Managing Cisco Network Security
Autor Syngressen Limba Engleză Paperback – 28 mai 2002
"There's no question that attacks on enterprise networks are increasing in frequency and sophistication..." -Mike Fuhrman, Cisco Systems Manager, Security Consulting
Managing Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco's security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.
- Security from a real-world perspective
- Key coverage of the new technologies offered by the Cisco including: 500 series of Cisco PIX Firewall, Cisco
- Intrusion Detection System, and the Cisco Secure Scanner
- Revised edition of a text popular with CCIP (Cisco Certified Internetwork Professional) students
- Expanded to include separate chapters on each of the security products offered by Cisco Systems
Preț: 465.09 lei
Preț vechi: 581.35 lei
-20% Nou
Puncte Express: 698
Preț estimativ în valută:
88.100€ • 93.63$ • 73.69£
88.100€ • 93.63$ • 73.69£
Carte tipărită la comandă
Livrare economică 14-28 ianuarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781931836562
ISBN-10: 1931836566
Pagini: 752
Dimensiuni: 189 x 246 x 42 mm
Greutate: 1.29 kg
Ediția:2
Editura: ELSEVIER SCIENCE
ISBN-10: 1931836566
Pagini: 752
Dimensiuni: 189 x 246 x 42 mm
Greutate: 1.29 kg
Ediția:2
Editura: ELSEVIER SCIENCE
V-ar putea interesa
-
On the Foundations of ComputingGiuseppe Primiero-22%Preț: 335.48 lei431.25 lei -
Algorithms Are Not EnoughHerbert L. Roitblat-20%Preț: 216.05 lei270.06 lei -
Blockchain Chicken FarmXiaowei WangPreț: 81.38 lei -
Possible Minds: Twenty-Five Ways of Looking at AIJohn Brockman-34%Preț: 74.79 lei113.68 lei -
Algorithms Illuminated (Part 2)Tim Roughgarden-20%Preț: 90.83 lei113.54 lei -
-20%Preț: 275.92 lei344.89 lei -
Practical Hadoop SecurityBhushan Lakhe-20%Preț: 296.71 lei370.88 lei -
-20%Preț: 237.39 lei296.74 lei -
-20%Preț: 320.06 lei400.08 lei -
tmux 2Brian P. Hogan-20%Preț: 93.09 lei116.36 lei -
The Revolutionary PhenotypeJean-François GariépyPreț: 115.51 lei -
AdventureJamie LendinoPreț: 120.11 lei -
10 Short Lessons in Artificial Intelligence and RoboticsPeter J. Bentley-20%Preț: 79.21 lei99.02 lei -
-20%Preț: 394.75 lei493.44 lei -
Hackproofing Your Wireless NetworkSyngress-20%Preț: 376.98 lei471.23 lei -
Windows 2000 Active DirectorySyngress-20%Preț: 391.38 lei489.22 lei -
Hack Proofing Your NetworkSyngress-20%Preț: 381.40 lei476.75 lei -
-20%Preț: 441.25 lei551.57 lei -
Configuring IPv6 For Cisco IOSSyngress-20%Preț: 479.96 lei599.95 lei -
-20%Preț: 368.74 lei460.93 lei -
-20%Preț: 449.72 lei562.15 lei -
-20%Preț: 512.84 lei641.05 lei -
-20%Preț: 314.73 lei393.40 lei -
-20%Preț: 337.03 lei421.28 lei -
-20%Preț: 362.81 lei453.51 lei -
-20%Preț: 344.85 lei431.07 lei
Cuprins
Chapter 1 Introduction to IP Network Security
Introduction
What Role Does Security Play in a Network?
Goals
Philosophy
What if I Don’t Deploy Security?
The Fundamentals of Networking
Where Does Security Fit in?
Network Access Layer Security
Internetwork Layer Security
Host-to-Host Layer Security?
Process Application Layer Security
Authentication
OSI Model
How the OSI Model Works
Composition of a Data Packet
Security in TCP/IP
Cisco IP Security Hardware and Software
The Cisco Secure PIX Firewall
Cisco Secure Integrated Software
Cisco Secure Integrated VPN Software
The Cisco Secure VPN Client
Cisco Secure Access Control Server
Cisco Secure Scanner
Cisco Secure Intrusion Detection System
Cisco Secure Policy Manager
Cisco Secure Consulting Services
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 What are We Trying to Prevent?
