- Note from Cisco Systems on the SAFE Blueprint and Network Security Architectures
- Note on Paging
- AAA Server - 2
- AAA Server Requirements
- AAA Server Summary
- Access
- ACL Options
- Active Mode
- Administrative Networks
- Aggressive Mode
- Appliance Based Security Devices
- Application Evaluation
- Application Manipulation
- Applications
- Applied Knowledge Questions - 2 3 4 5
- Attack Example
- Attack Mitigation - 2
- Attack Response Recommendations
- Attack Taxonomy
- Attacker Types
- Authentication Methods
- Authenticator Configuration Switch
- Basic AAA Requirements
- Basic Changes
- Branch Versus Head End Design Considerations
- Buy a Faster
- Campus Security
- Car
- Caveats
- Cdp
- Certificate Authority
- Psec VPN Design Considerations
- Supporting Technology Design Considerations
- Designing Your Security System
- Edge Security Design
- Campus
- Teleworker Security
- Secure Network Management and Network Security Management
- Case Studies
- Conclusions
- Secure Networking
- Network Security
- General Design
- Network Security Platform Options and Best Deployment Practices
- Common Application Design Considerations
- Identity Design
- Choose Sensible Logging Levels
- Classified Areas
- Classified Network
- Cleartext InBand
- Command Syntax Conventions
- Commercial OSs and Security Software
- Components of a Hardening Strategy
- Configuration Vulnerabilities
- Configuration Provisioning Tools
- Cons - 2 3 4 5
- Consider Defensein Depth
- Consider L2 Redundancy as a Workaround
- Content Distribution and Routing
- Control Physical Access to Data Centers
- Copyright
- Credits
- Critical System Compromises
- Cryptographic Identity Considerations
- Cryptographically Secure InBand Network Layer
- Cryptography
- Current Design - 2
- DoS Infections Attacks
- Decreased Security Alternative
- Defining the Teleworker Environment
- Deployment Best Practices - 2 3 4
- Deployment Options
- Design Choices
- Design Evaluation - 2 3 4 5 6
- Design Overview - 2 3 4
- Design Requirements - 2 3
- Device to Network
- Device Versus User Identity
- DHCP Considerations
- DHCP Snooping
- Differentiated Groups WLAN
- Digital Certificates
- Direct Query
- Distribute the Security Functions
- Dns
- Dont Put All Your DNS Servers in One Place
- DoS
- DoS Design Considerations
- Dynamic Trunking Protocol DTP
- Edge Security
- Elite
- Esp
- Establish Extranet Specific Security Policies
- Ethernet Switch - 2 3 4
- Ethernet Switches - 2
- Ethernet Switches L3 Distribution Core
- Ettercap
- Evaluate Design for Policy Conformance
- Evaluate Design for Threat Mitigation
- Expected Threats
- Expressly Permit Implicitly Deny
- Extranet
- Feedback Information
- Figure 104 ESP
- Figure 35 Ethereal in Action
- Figure 617 RIP v2 Plaintext Authentication
- Figure 620 TCP Option 19 for BGP MD5 Authentication
- Figure 623 CAR
- Final Assessment
- Firewall and NIDS Placement for VPNs
- Firewalls
- Focus on Operational Requirements
- Full Mesh
- Functional Requirements
- Gateway Based Network Authentication
- General Best Practices
- General Purpose Operating System Security Devices
- Gre
- Gui
- Hardware Vulnerabilities
- Hardware Based Teleworker Design
- High Availability
- High End Resilient Campus Security Design
- Host and Application Security
- How This Book Is Organized
- HTTP Server
- Httphttps
- Hybrid Host Solutions
- Hybrid Management Design
- ICMP Destination Unreachable Fragmentation Needed but DF Bit
- ICMP Message Type Filtering
- Identity and IPsec Access Control
- Identity Considerations
- Identity Technologies
- Ike
- Incident Response
- Increased Access
- Increased Security Alternative - 2
- Index - 2 3 4 5 6 7 8 9 10
- Ingress Egress Filtering
- Internal Servers - 2
