|
Network Security Technologies and Solutions
A comprehensive, all-in-one reference for Cisco network security
* A valuable single source reference for any network professionals interested in learning about cutting edge network security technologies
* Learn from the comprehensive, end-to-end approach to securing network infrastructures
* Use the design and deployment guidelines
to optimize network security performance
* Full coverage of the latest CCIE Security exam objectives
Network Security Technologies and Solutions is a comprehensive reference to the most cutting edge network security products and methodologies. This book helps networking professionals understand and implement current, state-of-the-art network security technologies to ensure secure communications throughout the network infrastructure. With an easy-to-follow approach, this book serves as a central repository of security knowledge to help network security engineers implement end-to-end security solutions. Divided into five parts, Network Security Technologies and Solutions takes you from the fundamental level of each technology and progresses to more detailed descriptions and discussions of how to secure each part of the network infrastructure. Part 1 addresses perimeter security. Part 2 discusses identity. Part 3 examines data privacy. Part 4 covers security monitoring. Part 5 addresses policy management. With this definitive reference, you will gain a greater understanding of the solutions available and learn how to build integrated, secure networks in today's modern, heterogeneous networking environment. The book is comprehensive in scope, including information about mature as well as emerging technologies. Coverage is broad, but it will be deep enough to provide you with design and implementation guidelines as well as basic configuration skills.
CONTENTS:
Part I
Perimeter Security 3
Chapter 1 Overview of Network Security 5
Fundamental Questions for Network Security 5
Transformation of the Security Paradigm 7
Principles of Security - The CIA Model 8
Confidentiality 9
Integrity 9
Availability 9
Policies, Standards, Procedures, Baselines, Guidelines 9
Security Policy 9
Examples of Security Policies 10
Standards 11
Procedures 11
Baselines 12
Guidelines 12
Security Models 13
Perimeter Security 13
Is Perimeter Security Disappearing? 14
The Difficulty of Defining Perimeter 14
A Solid Perimeter Security Solution 14
Security in Layers 15
Multilayer Perimeter Solution 15
The Domino Effect 16
Security Wheel 17
Summary 19
References 19
Chapter 2 Access Control 21
Traffic Filtering Using ACLs 21
ACL Overview 21
ACL Applications 21
When to Configure ACLs 23
IP Address Overview 23
Classes of IP Addresses 24
Understanding IP Address Classes 24
Private IP Address (RFC 1918) 26
Subnet Mask Versus Inverse Mask Overview 27
Subnet Mask 28
Inverse Mask 28
ACL Configuration 29
Creating an ACL 29
Assigning a Unique Name or Number to Each ACL 29
Applying an ACL to an Interface 30
Direction of the ACL 32
Understanding ACL Processing 32
Inbound ACL 32
Outbound ACL 33
Packet Flow Rules for Various Packet Types 33
Guidelines for Implementing ACLs 36
Types of Access Lists 36
Standard ACLs 37
Extended ACLs 38
IP Named ACLs 39
Lock and Key (Dynamic ACLs) 40
Reflexive ACLs 42
Established ACLs 43
Time-Based ACLs Using Time Ranges 44
