Contents
Part I: Introduction to Network Security Solutions
Chapter 1. Overview of Network Security Technologies
Network Address Translation (NAT)
Virtual Private Networks (VPN)
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
Authentication, Authorization, and Accounting (AAA) and Identity Management
Routing Mechanisms as Security Tools
Part II: Security Lifestyle: Frameworks and Methodologies
Common Vulnerability Scoring System
Creating a Computer Security Incident Response Team (CSIRT)
Who Should Be Part of the CSIRT?
Incident Response Collaborative Teams
Tasks and Responsibilities of the CSIRT
Building Strong Security Policies
Configuring Authentication Banners
Role-Based Command-Line Interface (CLI) Access in Cisco IOS
Configuring Static Routing Peers
Time-to-Live (TTL) Security Check
Disabling Unnecessary Services on Network Components
Cisco Discovery Protocol (CDP)
Maintenance Operations Protocol (MOP)
Packet Assembler/Disassembler (PAD)
Proxy Address Resolution Protocol (ARP)
TCP and User Datagram Protocol (UDP) Small Servers
Locking Down Unused Ports on Network Access Devices
Resource Thresholding Notification
Receive Access Control Lists (rACLs)
Infrastructure Protection Access Control Lists (iACLs)
Unicast Reverse Path Forwarding (Unicast RPF)
Automated Security Tools Within Cisco IOS
Cisco Secure Device Manager (SDM)
Chapter 3. Identifying and Classifying Security Threats
Telemetry and Anomaly Detection
Collecting NetFlow Statistics from the CLI
Enabling Logging (SYSLOG) on Cisco IOS Routers and Switches
Enabling Logging Cisco Catalyst Switches Running CATOS
Enabling Logging on Cisco ASA and Cisco PIX Security Appliances
Enabling SNMP on Cisco IOS Devices
Enabling SNMP on Cisco ASA and Cisco PIX Security Appliances
Cisco Security Monitoring, Analysis and Response System (CS-MARS)
Cisco Network Analysis Module (NAM)
Cisco Traffic Anomaly Detectors and Cisco Guard DDoS Mitigation Appliances
Intrusion Detection and Intrusion Prevention Systems (IDS/IPS)
The Importance of Signatures Updates
Anomaly Detection Within Cisco IPS Devices
Traceback in the Service Provider Environment
Chapter 5. Reacting to Security Incidents
Adequate Incident-Handling Policies and Procedures
Security Incident Mitigation Tools
Remotely Triggered Black Hole Routing
Chapter 6. Postmortem and Improvement
Root-Cause Analysis and Lessons Learned
Chapter 7. Proactive Security Framework
Cisco Guard Active Verification
Network Admission Control (NAC)
Routing Protocol Authentication
Cisco Network Analysis Module (NAM)
Layer 2 and Layer 3 Information (CDP, Routing Tables, CEF Tables)
Arbor Peakflow SP and Peakflow X
Cisco Security Agent Management Console (CSA-MC) Basic Event Correlation
Instrumentation and Management
Configuration Logger and Configuration Rollback
Cisco IOS Role-Based CLI Access (CLI Views)
Segmentation with VRF/VRF-Lite
Part III: Defense-In-Depth Applied
Overview of Cisco Unified Wireless Network Architecture
Authentication and Authorization of Wireless Users
EAP Tunneled TLS Authentication Protocol (EAP-TTLS)
Configuring 802.1x with EAP-FAST in the Cisco Unified Wireless Solution
Configuring the Cisco Secure ACS Server for 802.1x and EAP-FAST
Lightweight Access Point Protocol (LWAPP)
Wireless Intrusion Prevention System Integration
Configuring IDS/IPS Sensors in the WLC
Uploading and Configuring IDS/IPS Signatures
Management Frame Protection (MFP)
Network Admission Control (NAC) in Wireless Networks
Chapter 9. IP Telephony Security
Protecting the IP Telephony Infrastructure
Securing the IP Telephony Applications
Protecting Cisco Unified CallManager
Protecting Cisco Unified Communications Manager Express (CME)
Protecting Cisco Unity Express
Protecting Cisco Personal Assistant
Hardening the Cisco Personal Assistant Operating Environment
Cisco Personal Assistant Server Security Policies
Protecting Against Eavesdropping Attacks
Chapter 10. Data Center Security
Protecting the Data Center Against Denial of Service (DoS) Attacks and Worms
SYN Cookies in Firewalls and Load Balancers
Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS)
Cisco NetFlow in the Data Center
Data Center Infrastructure Protection
Data Center Segmentation and Tiered Access Control
Segmenting the Data Center with the Cisco FWSM
Cisco FWSM Modes of Operation and Design Considerations
Configuring the Cisco Catalyst Switch
Creating Security Contexts in the Cisco FWSM
Configuring the Interfaces on Each Security Context
Configuring Network Address Translation
Deploying Network Intrusion Detection and Prevention Systems
Sending Selective Traffic to the IDS/IPS Devices
Deploying the Cisco Security Agent (CSA) in the Data Center
Filtering Access Control Lists (ACL)
Header Manipulation and Fragmentation
Broadcast Amplification or Smurf Attacks
Case Study of a Small Business
Raleigh Office Cisco ASA Configuration
Configuring IP Addressing and Routing
Configuring PAT on the Cisco ASA
Configuring Static NAT for the DMZ Servers
Configuring Identity NAT for Inside Users
Cisco ASA Antispoofing Configuration
Atlanta Office Cisco IOS Configuration
Locking Down the Cisco IOS Router
Configuring Basic Network Address Translation (NAT)
Case Study of a Medium-Sized Enterprise
Protecting the Internet Edge Routers
Configuring the AIP-SSM on the Cisco ASA
Configuring Active-Standby Failover on the Cisco ASA
Configuring AAA on the Infrastructure Devices
Case Study of a Large Enterprise
Creating a New Computer Security Incident Response Team (CSIRT)
Creating New Security Policies
Deploying IPsec Remote Access VPN
Configuring IPsec Remote Access VPN
Reacting to a Security Incident
Identifying, Classifying, and Tracking the Security Incident or Attack