Self-Defending Networks: The Next Generation of Network Security
內容描述
Description
Protect your network with self-regulating
network security solutions that combat both internal and external threats.
Provides an overview of the security components used to design proactive
network security
Helps network security professionals understand what the latest tools
and techniques can do and how they interact
Presents detailed information on how to use integrated management to
increase security
Includes a design guide with step-by-step implementation
instructions
Self-Defending Networks: The Next Generation of
Network Security helps networking professionals understand how to deploy
an end-to-end, integrated network security solution. It presents a clear view
of the various components that can be used throughout the network to not only
monitor traffic but to allow the network itself to become more proactive in
preventing and mitigating network attacks. This security primer provides
unique insight into the entire range of Cisco security solutions, showing what
each element is capable of doing and how all of the pieces work together to
form an end-to-end Self-Defending Network. While other books tend to focus on
individual security components, providing in-depth configuration guidelines
for various devices and technologies, Self-Defending Networks instead
presents a high-level overview of the entire range of technologies and
techniques that comprise the latest thinking in proactive network security
defenses. This book arms network security professionals with the latest
information on the comprehensive suite of Cisco security tools and techniques.
Network Admission Control, Network Infection Containment, Dynamic Attack
Mitigation, DDoS Mitigation, Host Intrusion Prevention, and Integrated
Security Management are all covered, providing the most complete overview of
various security systems. It focuses on leveraging integrated management,
rather than including a device-by-device manual to implement self-defending
networks.
Table of
Contents
Foreword
Introduction
Chapter 1 Understanding Types of
Network Attacks and Defenses
Categorizing Network Attacks
Virus
Worm
Trojan
Horse
Denial-of-Service
Distributed
Denial-of-Service
Spyware
Phishing
Understanding Traditional Network
Defenses
Router
Access Lists
Firewalls
Intrusion
Detection Systems
Virtual
Private Networks
Antivirus
Programs
Introducing Cisco Self-Defending
Networks
DDoS
Mitigation
Intrusion
Prevention Systems
Adaptive
Security Appliance
Incident
Control Service
Network
Admission Control
IEEE
802.1x
Host
Intrusion Prevention: CSA
Cisco
Security Centralized Management
Summary
References
Chapter 2 Mitigating Distributed
Denial-of-Service Attacks
Understanding Types of DDoS
Attacks
DDoS Mitigation Overview
Using Cisco Traffic Anomaly
Detector
Configuring
the Traffic Anomaly Detector
Zone
Creation
Traffic
Anomaly Detector Zone Filters
Policy
Template
Learning
Phase
Detecting
and Reporting Traffic Anomalies
Configuring Cisco Guard
Bootstrapping
Zone
Creation and Synchronization
Cisco Guard
Zone Filters
Zone Traffic
Diversion
Learning
Phase
Activating
Zone Protection
Generating
Attack Reports
Summary
References
Chapter 3 Cisco Adaptive Security
Appliance Overview
Antispoofing
Intrusion Prevention Service
Launch ASDM
for IPS Configuration
Configure
Service Policy Rules
Define IPS
Signatures
Protocol Inspection Services
HTTP Inspection Engine
TCP Map
HTTP Map
Configuring Content Security and
Control Security
Content
Security and Control Services Module (CSC-SSM) Setup
Web
URL Blocking
URL Filtering
Scanning
File Blocking
Mail
Scanning
Antispam
Content
Filtering
File Transfer
Summary
References
Chapter 4 Cisco Incident Control
Service
Implementing Outbreak Management
with Cisco ICS
Outbreak
Management Summary
Information
and Statistics on Network Threats from Trend Micro
New Outbreak
Management Task
Outbreak
Settings
Displaying Outbreak Reports
OPACL
Settings
Exception
List
Report
Settings
Watch List
Settings
Automatic
Outbreak Management Task
Displaying Devices
Device
List
Add
Device
Viewing Logs
Incident Log
Query
Event Log
Query
Outbreak Log
Query
Log
Maintenance
Summary
References
Chapter 5 Demystifying 802.1x
Fundamentals of 802.1x
Introducing Cisco Identity-Based
Networking Services
Machine Authentication
802.1x and NAC
Using EAP Types
EAP MD5
EAP TLS
LEAP
PEAP
EAP FAST
VPN and 802.1x
Summary
References
Chapter 6 Implementing Network
Admission Control
Network Admission Control
Overview
NAC Framework Benefits
NAC Framework Components
Endpoint
Security Application
Posture
Agent
Network
Access Devices
Policy
Server
Management
and Reporting Tools
Operational Overview
Network Admission for NAC-enabled
Endpoints
Endpoint
Attempts to Access the Network
NAD Notifies
Policy Server
Cisco Secure
ACS Compares Endpoint to NAC Policy
Cisco Secure
ACS Forwards Information to Partner Policy Servers
Cisco Secure
ACS Makes a Decision
Cisco Secure
ACS Sends Enforcement Actions
NAD Enforces
Actions
Posture
Agent Actions
Endpoint
Polled for Change of Compliance
Revalidation
Process
Network Admission for NAC Agentless
Hosts
Deployment Models
LAN Access
Compliance
WAN Access
Compliance
Remote
Access Compliance
Summary
References
Chapter 7 Network Admission Control
Appliance
NAC Appliance Features
NAC Appliance Manager
Device Management
CCA
Servers
Filters
Clean
Access
Switch Management
User Management
Monitoring
Administration
Summary
References
Chapter 8 Managing the Cisco Security
Agent
Management Center for Cisco Security
Agents
Deploying
Cisco Secure Agent Kits
Displaying
the End-Station Hostname in the Device Groups
Reviewing
Policies
Attaching
Rules to a Policy
Generating
and Deploying Rules
Using Event
Monitor
Running
Cisco Security Agent Analysis
Cisco Security Agent
Status
System
Security
Summary
References
Chapter 9 Cisco Security Manager
Getting Started
Device View
Add
Device
Configure
Access Conrol Lists (ACLs) from Device View
Configuring
Interface Roles
Apply Access
Control List (ACL) Rules to Multiple Devices
Invoking the
Policy Query
Using
Analysis and Hit Count Functions
Map View
Showing
Devices on the Topology Map
Adding Cloud
Networks and Hosts to the Topology Map
Configuring
Firewall Access Control List (ACLs) Rules from Topology Map
Policy View
Access
Control List (ACL) Rules Security Policy
Policy
Inheritance and Mandatory Security Policies
IPS Management
Object Manager
Value Override Per Device
Summary
References
Chapter 10 Cisco Security Monitoring,
Analysis, and Response System
Understanding Cisco Security MARS
Features
Summary Dashboard
Incidents
Displaying
Path of Incident and Mitigating the Attack
Hotspot
Graph and Attack Diagram
Rules
Query/Reports
Management
Admin
Cisco Security Manager Linkages
Summary
References