+612 9045 4394
Hardening Network Infrastructure : Hardening - Wesley J. Noonan

Hardening Network Infrastructure


Paperback Published: 6th May 2004
ISBN: 9780072255027
Number Of Pages: 580

Share This Book:


RRP $98.00
Ships in 7 to 10 business days

"This book is invaluable to anyone facing the challenges of security in a business environment." - Paul D. Robertson, Moderator of Firewall-Wizards and Director of Risk Assessment, TruSecure Corporation. A Note From Series Editor: "I first got to know Wesley Noonan through a common newsgroup. His insightful and technical comments stuck with me, and I finally met him at a conference several years later. Wes has the gift to present network security in a concise, well-reasoned way - easy for everyone to understand regardless of their security or networking knowledge. His writing style reflects his congenial presentation manner and his knowledge, and his eagerness to share his expertise is exceptional. Wes's guide to hardening your network infrastructure provides the step-by-step how-to approach that you need to build, deploy, and maintain a security defense. I've read every word; you will not be disappointed." - Roberta Bragg. This book features a four-part hardening methodology: Do This Now; checklist of immediate steps to take to lockdown your system from further attack; Take It From The Top - Systematic approach to hardening your perimeter and internal network infrastructure, focusing on firewalls, IDS/IPS, network content filtering, wireless LAN connections, routers, and switches; Once Is Never Enough! - Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing; and How to Succeed at Hardening Your Network Infrastructure - Strategies for getting budget approval, management buy-in, and employee cooperation for your security program. About the author: Wesley J. Noonan, MCSE, CCNA, CCDA, NNCSS, Security+, is a Senior Network Consultant for Collective Technologies, LLC, a company specializing in storage, server and network design, architecture, implementation, and security. Series Editor: Roberta Bragg, CISSP, MCSE: Security, Security+, is the Security Advisor columnist for "MCP magazine" and a Security Expert for searchWin2000.com. She also writes for the Security Watch newsletter and is the author of several computer books.

