Tous nos rayons

Déjà client ? Identifiez-vous

Mot de passe oublié ?

Nouveau client ?

CRÉER VOTRE COMPTE
Configuring Cisco Ip Security
Ajouter à une liste

Librairie Eyrolles - Paris 5e
Indisponible

Configuring Cisco Ip Security

Configuring Cisco Ip Security

Florent Parent, Jean Parent, Syngress Media

466 pages, parution le 01/11/2000

Résumé

As more and more companies take their critical applications and business functions online, they need to know that their networks, systems, and data are protected. Cisco Systems, the world's largest internetworking vendor, has developed hardware and software solutions that provide security by tracking access by customers and business partners and prohibiting access by unauthorized outsiders. Configuring Cisco IP Security covers the full range of Cisco Secure hardware and software solutions, including PIX Firewall, Intrusion Detection System, and Authentication Agent, to help engineers and administrators protect their ISPs, corporate networks, and e-commerce sites. The book's user-friendly format includes a technology overview, a "fast-track" summary, easy-to-read chapters written by subject-matter experts, and dozens of helpful illustrations, screen shots, and captions.

Contents

Chapter 1: Introduction to IP Network Security
Introduction
Protecting Your Site
Typical Site Scenario
Host Security
Network Security
Availability
Integrity
Confidentiality
Access Control
Authentication
Authorization
Accounting
Network Communication in TCP/IP
Application Layer
Transport Layer
TCP
TCP Connection
UDP
Internet Layer
IP
ICMP
ARP
Network Layer
Security in TCP/IP
Cryptography
Symmetric Cryptography
Asymmetric Cryptography
Hash Function
Public Key Certificates
Application Layer Security
Pretty Good Privacy (PGP)
Secure HyperText Transport Protocol (S-HTTP)
Transport Layer Security
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
Secure Shell (SSH)
Filtering
Network Layer Security
IP Security Protocols (IPSec)
Filtering (Access Control Lists)
Data Link Layer Security
Authentication
Terminal Access Controller Access
Control System Plus (TACACS+)
Remote Access Dial-In User Service (RADIUS)
Kerberos
Cisco IP Security Hardware and Software
Cisco Secure PIX Firewall
Cisco Secure Integrated Software
Cisco Secure Integrated VPN Software
Cisco Secure VPN Client
Cisco Secure Access Control Server
Cisco Secure Scanner Cisco Secure Intrusion Detection System
Cisco Secure Policy Manager
Cisco Secure Consulting Services
Summary
FAQs
Chapter 2: Traffic Filtering on the Cisco IOS
Introduction
Access Lists
Access List Operation
Types of Access Lists
Standard IP Access Lists
Source Address and Wildcard Mask
Keywords any and host
Keyword log
Applying an Access List
Extended IP Access Lists
Keywords permit or deny
Protocol
Source Address and Wildcard-Mask
Destination Address and Wildcard Mask
Source and Destination Port Number
Established
Named Access Lists
Editing Access Lists
Problems with Access Lists
Lock-and-Key Access Lists
Reflexive Access Lists
Building Reflexive Access Lists
Applying Reflexive Access Lists
Reflexive Access List Example
Context-based Access Control
The Control-based Access Control Process
Configuring Control-based Access Control
Inspection Rules
Applying the Inspection Rule
Configuring Port to Application Mapping
Configuring PAM
Protecting a Private Network
Protecting a Network Connected to the Internet
Protecting Server Access Using Lock-and-Key
Protecting Public Servers Connected to the Internet
Summary
FAQs
Chapter 3: Network Address Translation (NAT)
Introduction
NAT Overview
Overview of NAT Devices
Address Realm
NAT
Transparent Address Assignment
Transparent Routing
Public, Global, and External Networks
Private and Local Networks
Application Level Gateway
NAT Architectures
Traditional or Outbound NAT
Network Address Port Translation (NAPT)
Static NAT
Twice NAT
Guidelines for Deploying NAT and NAPT
Configuring NAT on Cisco IOS
Configuration Commands
Verification Commands
Configuring NAT between a Private Network and Internet
Configuring NAT in a Network with DMZ
Considerations on NAT and NAPT
IP Address Information in Data
Bundled Session Applications
Peer-to-Peer Applications
IP Fragmentation with NAPT En Route
