About

Features

• Detailed, start-to-finish case study—Shows how to systematically redesign an insecure enterprise network to protect it against external and internal threats.

  • Gives students a realistic understanding of how network security concepts and tools work together in real networks and organizations.

• Security analysis, planning, deployment, and management—Shows how to define appropriate security models, translate them into effective, enforceable policies, and then deploy and administer security based on the models and policies that have been defined.

  • Helps students understand all stages of the security project lifecycle, and succeed regardless of the phase or task they are given responsibility for.

• In-depth coverage of Internet security and firewalls—Covers securing Web/application servers, DNS servers, email servers, and file/print servers.

  • Teaches students how to improve security in organizational environments with ubiquitous connections to the Internet.

• Up-to-the-minute coverage of wireless security—Includes detailed coverage of the unique security issues associated with wireless LANs and WANs, and the best available solutions.

  • Gives students expertise that is in increasingly high demand, as wireless networks spread rapidly throughout organizations and businesses.

  • In-depth coverage of access control—Systematically reviews techniques for controlling access via authentication, authorization, and accounting.

  • Ensure that students know how to provide the basic access control that every secure network is built upon.

• Intrusion detection and response—Covers the five phases of responding to an attack: detect, isolate, halt, report, and prosecute,

  • Reflects the reality that attacks will be launched against virtually every server or organization, and gives students realistic, practical techniques for responding.

• Effective day-to-day network security administration—Covers every essential aspect of security administration, monitoring, and logging.

• Step-by-step coverage of VPNs and remote access—Shows how to provide secure remote access for people wherever they are.

  • Helps students address one of today's most common security challenges: reliable, secure remote access.

Description

This book is designed to address vulnerabilities in a network at all levels. Hence, it will cover WAN security, router and switch security, wireless network security, server and workstation security, and even remote access security. It covers best practices in major security tasks including developing a security model, monitoring for and logging security breaches, and responding to an attack. Liska also covers where a firewall should be placed in a network, and the purpose of a DMZ. Part 1: Introduction - provides the scope of network security, and helps a network administrator develop a security strategy, including providing numbers for revenue lost because of security incidents. Part 2: The Network - covers LAN and WAN security concerns. The idea is to restrict access into the network and prevent problems that occur in one area of the network from affecting others. Part 3: Firewalls - where to place them and the need for a DMZ. Part 4: Servers and Workstations - covers some of the fundamental problems with securing servers and workstations. Part 5: Monitoring and responding to attacks. It covers monitoring the network, what to look for, how to log information, and what to do if a network is attacked. Part 6: Bringing it all Together - take the network initially deployed, and demonstrate how the network has been better secured.

Sample Content

Online Sample Chapter

Network Security: Understanding Types of Attacks

Table of Contents

1. Defining the Scope.

What is Network Security? What Types of Network Security Are Important? What Is the Cost of Lax Security Policies? Where Is the Network Vulnerable? The Network. Summary.

Choosing a Security Mode. OCTAVE. Build Asset-Based Threat Profiles. Identify Infrastructure Vulnerabilities. Evaluate Security Strategy and Plans. Summary.

Sniffing and Port Scanning. Exploits. Spoofing. Distributed Denial of Service Attacks. Viruses and Worms. Summary.

The Router on the Network. The Basics. Disabling Unused Services. Redundancy. Securing Routing Protocols. Limit Access to Routers. Change Default Passwords! Summary.

The Switch on the Network. Multilayer Switching. VLANs. Spanning Tree. MAC Addressing. Restricting Access to Switches. Summary.

Kerberos. RADIUS. TACACS+. Summary.

VPN Solutions. IP VPN Security. Dial-In Security Access. DSL and Cable VPN Security. Encrypting Remote Sessions. The VPN on the Network. Summary.

Wireless WAN Security Issues. Spread Spectrum Technology. Location. Summary.

Access Point Security. SSID. WEP. MAC Address Filtering.RADIUS Authentication. WLAN VPN. 802.11i92. Summary.

The Purpose of the Firewall. What a Firewall Cannot Do. Types of Firewalls. Layer 2 Firewalls. Intrusion Detection Systems. Summary.

DMZ Network Design. Multiple DMZ Design. DMZ Rulesets. Summary.

General Server Security Guidelines. Backups. Web Server Security. Mail Server Security. Outsourcing. Summary.

Securing Your Domain Name. A Secure BIND Installation. Limit Access to Domain Information. DNS Outsourcing. Djbdns. Summary.

General Workstation Security Guidelines. Virus and Worm Scanning. Administrative Access. Remote Login. Summary.

Enforcing Security Policies. Understanding Network Security Risks. Avoiding Common Mistakes. Summary.

What to Monitor. SNMP. Centralizing the Monitoring Process. Summary.

Protecting Against Log-Altering Attacks. Syslog Servers. Sifting Through Logged Data. Summary.

