+612 9045 4394
 
CHECKOUT
Security Sage's Guide to Hardening the Network Infrastructure - Steven Andres

Security Sage's Guide to Hardening the Network Infrastructure

Paperback

Published: 1st April 2004
Ships: 7 to 10 business days
7 to 10 business days
$150.95
or 4 easy payments of $37.74 with Learn more

This is the only computer book to focus completely on infrastucture security: network devices, protocols and architectures. It offers unique coverage of network design so administrators understand how they should design and protect their enterprises. Network security publishing has boomed in the last several years with a proliferation of materials that focus on various elements of the enterprise.

* This is the only computer book to focus completely on infrastucture security: network devices, protocols and architectures
* It offers unique coverage of network design so administrators understand how they should design and protect their enterprises
* Helps provide real practical solutions and not just background theory

Forewordp. xxv
Defining Perimeter and Internal Segmentsp. 1
Introductionp. 2
Internal versus External Segmentsp. 2
Explaining the External Segment or Perimeter Segmentp. 3
The Internal Segment Explainedp. 4
Footprinting: Finding the IP Addresses Assigned to Your Companyp. 7
Using whois to Understand Who You Arep. 7
Using DNS Interrogation for More Informationp. 9
Checklistp. 12
Summaryp. 13
Solutions Fast Trackp. 13
Links to Sitesp. 14
Mailing Listsp. 14
Frequently Asked Questionsp. 15
Assessing Your Current Networksp. 17
Introductionp. 18
Monitoring Trafficp. 19
Sniffingp. 19
Counting the Countersp. 35
Looking at Logical Layoutsp. 39
Get on the Busp. 39
Network Mapping 1-2-3p. 42
Performing Security Auditsp. 48
Vulnerability Assessmentp. 48
Remediationp. 64
Follow-Upp. 67
Examining the Physical Securityp. 67
Who's Knocking on Your NOC?p. 67
Extra Ports Equal Extra Headachesp. 69
Checklistp. 70
Summaryp. 71
Solutions Fast Trackp. 71
Links to Sitesp. 73
Mailing Listsp. 74
Frequently Asked Questionsp. 75
Selecting the Correct Firewallp. 77
Introductionp. 78
Understanding Firewall Basicsp. 78
Seal of Approvalp. 79
Security Rulesp. 80
Hardware or Softwarep. 82
Administrative Interfacesp. 84
Traffic Interfacesp. 87
Loggingp. 90
Optional Featuresp. 91
Exploring Stateful Packet Firewallsp. 97
What Is a Stateless Firewall?p. 97
Keeping Track of Conversationsp. 100
Too Much Chatterp. 101
Stateful Failoverp. 102
Explaining Proxy-Based Firewallsp. 103
Gophersp. 104
Modernization: The Evolution of Gophersp. 105
Explaining Packet Layers: An Analogyp. 106
Employee Monitoringp. 108
Examining Various Firewall Vendorsp. 109
3Com Corporation and Sonic Wall, Inc.p. 109
Check Point Software Technologiesp. 110
Cisco Systems, Inc.p. 111
CyberGuardp. 113
Microsoft ISA Serverp. 113
NetScreenp. 114
Novellp. 115
Secure Computingp. 115
Stonesoft, Inc.p. 116
Symantec Corporationp. 117
WatchGuard Technologies, Inc.p. 118
Checklistp. 119
Summaryp. 120
Solutions Fast Trackp. 121
Links to Sitesp. 121
Mailing Listsp. 123
Frequently Asked Questionsp. 124
Firewall Manipulation: Attacks and Defensesp. 127
Introductionp. 128
Firewall Attack Methodsp. 129
Attacking for Informationp. 129
Denial-of-Service Attacksp. 130
Remote Firewall Compromisep. 131
Check Point Software Attacks and Solutionsp. 132
VPN-1/SecureClient ISAKMP Buffer Overflowp. 132