Distributed Time-Based ACLs 45
Configuring Distributed Time-Based ACLs 45
Turbo ACLs 46
Receive ACLs (rACL) 46
Infrastructure Protection ACLs (iACL) 47
Transit ACLs 47
Classification ACLs 48
Debugging Traffic Using ACLs 49
Summary 50
References 50
Chapter 3 Device Security 53
Device Security Policy 53
Hardening the Device 55
Physical Security 55
Passwords 55
Creating Strong Passwords 56
Pass-Phrase Technique 56
Password Encryption 57
ROMMON Security 57
User Accounts 60
Privilege Levels 61
Infrastructure ACL 62
Interactive Access Methods 62
Console Port 62
VTY Ports 63
VTY Access Using Telnet 63
VTY Access Using SSH 64
Auxiliary Port 65
Banner Messages 65
Cisco IOS Resilient Configuration 67
Cisco Discovery Protocol (CDP) 68
TCP/UDP Small-Servers 69
Finger 69
Identification (auth) Protocol 69
DHCP and BOOTP Service 69
Trivial File Transfer Protocol (TFTP) Server 70
File Transfer Protocol (FTP) Server 70
Autoloading Device Configuration 70
PAD 70
IP Source Routing 71
Proxy Address Resolution Protocol (ARP) 71
Gratuitous ARP 72
IP Directed Broadcast 72
IP Mask Reply 72
IP Redirects 72
ICMP Unreachable 73
HTTP 73
Network Time Protocol (NTP) 74
Simple Network Management Protocol (SNMP) 75
Auto-Secure Feature 75
Securing Management Access for Security Appliance 76
PIX 500 and ASA 5500 Security Appliance - Device Access Security 76
Telnet Access 76
SSH Access 77
HTTPS Access for ADSM 77
Authenticating and Authorizing Using Local and AAA Database 78
IPS 4200 Series Appliance Sensors (formerly known as IDS 4200) 78
IPS Device Manager (IDM) 78
HTTP/HTTPS Access 79
Telnet and SSH Access 79
Access Control List 79
User Accounts 80
Device Security Checklist 80
Summary 81
References 81
Chapter 4 Security Features on Switches 83
Securing Layer 2 83
Port-Level Traffic Controls 84
Storm Control 84
Protected Ports (PVLAN Edge) 85
Private VLAN (PVLAN) 85
Configuring PVLAN 89
Port Blocking 91
Port Security 92
Access Lists on Switches 94
Router ACL 94
Port ACL 94
VLAN ACL (VACL) 95
VACL on a Bridged Port 95
VACL on a Routed Port 95
Configuring VACL 96
MAC ACL 97
Spanning Tree Protocol Features 98
Bridge Protocol Data Unit (BPDU) Guard 98
Root Guard 98
EtherChannel Guard 99
Loop Guard 99
Dynamic Host Configuration Protocol (DHCP) Snooping 100
IP Source Guard 102
Dynamic ARP Inspection (DAI) 103
DAI in a DHCP Environment 105
DAI in a Non-DHCP Environment 106
Rate Limiting Incoming ARP Packets 106
ARP Validation Checks 107
Advanced Integrated Security Features on High-End Catalyst Switches 107
Control Plane Policing (CoPP) Feature 107
CPU Rate Limiters 109
Layer 2 Security Best Practices 109
Summary 110
References 111
Chapter 5 Cisco IOS Firewall 113
Router-Based Firewall Solution 113
Context-Based Access Control (CBAC) 115
CBAC Functions 116
Traffic Filtering 116
Traffic Inspection 116
Alerts and Audit Trails 117
How CBAC Works 117
Packet Inspection 118
Timeout and Threshold Values 118
The Session State Table 118
UDP Connections 119
Dynamic ACL Entries 119
Embryonic (Half-Open) Sessions 120
Per-Host DoS Prevention 120
CBAC-Supported Protocols 121
Configuring CBAC 122
Step 1 - Select an Interface: Internal or External 122
Step 2 - Configure an IP Access List 123
Step 3 - Define an Inspection Rule 123
Step 4 - Configure Global Timeouts and Thresholds 123