- Internet VPN No Services
- Interswitch Linking ISL
- Introduction
- Intrusion Detection Systems
- IP Addressing
- Psec Vendor Interoperability
- Key Card Access
- Key Card Access with Turnstile
- L2 Best Practices Recommendations
- Limit Zone Transfers to Authorized Servers
- Line Access
- Load Balance Per Flow Rather Than Per Packet
- Load Balancing
- Lockand Key Access
- Logging
- Login Banner
- Login Restrictions
- MAC Addresses
- MAC Flooding Considerations
- Mail Application Design Recommendations
- Main Mode
- Manageability
- Management - 2
- Management Network
- Management Problems Will Continue
- Management Requirements
- Manipulate Flows by Using Routing or NAT
- Manual ACL Trace Back
- Migration Strategy - 2
- Mobile Workers
- Monitor Critical Security Events 247365
- Multiple Public Server Segments
- Multisegment NIDS
- Multisite Considerations - 2
- Net Flow
- Network Devices
- Network Flooding Design Recommendations
- Network Security Device Best Practices
- Network Versus Application Identity
- Nids - 2 3
- NIDS General Best Practices 4
- NIDS Summary
- Note - 2 3 4 5 6 7 8 9 10 11 12 13 14 15
- Ntp
- Number of Public Servers
- Open Source OSs and Security Software
- Optional AAA Server
- Organization
- Organization Overview - 2
- Organizational Realities
- Other Considerations
- Others
- Partitioning Disk Space
- Passive Mode
- Patching the Services Needed
- Performance
- Phase
- Physical Access
- Physical Security
- PKI Usage Basics
- Preface
- Pros - 2 3
- Protocol Capabilities
- Provide Protected Internal DNS Servers
- Public Servers - 2
- Q
- QoS
- Real World Applicability
- References - 2 3 4 5 6 7 8 9 10 11 12
- Remote Access Design Evaluation - 2
- Remote Access Edge
- Remote User - 2
- Remote User Considerations
- Reverse Proxy Cache
- Rfc 2827
- Rogue Devices
- Role of Identity in Secure Networking
- Root Guard
- Router
- Router Switch Software Integrated
- Routing - 2
- Sandwich
- Scalability and Performance
- Script Kiddie
- Secure Network Management Tools
- Security
- Security Considerations - 2 3 4
- Security Device Load Balancing
- Security Enhancements
- Security Policy Team
- Security Requirements
- Security System Operations Life Cycle
- Security Technologies
- Security Versus Access
- Separate Identity Mechanisms for Insecure Locations
- Shared Access
- Shared Identity
- Single Local Server
- Siteto Site
- Siteto Site IPsec Platforms
- Small Network Campus Security Design
- Small Network Edge Security Design
- Smurf
- Software Option Recommendations
- Software Options
- Software Based Teleworker Design
- Solving the Single Factor Identity Problem
- Split Tunneling Recommendations
- Ssh
- Sshssl
- Stateful Firewall - 2
- Stateful Firewalls
- Step 1 Review Completed Security Policy Documents
- Step 2 Analyze the Current Network Against the Security Policy
- Step 2 Developing a Security Policy
- Step 4 Design an Ideal Rough Draft of the Security System
- Step 6 Evaluate and Revise Design Policy
- Steps to Success
- Stick
- Student Connectivity
- Student Networks
- Summary - 2 3 4 5 6 7 8 9 10 11 12
- Supported Platforms - 2 3
- Switches
- Syslog - 2
- Telnet
- The Price of L2 Resiliency
- The Role of Scanning
- Threat Mitigation - 2 3
- Threat Profile
- Tip - 2 3 4
- Trademark Acknowledgments
- Transparent Cache
- Typical - 2
- UDP Spoofing
- Unclassified Areas
- Universities and Viruses
- Use State Sharing Security Devices
- User to Application
- User to Network
- Vendor Proprietary
- Vpn - 2
- VPN Basics
- Wan - 2
- WAN Connected Networks
- Warning - 2 3 4 5 6 7 8
- What Is the Campus
- What Is the Edge
- Who Should Read This Book
- WiFi Protected Access
- X
- XEAP Benefits
- XEAP Summary
- You Cant Buy Network Security