Contents
Chapter 1. Here There Be Hackers!
Essentials First: Looking for a Target
Are You a Target of Opportunity?
Reconnaissance and Footprinting (a.k.a. Casing the Joint)
Network Security Organizations
Center for Internet Security (CIS)
Learning from the Network Security Organizations
Overview of Common Attacks and Exploits
Chapter 2. Security Policies and Responses
Security and Proprietary Information
E-mail and Communications Activities
General Password Construction Guidelines
Virtual Private Network (VPN) Security Policy
Third-Party Connection Agreement
Modifying or Changing Connectivity and Access
ISO Certification and Security
Sample Security Policies on the Internet
Chapter 3. Overview of Security Technologies
Security First Design Concepts
Packet Filtering via Access Control Lists (ACLs)
Limitations of Packet Filtering
Stateful Packet Inspection (SPI)
Detailed Packet Flow Using SPI
Limitations of Stateful Packet Inspection
Network Address Translation (NAT)
Proxies and Application Level Protection
Limitations of Content Filtering
Public Key Infrastructure (PKI)
Remote Authentication Dial-In User Service (RADIUS)
Terminal Access Controller Access Control System (TACACS)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Firewall Frequently Asked Questions
Do I Have Anything Worth Protecting?
Firewalls Are “The Security Policy”
Determine the Inbound Access Policy
Determine Outbound Access Policy
Essentials First: Life in the DMZ
Case Study: To DMZ or Not to DMZ?
Case Study: Firewall Deployment with Mail Server Inside the Protected (Internal)
Case Study: Firewall Deployment with Mail Server in DMZ
Edge Router as a Packet Inspector
Benefits of the Firewall Feature Set
Content-Based Packet Inspection
Intrusion Detection with Cisco IOS
Chapter 7. IPSec Virtual Private Networks (VPNs)
Analogy: VPNs Connect IsLANds Securely
Authentication and Data Integrity
Router Configuration as VPN Peer
Step 1: Create the Extended ACL
Step 2: Create the IPSec Transforms
Step 4: Apply the Crypto Map to an Interface
Firewall VPN Configuration for Client Access
Essentials First: Wireless LANs
Wireless Equals Radio Frequency
Rogue/Unauthorized Access Points
Attackers’ Rogue AP Deployment Guidelines
Incorrectly Configured Access Points
Device and Access Point Association
Wired Equivalent Privacy (WEP)
WEP Limitations and Weaknesses
Extensible Authentication Protocol (EAP)
Essentials First: Wireless Hacking Tools
Chapter 9. Intrusion Detection and Honeypots
Essentials First: Intrusion Detection
Network Intrusion Detection System (NIDS)
Host Intrusion Detection System (HIDS)
Communication Stream Reassembly
Chapter 10. Tools of the Trade
Essentials First: Vulnerability Analysis
Denial of Service (DoS) Attacks
Security Assessments and Penetration Testing
Internal Vulnerability and Penetration Assessment
External Penetration and Vulnerability Assessment
Features and Benefits of Vulnerability Scanners