Introduction
What Threats Face Your Network?
Loss of Confidentiality
Loss of Integrity
Loss of Availability
Sources of Threats
Malicious Mobile Code
Trojan Horses
Viruses
Worms
Current Malicious Code Threats
Current Malicious Code Impacts
Denial of Service
The Smurf Attack
The SYN Flood Attack
Distributed Denial of Service (DDoS) Attacks
Detecting Breaches
Initial Detection
are Forensics Important?
What are the Key Steps after a Breach
is Detected?
Preventing Attacks
Reducing Vulnerabilities
Providing a Simple Security Network Architecture
Developing a Culture of Security
Developing a Security Policy
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Cisco PIX Firewall
Introduction
Overview of the Security Features
Differences between PIX OS Version 4.x and Version 5.x
Differences between PIX OS Version 6.0 and Version 5.x
Initial Configuration
Installing the PIX Software
The Command-Line Interface
IP Configuration
Configuring NAT and PAT
Permit Traffic Through
Security Policy Configuration
Security Strategies
Identify the Security Services to Implement
Implementing the Network Security Policy
Confidentiality Configuration in PIX
PIX Configuration Examples
Protecting a Private Network
Protecting a Network Connected to the Internet
Protecting Server Access Using Authentication
Protecting Public Servers Connected to the Internet
Securing and Maintaining the PIX
System Journaling
Securing the PIX
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Traffic Filtering in the Cisco Internetwork Operating System
Introduction
Access Lists
Access List Operation
Types of Access Lists
Standard IP Access Lists
Extended IP Access Lists
Named Access Lists
Editing Access Lists
Problems with Access Lists
Lock-and-key Access Lists
Reflexive Access Lists
Building Reflexive Access Lists
Applying Reflexive Access Lists
Context-based Access Control
The Context-based Access Control Process
Configuring Context-based Access Control
Inspection Rules
Applying the Inspection Rule
Configuring Port to Application Mapping
Configuring PAM
Protecting a Private Network
Protecting a Network Connected to the Internet
Protecting Server Access Using Lock-and-key
Protecting Public Servers Connected to the Internet
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Network Address Translation/Port Address Translation
Introduction
NAT Overview
Address Realm
RFC 1918 Private Addressing
NAT
Transparent Address Assignment
Transparent Routing
Public, Global, and External Networks
Private and Local Networks
Application Level Gateways
NAT Architectures
Traditional NAT or Outbound NAT
Port Address Translation
Static NAT
Twice NAT
Guidelines for Deploying NAT and PAT
IOS NAT Support for IP Telephony
H.323 v2 Support
CallManager Support
Session Initiation Protocol
Configuring NAT on Cisco IOS
Configuration Commands
Verification Commands
Configuring NAT between a Private Network and the Internet
Configuring NAT in a Network with DMZ
Considerations on NAT and PAT
IP Address Information in Data
Bundled Session Applications
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Cryptography
Introduction
Understanding Cryptography Concepts
History
Encryption Key Types
Learning about Standard Cryptographic Algorithms
Understanding Symmetric Algorithms
Understanding Asymmetric Algorithms
Understanding Brute Force
Brute Force Basics
Using Brute Force to Obtain Passwords
Knowing When Real Algorithms are Being Used Improperly
Bad Key Exchanges
Hashing Pieces Separately
Using a Short Password to Generate a Long Key
Improperly Stored Private or Secret Keys
Understanding Amateur Cryptography Attempts
Classifying the Ciphertext
Monoalphabetic Ciphers
Other Ways to Hide Information
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Cisco LocalDirector and DistributedDirector
Introduction
Improving Security Using Cisco LocalDirector
LocalDirector Technology Overview
LocalDirector Product Overview
LocalDirector Security Features
Filtering of Access Traffic
Using synguard to Protect against SYN Flood Attacks
Using NAT to Hide Real Addresses
Restricting Who is Authorized to Have Telnet Access to LocalDirector
Password Protection
Syslog Logging
Securing Geographically Dispersed Server Farms Using Cisco DistributedDirector
DistributedDirector Technology Overview
DistributedDirector Product Overview
DistributedDirector Security Features
Limiting the Source of DRP Queries
Authentication between DistributedDirector and DRP Agents
Password Protection
Syslog Logging
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Virtual Private Networks and Remote Access
Introduction
Overview of the Different VPN Technologies
The Peer Model
The Overlay Model
Link Layer VPNs
Network Layer VPNs
Transport and Application Layer VPNs
Intranet VPNs
Extranet VPNs
Access VPNs
Layer 2 Transport Protocol
Configuring Cisco L2TP
IPSec
IPSec Architecture
IPSec and Cisco Encryption Technology
Configuring Cisco IPSec
Connecting IPSec Clients to Cisco IPSec
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Cisco Authentication, Authorization, and Accounting Mechanisms
Introduction
Cisco AAA Overview
AAA Authentication
AAA Authorization
AAA Accounting
AAA Benefits
Cisco AAA Mechanisms
Supported AAA Security Protocols
Configuring AAA Authentication
Authorization
Accounting
Typical RAS Configuration Using AAA
Typical Firewall Configuration Using AAA
Authentication Proxy
How the Authentication Proxy Works
Comparison with the Lock-and-key Feature
Benefits of Authentication Proxy
Restrictions of Authentication Proxy
Configuring Authentication Proxy
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Cisco Content Services Switch
Introduction
Overview of Cisco Content Services Switch
Cisco Content Services Switch Technology Overview
Cisco Content Services Switch Product Information
Security Features of Cisco Content Services Switch
FlowWall Security?
