Home > Store

Network Security Auditing

Register your product to gain access to bonus material or receive a coupon.

Network Security Auditing


  • Sorry, this book is no longer in print.
Not for Sale


  • Copyright 2010
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 528
  • Edition: 1st
  • Book
  • ISBN-10: 1-58705-352-7
  • ISBN-13: 978-1-58705-352-8

This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them.

Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach.

Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products.

This book arms you with detailed auditing checklists for each domain, realistic design insights for meeting auditing requirements, and practical guidance for using complementary solutions to improve any company’s security posture.

  • Master the five pillars of security auditing: assessment, prevention, detection, reaction, and recovery.
  • Recognize the foundational roles of security policies, procedures, and standards.
  • Understand current laws related to hacking, cracking, fraud, intellectual property, spam, and reporting.
  • Analyze security governance, including the roles of CXOs, security directors, administrators, users, and auditors.
  • Evaluate people, processes, and technical security controls through a system-based approach.
  • Audit security services enabled through Cisco products.
  • Analyze security policy and compliance requirements for Cisco networks.
  • Assess infrastructure security and intrusion prevention systems.
  • Audit network access control and secure remote access systems.
  • Review security in clients, hosts, and IP communications.
  • Evaluate the performance of security monitoring and management systems.

This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending networks.

Sample Content

Online Sample Chapter

Network Security Auditing Tools and Techniques

Sample Pages

Download the sample pages (includes Chapter 4 and Index)

