Gives students a realistic understanding of how network security concepts and tools work together in real networks and organizations.
Helps students understand all stages of the security project lifecycle, and succeed regardless of the phase or task they are given responsibility for.
Teaches students how to improve security in organizational environments with ubiquitous connections to the Internet.
Gives students expertise that is in increasingly high demand, as wireless networks spread rapidly throughout organizations and businesses.
In-depth coverage of access control—Systematically reviews techniques for controlling access via authentication, authorization, and accounting.
Ensure that students know how to provide the basic access control that every secure network is built upon.
Reflects the reality that attacks will be launched against virtually every server or organization, and gives students realistic, practical techniques for responding.
Helps students address one of today's most common security challenges: reliable, secure remote access.
Enterprise security for real netadmins in the real worldThis book shows how to secure an enterprise network in the real world--when you're on the front lines, constantly under attack, and you don't always get the support you need. Symantec security engineer and former UUNet network architect Allan Liska addresses every facet of network security, from risk profiling through access control, Web/email security through day-to-day monitoring. He systematically identifies today's most widespread security mistakes and vulnerabilities--and offers realistic solutions you can begin implementing right away.Coverage Includes:
Liska integrates these techniques in an end-to-end case study, showing you how to redesign an insecure enterprise network for maximum security--one step at a time.
1. Defining the Scope.
What is Network Security? What Types of Network Security Are Important? What Is the Cost of Lax Security Policies? Where Is the Network Vulnerable? The Network. Summary.
Choosing a Security Mode. OCTAVE. Build Asset-Based Threat Profiles. Identify Infrastructure Vulnerabilities. Evaluate Security Strategy and Plans. Summary.
Sniffing and Port Scanning. Exploits. Spoofing. Distributed Denial of Service Attacks. Viruses and Worms. Summary.
The Router on the Network. The Basics. Disabling Unused Services. Redundancy. Securing Routing Protocols. Limit Access to Routers. Change Default Passwords! Summary.
The Switch on the Network. Multilayer Switching. VLANs. Spanning Tree. MAC Addressing. Restricting Access to Switches. Summary.
Kerberos. RADIUS. TACACS+. Summary.
VPN Solutions. IP VPN Security. Dial-In Security Access. DSL and Cable VPN Security. Encrypting Remote Sessions. The VPN on the Network. Summary.
Wireless WAN Security Issues. Spread Spectrum Technology. Location. Summary.
Access Point Security. SSID. WEP. MAC Address Filtering.RADIUS Authentication. WLAN VPN. 802.11i92. Summary.
The Purpose of the Firewall. What a Firewall Cannot Do. Types of Firewalls. Layer 2 Firewalls. Intrusion Detection Systems. Summary.
DMZ Network Design. Multiple DMZ Design. DMZ Rulesets. Summary.
General Server Security Guidelines. Backups. Web Server Security. Mail Server Security. Outsourcing. Summary.
Securing Your Domain Name. A Secure BIND Installation. Limit Access to Domain Information. DNS Outsourcing. Djbdns. Summary.
General Workstation Security Guidelines. Virus and Worm Scanning. Administrative Access. Remote Login. Summary.
Enforcing Security Policies. Understanding Network Security Risks. Avoiding Common Mistakes. Summary.
What to Monitor. SNMP. Centralizing the Monitoring Process. Summary.
Protecting Against Log-Altering Attacks. Syslog Servers. Sifting Through Logged Data. Summary.
Creating a Response Chain of Command. Take Notes and Gather Evidence. Contain and Investigate the Problem. Remove the Problem. Contact Appropriate Parties. Prepare a Postmortem. Summary.
As I am writing this introduction an alert has just come inabout a newly discovered vulnerability in Cisco’s CatOS. Thevulnerability, a buffer overflow in the CatOS HTTP daemon, is one that iscommonly found on devices that have stripped down HTTP daemons used formanagement purposes.