Using Network Address Translation to Hide Real Addresses
Firewall Load Balancing
Password Protection
Disabling Telnet Access
Syslog Logging
Known Security Vulnerabilities
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 Cisco Secure Scanner
Introduction
Minimum System Specifications for Secure Scanner
Searching the Network for Vulnerabilities
Identifying Network Addresses
Identifying Vulnerabilities
Scheduling the Session
Viewing the Results
Changing Axis Views
Drilling into Data
Pivoting Data
Zooming In and Out
Creating Charts
Saving Grid Views and Charts
Reports and Wizards
Keeping the System Up-to-Date
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 12 Cisco Secure Policy Manager
Introduction
Overview of the Cisco Secure Policy Manager
The Benefits of Using Cisco Secure Policy Manager
Installation Requirements for the Cisco Secure Policy Manager
Features of the Cisco Secure Policy Manager
Cisco Firewall Management
VPN and IPSec Security Management
Security Policy Management
Network Security Deployment Options
Cisco Secure Policy Manager Device and Software Support
Using the Cisco Secure Policy Manager
Configuration
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 13 Intrusion Detection
Introduction
What is Intrusion Detection?
Types of IDSs
IDS Architecture
Why Should You Have an IDS?
Benefits of an IDS in a Network
Deploying an IDS in a Network
Difficulties in Deploying an IDS
IDS Tuning
Tuning
Network Attacks and Intrusions
Poor Network Perimeter/Device Security
Poor Physical Security
Application and Operating Software Weaknesses
Human Failure
Weaknesses in the IP Suite of Protocols
The Cisco Secure Network Intrusion Detection System
What is the Cisco Secure Network Intrusion Detection System?
Before You Install
Director and Probe Setup
General Operation
nrConfigure
The Data Management Package
Cisco IOS Intrusion Detection Systems
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 14 Network Security Management
Introduction
PIX Device Manager
PIX Device Manager Overview
Supported PIX Firewall Versions
Using PIX Device Manager
Configuration Examples
CiscoWorks2000 Access Control List Manager
ACL Manager Overview
Installation Requirements for ACL Manager
ACL Manager Features
The Basic Operation of ACL Manager
Using ACL Manager
Configuration Example: Creating ACLs with ACLM
Cisco Secure Policy Manager
Cisco Secure Access Control Server
Overview of the Cisco Secure Access Control Server
Benefits of the Cisco Secure Access Control Server
Features of Cisco Secure ACS
Cisco Secure ACS Device and Software Support
Using Cisco Secure ACS
Configuration Example: Adding and Configuring a AAA Client
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 15 Looking Ahead: Cisco Wireless Security
Introduction
Understanding Security Fundamentals and Principles of Protection
Ensuring Confidentiality
Ensuring Integrity
Ensuring Availability
Ensuring Privacy
Ensuring Authentication
Benefits of the Cisco Secure Access
Features of Cisco Secure ACS
Cisco Secure ACS Device and Software Support
Using Cisco Secure ACS
Configuration Example: Adding and Configuring a AAA Client
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 15 Looking Ahead: Cisco Wireless Security
Introduction
Understanding Security Fundamentals and Principles of Protection
Ensuring Confidentiality
Ensuring Integrity
Ensuring Availability
Ensuring Privacy
Ensuring Authentication
Ensuring Authorization
MAC Filtering
What is a MAC Address?
