Network Security First-Step

Your first step into the world of network security No security experience required Includes clear and easily understood explanations Makes learning easy Your first step to network security begins here! Learn about hackers and their attacks Understand security tools and technologies Defend your network with firewalls, routers, and other devices Explore security for wireless networks Learn how to prepare for security incidents Welcome to the world of network security! Computer networks are indispensable-but they're also not secure. With the proliferation of Internet viruses and worms, many people and companies are considering increasing their network security. But first, you need to make sense of this complex world of hackers, viruses, and the tools to combat them. No security experience needed! "Network Security First-Step" explains the basics of network security in easy-to-grasp language that all of us can understand. This book takes you on a guided tour of the core technologies that make up and control network security. Whether you are looking to take your first step into a career in network security or are interested in simply gaining knowledge of the technology, this book is for you! Cover......Page 1 Contents......Page 10 Introduction......Page 19 Essentials First: Looking for a Target......Page 24 Hacking Innocent Information......Page 26 Targets of Opportunity......Page 28 Are You a Target of Opportunity?......Page 30 Are You a Target of Choice?......Page 31 The Process of an Attack......Page 33 Reconnaissance and Footprinting (a.k.a. Casing the Joint)......Page 34 Scanning......Page 39 Enumeration......Page 43 Gaining Access......Page 47 Escalating Privilege......Page 51 Covering Tracks......Page 52 Network Security Organizations......Page 56 Center for Internet Security (CIS)......Page 57 Internet Storm Center......Page 58 Learning from the Network Security Organizations......Page 59 Overview of Common Attacks and Exploits......Page 60 Chapter Summary......Page 64 Chapter Review......Page 65 Chapter 2 Security Policies and Responses......Page 68 Defining Trust......Page 72 Policy Overview......Page 75 General Use and Ownership......Page 76 Security and Proprietary Information......Page 78 Unacceptable Use......Page 80 Conclusion......Page 83 Overview......Page 84 Scope......Page 85 General Policy......Page 86 General Password Construction Guidelines......Page 87 Password Protection Standards......Page 89 Conclusion......Page 90 Virtual Private Network (VPN) Security Policy......Page 91 Purpose......Page 92 Policy......Page 93 Extranet Connection Policy......Page 95 Purpose......Page 96 Third-Party Connection Agreement......Page 97 Modifying or Changing Connectivity and Access......Page 98 Conclusion......Page 99 ISO Certification and Security......Page 100 Sample Security Policies on the Internet......Page 102 Chapter Summary......Page 103 Chapter Review......Page 104 Security First Design Concepts......Page 106 Packet Filtering via Access Control Lists (ACLs)......Page 110 Grocery List Analogy......Page 112 Stateful Packet Inspection (SPI)......Page 116 Detailed Packet Flow Using SPI......Page 118 Network Address Translation (NAT)......Page 120 NAT’s Limitations......Page 124 Proxies and Application Level Protection......Page 126 Limitations of Proxies......Page 128 Content Filters......Page 129 Limitations of Content Filtering......Page 132 Public Key Infrastructure (PKI)......Page 133 PKI’s Limitations......Page 135 Authentication......Page 136 Authorization......Page 137 Accounting......Page 138 Remote Authentication Dial-In User Service (RADIUS)......Page 139 Terminal Access Controller Access Control System (TACACS)......Page 140 TACACS+ Versus RADIUS......Page 142 Chapter Summary......Page 143 Chapter Review Questions......Page 144 Chapter 4 Security Protocols......Page 146 DES Encryption......Page 148 Encryption Strength......Page 149 Limitations of DES......Page 150 Triple DES Encryption......Page 151 Encryption Strength......Page 152 Message Digest 5 Algorithm......Page 153 MD5 Hash in Action......Page 155 Point-to-Point Tunneling Protocol (PPTP)......Page 156 PPTP Functionality......Page 157 Limitations of PPTP......Page 159 Layer 2 Tunneling Protocol (L2TP)......Page 160 L2TP Versus PPTP......Page 161 Benefits of L2TP......Page 162 L2TP Operation......Page 163 Secure Shell (SSH)......Page 166 SSH Versus Telnet......Page 167 SSH Operation......Page 170 Tunneling and Port Forwarding......Page 172 Limitations of SSH......Page 173 Chapter Summary......Page 174 Chapter Review Questions......Page 175 Chapter 5 Firewalls......Page 178 Why Do I Need a Firewall?......Page 180 Do I Have Anything Worth Protecting?......Page 181 What Does a Firewall Do?......Page 182 Firewalls Are “The Security Policy”......Page 184 Firewall Operational Overview......Page 187 Firewalls in Action......Page 189 Implementing a Firewall......Page 191 Determine the Inbound Access Policy......Page 193 Determine Outbound Access Policy......Page 194 Essentials First: Life in the DMZ......Page 195 Case Study: To DMZ or Not to DMZ?......Page 197 Case Study: Firewall Deployment with Mail Server Inside the Protected (Internal)......Page 199 Case Study: Firewall Deployment with Mail Server in DMZ......Page 202 Firewall Limitations......Page 205 Chapter Summary......Page 206 Chapter Review Questions......Page 207 Chapter 6 Router Security......Page 210 Edge Router as a Choke Point......Page 214 Limitations of Choke Routers......Page 217 Edge Router as a Packet Inspector......Page 218 Benefits of the Firewall Feature Set......Page 219 Content-Based Packet Inspection......Page 223 Intrusion Detection with Cisco IOS......Page 228 FFS IDS Operational Overview......Page 230 FFS Limitations......Page 234 Secure IOS Template......Page 235 Chapter Summary......Page 249 Chapter Review Questions......Page 250 Chapter 7 IPSec Virtual Private Networks (VPNs)......Page 252 Analogy: VPNs Connect IsLANds Securely......Page 254 VPN Overview......Page 257 VPN Benefits and Goals......Page 260 VPN Implementation Strategies......Page 261 Split Tunneling......Page 263 Overview of IPSec VPNs......Page 264 Authentication and Data Integrity......Page 267 Tunneling Data......Page 268 Encryption Modes......Page 269 IPSec Protocols......Page 271 IPSec Operational Overview......Page 275 Configuring ISAKMP......Page 281 Configuring IPSec......Page 285 Firewall VPN Configuration for Client Access......Page 289 Chapter Summary......Page 292 Chapter Review Questions......Page 293 Chapter 8 Wireless Security......Page 296 Essentials First: Wireless LANs......Page 298 What Is Wi-Fi?......Page 300 Benefits of Wireless LANs......Page 301 Wireless Equals Radio Frequency......Page 302 Modes of Operation......Page 303 Coverage......Page 305 Bandwidth Availability......Page 306 WarGames Wirelessly......Page 307 Sniffing to Eavesdrop......Page 316 Denial of Service Attacks......Page 318 Rogue/Unauthorized Access Points......Page 319 Incorrectly Configured Access Points......Page 322 Wireless Security......Page 323 Service Set Identifier (SSID)......Page 324 Device and Access Point Association......Page 325 Wired Equivalent Privacy (WEP)......Page 326 Extensible Authentication Protocol (EAP)......Page 328 Increasing Wireless Security......Page 332 Essentials First: Wireless Hacking Tools......Page 333 NetStumbler......Page 334 Wireless Packet Sniffers......Page 336 AirSNORT......Page 337 Chapter Review Questions......Page 339 Chapter 9 Intrusion Detection and Honeypots......Page 342 Essentials First: Intrusion Detection......Page 345 IDS Functional Overview......Page 348 Protocol Analysis......Page 354 Signature/Pattern Matching......Page 355 Log Analysis......Page 356 Combining Methods......Page 357 IPS Responses and Actions......Page 358 IDS Products......Page 359 Limitations of IDS......Page 363 Essentials First: Honeypots......Page 366 Honeypot Design Strategies......Page 369 Chapter Summary......Page 370 Chapter Review Questions......Page 371 Chapter 10 Tools of the Trade......Page 374 Essentials First: Vulnerability Analysis......Page 376 Fundamental Attacks......Page 377 Security Assessments and Penetration Testing......Page 387 Internal Vulnerability and Penetration Assessment......Page 388 External Penetration and Vulnerability Assessment......Page 390 Physical Security Assessment......Page 392 Miscellaneous Assessments......Page 394 Vulnerability Scanners......Page 395 Features and Benefits of Vulnerability Scanners......Page 396 Nessus......Page 397 Retina......Page 400 Penetration Testing Products......Page 404 Documentation......Page 406 Vulnerability Updates......Page 407 Core Impact In Action......Page 408 Chapter Review Questions......Page 414 Appendix A: Answers to Chapter Review Questions......Page 416 A......Page 434 C......Page 436 D......Page 437 F......Page 439 I......Page 440 L......Page 442 N......Page 443 P......Page 444 R......Page 446 S......Page 447 V......Page 449 W......Page 450 Z......Page 451 A......Page 454 C......Page 456 D......Page 459 E......Page 460 F......Page 462 I......Page 463 L......Page 466 N......Page 467 P......Page 468 R......Page 471 S......Page 472 T......Page 473 U......Page 474 V......Page 475 W......Page 476 X-Y-Z......Page 477