A couple of years ago this vulnerability would not haveraised too many eyebrows. After all, how often is a device within the networkinfrastructure attacked? Attacks are targeted toward servers, and insecureworkstations not routers, switches, firewalls, or other network infrastructure,right? That’s not the case any more. As networks have become more complexso have the attackers that try to infiltrate them. Network security is nolonger simply about protecting servers and workstations. Network security nowrequires a holistic understanding of the network, and an awareness ofvulnerabilities both at the edge and in the core.
As attackers have become more sophisticated, so have thetools they use to infiltrate networks. These tools, most freely available, havefiltered down to chat rooms and “warez” web sites, making it easierfor less knowledgeable users to launch an attack against a network, or multiplenetworks. Attacks against networks are now routinely launched by disgruntledteens, angry customers, ex-employees, or someone who just wants to see if itcan be done.
All these changes have combined to make the job of securityand network professionals much more difficult. The number of devices that mustbe protected has increased, while the security budget has remained the same orshrunk. Security administratorsmust now spend time determining whether an attack is orchestrated by someonewho knows what they are doing and is trying to gain access to confidentialinformation, or some kid who wants to test out the last Denial of Service (DoS)tool.
In addition to these problems there is often a blending ofthe roles that security, network and server administrators play in protectingthe network. Separating the responsibilities of different groups, whileensuring that communication between the groups still occurs is an importantresponsibility.
Throughout this book there are real world examples ofattacks used against networks, and suggestions for ways to protect networksagainst these attacks. However, it is important to keep in mind that a book isstatic; information within these pages is designed as a guideline, to helpadministrators develop a network security strategy.
Because each network is unique, it is impossible to deliveran all-encompassing strategy in a single book. Using the fundamentals providedin this book can help administrators find holes in current security strategies,or even start a discussion about security within the company.
I know that many people who pick up this book and thumbthrough it are going to think, at first glance, that much of what is listedhere is a waste of time. Many network administrators are too busy pluggingholes in the network to take the time to develop a security strategy, and theidea of trying to work with senior management to explain something ascomplicated as a DoS attack seems impossible. As difficult as these two taskmight seem, they are both important because, in the long run, they make the jobof securing the network easier.
Putting a security process in place helps to refine theroles that different groups will play in the security process; it also servesto divide up the work that needs to be done when securing a network. A securityprocess can also help create security baselines that make the job ofadministering a network much easier.
The purpose of this book is to make the job of securing thenetwork easier. By offering suggestions, based on real world experience, of howto streamline the security process and some common mistakes to watch for, thisbook can be used to help create a unique security strategy for yourorganization.
This book should not be used alone. If your organization isserious about having a current and complete security strategy you should use asmany tools as possible. In addition to this book, I would recommend thefollowing books:
Of course, books should not be your only source of securityinformation, the world of security changes too fast to rely solely on books forinformation. It is important to work with your server and network vendors tokeep up to date on the latest vulnerabilities, and the recommended fixes.Vendors also have a lot of insight and advice about current best securitypractices for their products.
Finally, using the Internet as a tool to keep up to datewith the latest security information can be important. As with any informationon the Internet it is usually a good idea to get a second opinion. There is alot of really good security information, but there is also a lot of badinformation and some that is just wrong. Usually surveying the top security websites, as well as vendor web sites can provide you with enough goodinformation. Some of the security sites I recommend and personally use are (inno particular order):
The information on these web sites is usually reliable andcan help you keep your network protected.
Knowing network and security engineers they way I do, I knowthere are going to be people who have complaints about things in this book.Some will feel I should have mentioned a tool that I did not, or that advice Igave was wrong.
If you are one of those people, I want you to tell me. Youcan e-mail me at email@example.com with any suggestions, flames, criticisms, or evenif you want to compliment the work.
As I said before, the world of security is constantlychanging, no doubt there will be a second and third edition of this book, andyour comments can help make those next editions even better, so I welcome them.