Applications Requiring Retention of Address Mapping
IPSec and IKE
Summary
FAQs
Chapter 4: Cisco PIX Firewall
Introduction
Overview of the Security Features
Differences Between IOS 4.x and 5.x
Initial Configuration
Installing the PIX Software
Basic Configuration
Installing the IOS over TFTP
Command Line Interface
IP Configuration
IP Address
Configuring NAT and NAPT
Security Policy Configuration
Security Strategies
Deny Everything That Is Not Explicitly Permitted
Allow Everything That Is Not Explicitly Denied
Identify the Resources to Protect
Demilitarized Zone (DMZ)
Identify the Security Services to Implement
Authentication and Authorization
Access Control
Confidentiality
URL, ActiveX, and Java Filtering
Implementing the Network Security Policy
Authentication Configuration in PIX
Access Control Configuration in PIX
Securing Resources
URL, ActiveX, and Java Filtering
PIX Configuration Examples
Protecting a Private Network
Protecting a Network Connected to the Internet
Protecting Server Access Using Authentication
Protecting Public Servers Connected
to the Internet
Securing and Maintaining the PIX
System Journaling
Securing the PIX
Summary
FAQs
Chapter 5: Virtual Private Networks
Introduction
What Is a VPN?
Overview of the Different VPN Technologies
The Peer Model
The Overlay Model
Link Layer VPNs
Network Layer VPNs
Transport and Application Layer VPNs
Layer 2 Transport Protocol (L2TP)
Configuring Cisco L2TP
LAC Configuration Example
LNS Configuration Example
IPSec
IPSec Architecture
Security Association
Anti-Replay Feature
Security Policy Database
Authentication Header
Encapsulating Security Payload
Manual IPSec
Internet Key Exchange
Authentication Methods
IKE and Certificate Authorities
IPSec Limitations
Network Performance
Network Troubleshooting
Interoperability with Firewalls and Network Address Translation Devices
IPSec and Cisco Encryption Technology (CET)
Configuring Cisco IPSec
IPSec Manual Keying Configuration
IPSec over GRE Tunnel Configuration
Connecting IPSec Clients to Cisco IPSec
Cisco Secure VPN Client
Windows 2000
Linux FreeS/WAN
BSD Kame Project
Summary
FAQs
Chapter 6: Cisco Authentication, Authorization, and Accounting Mechanisms
Introduction
AAA Overview
AAA Benefits
Cisco AAA Mechanisms
Supported AAA Security Protocols
RADIUS
TACACS+
Kerberos
RADIUS, TACACS+, or Kerberos
Authentication
Login Authentication Using AAA
PPP Authentication Using AAA
Enable Password Protection for Privileged
EXEC Mode
Authorization
Configure Authorization
TACACS+ Configuration Example
Accounting
Configuring Accounting
Suppress Generation of Accounting Records
for Null Username Sessions
RADIUS Configuration Example
Typical RAS Configuration Using AAA
Typical Firewall Configuration Using AAA
Authentication Proxy
How the Authentication Proxy Works
Comparison with the Lock-and Key Feature
Benefits of Authentication Proxy
Restrictions of Authentication Proxy
Configuring Authentication Proxy
Configuring the HTTP Server
Configure Authentication Proxy
Authentication Proxy Configuration Example
Summary
FAQs
Chapter 7: Intrusion Detection
Introduction
What Is Intrusion Detection?
Network Attacks and Intrusions
Poor Network Perimeter/Device Security
Network Sniffers
Scanner Programs
Network Topology
Unattended Modems
Poor Physical Security
Application and Operating Software Weaknesses
Software Bugs
Web Server/Browser-based Attacks
Getting Passwords-Easy Ways in Cracking Programs
Trojan Horse Attacks
Virus or Worm Attacks
Human Failure
Poorly Configured Systems
Information Leaks
Malicious Users
Weaknesses in the IP Suite of Protocols
Layer 7 Attacks
Layer 5 Attacks
Layer 3 and 4 Attacks
Network and Host-based
Intrusion Detection
Network IDS
Host IDS
What Can't IDSs Do?
Deploying in a Network
Sensor Placement
Network Vulnerability Analysis Tools
Cisco's Approach to Security
Cisco Secure Scanner (NetSonar)
Minimum System Specifications for
Secure Scanner V2.0
Searching the Network for Vulnerabilities
Viewing the Results
Keeping the System Up-to-Date
Cisco Secure Intrusion Detection System (NetRanger)
What Is NetRanger?
Before You Install
Director and Sensor Setup
General Operation
nrConfigure
Data Management Package (DMP)
Cisco IOS Intrusion Detection System
Configuring IOS IDS Features
Associated Commands
