Thông tin tài liệu
Introduction
CHAPTER 1—Why Secure Your Network?
Thinking like an Attacker
Attacker vs. Hacker
Why Would Someone Want to Ruin My Day?
Attacks from Within
External Attacks
Chapter Worksheet
Summary
CHAPTER 2—How Much Security Do You Need?
Performing a Risk Analysis
What Assets Do I Need to Protect?
From What Sources Am I Trying to Protect These Assets?
Who May Wish to Compromise Our Network?
What Is the Likelihood of an Attack?
What Is the Immediate Cost?
What Are the Long-Term Recovery Costs?
How Can I Protect My Assets Cost-Effectively?
Am I Governed by a Regulatory Body?
Budgeting Your Security Precautions
Documenting Your Findings
Developing a Security Policy
Security Policy Basics
What Makes a Good Security Usage Policy?
Accessibility
Defining Security Goals
Defining Each Issue
Your Organization’s Position
Justifying the Policy
When Does the Issue Apply?
Roles and Responsibilities
Consequences of Noncompliance
For More Information
Level of Privacy
Issues Not Specifically Defined
Example of a Good Policy Statement
Summary
CHAPTER 3—Understanding How Network Systems Communicate
The Anatomy of a Frame of Data
Ethernet Frames
The Frame Header Section
A Protocol’s Job
The OSI Model
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer
How the OSI Model Works
More on the Network Layer
Routers
Routing Tables
Static Routing
Distance Vector Routing
Link State Routing
Connectionless and Connection-Oriented Communications
Connection-Oriented Communications
Network Services
File Transfer Protocol (FTP): The Special Case
Other IP Services
Boot Protocol (bootp) and Dynamic Host Configuration Protocol (DHCP)
Domain Name Services (DNS)
Gopher
Hypertext Transfer Protocol (HTTP)
Post Office Protocol (POP)
Internet Message Access Protocol, Version 4 (IMAP4)
Network File System (NFS)
Network News Transfer Protocol (NNTP)
NetBIOS over IP
Simple Mail Transfer Protocol (SMTP)
Simple Network Management Protocol (SNMP)
Telnet
WHOIS
Upper Layer Communications
Summary
CHAPTER 4—Topology Security
Understanding Network Transmissions
Digital Communications
Electromagnetic Interference (EMI)
Fiber Optic Cable
Bound and Unbound Transmissions
Choosing a Transmission Medium
Topology Security
Ethernet Communications
Wide Area Network Topologies
Private Circuit Topologies
Frame Relay and X.25
Basic Networking Hardware
Repeaters
Hubs
Bridges
Switches
VLAN Technology
Routers
A Comparison of Bridging/Switching and Routing
Layer 3 Switching
Summary
CHAPTER 5—Firewalls
Defining an Access Control Policy
Definition of a Firewall
When Is a Firewall Required?
Firewall Types
Static Packet Filtering
Dynamic Packet Filtering
Proxies
What Type of Firewall Should I Use?
Should I Run My Firewall on UNIX or NT?
UNIX versus NT
NT versus UNIX
You Decide…
Additional Firewall Considerations
Address Translation
Firewall Logging
Firewall Deployment
Summary
CHAPTER 6—Configuring Cisco Access Lists
Cisco Routers
Where to Begin
Basic Security Tips
Non-privilege Mode
Privilege Mode
Routing
Access Control Lists
Access List Basics
Standard Access Lists
Extended Access Lists
Creating a Set of Access Lists
Reflexive Access Lists
Additional Security Precautions
Blocking Smurf at the Source
Blocking Smurf at the Bounce Site
Blocking Smurf at the Target Site
Summary
CHAPTER 7—Check Point’s FireWall-1
FireWall-1 Overview
FireWall-1 Support
Choosing a Platform
Prepping NT for Firewall Installation
Pre-install Flight Check
Installing FireWall-1
The FireWall-1 Configuration Utility
FireWall-1 Security Management
Creating an Object for the Firewall
Working with NAT
Working with the FireWall-1 Rules
Modifying the Firewall Properties
Working with Security Servers
Installing the Rules
Summary
CHAPTER 8—Intrusion Detection Systems
The FAQs about IDS
IDS Limitations
Teardrop Attacks
Launching a Teardrop Attack
Other Known IDS Limitations
IDS Countermeasures
Host-Based IDS
IDS Setup
Before You Begin
RealSecure Installation
Configuring RealSecure
Monitoring Events
Reporting
Summary
CHAPTER 9—Authentication and Encryption
The Need for Improved Security
Clear Text Transmissions
Passively Monitoring Clear Text
Clear Text Protocols
Good Authentication Required
Session Hijacking
Verifying the Destination
Encryption 101
Methods of Encryption
Encryption Weaknesses
Government Intervention
Good Encryption Required
Solutions
Data Encryption Standard (DES)
Digital Certificate Servers
IP Security (IPSEC)
Kerberos
Point-to-Point Tunneling Protocol
Remote Access Dial-In User Service (RADIUS)
RSA Encryption
Secure Shell (SSH)
Secure Sockets Layer (SSL)
Security Tokens
Simple Key Management for Internet Protocols (SKIP)
Summary
CHAPTER 10—Virtual Private Networking
VPN Basics
VPN Usage
Selecting a VPN Product
VPN Product Options
VPN Alternatives
Setting up a VPN
Preparing the Firewall
Our VPN Diagram
Configuring Required Network Objects
Exchanging Keys
Modifying the Security Policy
Testing the VPN
Summary
CHAPTER 11—Viruses, Trojans, and Worms: Oh My!