Step 5 - Apply the Access List and the Inspection Rule to an Interface 125
Step 6 - Verifying and Monitoring CBAC 126
Putting It All Together 126
IOS Firewall Advanced Features 127
HTTP Inspection Engine 127
E-Mail Inspection Engine 128
Firewall ACL Bypass 129
Transparent IOS Firewall (Layer 2) 130
Virtual Fragmentation Reassembly (VFR) 130
VRF-Aware IOS Firewall 131
Inspection of Router-Generated Traffic 131
Zone-Based Policy Firewall (ZFW) 132
Zone-Based Policy Overview 132
Security Zones 133
Configuring Zone-Based Policy Firewall 134
Configuring ZFW Using Cisco Policy Language (CPL) 134
Application Inspection and Control (AIC) 136
Summary 137
References 137
Chapter 6 Cisco Firewalls: Appliance and Module 139
Firewalls Overview 139
Hardware Versus Software Firewalls 140
Cisco PIX 500 Series Security Appliances 140
Cisco ASA 5500 Series Adaptive Security Appliances 142
Cisco Firewall Services Module (FWSM) 143
Firewall Appliance Software for PIX 500 and ASA 5500 144
Firewall Appliance OS Software 145
Firewall Modes 145
Routed Firewall Mode 146
Transparent Firewall Mode (Stealth Firewall) 146
Stateful Inspection 148
Application Layer Protocol Inspection 148
Adaptive Security Algorithm Operation 150
Security Context 152
Multiple Contexts - Routed Mode (with Shared Resources) 153
Multiple Contexts - Transparent Mode 153
Configuring Security Context 155
Security Levels 157
Redundant Interface 158
IP Routing 159
Static and Default Routes 159
Static Route 160
Static Route Tracking 160
Default Route 161
Equal Cost Multiple Path (ECMP) Forwarding 162
Open Shortest Path First (OSPF) 163
Configuring OSPF 164
Securing OSPF 165
Monitoring OSPF 166
Routing Information Protocol (RIP) 167
Configuring RIP 167
Enhanced Interior Gateway Routing Protocol (EIGRP) 168
Configuring EIGRP Stub Routing 169
Securing EIGRP 169
Network Address Translation (NAT) 170
NAT Control 171
NAT Types 172
Dynamic NAT 173
Dynamic PAT 174
Configure Dynamic NAT and PAT 176
Static NAT 176
Static Port Address Translation (PAT) 178
Bypassing NAT When NAT Control Is Enabled 179
Identity NAT (nat 0 Command) 179
Static Identity NAT (static Command) 180
NAT Exemption (nat 0 with ACL) 182
Policy NAT 183
Order of NAT Processing 184
Controlling Traffic Flow and Network Access 185
ACL Overview and Applications on Security Appliance 185
Controlling Inbound and Outbound Traffic Through the Security Appliance by
Using Access Lists 186
Step 1 - Defining an Access List 186
Step 2 - Applying an Access List to an Interface 186
Simplifying Access Lists with Object Groups 188
Modular Policy Framework (MPF) 190
Configuring MPF 190
Step 1 - Identifying Traffic Flow 190
Step 2 - Creating a Policy Map 191
Step 3 - Applying a Policy 191
Cisco AnyConnect VPN Client 192
Redundancy and Load Balancing 193
Failover Requirements 194
Failover Link 194
State Link 194
Failover Implementation 195
Serial Cable Failover Link (PIX 500 Series Only) 196
LAN-Based Failover Link 197
Asymmetric Routing Support (ASR) 197
Firewall Module Software for Firewall Services Module (FWSM) 198
Firewall Module OS Software 199
Network Traffic Through the Firewall Module 199
Installing the FWSM 200
Router/MSFC Placement 200
In Single Context 200
In Multiple Context Mode 201
Configuring the FWSM 202
Summary 204
References 205
Chapter 7 Attack Vectors and Mitigation Techniques 207