Forewordp. xv
Acknowledgmentsp. xvii
Introductionp. xix
Do This Now!
Do These Six Things Before You Do Anything Elsep. 3
Review Your Network Designp. 5
Implement a Firewallp. 9
Application Proxiesp. 10
Stateful Packet-Inspecting/Filtering Gatewaysp. 10
Hybrid Firewallsp. 10
Which Firewall Should You Implement?p. 10
Implement Access Control Listsp. 11
Turn Off Unnecessary Features and Servicesp. 12
Implement Virus Protectionp. 12
Secure Your Wireless Connectionsp. 14
Summaryp. 14
Take It from the Top: The Systematic Hardening Process
Write a Security Policyp. 19
The Role of a Security Policyp. 20
The Purpose of a Security Policyp. 22
Security Policy Componentsp. 23
Where to Start?p. 23
The Characteristics of a Good Security Policyp. 27
Security Policy Recommendationsp. 30
Encryption Policyp. 30
Analog/ISDN Policyp. 30
Antivirus Policyp. 30
Audit, Vulnerability Assessment, and Risk Assessment Policyp. 31
Dial-in Policyp. 31
DMZ Policyp. 31
Extranet Policyp. 31
Wireless Communications Policyp. 32
VPN Policyp. 32
Firewall Security Policyp. 32
Router and Switch Security Policyp. 33
Remote Access Policyp. 33
Password Policyp. 33
Intrusion Detection/Prevention System Policyp. 34
Content-Filtering/Internet Policyp. 34
Enterprise-Monitoring Policyp. 34
Acceptable-Use Policyp. 35
Network Connection Policyp. 35
Network Documentation Policyp. 35
Why Security Policies Fail and How to Ensure Yours Won'tp. 35
Security Is Viewed as a Barrier to Progressp. 36
Security Is a Learned Behaviorp. 36
Security Is Rife with Unexpected Events and Occurrencesp. 36
Your Security Policy Is Never Finishedp. 37
Preventing the Failurep. 37
Summaryp. 37
Hardening Your Firewallp. 39
Hardware-Based and Software-Based Firewallsp. 40
Hardening Remote Administrationp. 41
Implementing Authentication and Authorizationp. 48
Hardening the Underlying Operating Systemp. 50
Hardening Firewall Services and Protocolsp. 51
Using Redundancy to Harden Your Firewallp. 64
Hardening Routing Protocolsp. 66
Summaryp. 71
Hardening Your Network with Intrusion Detection and Preventionp. 73
IDS/IPS Technologiesp. 74
Host-Based Intrusion Detection/Preventionp. 75
Network-Based Intrusion Detection/Preventionp. 76
IDS/IPS Componentsp. 77
IDS/IPS Device Hardeningp. 78
Hardening PureSecure on Microsoft Windowsp. 78
Hardening Cisco IDSp. 81
IDS/IPS Deploymentsp. 83
Detection vs. Preventionp. 84
Sensor Placementp. 85
Sensor Placement in a Switched Network Infrastructurep. 86
IDS/IPS Tuningp. 87
Tuning PureSecure Sensorsp. 88
Tuning Cisco IDS Sensorsp. 90
IDS/IPS Logging, Alerting, and Blockingp. 94
Logging with PureSecurep. 95
Logging with Cisco IDSp. 96
Alerting with PureSecurep. 98
Alerting with Cisco IDSp. 99
Blocking Traffic Using Cisco IDS and Cisco PIX Firewallsp. 103
Summaryp. 104
Hardening VPN and Dial-in Remote Accessp. 105
Hardening VPN Connectivityp. 106
Different VPN Connection Types and Technologiesp. 107
VPN Device-Hardening Methodsp. 110
Hardening IPsec-Based VPNsp. 135
Hardening VPN Clientsp. 150
Hardening Dial-in Remote Accessp. 151
Summaryp. 153
Hardening Your Routers and Switchesp. 155
Hardening Management Accessp. 156
Securing Console Accessp. 157
Securing VTY Accessp. 158
Securing Web-Based Management Accessp. 161
Securing Auxiliary Accessp. 161
Securing Privileged Mode Accessp. 162
Implementing Usernames and AAAp. 163
Implementing Bannersp. 164
Hardening Services and Featuresp. 164
Cisco Discovery Protocol (CDP)p. 165
TCP and UDP Small Serversp. 165
fingerp. 166
Network Time Protocol (NTP)p. 166
bootp Serverp. 167
Dynamic Host Configuration Protocol (DHCP)p. 167
Configuration Autoloadingp. 168
Name Resolutionp. 168
Proxy ARPp. 169
Directed Broadcastsp. 169
IP Source Routingp. 169
ICMP Redirects, Unreachables, and Mask Repliesp. 170
syslogp. 170
Simple Network Management Protocol (SNMP)p. 171
Implementing Loopback Addressp. 173
Disabling Unused Interfacesp. 174
Configuring Core Dumpsp. 175
Hardening Router Technologiesp. 175
Implementing Redundancyp. 175
Hardening Routing Protocolsp. 176
Implementing Traffic Managementp. 181
Implementing IPsecp. 191
Hardening Switch Technologiesp. 194
Hardening VLANsp. 194
Hardening Services and Featuresp. 198
Summaryp. 204
Securing the Network with Content Filtersp. 205
Internet Content Filtering Architecturesp. 207
Client-Based Content Filteringp. 207
Server-Based Content Filteringp. 207
Gateway-Based Content Filteringp. 210
Internet Content Filteringp. 211
Misuse of Resourcesp. 211
Preserving Network Bandwidthp. 211
Hostile Work Environmentp. 211
Hostile Web Code (Java/ActiveX Applets)p. 212
Implementing Content Filteringp. 212
E-mail Content Filteringp. 234
Implementing Virus Protectionp. 235
Filtering Attachmentsp. 236
Implementing Content Filteringp. 237
Implementing Spam Controlp. 238
Summaryp. 239
Hardening Wireless LAN Connectionsp. 241
Banning WLANs Without IT/Management Approvalp. 242
Preventing Rogue APsp. 242
Implementing WLAN Discovery Proceduresp. 244
Removing Rogue WAPsp. 248
Hardening Wireless Access Pointsp. 248
Hardening Remote Administrationp. 249
Securely Configuring the Service Set Identifier (SSID)p. 252
Configuring Loggingp. 255
Hardening Servicesp. 255
