Network Security

Note from Cisco Systems on the SAFE Blueprint and Network Security Architectures
Note on Paging
AAA Server - 2
AAA Server Requirements
AAA Server Summary
Access
ACL Options
Active Mode
Administrative Networks
Aggressive Mode
Appliance Based Security Devices
Application Evaluation
Application Manipulation
Applications
Applied Knowledge Questions - 2 3 4 5
Attack Example
Attack Mitigation - 2
Attack Response Recommendations
Attack Taxonomy
Attacker Types
Authentication Methods
Authenticator Configuration Switch
Basic AAA Requirements
Basic Changes
Branch Versus Head End Design Considerations
Buy a Faster
Campus Security
Car
Caveats
Cdp
Certificate Authority
Psec VPN Design Considerations
Supporting Technology Design Considerations
Designing Your Security System
Edge Security Design
Campus
Teleworker Security
Secure Network Management and Network Security Management
Case Studies
Conclusions
Secure Networking
Network Security
General Design
Network Security Platform Options and Best Deployment Practices
Common Application Design Considerations
Identity Design
Choose Sensible Logging Levels
Classified Areas
Classified Network
Cleartext InBand
Command Syntax Conventions
Commercial OSs and Security Software
Components of a Hardening Strategy
Configuration Vulnerabilities
Configuration Provisioning Tools
Cons - 2 3 4 5
Consider Defensein Depth
Consider L2 Redundancy as a Workaround
Content Distribution and Routing
Control Physical Access to Data Centers
Copyright
Credits
Critical System Compromises
Cryptographic Identity Considerations
Cryptographically Secure InBand Network Layer
Cryptography
Current Design - 2
DoS Infections Attacks
Decreased Security Alternative
Defining the Teleworker Environment
Deployment Best Practices - 2 3 4
Deployment Options
Design Choices
Design Evaluation - 2 3 4 5 6
Design Overview - 2 3 4
Design Requirements - 2 3
Device to Network
Device Versus User Identity
DHCP Considerations
DHCP Snooping
Differentiated Groups WLAN
Digital Certificates
Direct Query
Distribute the Security Functions
Dns
Dont Put All Your DNS Servers in One Place
DoS
DoS Design Considerations
Dynamic Trunking Protocol DTP
Edge Security
Elite
Mail
Esp
Establish Extranet Specific Security Policies
Ethernet Switch - 2 3 4
Ethernet Switches - 2
Ethernet Switches L3 Distribution Core
Ettercap
Evaluate Design for Policy Conformance
Evaluate Design for Threat Mitigation
Expected Threats
Expressly Permit Implicitly Deny
Extranet
Feedback Information
Figure 104 ESP
Figure 35 Ethereal in Action
Figure 617 RIP v2 Plaintext Authentication
Figure 620 TCP Option 19 for BGP MD5 Authentication
Figure 623 CAR
Final Assessment
Firewall and NIDS Placement for VPNs
Firewalls
Focus on Operational Requirements
Full Mesh
Functional Requirements
Gateway Based Network Authentication
General Best Practices
General Purpose Operating System Security Devices
Gre
Gui
Hardware Vulnerabilities
Hardware Based Teleworker Design
High Availability
High End Resilient Campus Security Design
Host and Application Security
How This Book Is Organized
HTTP Server
Httphttps
Hybrid Host Solutions
Hybrid Management Design
ICMP Destination Unreachable Fragmentation Needed but DF Bit
ICMP Message Type Filtering
Identity and IPsec Access Control
Identity Considerations
Identity Technologies
Ike
Incident Response
Increased Access
Increased Security Alternative - 2
Index - 2 3 4 5 6 7 8 9 10
Ingress Egress Filtering
Internal Servers - 2
Internet VPN No Services
Interswitch Linking ISL
Introduction
Intrusion Detection Systems
IP Addressing
Psec Vendor Interoperability
Key Card Access
Key Card Access with Turnstile
L2 Best Practices Recommendations
Limit Zone Transfers to Authorized Servers
Line Access
Load Balance Per Flow Rather Than Per Packet
Load Balancing
Lockand Key Access
Logging
Login Banner
Login Restrictions
MAC Addresses
MAC Flooding Considerations
Mail Application Design Recommendations
Main Mode
Manageability
Management - 2
Management Network
Management Problems Will Continue
Management Requirements
Manipulate Flows by Using Routing or NAT
Manual ACL Trace Back
Migration Strategy - 2
Mobile Workers
Monitor Critical Security Events 247365
Multiple Public Server Segments
Multisegment NIDS
Multisite Considerations - 2
Net Flow
Network Devices
Network Flooding Design Recommendations
Network Security Device Best Practices
Network Versus Application Identity
Nids - 2 3
NIDS General Best Practices 4
NIDS Summary
Note - 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Ntp
Number of Public Servers
Open Source OSs and Security Software
Optional AAA Server
Organization
Organization Overview - 2
Organizational Realities
Other Considerations
Others
Partitioning Disk Space
Passive Mode
Patching the Services Needed
Performance
Phase
Physical Access
Physical Security
PKI Usage Basics
Preface
Pros - 2 3
Protocol Capabilities
Provide Protected Internal DNS Servers
Public Servers - 2
Q
QoS
Real World Applicability
References - 2 3 4 5 6 7 8 9 10 11 12
Remote Access Design Evaluation - 2
Remote Access Edge
Remote User - 2
Remote User Considerations
Reverse Proxy Cache
Rfc 2827
Rogue Devices
Role of Identity in Secure Networking
Root Guard
Router
Router Switch Software Integrated
Routing - 2
Sandwich
Scalability and Performance
Script Kiddie
Secure Network Management Tools
Security
Security Considerations - 2 3 4
Security Device Load Balancing
Security Enhancements
Security Policy Team
Security Requirements
Security System Operations Life Cycle
Security Technologies
Security Versus Access
Separate Identity Mechanisms for Insecure Locations
Shared Access
Shared Identity
Single Local Server
Siteto Site
Siteto Site IPsec Platforms
Small Network Campus Security Design
Small Network Edge Security Design
Smurf
Software Option Recommendations
Software Options
Software Based Teleworker Design
Solving the Single Factor Identity Problem
Split Tunneling Recommendations
Ssh
Sshssl
Stateful Firewall - 2
Stateful Firewalls
Step 1 Review Completed Security Policy Documents
Step 2 Analyze the Current Network Against the Security Policy
Step 2 Developing a Security Policy
Step 4 Design an Ideal Rough Draft of the Security System
Step 6 Evaluate and Revise Design Policy
Steps to Success
Stick
Student Connectivity
Student Networks
Summary - 2 3 4 5 6 7 8 9 10 11 12
Supported Platforms - 2 3
Switches
Syslog - 2
Telnet
The Price of L2 Resiliency
The Role of Scanning
Threat Mitigation - 2 3
Threat Profile
Tip - 2 3 4
Trademark Acknowledgments
Transparent Cache
Typical - 2
UDP Spoofing
Unclassified Areas
Universities and Viruses
Use State Sharing Security Devices
User to Application
User to Network
Vendor Proprietary
Vpn - 2
VPN Basics
Wan - 2
WAN Connected Networks
Warning - 2 3 4 5 6 7 8
What Is the Campus
What Is the Edge
Who Should Read This Book
WiFi Protected Access
X
XEAP Benefits
XEAP Summary
You Cant Buy Network Security

Cisco Certified Expert

» Network Security

Reviews

Popular Articles

Categories