Vulnerabilities, Threats, and Exploits 207
Classes of Attacks 208
Attack Vectors 208
Attackers Family 210
Risk Assessment 211
Mitigation Techniques at Layer 3 212
Traffic Characterization 212
Using an ACL to Characterize ICMP Flood or Smurf Attack 212
Using an ACL to Characterize SYN Attacks 215
IP Source Tracker 219
How IP Source Tracker Works 219
Configuring IP Source Tracker 220
IP Spoofing Attacks 220
Antispoofing with Access Lists 221
Antispoofing with uRPF 222
Antispoofing with IP Source Guard 222
Packet Classification and Marking Techniques 224
Committed Access Rate (CAR) 225
How CAR Works 225
Configuring Committed Access Rate (CAR) 226
Modular QoS CLI (MQC) 227
Traffic Policing 229
Network-Based Application Recognition (NBAR) 230
Protocol Discovery 230
Packet Description Language Module (PDLM) 231
Configuring NBAR 231
TCP Intercept 232
How TCP Intercept Works 232
Configuring TCP Intercept 233
TCP Intercept on Firewall 234
Policy-Based Routing (PBR) 234
Unicast Reverse Path Forwarding (uRPF) 236
How uRPF Works 236
Configuring uRPF 238
NetFlow 239
How NetFlow Works 240
Configuring NetFlow 240
NetFlow Ecosystem 241
Mitigation Techniques at Layer 2 242
CAM Table Overflow - MAC Attack 242
Background 242
The Problem 242
CAM Table Overflow Attack Mitigation 243
MAC Spoofing Attack 243
Background 243
The Problem 243
MAC Spoofing Attack Mitigation 244
ARP Spoofing Attack 245
Background 245
The Problem 245
ARP Spoofing Attack Mitigation 245
VTP Attack 246
Background 246
The Problem 246
VTP Attack Mitigation 247
VLAN Hopping Attack 247
Background 247
The Problem 248
VLAN Hopping Attack Mitigation 249
PVLAN Attack 249
Background 249
The Problem 250
PVLAN Attack Mitigation 251
Spanning-Tree Attacks 252
Background 252
The Problem 253
Spanning-Tree Attacks Mitigation 253
DHCP Spoofing and Starvation Attacks 253
Background 253
The Problem 253
DHCP Spoofing and Starvation Attacks Mitigation 254
802.1x Attacks 254
Background 254
The Problem 255
802.1x Attacks Mitigation 255
Security Incident Response Framework 256
What Is a Security Incident? 256
Security Incident Response Process 257
Incident Response Team (IRT) 257
Security Incident Response Methodology 258
Step 1 - Planning and Preparation 259
Step 2 - Identification and Classification 260
Step 3 - Reaction 260
Step 4 - Postmortem and Follow-Up 260
Step 5 - Archiving 261
Summary 262
References 262
Part II Identity Security and Access Management 265
Chapter 8 Securing Management Access 267
AAA Security Services 267
AAA Paradigm 268
Authentication 268
Authorization 269
Accounting 269
AAA Dependencies 269
Authentication Protocols 270
RADIUS (Remote Authentication Dial-In User Service) 270
RADIUS Packet 271
RADIUS Communication 271
RADIUS Security 273
TACACS+ (Terminal Access Controller Access Control System) 274
TACACS+ Packet 275
TACACS+ Communication 276
TACACS+ Security 277
Comparison of RADIUS and TACACS+ 278
Implementing AAA 278
AAA Methods 279
Authentication Methods 280
Authorization Methods 280
Accounting Methods 281
Server Groups 281
Service Types for AAA Functions 282
Authentication Services 282
Authorization Services 283
Accounting Service 284
Configuration Examples 285
PPP Authentication, Authorization, and Accounting Using RADIUS 285
Login Authentication and Command Authorization and Accounting Using TACACS+ 285