Viruses: The Statistics
Financial Repercussions
What Is a Virus?
Replication
Concealment
Bomb
Social Engineering Viruses
Worms
Trojan Horses
Preventive Measures
Access Control
Checksum Verification
Process Monitoring
Virus Scanners
Heuristic Scanners
Application-Level Virus Scanners
Deploying Virus Protection
Protecting the Desktop Systems
Protecting the NT and NetWare Servers
Protecting the UNIX System
Summary
CHAPTER 12—Disaster Prevention and Recovery
Disaster Categories
Network Disasters
Cabling
Thinnet and Thicknet
Twisted Pair
Fiber Cabling
Excessive Cable Lengths
Topology
Single Points of Failure
Saving Configuration Files
Server Disasters
Uninterruptible Power Supply (UPS)
RAID
Redundant Servers
Clustering
Tape Backup
Server Recovery
Simulating Disasters
Nondestructive Testing
Document Your Procedures
OctopusHA+ for NT Server
An Octopus Example
Installing Octopus
Configuring Octopus
Testing Octopus
Summary
CHAPTER 13—NetWare
NetWare Core OS
C2 Certification
NetWare Directory Services
NDS Design
Account Management
Identification
Logon Restrictions
Password Restrictions
Login Time Restrictions
Network Address Restriction
Intruder Lockout
Rights to Files and Directories
Group Membership
Security Equal To
File System
Inherited Rights Mask
Logging and Auditing
Auditcon
Network Security
Packet Signature
Setting Packet Signature
Filtcfg
Tweaking NetWare Security
The SECURE.NCF Script
Secure Console
Securing Remote Console Access
Summary
CHAPTER 14—NT Server
NT Overview
NT Domain Structure
Storing Domain Information
Domain Trusts
Designing a Trust Architecture
User Accounts
Working with SIDs
The Security Account Manager
Configuring User Manager Policies
Policies and Profiles
File System
Permissions
Logging
Configuring Event Viewer
Reviewing the Event Viewer Logs
Auditing System Events
Security Patches
Available IP Services
Computer Browser
DHCP Relay Agent
Microsoft DHCP Server
Microsoft DNS Server
Microsoft Internet Information Server (IIS) 2.0
Microsoft TCP/IP Printing
Network Monitor Agent
RIP for Internet Protocol
RPC Configuration
Simple TCP/IP Services
SNMP Service
Windows Internet Name Service (WINS)
Packet Filtering with Windows NT
Enabling Packet Filtering
Configuring Packet Filtering
A Final Word on NT Ports
Securing DCOM
Selecting the DCOM Transport
Limiting the Ports Used by DCOM
DCOM and NAT
Ports Used by Windows Services
Additional Registry Key Changes
Logon Banner
Hiding the Last Logon Name
Securing the Registry on Windows NT Workstation
Cleaning the Page File
The Future of Windows NT
Summary
CHAPTER 15—UNIX
UNIX History
UNIX File System
Understanding UID and GID
File Permissions
Account Administration
The Password File
The Group File
Limit Root Logon to the Local Console
Optimizing the UNIX Kernel
Running Make
Changing the Network Driver Settings
IP Service Administration
IP Services
inetd
Working with Other Services
Summary
CHAPTER 16—The Anatomy of an Attack
Collecting Information
The whois Command
The nslookup Command
Search Engines
Probing the Network
The traceroute Command
Host and Service Scanning
Passive Monitoring
Checking for Vulnerabilities
Launching the Attack
Hidden Accounts
Man in the Middle
Buffer Overflows
SYN Attack
Teardrop Attacks
Smurf
Brute Force Attacks
Physical Access Attacks
Summary
CHAPTER 17—Staying Ahead of Attacks
Information from the Vendor
3COM
Cisco
Linux
Microsoft
Novell
Sun Microsystems
Third-Party Channels
Vulnerability Databases
Web Sites
Mailing Lists
Auditing Your Environment
Kane Security Analyst
Putting the Results to Use
Summary
Appendix A
Appendix B
Index
Copyright © Sybex, Inc.