Where in the Authentication/Association Process Does MAC Filtering Occur?
Determining MAC Filtering is Enabled
MAC Spoofing
Ensuring Non-Repudiation
Accounting and Audit Trails
Using Encryption
Reviewing the Role of Policy
Identifying Resources
Understanding Classification Criteria
Implementing Policy
Addressing the Issues with Policy
Implementing WEP
Defining WEP
Creating Privacy with WEP
The WEP Authentication Process
WEP Benefits and Advantages
WEP Disadvantages
Implementing WEP on the Cisco
Aironet AP 340
Exploiting WEP
Security of 64-Bit versus 128-Bit Keys
Acquiring a WEP Key
Addressing Common Risks and Threats
Finding a Target
Finding Weaknesses in a Target
Exploiting Those Weaknesses
Sniffing, Interception, and Eavesdropping
Defining Sniffing
Sample Sniffing Tool
Sniffing Case Scenario
Protecting against Sniffing and Eavesdropping
Spoofing and Unauthorized Access
Defining Spoofing
Sample Spoofing Tools
Protecting against Spoofing and Unauthorized Attacks
Network Hijacking and Modification
Defining Hijacking
Sample Hijacking Tools
Hijacking Case Scenario
Protection against Network Hijacking and Modification
Denial of Service and Flooding Attacks
Defining DoS and Flooding
Sample DoS Tools
DoS and Flooding Case Scenario
Protecting against DoS and Flooding Attacks
Summary
Solutions Fast Track
Frequently Asked Questions
Index
Introduction
What Role Does Security Play in a Network?
Goals
Philosophy
What if I Don’t Deploy Security?
The Fundamentals of Networking
Where Does Security Fit in?
Network Access Layer Security
Internetwork Layer Security
Host-to-Host Layer Security?
Process Application Layer Security
Authentication
OSI Model
How the OSI Model Works
Composition of a Data Packet
Security in TCP/IP
Cisco IP Security Hardware and Software
The Cisco Secure PIX Firewall
Cisco Secure Integrated Software
Cisco Secure Integrated VPN Software
The Cisco Secure VPN Client
Cisco Secure Access Control Server
Cisco Secure Scanner
Cisco Secure Intrusion Detection System
Cisco Secure Policy Manager
Cisco Secure Consulting Services
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2 What are We Trying to Prevent?
Introduction
What Threats Face Your Network?
Loss of Confidentiality
Loss of Integrity
Loss of Availability
Sources of Threats
Malicious Mobile Code
Trojan Horses
Viruses
Worms
Current Malicious Code Threats
Current Malicious Code Impacts
Denial of Service
The Smurf Attack
The SYN Flood Attack
Distributed Denial of Service (DDoS) Attacks
Detecting Breaches
Initial Detection
are Forensics Important?
What are the Key Steps after a Breach
is Detected?