Restricting Wireless Modep. 258
Using MAC Address Filteringp. 259
Hardening Wireless LAN Connectionsp. 262
Hardening Wired Equivalent Privacy (WEP)p. 263
Hardening WiFi Protected Access (WPA)p. 266
Hardening WLANS with Virtual Private Networksp. 271
Hardening Windows XP Wireless Clientsp. 271
Hardening with WEPp. 272
Hardening with WPA Using Pre-shared Keysp. 273
Hardening with WPA Using RADIUS/802.1xp. 274
Summaryp. 276
Implementing AAAp. 279
AAA Mechanismsp. 280
Remote Authentication Dial-In User Service (RADIUS)p. 281
Terminal Access Controller Access Control System (TACACS+)p. 281
Authentication and Access Controlp. 281
AAA Authentication on IOS-Based Equipmentp. 282
AAA Authentication on PIX Firewallsp. 292
Hardening Your Network with Authorizationp. 295
Authorization on IOS-Based Devicesp. 295
Authorization on PIX Firewallsp. 297
Hardening Your Network with Accountingp. 300
AAA Accounting on IOS-Based Equipmentp. 300
AAA Accounting on PIX Firewallsp. 301
802.1x Port-Based Authenticationp. 302
802.1x Network Device Rolesp. 302
Configuring 802.1x Authentication for IOS-Based Switchesp. 304
Summaryp. 310
Hardening Your Network with Network Managementp. 311
Implementing a Network Management System (NMS)p. 312
Fault Managementp. 313
Configuration Managementp. 330
Performance Managementp. 333
Accounting or Asset Managementp. 335
Security Managementp. 335
Hardening Your Network Management Protocolsp. 335
Configuring IPsec on Microsoft Windows 2000p. 336
Summaryp. 345
Implementing a Secure Perimeterp. 347
DMZ Implementation Methodsp. 348
Using a Multi-homed Firewall for Your DMZp. 349
Using Dual Firewalls for Your DMZp. 351
VLANs and DMZsp. 353
Internet Access Modulep. 354
Traffic Flow Through the Internet Modulep. 354
Firewall Implementationp. 356
VPN/Remote Access Modulep. 360
Remote Access VPN Termination Segmentp. 361
Site-to-Site VPN Termination Segmentp. 362
Dial-in Remote User Termination Segmentp. 362
NIDS/NIPS Deploymentp. 362
WAN Access Modulep. 363
Extranet Access Modulep. 364
Wireless Access Modulep. 365
E-Commerce Access Modulep. 366
Web Services DMZ Segmentp. 366
Application Services DMZ Segmentp. 367
Database Services DMZ Segmentp. 367
Summaryp. 368
Implementing a Secure Interiorp. 371
Using Virtual LANs (VLANs) to Segment the Networkp. 372
Trust Model Enforcementp. 373
Using VLANs to Isolate Systemsp. 375
Designing the Enterprise Campusp. 375
Core Modulep. 378
Server Modulep. 378
Building Distribution Modulep. 379
Building Access Modulep. 381
Management Modulep. 381
Lab Modulep. 382
Hardening Branch/Remote Officesp. 383
Summaryp. 384
Once Is Never Enough!
Auditing: Performing a Security Reviewp. 389
Reviewing Your Security Policyp. 391
Is Your Security Policy Being Adhered To?p. 391
Does Your Security Policy Address All Known Threats to Your Environment?p. 393
Protecting Yourself from Future Exploitsp. 393
Do You Have Adequate Prevention Mechanisms and Enforcement of Your Security Policy?p. 396
Reviewing Your Security Posturep. 398
Auditing Your Environmentp. 399
Performing an Internal Auditp. 400
Using Nmap and Nessus to Perform a Basic Security Reviewp. 405
Performing an External Auditp. 422
Summaryp. 425
Managing Changes to Your Environmentp. 427
Implementing Change Controlp. 428
Defining the Change Management Teamp. 428
The Change Planning Procesp. 432
The Change Management Processp. 438
How to Ensure a Successful Change Control Processp. 443
Implementing a Patch and Update Policyp. 445
When to Use a Workaround, Hotfix, Patch, or an Upgradep. 447
Staying Informed of Workarounds, Hotfixes, Patches, and Upgradesp. 448
Purchasing Maintenance and Support Agreementsp. 449
Defining a Change Control Patch Policyp. 450
Writing Patch and Update Proceduresp. 451
Changing the System Imagep. 452
Changing the System Configurationp. 464
Changing the Applicationp. 472
Summaryp. 472
How to Succeed at Hardening Your Network Infrastructure
Setting Perceptions and Justifying the Cost of Securityp. 477
Setting Perceptions and Expectationsp. 478
Setting User Perceptions and Expectationsp. 479
Setting Management Perceptions and Expectationsp. 485
Justifying the Cost of Securityp. 488
Risk Analysisp. 488
Summaryp. 497
Addressing Staffing and Training Issuesp. 499
Staffing Issuesp. 500
Increasing Staff Headcountp. 500
Utilizing Contractorsp. 501
Outsourcingp. 501
Recruitment and Retentionp. 501
Individual Roles and Responsibilitiesp. 507
Organization/Group Roles and Responsibilitiesp. 508
Knowledge Managementp. 509
Training Issuesp. 510
Training Resourcesp. 510
Implementing a Lab Environmentp. 513
Summaryp. 514
Incident Responsep. 517
Building an Incident Response Planp. 518
Assembling a Computer Incident Response Team (CIRT)p. 518
Planning for Incident Responsep. 523
Discovering Incidentsp. 527
Handling Incidentsp. 530
Summaryp. 535
Indexp. 537
Table of Contents provided by Rittenhouse. All Rights Reserved.

ISBN: 9780072255027
ISBN-10: 0072255021
Series: Hardening
Audience: Professional
Format: Paperback
Language: English
Number Of Pages: 580
Published: 6th May 2004
Publisher: McGraw-Hill Education - Europe
Country of Publication: US
Dimensions (cm): 23.5 x 19.1  x 2.9
Weight (kg): 0.99