Table of Contents

Introduction    xxi

Chapter 1 The Principles of Auditing    1

Security Fundamentals: The Five Pillars    1

Assessment    2

Prevention    3

Detection    3

Reaction    4

Recovery    4

Building a Security Program    4

Policy    5

Procedures    6

Standards    7

Security Controls    7

Administrative Controls    7

Technical Controls    8

Physical Controls    8

Preventative Controls    8

Detective Controls    8

Corrective Controls    8

Recovery Controls    9

Managing Risk    9

Risk Assessment    10

Risk Mitigation    14

Risk in the Fourth Dimension    16

How, What, and Why You Audit    17

Audit Charter    17

Engagement Letter    18

Types of Audits    19

Security Review    19

Security Assessment    19

Security Audit    20

The Role of the Auditor    20

Places Where Audits Occur    21

Policy Level    21

Procedure Level    21

Control Level    22

The Auditing Process    22

Planning Phase: Audit Subject, Objective, and Scope    22

Research Phase: Planning, Audit Procedures, and Evaluation Criteria    23

Data Gathering Phase: Checklists, Tools, and Evidence    23

Data Analysis Phase: Analyze, Map, and Recommend    24

Audit Report Phase: Write, Present, and File the Audit Report    24

Follow-Up Phase: Follow up, Follow up, Follow up!    25

Summary    25

References in This Chapter    26

Chapter 2 Information Security and the Law    27

IT Security Laws    27

Hacking, Cracking, and Fraud Laws    29

Computer Fraud and Abuse Act    29

Access Device Statute    31

Electronic Communications Privacy Act    34

Title I: Wiretap Act    34

Title II: Stored Communications Act    37

Title III: Pen/Trap Statute    38

Intellectual Property Laws    39

Digital Millennium Copyright Act    39

Economic Espionage Act    41

CAN-SPAM Act of    2003    42

State and Local Laws    43

Reporting a Crime    44

Regulatory Compliance Laws    46

SOX    46

HIPAA    48

Privacy Rule    50

Security Rule    51

Transactions and Code Sets Standard Rule    52

Identifiers Rule    52

Enforcement Rule    52

GLBA    54

PCI DSS    55

Summary    59

References in This Chapter    60

Federal Hacking Laws    60

State Laws    60

Chapter 3 Information Security Governance, Frameworks, and Standards    61

Understanding Information Security Governance    61

People: Roles and Responsibilities    64

Information Security Governance Organizational Structure    65

Board of Directors    65

Security Steering Committee    65

CEO or Executive Management    66

CIO/CISO    66

Security Director    66

Security Analyst    66

Security Architect    66

Security Engineer    67

Systems Administrator    67

Database Administrator    67

IS Auditor    67

End User    67

Spotting Weaknesses in the People Aspect of Security    67

Process: Security Governance Frameworks    68

COSO    68

Control Environment    69

Risk Assessment    70

Control Activities    70

Information and Communication    70

Monitoring    70

COBIT    71

ITIL    75

Technology: Standards Procedures and Guidelines    76

ISO    27000 Series of Standards    76

NIST    78

Center for Internet Security    80

NSA    80

DISA    81

SANS    82

ISACA    83

Cisco Security Best Practices    84

Summary    85

References in This Chapter    86

Web Resources    86

Chapter 4 Auditing Tools and Techniques    87

Evaluating Security Controls    87

Auditing Security Practices    89

Testing Security Technology    91

Security Testing Frameworks    92

OSSTMM    93

ISSAF    93

NIST    800-115    94

OWASAP    94

Security Auditing Tools    95

Service Mapping Tools    96

Nmap    96

Hping    100

Vulnerability Assessment Tools    101

Nessus    101

RedSeal SRM    105

Packet Capture Tools    111

Tcpdump    111

Wireshark/Tshark    114

Penetration Testing Tools    116

Core Impact    116

Metasploit    120

BackTrack    127

Summary    128

References in This Chapter    128

Security Testing Frameworks    128

Security Testing Tools    129

Chapter 5 Auditing Cisco Security Solutions    131

Auditors and Technology    131

Security as a System    132

Cisco Security Auditing Domains    133

Policy, Compliance, and Management    134

Infrastructure Security    135

Perimeter Intrusion Prevention    136

Access Control    136

Secure Remote Access    137

Endpoint Protection    138

Unified Communications    139

Defining the Audit Scope of a Domain    139

Identifying Security Controls to Assess    141

Mapping Security Controls to Cisco Solutions    143

The Audit Checklist    144

Summary    150

Chapter 6 Policy, Compliance, and Management    153

Do You Know Where Your Policy Is?    153

Auditing Security Policies    154

Standard Policies    158

Acceptable Use    158

Minimum Access    158

Network Access    158

Remote Access    159

Internet Access    159

User Account Management    159

Data Classification    159

Change Management    160

Server Security    161

Mobile Devices    161

Guest Access    161

Physical Security    161

Password Policy    162

Malware Protection    162

Incident Handling    162

Audit Policy    162

Software Licensing    162

Electronic Monitoring and Privacy    163

Policies for Regulatory and Industry Compliance    163

Cisco Policy Management and Monitoring Tools    165

Cisco MARS    165

Cisco Configuration Professional    167

Cisco Security Manager    169

Cisco Network Compliance Manager    171

Checklist    174

Summary    176

References in This Chapter    176

Chapter 7 Infrastructure Security    177

Infrastructure Threats    177

Unauthorized Access    177

Denial of Service    178

Traffic Capture    178

Layer    2 Threats    179

Network Service Threats    180

Policy Review    180

Infrastructure Operational Review    181

The Network Map and Documentation    182

Logical Diagrams    182

Physical Diagrams    182

Asset Location and Access Requirements    182

Data Flow and Traffic Analysis    183

Administrative Accounts    183

Configuration Management    184

Vulnerability Management    184

Disaster Recovery    184

Wireless Operations    185

Infrastructure Architecture Review    185

Management Plane Auditing    186

Cisco Device Management Access    187

Syslog    193

NTP    194

Netflow    195

Control Plane Auditing    196

IOS Hardening    196

Routing Protocols    198

Protecting the Control Plane    199

Data Plane Auditing    201

Access Control Lists    202

iACLs    202

Unicast Reverse Path Forwarding    203

Layer    2 Security    204

VTP    204

Port Security    205

DHCP Snooping    205

Dynamic ARP Inspection    206

IP Source Guard    206

Disable Dynamic Trunking    206

Protecting Spanning Tree    207

Switch Access Controls Lists    208

Protect Unused Ports    209

Wireless Security    210

Wireless Network Architecture    210

Cisco Adaptive Wireless Intrusion Prevention System    211

Protecting Wireless Access    212

Wireless Service Availability    213

Rogue Access Point Detection    214

General Network Device Security Best Practices    216

Technical Testing    217