Check Point SecuRemote Internal Address Disclosurep. 134
Cisco PIX Attacks and Solutionsp. 136
Cisco PIX SNMPv3 Denial of Servicep. 137
Cisco PIX SSH Denial of Servicep. 139
Microsoft ISA Server Attacks and Solutionsp. 141
ISA Server Web Proxy Denial of Servicep. 142
ISA Server UDP Flood Denial of Servicep. 144
NetScreen Firewall Attacks and Mitigationsp. 146
NetScreen Management and TCP Option Denial of Servicep. 147
NetScreen Remote Reboot Denial of Servicep. 150
Novell BorderManager Attacks and Solutionsp. 152
Novell BorderManager IP/IPX Gateway Denial of Servicep. 152
Checklistp. 154
Summaryp. 155
Solutions Fast Trackp. 156
Links to Sitesp. 158
Mailing Listsp. 159
Frequently Asked Questionsp. 160
Routing Devices and Protocolsp. 163
Introductionp. 164
Understanding the Roles of Routers on Your Networkp. 165
Understanding the Roles of Routers on Perimeter Segmentsp. 167
Examining the Roles of Routers on Internal Segmentsp. 168
Securing Your Routersp. 170
Examining Possible Attacks on Your Routersp. 171
Locking Down Your Routersp. 172
Preventing Login Access to Your Routersp. 173
Controlling What Your Routers Dop. 178
Maintaining Your Routers for Optimal Securityp. 181
IP Routing Devicesp. 184
IP Routersp. 184
Routing Switches and Load Balancersp. 187
Routing at the Operating System and Application Levelp. 190
IP Routing Protocolsp. 191
Routing Information Protocolp. 192
Interior Gateway Routing Protocolp. 196
Enhanced IGRPp. 199
RIPv2p. 201
Open Shortest Path Firstp. 204
BGP v4p. 206
Checklistp. 209
Summaryp. 210
Solutions Fast Trackp. 211
Links to Sitesp. 213
Mailing Listsp. 213
Frequently Asked Questionsp. 214
Secure Network Managementp. 217
Introductionp. 218
Network Management and Security Principlesp. 219
Knowing What You Havep. 220
Controlling Access Vectorsp. 221
Plan for the Unexpectedp. 234
Back Up Your Management, Toop. 237
Watch Your Backp. 237
Management Networksp. 243
IPSec and VPNsp. 244
IPSec Modes and Protocolsp. 246
IPSec Configuration Examplesp. 247
Network Management Tools and Usesp. 251
Big Brotherp. 252
Big Sisterp. 253
MRTGp. 254
Paessler PRTGp. 255
IPsentryp. 256
SolarWinds Orionp. 258
IPSwitch WhatsUp Goldp. 259
Cisco Systems CiscoWorksp. 260
Computer Associates Unicenterp. 261
Microsoft Systems Management Serverp. 261
Hewlett-Packard OpenViewp. 262
Checklistp. 264
Summaryp. 265
Solutions Fast Trackp. 265
Links to Sitesp. 265
Mailing Listsp. 267
Frequently Asked Questionsp. 267
Network Switchingp. 271
Introductionp. 272
Understanding the Open Systems Interconnect Reference Modelp. 272
The Seven Layersp. 274
The Physical Link Layer: Layer 1p. 276
The Data Link Layer: Layer 2p. 276
The Network Layer: Layer 3p. 276
The Transport Layer: Layer 4p. 277
The Origin of Switchingp. 277
Hubsp. 280
Carrier Sense Multiple Access/Collision Detectionp. 281
Bridgingp. 283
And Then Came the Switchp. 284
Evaluating Switching Standards and Featuresp. 285
Which Switch Type Is Right for Me?p. 286
Evaluating the Physical Footprintp. 288
Network Speedp. 290
Distance Limitationsp. 291
Duplex Modep. 293
Spanning Tree Protocolp. 293
Content Addressable Memoryp. 295
Backplane and Switching Fabricp. 296
Optional Featuresp. 297
Moving Switching beyond Layer 2p. 300
Understanding the Need for Layer 3 Switchingp. 300
Routingp. 302
Layer 3 Switching in Actionp. 304
Layer 3 Switching and VLANsp. 304
Understanding Multilayer Switchingp. 305