Login Authentication with Password Retry Lockout 286
Summary 287
References 287
Chapter 9 Cisco Secure ACS Software and Appliance 289
Cisco Secure ACS Software for Windows 289
AAA Server: Cisco Secure ACS 290
Protocol Compliance 291
Advanced ACS Functions and Features 293
Shared Profile Components (SPC) 293
Downloadable IP ACLs 293
Network Access Filter (NAF) 294
RADIUS Authorization Components 294
Shell Command Authorization Sets 294
Network Access Restrictions (NAR) 295
Machine Access Restrictions (MAR) 295
Network Access Profiles (NAP) 296
Cisco NAC Support 296
Configuring ACS 297
Cisco Secure ACS Appliance 307
Summary 309
References 309
Chapter 10 Multifactor Authentication 311
Identification and Authentication 311
Two-Factor Authentication System 312
One-Time Password (OTP) 312
S/KEY 313
Countering Replay Attacks Using the OTP Solution 313
Attributes of a Two-Factor Authentication System 314
Smart Cards and Tokens 314
RSA SecurID 315
Cisco Secure ACS Support for Two-Factor Authentication Systems 315
How Cisco Secure ACS Works 316
Configuring Cisco Secure ACS for RADIUS-Enabled Token Server 317
Configuring Cisco Secure ACS for RSA SecurID Token Server 321
Summary 322
References 322
Chapter 11 Layer 2 Access Control 325
Trust and Identity Management Solutions 326
Identity-Based Networking Services (IBNS) 327
Cisco Secure ACS 328
External Database Support 329
IEEE 802.1x 329
IEEE 802.1x Components 330
Port States: Authorized Versus Unauthorized 332
EAP Methods 334
Deploying an 802.1x Solution 334
Wired LAN (Point-to-Point) 334
Wireless LAN (Multipoint) 335
Implementing 802.1x Port-Based Authentication 337
Configuring 802.1x and RADIUS on Cisco Catalyst Switches Running Cisco IOS Software 337
Enabling Multiple Hosts for a Noncompliant Access Point Terminating on the Switch 338
RADIUS Authorization 338
Configuring 802.1x and RADIUS on Cisco Aironet Wireless LAN Access Point Running Cisco IOS 342
Supplicant Settings for IEEE 802.1x on Windows XP Client 343
Summary 344
References 344
Chapter 12 Wireless LAN (WLAN) Security 347
Wireless LAN (WLAN) 347
Radio Waves 347
IEEE Protocol Standards 348
Communication Method - Radio Frequency (RF) 348
WLAN Components 349
WLAN Security 350
Service Set Identifiers (SSID) 351
MAC Authentication 352
Client Authentication (Open and Shared Key) 352
Static Wired Equivalent Privacy (WEP) 353
WPA, WPA2, and 802.11i (WEP Enhancements) 353
IEEE 802.1x and EAP 355
EAP Message Digest 5 (EAP-MD5) 356
EAP Transport Layer Security (EAP-TLS) 357
EAP Tunneled Transport Layer Security (EAP-TTLS) 359
EAP Flexible Authentication via Secure Tunneling (EAP-FAST) 359
Protected EAP (PEAP) 362
Cisco Lightweight EAP (LEAP) 364
EAP Comparison Chart 365
WLAN NAC 366
WLAN IPS 367
VPN IPsec 367
Mitigating WLAN Attacks 367
Cisco Unified Wireless Network Solution 368
Components of Cisco Unified Wireless Network 369
Summary 370
References 371
Chapter 13 Network Admission Control (NAC) 373
Building the Self-Defending Network (SDN) 373
Network Admission Control (NAC) 375
Why NAC? 375
Cisco NAC 376
Comparing NAC Appliance with NAC Framework 378
Cisco NAC Appliance Solution 378
Mechanics of Cisco NAC Appliance 379
NAC Appliance Components 379
NAC Appliance Deployment Scenarios 380
Cisco NAC Framework Solution 382
Mechanics of the Cisco NAC Framework Solution 383