Preventing Attacks
Reducing Vulnerabilities
Providing a Simple Security Network Architecture
Developing a Culture of Security
Developing a Security Policy
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3 Cisco PIX Firewall
Introduction
Overview of the Security Features
Differences between PIX OS Version 4.x and Version 5.x
Differences between PIX OS Version 6.0 and Version 5.x
Initial Configuration
Installing the PIX Software
The Command-Line Interface
IP Configuration
Configuring NAT and PAT
Permit Traffic Through
Security Policy Configuration
Security Strategies
Identify the Security Services to Implement
Implementing the Network Security Policy
Confidentiality Configuration in PIX
PIX Configuration Examples
Protecting a Private Network
Protecting a Network Connected to the Internet
Protecting Server Access Using Authentication
Protecting Public Servers Connected to the Internet
Securing and Maintaining the PIX
System Journaling
Securing the PIX
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4 Traffic Filtering in the Cisco Internetwork Operating System
Introduction
Access Lists
Access List Operation
Types of Access Lists
Standard IP Access Lists
Extended IP Access Lists
Named Access Lists
Editing Access Lists
Problems with Access Lists
Lock-and-key Access Lists
Reflexive Access Lists
Building Reflexive Access Lists
Applying Reflexive Access Lists
Context-based Access Control
The Context-based Access Control Process
Configuring Context-based Access Control
Inspection Rules
Applying the Inspection Rule
Configuring Port to Application Mapping
Configuring PAM
Protecting a Private Network
Protecting a Network Connected to the Internet
Protecting Server Access Using Lock-and-key
Protecting Public Servers Connected to the Internet
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5 Network Address Translation/Port Address Translation
Introduction
NAT Overview
Address Realm
RFC 1918 Private Addressing
NAT
Transparent Address Assignment
Transparent Routing
Public, Global, and External Networks
Private and Local Networks
Application Level Gateways
NAT Architectures
Traditional NAT or Outbound NAT
Port Address Translation
Static NAT
Twice NAT
Guidelines for Deploying NAT and PAT
IOS NAT Support for IP Telephony
H.323 v2 Support
CallManager Support
Session Initiation Protocol
Configuring NAT on Cisco IOS
Configuration Commands
Verification Commands
Configuring NAT between a Private Network and the Internet
Configuring NAT in a Network with DMZ
Considerations on NAT and PAT
IP Address Information in Data
Bundled Session Applications
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6 Cryptography
Introduction
Understanding Cryptography Concepts
History
Encryption Key Types
Learning about Standard Cryptographic Algorithms
Understanding Symmetric Algorithms
Understanding Asymmetric Algorithms
Understanding Brute Force
Brute Force Basics
Using Brute Force to Obtain Passwords
Knowing When Real Algorithms are Being Used Improperly
Bad Key Exchanges
Hashing Pieces Separately
Using a Short Password to Generate a Long Key
Improperly Stored Private or Secret Keys
Understanding Amateur Cryptography Attempts
Classifying the Ciphertext
Monoalphabetic Ciphers
Other Ways to Hide Information
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7 Cisco LocalDirector and DistributedDirector
Introduction
Improving Security Using Cisco LocalDirector
LocalDirector Technology Overview
LocalDirector Product Overview
LocalDirector Security Features
Filtering of Access Traffic
Using synguard to Protect against SYN Flood Attacks
Using NAT to Hide Real Addresses
Restricting Who is Authorized to Have Telnet Access to LocalDirector
Password Protection
Syslog Logging
Securing Geographically Dispersed Server Farms Using Cisco DistributedDirector
DistributedDirector Technology Overview
DistributedDirector Product Overview
DistributedDirector Security Features
Limiting the Source of DRP Queries
Authentication between DistributedDirector and DRP Agents
Password Protection
Syslog Logging
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8 Virtual Private Networks and Remote Access
Introduction
Overview of the Different VPN Technologies
The Peer Model
The Overlay Model
Link Layer VPNs
Network Layer VPNs
Transport and Application Layer VPNs
Intranet VPNs
Extranet VPNs
Access VPNs
Layer 2 Transport Protocol
Configuring Cisco L2TP
IPSec
IPSec Architecture
IPSec and Cisco Encryption Technology
Configuring Cisco IPSec
Connecting IPSec Clients to Cisco IPSec
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9 Cisco Authentication, Authorization, and Accounting Mechanisms
Introduction
Cisco AAA Overview
AAA Authentication
AAA Authorization
AAA Accounting
AAA Benefits
Cisco AAA Mechanisms
Supported AAA Security Protocols
Configuring AAA Authentication
Authorization
Accounting
Typical RAS Configuration Using AAA
Typical Firewall Configuration Using AAA
Authentication Proxy
How the Authentication Proxy Works
Comparison with the Lock-and-key Feature
Benefits of Authentication Proxy
Restrictions of Authentication Proxy
Configuring Authentication Proxy
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 10 Cisco Content Services Switch
Introduction
Overview of Cisco Content Services Switch
Cisco Content Services Switch Technology Overview
Cisco Content Services Switch Product Information
Security Features of Cisco Content Services Switch
FlowWall Security?
