Home > Store

Practice of Network Security, The: Deployment Strategies for Production Environments

Register your product to gain access to bonus material or receive a coupon.

Practice of Network Security, The: Deployment Strategies for Production Environments

Book

  • Sorry, this book is no longer in print.
Not for Sale

About

Features

  • Detailed, start-to-finish case study—Shows how to systematically redesign an insecure enterprise network to protect it against external and internal threats.
    • Gives students a realistic understanding of how network security concepts and tools work together in real networks and organizations.

  • Security analysis, planning, deployment, and management—Shows how to define appropriate security models, translate them into effective, enforceable policies, and then deploy and administer security based on the models and policies that have been defined.
    • Helps students understand all stages of the security project lifecycle, and succeed regardless of the phase or task they are given responsibility for.

  • In-depth coverage of Internet security and firewalls—Covers securing Web/application servers, DNS servers, email servers, and file/print servers.
    • Teaches students how to improve security in organizational environments with ubiquitous connections to the Internet.

  • Up-to-the-minute coverage of wireless security—Includes detailed coverage of the unique security issues associated with wireless LANs and WANs, and the best available solutions.
    • Gives students expertise that is in increasingly high demand, as wireless networks spread rapidly throughout organizations and businesses.

    • In-depth coverage of access control—Systematically reviews techniques for controlling access via authentication, authorization, and accounting.

    • Ensure that students know how to provide the basic access control that every secure network is built upon.

  • Intrusion detection and response—Covers the five phases of responding to an attack: detect, isolate, halt, report, and prosecute,
    • Reflects the reality that attacks will be launched against virtually every server or organization, and gives students realistic, practical techniques for responding.

  • Effective day-to-day network security administration—Covers every essential aspect of security administration, monitoring, and logging.
  • Step-by-step coverage of VPNs and remote access—Shows how to provide secure remote access for people wherever they are.
    • Helps students address one of today's most common security challenges: reliable, secure remote access.

Description

  • Copyright 1996
  • Dimensions: 7" x 9-1/2"
  • Pages: 416
  • Edition: 1st
  • Book
  • ISBN-10: 0-13-046223-3
  • ISBN-13: 978-0-13-046223-7

This book is designed to address vulnerabilities in a network at all levels. Hence, it will cover WAN security, router and switch security, wireless network security, server and workstation security, and even remote access security. It covers best practices in major security tasks including developing a security model, monitoring for and logging security breaches, and responding to an attack. Liska also covers where a firewall should be placed in a network, and the purpose of a DMZ. Part 1: Introduction - provides the scope of network security, and helps a network administrator develop a security strategy, including providing numbers for revenue lost because of security incidents. Part 2: The Network - covers LAN and WAN security concerns. The idea is to restrict access into the network and prevent problems that occur in one area of the network from affecting others. Part 3: Firewalls - where to place them and the need for a DMZ. Part 4: Servers and Workstations - covers some of the fundamental problems with securing servers and workstations. Part 5: Monitoring and responding to attacks. It covers monitoring the network, what to look for, how to log information, and what to do if a network is attacked. Part 6: Bringing it all Together - take the network initially deployed, and demonstrate how the network has been better secured.

Sample Content

Online Sample Chapter

Network Security: Understanding Types of Attacks

Table of Contents



1. Defining the Scope.

What is Network Security? What Types of Network Security Are Important? What Is the Cost of Lax Security Policies? Where Is the Network Vulnerable? The Network. Summary.



2. Security Mode.

Choosing a Security Mode. OCTAVE. Build Asset-Based Threat Profiles. Identify Infrastructure Vulnerabilities. Evaluate Security Strategy and Plans. Summary.



3. Understanding Types of Attacks.

Sniffing and Port Scanning. Exploits. Spoofing. Distributed Denial of Service Attacks. Viruses and Worms. Summary.



4. Routing.

The Router on the Network. The Basics. Disabling Unused Services. Redundancy. Securing Routing Protocols. Limit Access to Routers. Change Default Passwords! Summary.



5. Switching.

The Switch on the Network. Multilayer Switching. VLANs. Spanning Tree. MAC Addressing. Restricting Access to Switches. Summary.



6. Authentication, Authorization, and Accounting.

Kerberos. RADIUS. TACACS+. Summary.



7. Remote Access and VPNs.

VPN Solutions. IP VPN Security. Dial-In Security Access. DSL and Cable VPN Security. Encrypting Remote Sessions. The VPN on the Network. Summary.



8. Wireless Wide Area Networks.

Wireless WAN Security Issues. Spread Spectrum Technology. Location. Summary.



9. Wireless Local Area Networks.

Access Point Security. SSID. WEP. MAC Address Filtering.RADIUS Authentication. WLAN VPN. 802.11i92. Summary.



10. Firewalls and Intrusion Detection Systems.

The Purpose of the Firewall. What a Firewall Cannot Do. Types of Firewalls. Layer 2 Firewalls. Intrusion Detection Systems. Summary.



11. The DMZ.

DMZ Network Design. Multiple DMZ Design. DMZ Rulesets. Summary.



12. Server Security.

General Server Security Guidelines. Backups. Web Server Security. Mail Server Security. Outsourcing. Summary.



13. DNS Security.

Securing Your Domain Name. A Secure BIND Installation. Limit Access to Domain Information. DNS Outsourcing. Djbdns. Summary.



14. Workstation Security.

General Workstation Security Guidelines. Virus and Worm Scanning. Administrative Access. Remote Login. Summary.