NAC Framework Components 386
NAC Framework Deployment Scenarios 391
NAC Framework Enforcement Methods 392
Implementing NAC-L3-IP 394
Implementing NAC-L2-IP 396
Implementing NAC-L2-802.1x 399
Summary 402
References 403
Part III Data Privacy 405
Chapter 14 Cryptography 407
Secure Communication 407
Cryptosystem 407
Cryptography Overview 408
Cryptographic Terminology 408
Cryptographic Algorithms 410
Symmetric Key Cryptography 410
Asymmetric Key Cryptography 412
Hash Algorithm 416
Virtual Private Network (VPN) 420
Summary 421
References 421
Chapter 15 IPsec VPN 423
Virtual Private Network (VPN) 423
Types of VPN Technologies 423
Secure VPN (Cryptographic VPN) 424
Trusted VPN (Non-Cryptographic VPN) 424
Hybrid VPN 425
Types of VPN Deployment 425
IPsec VPN (Secure VPN) 425
IPsec Request for Comments (RFCs) 426
Generic IPsec RFCs 426
IPsec Protocols RFCs 427
IPsec Key Exchange RFCs 427
IPsec Cryptographic Algorithm RFCs 428
IPsec Policy-Handling RFCs 430
IPsec Modes 430
IPsec Protocol Headers 432
IPsec Anti-Replay Service 434
ISAKMP and IKE 435
Understanding IKE (Internet Key Exchange) Protocol 435
IKEv2 (Internet Key Exchange - Version 2) 438
ISAKMP Profiles 441
IPsec Profiles 443
IPsec Virtual Tunnel Interface (IPsec VTI) 443
Public Key Infrastructure (PKI) 445
PKI Components 446
Certificate Enrollment 447
Implementing IPsec VPN 449
Cisco IPsec VPN Implementations 449
Site-to-Site IPsec VPN 451
Remote Access IPsec VPN 455
Cisco Easy VPN 456
Dynamic VTI (DVTI) 461
Summary 465
References 466
Chapter 16 Dynamic Multipoint VPN (DMVPN) 469
DMVPN Solution Architecture 469
DMVPN Network Designs 470
DMVPN Solution Components 472
How DMVPN Works 473
DMVPN Data Structures 474
DMVPN Deployment Topologies 475
Implementing DMVPN Hub-and-Spoke Designs 476
Implementing Single Hub Single DMVPN (SHSD) Topology 477
Implementing Dual Hub Dual DMVPN (DHDD) Topology 483
Implementing Server Load-Balancing (SLB) Topology 484
Implementing Dynamic Mesh Spoke-to-Spoke DMVPN Designs 486
Implementing Dual Hub Single DMVPN (DHSD) Topology 488
Implementing Multihub Single DMVPN (MHSD) Topology 498
Implementing Hierarchical (Tree-Based) Topology 499
Summary 500
References 501
Chapter 17 Group Encrypted Transport VPN (GET VPN) 503
GET VPN Solution Architecture 503
GET VPN Features 504
Why GET VPN? 505
GET VPN and DMVPN 506
GET VPN Deployment Consideration 507
GET VPN Solution Components 507
How GET VPN Works 509
IP Header Preservation 511
Group Member ACL 512
Implementing Cisco IOS GET VPN 513
Summary 519
References 519
Chapter 18 Secure Sockets Layer VPN (SSL VPN) 521
Secure Sockets Layer (SSL) Protocol 521
SSL VPN Solution Architecture 522
SSL VPN Overview 523
SSL VPN Features 523
SSL VPN Deployment Consideration 524
SSL VPN Access Methods 525
SSL VPN Citrix Support 527
Implementing Cisco IOS SSL VPN 528
Cisco AnyConnect VPN Client 530
Summary 531
References 531
Chapter 19 Multiprotocol Label Switching VPN (MPLS VPN) 533
Multiprotocol Label Switching (MPLS) 533
MPLS Architecture Overview 534
How MPLS Works 534
MPLS VPN and IPsec VPN 536
Deployment Scenarios 538
Connection-Oriented and Connectionless VPN Technologies 539
MPLS VPN (Trusted VPN) 540
Comparison of L3 and L2 VPNs 540
Layer 3 VPN (L3VPN) 542
Components of L3VPN 543
How L3VPN Implementation Works 543
How VRF Tables Work 543
Implementing L3VPN 544