Using Switching to Improve Securityp. 306
Patching the Switchp. 306
Securing Unused Portsp. 308
Adding Passwords to the Switchp. 308
Port Mirroringp. 308
Remote Managementp. 309
Remote Monitoringp. 310
Setting the Timep. 312
Using VLANs for Securityp. 312
Using Multilayer Switching (MLS) for Securityp. 312
Choosing the Right Switchp. 313
Understanding the Layers of the Campus Networkp. 313
Assessing Your Needsp. 314
Assembling the Piecesp. 315
Checklistp. 322
Summaryp. 324
Solutions Fast Trackp. 326
Links to Sitesp. 328
Mailing Listsp. 329
Frequently Asked Questionsp. 330
Defending Routers and Switchesp. 333
Introductionp. 334
Attacking and Defending Your Network Devicesp. 336
Cisco IPv4 Denial of Servicep. 337
Exploiting the IPv4 DoSp. 338
Defending Your Router against the IPv4 DoSp. 339
Cisco HTTP Get Buffer Overflow and UDP Memory Disclosurep. 340
Exploiting 2-for-1p. 342
Cisco Discovery Protocol Denial of Servicep. 343
Exploiting the CDP Denial of Servicep. 344
Preventing CDP Attacksp. 344
Confusing the Enemyp. 345
MAC Floodingp. 345
ARP Spoofingp. 347
Breaking Out of Jailp. 351
VLAN Jumpingp. 352
Attacking Simple Network Management Protocolp. 354
Sniffing the Management... Protocolp. 355
Vulnerability Chainingp. 361
Checklistp. 362
Summaryp. 363
Solutions Fast Trackp. 363
Links to Sitesp. 366
Mailing Listsp. 366
Frequently Asked Questionsp. 367
Implementing Intrusion Detection Systemsp. 369
Introductionp. 370
Understanding Intrusion Detection and Prevention Basicsp. 371
Intrusion Detection System Sensorsp. 373
Intrusion Prevention System Sensorsp. 377
Comparing IDS/IPS Vendorsp. 381
Intrusion Detection/Prevention Systemsp. 381
Application-Level Firewallsp. 399
Honeypots/Honeynetsp. 410
Tarpitsp. 414
Subverting an IDS/IPSp. 416
Port Hoppingp. 417
Fragmentingp. 417
Summaryp. 419
Checklistsp. 419
Solutions Fast Trackp. 421
Links to Sitesp. 421
Mailing Listsp. 423
Frequently Asked Questionsp. 424
Perimeter Network Designp. 427
Introductionp. 428
Looking at Design Principlesp. 428
Selecting and Deploying Firewallsp. 430
Including IDSs and IPSs in Your Designp. 436
Creating Network Segmentsp. 437
Designing an Internet Access Networkp. 440
What to Consider when Designing Internet Access Networksp. 440
Designing the Logical and Physical Networksp. 442
Designing Internet Application Networksp. 445
What to Consider when Designing Internet Application Networksp. 445
Designing VPN and Remote Access Termination Networksp. 449
What to Consider when Designing Remote Access Termination Networksp. 449
Checklistp. 452
Summaryp. 453
Solutions Fast Trackp. 456
Links to Sitesp. 458
Mailing Listsp. 458
Frequently Asked Questionsp. 459
Internal Network Designp. 461
Introductionp. 462
Design Principles and Examplesp. 462
Firewall Placement and Selectionp. 464
IDS Placementp. 470
Proper Segmentationp. 479
Access Control Lists, Routers, and Layer 3 Switchesp. 482
Use of DMZs and Service Networksp. 486
Checklistp. 490
Summaryp. 492
Solutions Fast Trackp. 493
Links to Sitesp. 494
Mailing Listsp. 495
Frequently Asked Questionsp. 496
Indexp. 499
Table of Contents provided by Ingram. All Rights Reserved.

ISBN: 9781931836012
ISBN-10: 1931836019
Audience: Professional
Format: Paperback
Language: English
Number Of Pages: 608
Published: 1st April 2004
Publisher: Syngress Media,U.S.
Country of Publication: US
Dimensions (cm): 22.9 x 17.8  x 2.46
Weight (kg): 0.78