Router Testing    219

Switch Testing    221

Wireless Testing    225

Checklist    230

Summary    235

References in This Chapter    236

Chapter 8 Perimeter Intrusion Prevention    237

Perimeter Threats and Risk    237

Policy Review    238

Perimeter Operations Review    239

Management and Change Control    239

Monitoring and Incident Handling    240

Perimeter Architecture Review    242

What Are You Protecting?    243

Perimeter Design Review    243

Logical Architecture    244

Physical Architecture    245

What Is the Risk?    246

Good Design Practices    247

Auditing Firewalls    247

Review Firewall Design    248

Simple Firewall    248

Screening Router and Firewall    248

Firewall with DMZ    249

Firewall with DMZ and Services Network    249

High Availability Firewall    250

IOS Firewall Deployment    250

Review Firewall Configuration    251

Firewall Modes of Operation    252

Firewall Virtualization    253

Filtering Methods    253

Network Address Translation    255

Secure Management    256

Logging    256

Other Configuration Checks    256

Review Rule Base    257

Cisco Firewall Rule Basics    257

Rule Review    259

Rule Optimization    260

The ASA Modular Policy Framework and Application

Inspection    261

IOS Zone-Based Firewall    263

Auditing IPS    265

How IPS Works    266

Review IPS Deployment    268

Review IPS Configuration    269

Protect the Management Interface    271

Administrative Access and Authentication    271

NTP Configuration    274

Signature Updates    274

Event Logging    275

Review IPS Signatures    276

Signature Definitions    276

Event Action Rules    277

Target Value Rating    277

IOS IPS    278

Technical Control Testing    279

Firewall Rule Testing    279

Testing the IPS    281

Conducting an IPS Test    282

Reviewing the Logs    284

Checklist    284

Summary    287

References in This Chapter    288

Chapter 9 Access Control    289

Fundamentals of Access Control    289

Identity and Authentication    290

Access Control Threats and Risks    291

Access Control Policy    292

Access Control Operational Review    293

Identity Operational Good Practices    293

Authorization and Accounting Practices    294

Administrative Users    296

Classification of Assets    297

Access Control Architecture Review    297

Identity and Access Control Technologies    298

Network Admission Control    298

NAC Components    299

How NAC Works    300

NAC Deployment Considerations    302

NAC Posture Assessment    303

Identity-Based Networking Services    304

Deployment Methods    305

NAC Guest Server    306

NAC Profiler    306

Technical Testing    308

Authentication and Identity Handling    308

Posture Assessment Testing    309

Testing for Weak Authentication    309

Checklist    313

Summary    315

References in This Chapter    315

Chapter 10 Secure Remote Access    317

Defining the Network Edge    317

VPN Fundamentals    318

Confidentiality    319

Symmetric Encryption    320

Asymmetric Encryption    321

Integrity    323

Authentication and Key Management    324

IPsec, SSL, and dTLS    326

IPsec    326

Secure Socket Layer    328

Datagram Transport Layer Security (dTLS)    329

Remote Access Threats and Risks    329

Remote Access Policies    330

Remote Access Operational Review    331

VPN Device Provisioning    331

Mobile Access Provisioning    332

Mobile User Role-Based Access Control    333

Monitoring and Incident Handling    333

Remote Access Architecture Review    333

Site-to-Site VPN Technologies    335

Easy VPN    335

IPsec and Generic Router Encapsulation (GRE)    336

Dynamic Multipoint VPN (DMVPN)    336

Multi Protocol Label Switching (MPLS) and Virtual Routing and

Forwarding (VRF) VPNs    337

GETVPN    339

Mobile User Access VPN    340

IPsec Client    341

Clientless SSL VPN    341

Cisco Secure Desktop    342

SSL Full Tunneling Client    344

VPN Network Placement    345

VPN Access Controls    346

Site-to-Site Access Controls    346

Mobile User Access Controls    347

Remote Access Good Practices    348

Technical Testing    350

Authentication    350

IPsec    351

SSL    352

Site-to-Site Access Control Testing    353

Mobile User Access Control Testing    353

Monitoring and Log Review    354

Checklist    354

Summary    358

References in This Chapter    358

Chapter 11 Endpoint Protection    359

Endpoint Risks    359

Endpoint Threats    360

Malware    360

Web-Based Threats    362

Social Networking and Web    2.0    365

E-Mail Threats    366

Data Loss Threats    367

Policy Review    368

Endpoint Protection Operational Control Review    370

Current Threat Intelligence    370

Vulnerability and Patch Management    373

Monitoring and Incident Handling    373

Security Awareness Program    374

Endpoint Architecture Review    374

Cisco Security Intelligence Operations    375

SensorBase    375

Cisco Threat Operations Center    375

Dynamic Update Function    376

Web Controls    376

Web Security Appliance    376

ASA    378

IPS    379

CSA    380

E-Mail Controls    380

E-Mail Policy Enforcement    381

E-Mail Authentication    381

Data Loss Prevention    383

Web    383

E-Mail    384

Client    385

Patch Management    386

Monitoring    386

Web    386

E-Mail    388

MARS    388

Technical Testing    388

Acceptable Use Enforcement    388

Malware Detection and Quarantine    389

SPAM, Phishing, and E-Mail Fraud    390

Encryption    390

Patch Management and Enforcement    390

Data Loss Prevention Testing    391

Detection and Response    391

Checklist    391

Summary    396

References in This Chapter    396

Chapter 12 Unified Communications    397

Unified Communications Risks    397

VoIP Threats    399

Denial of Service    399

Confidentiality    401

Fraud    401

UC Policy and Standards Review    403

UC Operational Control Review    404

User and Phone Provisioning    404

Change Management    405

Asset Management    405

Call Detail Record Review    406

Administrative Access    406

Vulnerability Management    406

Security Event Monitoring and Log Review    407

Disaster Recovery    408

UC Architecture Review    408

Unified Communications Fundamentals    409

H.323    410

MGCP    412

SCCP    412

SIP    413

Session Border Controller    415

RTP and SRTP    416

Call Processing    416

Infrastructure Controls    418

Switch Security    418

ACLs and Firewalling    420

IPS    421

Gateway Protection    422

Site to Site    422

Wireless    423

Call Control Protection    423

Communications Manager Hardening    423

Authentication, Integrity, and Encryption    424

Phone Proxy    426

Secure SIP Trunking    426

Toll Fraud Prevention    428

Application Controls    431

Voice Endpoint Controls    432

Monitoring and Management    433

Technical Testing    434

VLAN Separation    434

Eavesdropping    436

Gateway    438

Toll Fraud    438

Monitoring and Incident Detection    438

Checklist    439

Summary    444

References in This Chapter    445


Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020