15. Managing Network Security.

Enforcing Security Policies. Understanding Network Security Risks. Avoiding Common Mistakes. Summary.



16. Monitoring.

What to Monitor. SNMP. Centralizing the Monitoring Process. Summary.



17. Logging.

Protecting Against Log-Altering Attacks. Syslog Servers. Sifting Through Logged Data. Summary.



18. Responding to an Attack.

Creating a Response Chain of Command. Take Notes and Gather Evidence. Contain and Investigate the Problem. Remove the Problem. Contact Appropriate Parties. Prepare a Postmortem. Summary.

Preface

Introduction

As I am writing this introduction an alert has just come inabout a newly discovered vulnerability in Cisco’s CatOS. Thevulnerability, a buffer overflow in the CatOS HTTP daemon, is one that iscommonly found on devices that have stripped down HTTP daemons used formanagement purposes.

A couple of years ago this vulnerability would not haveraised too many eyebrows. After all, how often is a device within the networkinfrastructure attacked? Attacks are targeted toward servers, and insecureworkstations not routers, switches, firewalls, or other network infrastructure,right? That’s not the case any more. As networks have become more complexso have the attackers that try to infiltrate them. Network security is nolonger simply about protecting servers and workstations. Network security nowrequires a holistic understanding of the network, and an awareness ofvulnerabilities both at the edge and in the core.

As attackers have become more sophisticated, so have thetools they use to infiltrate networks. These tools, most freely available, havefiltered down to chat rooms and “warez” web sites, making it easierfor less knowledgeable users to launch an attack against a network, or multiplenetworks. Attacks against networks are now routinely launched by disgruntledteens, angry customers, ex-employees, or someone who just wants to see if itcan be done.

All these changes have combined to make the job of securityand network professionals much more difficult. The number of devices that mustbe protected has increased, while the security budget has remained the same orshrunk.  Security administratorsmust now spend time determining whether an attack is orchestrated by someonewho knows what they are doing and is trying to gain access to confidentialinformation, or some kid who wants to test out the last Denial of Service (DoS)tool.

In addition to these problems there is often a blending ofthe roles that security, network and server administrators play in protectingthe network. Separating the responsibilities of different groups, whileensuring that communication between the groups still occurs is an importantresponsibility.

Purpose of This Book

Throughout this book there are real world examples ofattacks used against networks, and suggestions for ways to protect networksagainst these attacks. However, it is important to keep in mind that a book isstatic; information within these pages is designed as a guideline, to helpadministrators develop a network security strategy.

Because each network is unique, it is impossible to deliveran all-encompassing strategy in a single book. Using the fundamentals providedin this book can help administrators find holes in current security strategies,or even start a discussion about security within the company.

I know that many people who pick up this book and thumbthrough it are going to think, at first glance, that much of what is listedhere is a waste of time. Many network administrators are too busy pluggingholes in the network to take the time to develop a security strategy, and theidea of trying to work with senior management to explain something ascomplicated as a DoS attack seems impossible. As difficult as these two taskmight seem, they are both important because, in the long run, they make the jobof securing the network easier.

Putting a security process in place helps to refine theroles that different groups will play in the security process; it also servesto divide up the work that needs to be done when securing a network. A securityprocess can also help create security baselines that make the job ofadministering a network much easier.

The purpose of this book is to make the job of securing thenetwork easier. By offering suggestions, based on real world experience, of howto streamline the security process and some common mistakes to watch for, thisbook can be used to help create a unique security strategy for yourorganization.

This book should not be used alone. If your organization isserious about having a current and complete security strategy you should use asmany tools as possible. In addition to this book, I would recommend thefollowing books:

  • Network Security: Private Communication in a Public World, by Charlie Kaufman, Radia Perlman, and Mike Speciner
  • Applied Cryptography: Protocols, Algorithms, and Source Code in C, by Bruce Schneier

Of course, books should not be your only source of securityinformation, the world of security changes too fast to rely solely on books forinformation. It is important to work with your server and network vendors tokeep up to date on the latest vulnerabilities, and the recommended fixes.Vendors also have a lot of insight and advice about current best securitypractices for their products.

Finally, using the Internet as a tool to keep up to datewith the latest security information can be important. As with any informationon the Internet it is usually a good idea to get a second opinion. There is alot of really good security information, but there is also a lot of badinformation and some that is just wrong. Usually surveying the top security websites, as well as vendor web sites can provide you with enough goodinformation. Some of the security sites I recommend and personally use are (inno particular order):

  • Security Focus (http://www.securityfocus.com/)
  • The SANS Institute (http://www.sans.org/)
  • Network Security Library (http://www.secinf.net/)
  • CERT® Coordination Center (http://www.cert.org/)
  • Insecure.Org (http://www.insecure.org/)
  • Computer Incident Advisory Capability (http://www.ciac.org/)

The information on these web sites is usually reliable andcan help you keep your network protected.

The Complaint Department

Knowing network and security engineers they way I do, I knowthere are going to be people who have complaints about things in this book.Some will feel I should have mentioned a tool that I did not, or that advice Igave was wrong.

If you are one of those people, I want you to tell me. Youcan e-mail me at allan@allan.org with any suggestions, flames, criticisms, or evenif you want to compliment the work.

As I said before, the world of security is constantlychanging, no doubt there will be a second and third edition of this book, andyour comments can help make those next editions even better, so I welcome them.

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020