Using Network Address Translation to Hide Real Addresses
Firewall Load Balancing
Password Protection
Disabling Telnet Access
Syslog Logging
Known Security Vulnerabilities
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 11 Cisco Secure Scanner
Introduction
Minimum System Specifications for Secure Scanner
Searching the Network for Vulnerabilities
Identifying Network Addresses
Identifying Vulnerabilities
Scheduling the Session
Viewing the Results
Changing Axis Views
Drilling into Data
Pivoting Data
Zooming In and Out
Creating Charts
Saving Grid Views and Charts
Reports and Wizards
Keeping the System Up-to-Date
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 12 Cisco Secure Policy Manager
Introduction
Overview of the Cisco Secure Policy Manager
The Benefits of Using Cisco Secure Policy Manager
Installation Requirements for the Cisco Secure Policy Manager
Features of the Cisco Secure Policy Manager
Cisco Firewall Management
VPN and IPSec Security Management
Security Policy Management
Network Security Deployment Options
Cisco Secure Policy Manager Device and Software Support
Using the Cisco Secure Policy Manager
Configuration
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 13 Intrusion Detection
Introduction
What is Intrusion Detection?
Types of IDSs
IDS Architecture
Why Should You Have an IDS?
Benefits of an IDS in a Network
Deploying an IDS in a Network
Difficulties in Deploying an IDS
IDS Tuning
Tuning
Network Attacks and Intrusions
Poor Network Perimeter/Device Security
Poor Physical Security
Application and Operating Software Weaknesses
Human Failure
Weaknesses in the IP Suite of Protocols
The Cisco Secure Network Intrusion Detection System
What is the Cisco Secure Network Intrusion Detection System?
Before You Install
Director and Probe Setup
General Operation
nrConfigure
The Data Management Package
Cisco IOS Intrusion Detection Systems
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 14 Network Security Management
Introduction
PIX Device Manager
PIX Device Manager Overview
Supported PIX Firewall Versions
Using PIX Device Manager
Configuration Examples
CiscoWorks2000 Access Control List Manager
ACL Manager Overview
Installation Requirements for ACL Manager
ACL Manager Features
The Basic Operation of ACL Manager
Using ACL Manager
Configuration Example: Creating ACLs with ACLM
Cisco Secure Policy Manager
Cisco Secure Access Control Server
Overview of the Cisco Secure Access Control Server
Benefits of the Cisco Secure Access Control Server
Features of Cisco Secure ACS
Cisco Secure ACS Device and Software Support
Using Cisco Secure ACS
Configuration Example: Adding and Configuring a AAA Client
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 15 Looking Ahead: Cisco Wireless Security
Introduction
Understanding Security Fundamentals and Principles of Protection
Ensuring Confidentiality
Ensuring Integrity
Ensuring Availability
Ensuring Privacy
Ensuring Authentication
Benefits of the Cisco Secure Access
Features of Cisco Secure ACS
Cisco Secure ACS Device and Software Support
Using Cisco Secure ACS
Configuration Example: Adding and Configuring a AAA Client
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 15 Looking Ahead: Cisco Wireless Security
Introduction
Understanding Security Fundamentals and Principles of Protection
Ensuring Confidentiality
Ensuring Integrity
Ensuring Availability
Ensuring Privacy
Ensuring Authentication
Ensuring Authorization
MAC Filtering
What is a MAC Address?
Where in the Authentication/Association Process Does MAC Filtering Occur?
Determining MAC Filtering is Enabled
MAC Spoofing
Ensuring Non-Repudiation
Accounting and Audit Trails
Using Encryption
Reviewing the Role of Policy
Identifying Resources
Understanding Classification Criteria
Implementing Policy
Addressing the Issues with Policy
Implementing WEP
Defining WEP
Creating Privacy with WEP
The WEP Authentication Process
WEP Benefits and Advantages
WEP Disadvantages
Implementing WEP on the Cisco
Aironet AP 340
Exploiting WEP
Security of 64-Bit versus 128-Bit Keys
Acquiring a WEP Key
Addressing Common Risks and Threats
Finding a Target
Finding Weaknesses in a Target
Exploiting Those Weaknesses
Sniffing, Interception, and Eavesdropping
Defining Sniffing
Sample Sniffing Tool
Sniffing Case Scenario
Protecting against Sniffing and Eavesdropping
Spoofing and Unauthorized Access
Defining Spoofing
Sample Spoofing Tools
Protecting against Spoofing and Unauthorized Attacks
Network Hijacking and Modification
Defining Hijacking
Sample Hijacking Tools
Hijacking Case Scenario
Protection against Network Hijacking and Modification
Denial of Service and Flooding Attacks
Defining DoS and Flooding
Sample DoS Tools
DoS and Flooding Case Scenario
Protecting against DoS and Flooding Attacks
Summary
Solutions Fast Track
Frequently Asked Questions
Index