Implementing Cisco IOS Network Security (IINS 640-554) Fo... et plus d'un million d'autres livres sont disponibles pour le Kindle d'Amazon. En savoir plus


ou
Identifiez-vous pour activer la commande 1-Click.
ou
en essayant gratuitement Amazon Premium pendant 30 jours. Votre inscription aura lieu lors du passage de la commande. En savoir plus.
Amazon Rachète votre article
Recevez un chèque-cadeau de EUR 15,68
Amazon Rachète cet article
Plus de choix
Vous l'avez déjà ? Vendez votre exemplaire ici
Commencez à lire Implementing Cisco IOS Network Security sur votre Kindle en moins d'une minute.

Vous n'avez pas encore de Kindle ? Achetez-le ici ou téléchargez une application de lecture gratuite.

Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide [Anglais] [Relié]

Catherine Paquet

Prix : EUR 50,38 Livraison à EUR 0,01 En savoir plus.
  Tous les prix incluent la TVA
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Il ne reste plus que 1 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon. Emballage cadeau disponible.
Voulez-vous le faire livrer le samedi 2 août ? Choisissez la livraison en 1 jour ouvré sur votre bon de commande. En savoir plus.
‹  Retourner à l'aperçu du produit

Table des matières

Introduction xxviii

Part I Networking Security Fundamentals

Chapter 1 Network Security Concepts and Policies 1

Building Blocks of Information Security 2

Basic Security Assumptions 2

Basic Security Requirements 2

Data, Vulnerabilities, and Countermeasures 3

  Data Classification 4

  Vulnerabilities Classifications 7

  Countermeasures Classification 8

  Need for Network Security 12

  Intent Evolution 13

  Threat Evolution 14

  Trends Affecting Network Security 16

Adversaries, Methodologies, and Classes of Attack 19

  Adversaries 20

  Methodologies 21

  Threats Classification 23

  Man-in-the-Middle Attacks 32

  Overt and Covert Channels 33

  Botnets 37

  DoS and DDoS Attacks 37

Principles of Secure Network Design 39

  Defense in Depth 41

Evaluating and Managing the Risk 42

Levels of Risks 43

Risk Analysis and Management 44

  Risk Analysis 44

  Building Blocks of Risk Analysis 47

  A Lifecycle Approach to Risk Management 49

Regulatory Compliance 50

Security Policies 53

Security Policy Components 55

  Governing Policy 56

  End-User Policies 57

  Technical Policies 57

  Standards, Guidelines, and Procedures 59

  Security Policy Roles and Responsibilities 61

  Security Awareness 62

Secure Network Lifecycle Management 63

IT Governance, Risk Management, and Compliance 64

Secure Network Life Cycle 64

  Initiation Phase 65

  Acquisition and Development Phase 65

  Implementation Phase 66

  Operations and Maintenance Phase 67

  Disposition Phase 67

  Models and Frameworks 67

Network Security Posture 69

Network Security Testing 70

  Security Testing Techniques 70

  Common Testing Tools 71

Incident Response 72

Incident Management 73

  Computer Crime Investigations 74

  Laws and Ethics 75

  Liability 76

Disaster Recovery and Business Continuity Planning 77

     Business Continuity Concepts 78

Summary 79

References 79

Publications 79

Web Resources 80

Review Questions 80

Chapter 2 Security Strategy and Cisco Borderless Network 85

Borderless Networks 85

Cisco Borderless Network Security Architecture 86

Borderless End Zone 88

Borderless Internet 89

Borderless Data Center 90

Policy Management Layer 91

Borderless Network Services 91

Borderless Security Products 92

SecureX, a Context-Aware Security Approach 93

  SecureX Core Components 94

Threat Control and Containment 98

Cisco Security Intelligence Operation 99

Cloud Security, Content Security, and Data Loss Prevention 100

  Content Security 101

  Data Loss Prevention 101

  Cloud-Based Security 101

  Web Security 101

  Email Security 104

Secure Connectivity Through VPNs 105

Security Management 106

  Cisco Security Manager 107

Summary 108

References 108

Review Questions 109

Part II Protecting the Network Infrastructure

Chapter 3 Network Foundation Protection and Cisco Configuration Professional 111

Threats Against the Network Infrastructure 112

Cisco NFP Framework 114

Control Plane Security 118

  CoPP 119

  CPPr 119

  Traffic Classes 120

  Routing Protocol Integrity 121

  Cisco AutoSecure 122

Management Plane Security 123

  Secure Management and Reporting 124

  Role-Based Access Control 126

  Deploying AAA 127

Data Plane Security 128

  Access Control List Filtering 128

Cisco Configuration Professional 131

CCP Initial Configuration 133

Cisco Configuration Professional User Interface and Features 136

  Menu Bar 136

  Toolbar 138

  Navigation Pane 138

  Content Pane 142

  Status Bar 142

