Self-Defending Networks: The Next Generation of Network Security
- By Duane De Capite
- Published Aug 31, 2006 by Cisco Press.
Book
- Sorry, this book is no longer in print.
- Copyright 2007
- Edition: 1st
- Book
- ISBN-10: 1-58705-253-9
- ISBN-13: 978-1-58705-253-8
Protect your network with self-regulating network security solutions that combat both internal and external threats.
- Provides an overview of the security components used to design proactive network security
- Helps network security professionals understand what the latest tools and techniques can do and how they interact
- Presents detailed information on how to use integrated management to increase security
- Includes a design guide with step-by-step implementation instructions
Self-Defending Networks: The Next Generation of Network Security helps networking professionals understand how to deploy an end-to-end, integrated network security solution. It presents a clear view of the various components that can be used throughout the network to not only monitor traffic but to allow the network itself to become more proactive in preventing and mitigating network attacks. This security primer provides unique insight into the entire range of Cisco security solutions, showing what each element is capable of doing and how all of the pieces work together to form an end-to-end Self-Defending Network. While other books tend to focus on individual security components, providing in-depth configuration guidelines for various devices and technologies, Self-Defending Networks instead presents a high-level overview of the entire range of technologies and techniques that comprise the latest thinking in proactive network security defenses. This book arms network security professionals with the latest information on the comprehensive suite of Cisco security tools and techniques. Network Admission Control, Network Infection Containment, Dynamic Attack Mitigation, DDoS Mitigation, Host Intrusion Prevention, and Integrated Security Management are all covered, providing the most complete overview of various security systems. It focuses on leveraging integrated management, rather than including a device-by-device manual to implement self-defending networks.
Online Sample Chapter
Implementing Network Admission Control
Downloadable Sample Chapter
Download - 145 KB -- Chapter 6: Implementing Network Admission Control
Table of Contents
Foreword
Introduction
Chapter 1 Understanding Types of Network Attacks and Defenses
Categorizing Network Attacks
Virus
Worm
Trojan Horse
Denial-of-Service
Distributed Denial-of-Service
Spyware
Phishing
Understanding Traditional Network Defenses
Router Access Lists
Firewalls
Intrusion Detection Systems
Virtual Private Networks
Antivirus Programs
Introducing Cisco Self-Defending Networks
DDoS Mitigation
Intrusion Prevention Systems
Adaptive Security Appliance
Incident Control Service
Network Admission Control
IEEE 802.1x
Host Intrusion Prevention: CSA
Cisco Security Centralized Management
Summary
References
Chapter 2 Mitigating Distributed Denial-of-Service Attacks
Understanding Types of DDoS Attacks
DDoS Mitigation Overview
Using Cisco Traffic Anomaly Detector
Configuring the Traffic Anomaly Detector
Zone Creation
Traffic Anomaly Detector Zone Filters
Policy Template
Learning Phase
Detecting and Reporting Traffic Anomalies
Configuring Cisco Guard
Bootstrapping
Zone Creation and Synchronization
Cisco Guard Zone Filters
Zone Traffic Diversion
Learning Phase
Activating Zone Protection
Generating Attack Reports
Summary
References
Chapter 3 Cisco Adaptive Security Appliance Overview
Antispoofing
Intrusion Prevention Service
Launch ASDM for IPS Configuration
Configure Service Policy Rules
Define IPS Signatures
Protocol Inspection Services
HTTP Inspection Engine
TCP Map
HTTP Map
Configuring Content Security and Control Security
Content Security and Control Services Module (CSC-SSM) Setup
Web
URL Blocking
URL Filtering
Scanning
File Blocking
Scanning
Antispam
Content Filtering
File Transfer
Summary
References
Chapter 4 Cisco Incident Control Service
Implementing Outbreak Management with Cisco ICS
Outbreak Management Summary
Information and Statistics on Network Threats from Trend Micro
New Outbreak Management Task
Outbreak Settings
Displaying Outbreak Reports
OPACL Settings
Exception List
Report Settings
Watch List Settings
Automatic Outbreak Management Task
Displaying Devices
Device List
Add Device
Viewing Logs
Incident Log Query
Event Log Query
Outbreak Log Query
Log Maintenance
Summary
References
Chapter 5 Demystifying 802.1x
Fundamentals of 802.1x
Introducing Cisco Identity-Based Networking Services
Machine Authentication
802.1x and NAC
Using EAP Types
EAP MD5
EAP TLS
LEAP
PEAP
EAP FAST
VPN and 802.1x
Summary
References
Chapter 6 Implementing Network Admission Control
Network Admission Control Overview
NAC Framework Benefits
NAC Framework Components
Endpoint Security Application
Posture Agent
Network Access Devices
Policy Server
Management and Reporting Tools
Operational Overview
Network Admission for NAC-enabled Endpoints
Endpoint Attempts to Access the Network
NAD Notifies Policy Server
Cisco Secure ACS Compares Endpoint to NAC Policy
Cisco Secure ACS Forwards Information to Partner Policy Servers
Cisco Secure ACS Makes a Decision
Cisco Secure ACS Sends Enforcement Actions
NAD Enforces Actions
Posture Agent Actions
Endpoint Polled for Change of Compliance
Revalidation Process
Network Admission for NAC Agentless Hosts
Deployment Models
LAN Access Compliance
WAN Access Compliance
Remote Access Compliance
Summary
References
Chapter 7 Network Admission Control Appliance
NAC Appliance Features
NAC Appliance Manager
Device Management
CCA Servers
Filters
Clean Access
Switch Management
User Management
Monitoring
Administration
Summary
References
Chapter 8 Managing the Cisco Security Agent
Management Center for Cisco Security Agents
Deploying Cisco Secure Agent Kits
Displaying the End-Station Hostname in the Device Groups
Reviewing Policies
Attaching Rules to a Policy
Generating and Deploying Rules
Using Event Monitor
Running Cisco Security Agent Analysis
Cisco Security Agent
Status
System Security
Summary
References
Chapter 9 Cisco Security Manager
Getting Started
Device View
Add Device
Configure Access Conrol Lists (ACLs) from Device View
Configuring Interface Roles
Apply Access Control List (ACL) Rules to Multiple Devices
Invoking the Policy Query
Using Analysis and Hit Count Functions
Map View
Showing Devices on the Topology Map
Adding Cloud Networks and Hosts to the Topology Map
Configuring Firewall Access Control List (ACLs) Rules from Topology Map
Policy View
Access Control List (ACL) Rules Security Policy
Policy Inheritance and Mandatory Security Policies
IPS Management
Object Manager
Value Override Per Device
Summary
References
Chapter 10 Cisco Security Monitoring, Analysis, and Response System
Understanding Cisco Security MARS Features
Summary Dashboard
Incidents
Displaying Path of Incident and Mitigating the Attack
Hotspot Graph and Attack Diagram
Rules
Query/Reports
Management
Admin
Cisco Security Manager Linkages
Summary
References
1587052539, TOC, 8/14/2006
Foreword
Download - 30.4 KB -- Book Foreword
By Jayshree Ullal
Senior Vice President, Security, Switching and Datacenter Technologies
Cisco Systems
Index
Download - 63.6 KB -- Index
Other Things You Might Like
- Securing Enterprise Networks with Cisco Meraki
- eBook $55.99
- Securing Enterprise Networks with Cisco Meraki
- Book $55.99