense (DoD). He is also the author of many Cisco online technical documents and configuration guidelines. Before his current role, Omar was a technical leader within the World Wide Security Practice and Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. He is an active member of the InfraGard organization. InfraGard is a cooperative undertaking that involves the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants. InfraGard is dedicated to increasing the security of the critical infrastructures of the United States of America. Omar has also delivered numerous technical presentations to Cisco customers and partners, as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of the Cisco Press books:Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting, and Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance.
Foreword | p. xix |
Introduction | p. xx |
Introduction to Network Security Solutions | p. 3 |
p. 5 | |
Firewalls | p. 5 |
Network Firewalls | p. 6 |
Network Address Translation (NAT) | p. 7 |
Stateful Firewalls | p. 9 |
Deep Packet Inspection | p. 10 |
Demilitarized Zones | p. 10 |
Personal Firewalls | p. 11 |
Virtual Private Networks (VPN) | p. 12 |
Technical Overview of IPsec | p. 14 |
Phase 1 | p. 14 |
Phase 2 | p. 16 |
SSL VPNs | p. 18 |
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) | p. 19 |
Pattern Matching | p. 20 |
Protocol Analysis | p. 21 |
Heuristic-Based Analysis | p. 21 |
Anomaly-Based Analysis | p. 21 |
Anomaly Detection Systems | p. 22 |
Authentication, Authorization, and Accounting (AAA) and Identity Management | p. 23 |
RADIUS | p. 23 |
TACACS+ | p. 25 |
Identity Management Concepts | p. 26 |
Network Admission Control | p. 27 |
NAC Appliance | p. 27 |
NAC Framework | p. 33 |
Routing Mechanisms as Security Tools | p. 36 |
Summary | p. 39 |
Security Lifestyle: Frameworks and Methodologies | p. 41 |
Preparation Phase | p. 43 |
Risk Analysis | p. 43 |
Threat Modeling | p. 44 |
Penetration Testing | p. 46 |
Social Engineering | p. 49 |
Security Intelligence | p. 50 |
Common Vulnerability Scoring System | p. 50 |
Base Metrics | p. 51 |
Temporal Metrics | p. 51 |
Environmental Metrics | p. 52 |
Creating a Computer Security Incident Response Team (CSIRT) | p. 52 |
Who Should Be Part of the CSIRT? | p. 53 |
Incident Response Collaborative Teams | p. 54 |
Tasks and Responsibilities of the CSIRT | p. 54 |
Building Strong Security Policies | p. 54 |
Infrastructure Protection | p. 57 |
Strong Device Access Control | p. 59 |
SSH Versus Telnet | p. 59 |
Local Password Management | p. 61 |
Configuring Authentication Banners | p. 62 |
Interactive Access Control | p. 62 |
Role-Based Command-Line Interface (CLI) Access in Cisco IOS | p. 64 |
Controlling SNMP Access | p. 66 |
Securing Routing Protocols | p. 66 |
Configuring Static Routing Peers | p. 68 |
Authentication | p. 68 |
Route Filtering | p. 69 |
Time-to-Live (TTL) Security Check | p. 70 |
Disabling Unnecessary Services on Network Components | p. 70 |
Cisco Discovery Protocol (CDP) | p. 71 |
Finger | p. 72 |
Table of Contents provided by Publisher. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.