[...]... level of potential threat to you network Chapter 2 introduces risk analysis and security policies The purpose of a risk analysis is to quantify the level of security your network environment requires A security policy defines your organization’s approach to maintaining a secure environment These two documents create the foundation you will use when selecting and implementing security precautions In Chapter... good handle on networking and the servers they are expected to manage, but who need to find out what they can do to avoid being victimized by a security breach Network security would be a far easier task if we could all afford to bring in a $350-per-hour security wizard to audit and fix our computer environment For most of us, however, this is well beyond our budget constraints A strong security posture... deal—you cannot focus on one single aspect of your network and expect your environment to remain secure This book provides the system and network administrators with the information they will need to run a network with multiple layers of security protection What This Book Covers Chapter 1 starts you off with a look at why someone might attack an organization’s network resources You will learn about the different... are no clear statistics on how many security incidents go undocumented My own experience suggests that most, in fact, are not documented Clearly, security breaches are on the rise, and every network needs strategies to prevent attack You can report security intrusions to the Computer Emergency Response Team (CERT) Coordination Center at cert@cert.org CERT issues security bulletins and can also facilitate... a fiveuser architectural firm with no remote access to hire a full-time security expert Likewise, it would be unthinkable for a bank to allow outside network access without regard to any form of security measures or policies Most of us, however, fall somewhere in between these two networking examples—so we face some difficult security choices Is packet filtering sufficient for protecting my Internet... maintain a good security posture The first problem is where to begin Should you purchase a book on firewalls or on securing your network servers? Maybe you need to learn more about network communications in order to be able to understand how these vulnerabilities can even exist Should you be worried about running backups or redundant servers? This book can help to answer these questions and more Security. .. questions will help you evaluate potential threats to your network Rate each question on a scale of 1 to 5 A 1 signifies that the question does not apply to your organization’s networking environment; a 5 means the question is directly applicable 1 Is your network physically accessible to the public, such as a library or government office? 2 Is your network accessible by users not employed by your organization,... should take steps to secure your internal network If your organization scored above 12, you should lock down your internal environment just as aggressively as you would secure your network s parameter For questions 6–11, if your score was between 7 and 10, it may be most cost effective to utilize only a minimal amount of security around the parameter of your network If your score was between 11 and... beyond the physical limits of your network Once data leaves the confines of your network, it is that much more difficult to insure that it is not compromised In later chapters we’ll examine in detail the technology required by each of the above situations This checklist is designed to give you an early feel for how security conscious you should be when securing your networking environment Keep in mind... a guide; each network has its own individual nuances Your mileage may vary Summary In this chapter, we saw that the number of security incidents are increasing and that most of these go undocumented We looked at the differences between a hacker and an attacker and covered the benefits of discussing security vulnerability in a public forum We also explored who might try to attack your network and why, . Budgeting Your Security Precautions Documenting Your Findings Developing a Security Policy Security Policy Basics What Makes a Good Security Usage Policy? Accessibility Defining Security Goals. threat to you network. Chapter 2 introduces risk analysis and security policies. The purpose of a risk analysis is to quantify the level of security your network environment requires. A security. can do to avoid being victimized by a security breach. Network security would be a far easier task if we could all afford to bring in a $350-per-hour security wizard to audit and fix our computer
Ngày đăng: 25/03/2014, 11:50
Xem thêm: mastering network security, mastering network security