Cisco Configuration Professional Building Blocks 142

Communities 142

  Creating Communities 143

  Managing Communities 144

Templates 145

User Profiles 147

Using CCP to Harden Cisco IOS Devices 148

  Security Audit 149

  One-Step Lockdown 152

  Cisco IOS AutoSecure 152

Summary 154

References 155

Review Questions 155

Chapter 4 Securing the Management Plane on Cisco IOS Devices and AAA 159

Configuring Secure Administration Access 159

Configuring an SSH Daemon for Secure Management Access 161

Configuring Passwords on Cisco IOS Devices 163

  Setting Timeouts for Router Lines 164

  Configuring the Minimum Length for Router Passwords 165

  Enhanced Username Password Security 166

Securing ROM Monitor 167

Securing the Cisco IOS Image and Configuration Files 168

Configuring Multiple Privilege Levels 170

Configuring Role-Based Command-Line Interface Access 171

Implementing Secure Management and Reporting 174

Planning Considerations for Secure Management and Reporting 175

Secure Management and Reporting Architecture 176

  Secure Management and Reporting Guidelines 176

Enabling Time Features 176

  Network Time Protocol 177

Using Syslog Logging for Network Security 178

  Implementing Log Messaging for Security 179

Using SNMP to Manage Network Devices 182

  SNMPv3 Architecture 183

  Enabling SNMP Options Using Cisco CCP 185

Configuring AAA on a Cisco Router 186

Authentication, Authorization, and Accounting 186

  Authenticating Router Access 188

Configuring AAA Authentication and Method Lists 190

Configuring AAA on a Cisco Router Using the Local Database 191

  Configuring AAA Local Authentication 192

AAA on a Cisco Router Using Cisco Secure ACS 198

  Cisco Secure ACS Overview 198

  Cisco Identity Services Engine 204

TACACS+ and RADIUS Protocols 205

TACACS+ 205

RADIUS 206

Comparing TACACS+ and RADIUS 206

AAA on a Cisco Router Using an External Database 208

Configuration Steps for AAA Using an External Database 208

  AAA Servers and Groups 208

  AAA Authentication Method Lists 210

  AAA Authorization Policies 211

  AAA Accounting Policies 213

AAA Configuration for TACACS+ Example 215

Troubleshooting TACACS+ 216

Deploying and Configuring Cisco Secure ACS 218

Evolution of Authorization 219

  Before: Group-Based Policies 219

  Now: More Than Just Identities 220

Rule-Based Policies 222

Configuring Cisco Secure ACS 5.2 223

  Configuring Authorization Policies for Device Administration 224

Summary 230

References 230

Review Questions 231

Chapter 5 Securing the Data Plane on Cisco Catalyst Switches 233

Overview of VLANs and Trunking 234

Trunking and 802.1Q 235

  802.1Q Tagging 236

  Native VLANs 237

Configuring VLANs and Trunks 237

  Step 1: Configuring and Verifying 802.1Q Trunks 238

  Step 2: Creating a VLAN 240

  Step 3: Assigning Switch Ports to a VLAN 242

  Step 4: Configuring Inter-VLAN Routing 243

Spanning Tree Overview 244

STP Fundamentals 245

Verifying RSTP and PVRST+ 248

Mitigating Layer 2 Attacks 249

Basic Switch Operation 249

Layer 2 Best Practices 250

Layer 2 Protection Toolkit 250

Mitigating VLAN Attacks 251

  VLAN Hopping 251

Mitigating Spanning Tree Attacks 254

  PortFast 255

Mitigating CAM Table Overflow Attacks 259

Mitigating MAC Address Spoofing Attacks 260

Using Port Security 261

  Errdisable Recovery 263

Summary 270

References 271

Review Questions 271

Chapter 6 Securing the Data Plane in IPv6 Environments 275

The Need for IPv6 275

IPv6 Features and Enhancements 278

IPv6 Headers 279

Stateless Address Autoconfiguration 280

Internet Control Message Protocol Version 6 281

IPv6 General Features 282

Transition to IPv6 283

IPv6 Addressing 285

IPv6 Address Representation 285

IPv6 Address Types 286

  IPv6 Unicast Addressing 286

Assigning IPv6 Global Unicast Addresses 291

  Manual Interface Assignment 291

  EUI-64 Interface ID Assignment 291

  Stateless Autoconfiguration 292

  DHCPv6 (Stateful) 292

IPv6 EUI-64 Interface Identifier 292

IPv6 and Cisco Routers 293

IPv6 Address Configuration Example 294

Routing Considerations for IPv6 294

Revisiting Threats: Considerations for IPv6 295

Examples of Possible IPv6 Attacks 298

  Recommended Practices 300

Summary 301

References 301

Review Questions 302

Part III Threat Control and Containment

Chapter 7 Planning a Threat Control Strategy 305

Threats Revisited 305

Trends in Network Security Threats 306

Threat Mitigation and Containment: Design Fundamentals 307

  Threat Control Design Guidelines 308

  Application Layer Visibility 309

  Distributed Security Intelligence 309

  Security Intelligence Analysis 310

Integrated Threat Control Strategy 311...

‹  Retourner à l'aperçu du produit