your First Step Into The World Of Network Security

• no Security Experience Required
• includes Clear And Easily Understood Explanations
• makes Learning Easy

your First Step To Network Security Begins Here!

• learn About Hackers And Their Attacks
• understand Security Tools And Technologies
• defend Your Network With Firewalls, Routers, And Other Devices
• explore Security For Wireless Networks
• learn How To Prepare For Security Incidents

welcome To The World Of Network Security!

computer Networks Are Indispensable-but They're Also Not Secure. With The Proliferation Of Internet Viruses And Worms, Many People And Companies Are Considering Increasing Their Network Security. But First, You Need To Make Sense Of This Complex World Of Hackers, Viruses, And The Tools To Combat Them.

no Security Experience Needed!

network Security First-step Explains The Basics Of Network Security In Easy-to-grasp Language That All Of Us Can Understand. This Book Takes You On A Guided Tour Of The Core Technologies That Make Up And Control Network Security. Whether You Are Looking To Take Your First Step Into A Career In Network Security Or Are Interested In Simply Gaining Knowledge Of The Technology, This Book Is For You!

This book "explains the basics of network security in easy-to-grasp language that all can understand. You will: learn about hackers and their attacks ; understand security tools and technologies ; defend your network with firewalls, routers, and other devices ; explore security for wireless networks ; and learn how to prepare for security incidents." - back cover Provides information on the basics of computer network security, covering such topics as hackers, security policies, security technologies, firewalls, routers, VPNs, wireless security, and honeypots.