Layer 2 VPN (L2VPN) 551
Implementing L2VPN 553
Implementing Ethernet VLAN over MPLS Service - Using VPWS Based Architecture 553
Implementing Ethernet VLAN over MPLS Service - Using VPLS-Based Architecture 554
Summary 556
References 557
Part IV Security Monitoring 559
Chapter 20 Network Intrusion Prevention 561
Intrusion System Terminologies 561
Network Intrusion Prevention Overview 562
Cisco IPS 4200 Series Sensors 563
Cisco IDS Services Module (IDSM-2) 565
Cisco Advanced Inspection and Protection Security Services Module (AIP-SSM) 567
Cisco IPS Advanced Integration Module (IPS-AIM) 568
Cisco IOS IPS 569
Deploying IPS 570
Cisco IPS Sensor OS Software 572
Cisco IPS Sensor Software 574
Sensor Software - System Architecture 574
Sensor Software - Communication Protocols 575
Sensor Software - User Roles 576
Sensor Software - Partitions 577
Sensor Software - Signatures and Signature Engines 578
Sensor Software - IPS Events 580
Sensor Software - IPS Risk Rating (RR) 583
Sensor Software - IPS Threat Rating 584
Sensor Software - IPS Interfaces 585
Sensor Software - IPS Interface Modes 589
Sensor Software - IPS Blocking (Shun) 593
Sensor Software - IPS Rate Limiting 594
Sensor Software - IPS Virtualization 595
Sensor Software - IPS Security Policies 596
Sensor Software - IPS Anomaly Detection (AD) 597
IPS High Availability 598
IPS Fail-Open Mechanism 599
Failover Mechanism 599
Fail-Open and Failover Deployments 600
Load-Balancing Technique 600
IPS Appliance Deployment Guidelines 600
Cisco Intrusion Prevention System Device Manager (IDM) 601
Configuring IPS Inline VLAN Pair Mode 601
Configuring IPS Inline Interface Pair Mode 604
Configuring Custom Signature and IPS Blocking 609
Summary 610
References 611
Chapter 21 Host Intrusion Prevention 613
Securing Endpoints Using a Signatureless Mechanism 613
Cisco Security Agent (CSA) 614
CSA Architecture 615
CSA Interceptor and Correlation 616
CSA Correlation Extended Globally 618
CSA Access Control Process 618
CSA Defense-in-Depth - Zero-Day Protection 619
CSA Capabilities and Security Functional Roles 619
CSA Components 622
Configuring and Managing CSA Deployment by Using CSA MC 623
Managing CSA Hosts 624
Managing CSA Agent Kits 626
Managing CSA Groups 630
CSA Agent User Interface 632
CSA Policies, Rule Modules, and Rules 635
Summary 636
References 637
Chapter 22 Anomaly Detection and Mitigation 639
Attack Landscape 639
Denial-of-Service (DoS) Attack Defined 639
Distributed Denial-of-Service (DDoS) Attack - Defined 641
Anomaly Detection and Mitigation Systems 641
Cisco DDoS Anomaly Detection and Mitigation Solution 643
Cisco Traffic Anomaly Detector 644
Cisco Guard DDoS Mitigation 647
Putting It All Together for Operation 649
Configuring and Managing the Cisco Traffic Anomaly Detector 653
Managing the Detector 655
Initializing the Detector Through CLI Console Access 655
Configuring the Detector (Zones, Filters, Policies, and Learning Process) 656
Configuring and Managing Cisco Guard Mitigation 660
Managing the Guard 661
Initializing the Guard Using the CLI Console Access 661
Configuring the Guard (Zones, Filters, Policies, Learning Process) 663
Summary 666
References 667
Chapter 23 Security Monitoring and Correlation 669
Security Information and Event Management 669
Cisco Security Monitoring, Analysis, and Response System (CS-MARS) 670