Cisco Secure Integrated Software (Firewall Feature Set)
Summary
FAQs
Chapter 8: Network Security Management
Introduction PIX Firewall Manager
PIX Firewall Manager Overview
PIX Firewall Manager Benefits
Supported PIX Firewall IOS Version Versus
PIX Firewall Manager Version
Installation Requirements for PIX Firewall Manager
PIX Firewall Manager Features
Using PIX Firewall Manager
Configuration
Installation Errors in PIX Firewall Manager
A Configuration Example
CiscoWorks 2000 ACL Manager
ACL Manager Overview
ACL Manager Device and Software Support
Installation Requirements for ACL Manager
ACL Manager Features
Using a Structure Access Control Lists
Security Policy
Increase Deployment Time for Access Control Lists
Ensure Consistency of Access Control Lists
Keep Track of Changes Made on the Network
Troubleshooting and Error Recovery
Basic Operation of ACL Manager
Using ACL Manager
Configuration
An ACL Manager Configuration Example
Cisco Secure Policy Manager
Cisco Secure Policy Manager Overview
The Benefits of Using Cisco Secure Policy Manager
Installation Requirements for Cisco
Secure Policy Manager
Cisco Secure Policy Manager Features
Cisco Firewall Management
VPN and IPSec Security Management
Security Policy Management
Network Security Deployment Options
Cisco Secure Policy Manager Device and
Software Support
Using Cisco Secure Policy Manager
Configuration
CSPM Configuration Example
Cisco Secure ACS
Cisco Secure ACS Overview
Cisco Secure ACS Benefits
Installation Requirements for Cisco Secure ACS
Cisco Secure ACS Features
Placing Cisco Secure ACS in Your Network
Cisco Secure ACS Device and Software Support
Using Cisco Secure ACS
Configuration
Cisco Secure ACS Configuration Example
Summary
FAQs
Chapter 9: Security Processes and Managing
Cisco Security Fast Track
Introduction
What Is a Managing
Cisco Security Fast Track?
Introduction to Cisco Network Security
Network Security
Network Communications in TCP/IP
Security in TCP/IP
Traffic Filtering on the Cisco IOS
Access Lists
Standard and Extended Access Lists
Reflexive Access Lists
Context-based Access Control
Network Address Translation (NAT)
Private Addresses
Network Address Translation
Static NAT
Traditional or Outbound NAT
Network Address Port Translation (NAPT or PAT)
Considerations
Cisco PIX Firewall
Security Policy Configuration
Securing and Maintaining the PIX
Virtual Private Networks (VPNs)
L2TP
IPSec
Network Troubleshooting
Interoperability with Firewalls and Network Address
Translation Devices
Cisco Authentication, Authorization and Accounting Mechanisms
Authentication
Authorization
Accounting
Intrusion Detection
What Is Intrusion Detection?
Cisco Secure Scanner (NetSonar)
Cisco Secure NetRanger
Cisco Secure Intrusion Detection Software
Network Security Management
Cisco PIX Firewall Manager
CiscoWorks 2000 ACL Manager
Cisco Secure Policy Manager
Cisco Secure Access Control Manager
General Security Configuration Recommendations on Cisco
Remote Login and Passwords
Disable Unused Network Services
Logging and Backups
Traffic Filtering
Physical Access
Keeping Up-to-Date
Summary
FAQs
Index

L'auteur - Jean Parent

Autres livres de Jean Parent

L'auteur - Syngress Media

Syngress Media, Inc. creates books and software for information technology professionals seeking skill enhancement and career advancement. Its products are designed to comply with vendor and industry standard course curricula and are optimized for certification exam preparation

Caractéristiques techniques

  PAPIER
Éditeur(s) Syngress
Auteur(s) Florent Parent, Jean Parent, Syngress Media
Parution 01/11/2000
Nb. de pages 466
Format 18,6 x 23,2
Couverture Broché
Poids 823g
Intérieur Noir et Blanc
EAN13 9781928994176

Avantages Eyrolles.com

Livraison à partir de 0,01 en France métropolitaine
Paiement en ligne SÉCURISÉ
Livraison dans le monde
Retour sous 15 jours
+ d'un million et demi de livres disponibles
satisfait ou remboursé
Satisfait ou remboursé
Paiement sécurisé
modes de paiement
Paiement à l'expédition
partout dans le monde
Livraison partout dans le monde
Service clients sav@commande.eyrolles.com
librairie française
Librairie française depuis 1925
Recevez nos newsletters
Vous serez régulièrement informé(e) de toutes nos actualités.
Inscription