Creating a Response Chain of Command. Take Notes and Gather Evidence. Contain and Investigate the Problem. Remove the Problem. Contact Appropriate Parties. Prepare a Postmortem. Summary.

Preface

Introduction

As I am writing this introduction an alert has just come inabout a newly discovered vulnerability in Cisco’s CatOS. Thevulnerability, a buffer overflow in the CatOS HTTP daemon, is one that iscommonly found on devices that have stripped down HTTP daemons used formanagement purposes.

A couple of years ago this vulnerability would not haveraised too many eyebrows. After all, how often is a device within the networkinfrastructure attacked? Attacks are targeted toward servers, and insecureworkstations not routers, switches, firewalls, or other network infrastructure,right? That’s not the case any more. As networks have become more complexso have the attackers that try to infiltrate them. Network security is nolonger simply about protecting servers and workstations. Network security nowrequires a holistic understanding of the network, and an awareness ofvulnerabilities both at the edge and in the core.

As attackers have become more sophisticated, so have thetools they use to infiltrate networks. These tools, most freely available, havefiltered down to chat rooms and “warez” web sites, making it easierfor less knowledgeable users to launch an attack against a network, or multiplenetworks. Attacks against networks are now routinely launched by disgruntledteens, angry customers, ex-employees, or someone who just wants to see if itcan be done.

All these changes have combined to make the job of securityand network professionals much more difficult. The number of devices that mustbe protected has increased, while the security budget has remained the same orshrunk.  Security administratorsmust now spend time determining whether an attack is orchestrated by someonewho knows what they are doing and is trying to gain access to confidentialinformation, or some kid who wants to test out the last Denial of Service (DoS)tool.

In addition to these problems there is often a blending ofthe roles that security, network and server administrators play in protectingthe network. Separating the responsibilities of different groups, whileensuring that communication between the groups still occurs is an importantresponsibility.

Purpose of This Book

Throughout this book there are real world examples ofattacks used against networks, and suggestions for ways to protect networksagainst these attacks. However, it is important to keep in mind that a book isstatic; information within these pages is designed as a guideline, to helpadministrators develop a network security strategy.

Because each network is unique, it is impossible to deliveran all-encompassing strategy in a single book. Using the fundamentals providedin this book can help administrators find holes in current security strategies,or even start a discussion about security within the company.

I know that many people who pick up this book and thumbthrough it are going to think, at first glance, that much of what is listedhere is a waste of time. Many network administrators are too busy pluggingholes in the network to take the time to develop a security strategy, and theidea of trying to work with senior management to explain something ascomplicated as a DoS attack seems impossible. As difficult as these two taskmight seem, they are both important because, in the long run, they make the jobof securing the network easier.

Putting a security process in place helps to refine theroles that different groups will play in the security process; it also servesto divide up the work that needs to be done when securing a network. A securityprocess can also help create security baselines that make the job ofadministering a network much easier.

The purpose of this book is to make the job of securing thenetwork easier. By offering suggestions, based on real world experience, of howto streamline the security process and some common mistakes to watch for, thisbook can be used to help create a unique security strategy for yourorganization.

This book should not be used alone. If your organization isserious about having a current and complete security strategy you should use asmany tools as possible. In addition to this book, I would recommend thefollowing books:

• Network Security: Private Communication in a Public World, by Charlie Kaufman, Radia Perlman, and Mike Speciner
• Applied Cryptography: Protocols, Algorithms, and Source Code in C, by Bruce Schneier

Of course, books should not be your only source of securityinformation, the world of security changes too fast to rely solely on books forinformation. It is important to work with your server and network vendors tokeep up to date on the latest vulnerabilities, and the recommended fixes.Vendors also have a lot of insight and advice about current best securitypractices for their products.

Finally, using the Internet as a tool to keep up to datewith the latest security information can be important. As with any informationon the Internet it is usually a good idea to get a second opinion. There is alot of really good security information, but there is also a lot of badinformation and some that is just wrong. Usually surveying the top security websites, as well as vendor web sites can provide you with enough goodinformation. Some of the security sites I recommend and personally use are (inno particular order):

• Security Focus (http://www.securityfocus.com/)
• The SANS Institute (http://www.sans.org/)
• Network Security Library (http://www.secinf.net/)
• CERT® Coordination Center (http://www.cert.org/)
• Insecure.Org (http://www.insecure.org/)
• Computer Incident Advisory Capability (http://www.ciac.org/)

The information on these web sites is usually reliable andcan help you keep your network protected.

The Complaint Department

Knowing network and security engineers they way I do, I knowthere are going to be people who have complaints about things in this book.Some will feel I should have mentioned a tool that I did not, or that advice Igave was wrong.

If you are one of those people, I want you to tell me. Youcan e-mail me at allan@allan.org with any suggestions, flames, criticisms, or evenif you want to compliment the work.

As I said before, the world of security is constantlychanging, no doubt there will be a second and third edition of this book, andyour comments can help make those next editions even better, so I welcome them.

Updates

Submit Errata