Security Threat Mitigation (STM) System 672
Topological Awareness and Network Mapping 674
Key Concepts - Events, Sessions, Rules, and Incidents 676
Event Processing in CS-MARS 677
False Positive in CS-MARS 678
Deploying CS-MARS 679
Standalone and Local Controllers (LC) 680
Global Controllers (GC) 682
Software Versioning Information 683
Reporting and Mitigation Devices 684
Levels of Operation 685
Traffic Flows and Ports to Be Opened 687
Web-Based Management Interface 689
Initializing CS-MARS 691
Summary 693
References 694
Part V Security Management 697
Chapter 24 Security and Policy Management 699
Cisco Security Management Solutions 699
Cisco Security Manager 700
Cisco Security Manager - Features and Capabilities 700
Cisco Security Manager - Firewall Management 703
Cisco Security Manager - VPN Management 704
Cisco Security Manager - IPS Management 704
Cisco Security Manager - Platform Management 706
Cisco Security Manager - Architecture 706
Cisco Security Manager - Configuration Views 707
Cisco Security Manager - Managing Devices 710
Cisco Security Manager - Workflow Mode 710
Cisco Security Manager - Role-Based Access Control (RBAC) 711
Cisco Security Manager - Cross-Launch xDM 713
Cisco Security Manager - Supported Devices and OS Versions 715
Cisco Security Manager - Server and Client Requirements and Restrictions 716
Cisco Security Manager - Traffic Flows and Ports to Be Opened 719
Cisco Router and Security Device Manager (SDM) 721
Cisco SDM - Features and Capabilities 722
Cisco SDM - How It Works 723
Cisco SDM - Router Security Audit Feature 725
Cisco SDM - One-Step Lockdown Feature 726
Cisco SDM - Monitor Mode 728
Cisco SDM - Supported Routers and IOS Versions 729
Cisco SDM - System Requirements 730
Cisco Adaptive Security Device Manager (ASDM) 732
Cisco ASDM - Features and Capabilities 732
Cisco ASDM - How It Works 733
Cisco ASDM - Packet Tracer Utility 736
Cisco ASDM - Syslog to Access Rule Correlation 737
Cisco ASDM - Supported Firewalls and Software Versions 738
Cisco ASDM - User Requirements 738
Cisco PIX Device Manager (PDM) 739
Cisco IPS Device Manager (IDM) 740
Cisco IDM - How It Works 741
Cisco IDM - System Requirements 742
Summary 743
References 743
Chapter 25 Security Framework and Regulatory Compliance 747
Security Model 747
Policies, Standards, Guidelines, and Procedures 749
Security Policy 749
Standards 750
Guidelines 750
Procedures 750
Best Practices Framework 751
ISO/IEC 17799 (Now ISO/IEC 27002) 751
COBIT 752
Comparing 17799/27002 and COBIT 753
Compliance and Risk Management 754
Regulatory Compliance and Legislative Acts 754
GLBA - Gramm-Leach-Bliley Act 754
Who Is Affected 754
GLBA Requirements 755
Penalties for Violations 756
Cisco Solutions Addressing GLBA 756
GLBA Summary 757
HIPAA - Health Insurance Portability and Accountability Act 757
Who Is Affected 758
The HIPAA Requirements 758
Penalties for Violations 758
Cisco Solutions Addressing HIPAA 759
HIPAA Summary 760
SOX - Sarbanes-Oxley Act 760
Who Is Affected 760
SOX Act Requirements 761
Penalties for Violations 763
Cisco Solutions Addressing SOX 764
SOX Summary 764
Worldwide Outlook of Regulatory Compliance Acts and Legislations 765
In the United States 765
In Europe 766
In the Asia-Pacific Region 766
Cisco Self-Defending Network Solution 767
Summary 767
References 768
|
