Network Security Architectures (Hardcover)

Sean Convery

  • 出版商: Cisco Press
  • 出版日期: 2004-04-29
  • 售價: $2,510
  • 貴賓價: 9.5$2,385
  • 語言: 英文
  • 頁數: 792
  • 裝訂: Hardcover
  • ISBN: 158705115X
  • ISBN-13: 9781587051159
  • 相關分類: 資訊安全
  • 已絕版

買這商品的人也買了...

相關主題

商品描述

Expert guidance on designing secure networks

  • Understand security best practices and how to take advantage of the networking gear you already have
  • Review designs for campus, edge, and teleworker networks of varying sizes
  • Learn design considerations for device hardening, Layer 2 and Layer 3 security issues, denial of service, IPsec VPNs, and network identity
  • Understand security design considerations for common applications such as DNS, mail, and web
  • Identify the key security roles and placement issues for network security elements such as firewalls, intrusion detection systems, VPN gateways, content filtering, as well as for traditional network infrastructure devices such as routers and switches
  • Learn 10 critical steps to designing a security system for your network
  • Examine secure network management designs that allow your management communications to be secure while still maintaining maximum utility
  • Try your hand at security design with three included case studies
  • Benefit from the experience of the principle architect of the original Cisco Systems SAFE Security Blueprint

Written by the principle architect of the original Cisco Systems SAFE Security Blueprint, Network Security Architectures is your comprehensive how-to guide to designing and implementing a secure network. Whether your background is security or networking, you can use this book to learn how to bridge the gap between a highly available, efficient network and one that strives to maximize security. The included secure network design techniques focus on making network and security technologies work together as a unified system rather than as isolated systems deployed in an ad-hoc way.

Beginning where other security books leave off, Network Security Architectures shows you how the various technologies that make up a security system can be used together to improve your network's security. The technologies and best practices you'll find within are not restricted to a single vendor but broadly apply to virtually any network system. This book discusses the whys and hows of security, from threats and counter measures to how to set up your security policy to mesh with your network architecture. After learning detailed security best practices covering everything from Layer 2 security to e-commerce design, you'll see how to apply the best practices to your network and learn to design your own security system to incorporate the requirements of your security policy. You'll review detailed designs that deal with today's threats through applying defense-in-depth techniques and work through case studies to find out how to modify the designs to address the unique considerations found in your network.

Whether you are a network or security engineer, Network Security Architectures will become your primary reference for designing and building a secure network.

This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Table of Contents

Foreword.
Preface.

I. NETWORK SECURITY FOUNDATIONS.

1. Network Security Axioms.

Network Security Is a System. Business Priorities Must Come First. Network Security Promotes Good Network Design. Everything Is a Target. Everything Is a Weapon. Strive for Operational Simplicity. Good Network Security Is Predictable. Avoid Security Through Obscurity. Confidentiality and Security Are Not the Same. Summary. Reference. Applied Knowledge Questions.

2. Security Policy and Operations Life Cycle.

You Can't Buy Network Security. What Is a Security Policy? Security System Development and Operations Overview. Summary. References. Applied Knowledge Questions.

3. Secure Networking Threats.

The Attack Process. Attacker Types. Vulnerability Types. Attack Results. Attack Taxonomy. Summary. References. Applied Knowledge Questions.

4. Network Security Technologies.

The Difficulties of Secure Networking. Security Technologies. Emerging Security Technologies. Summary. References. Applied Knowledge Questions.

II. DESIGNING SECURE NETWORKS.

5. Device Hardening.

Components of a Hardening Strategy. Network Devices. Host Operating Systems. Applications. Appliance-Based Network Services. Rogue Device Detection. Summary. References. Applied Knowledge Questions.

6. General Design Considerations.

Physical Security Issues. Layer 2 Security Considerations. IP Addressing Design Considerations. ICMP Design Considerations. Routing Considerations. Transport Protocol Design Considerations. DoS Design Considerations. Summary. References. Applied Knowledge Questions.

7. Network Security Platform Options and Best Deployment Practices.

Network Security Platform Options. Network Security Device Best Practices. Summary. Reference. Applied Knowledge Questions.

8. Common Application Design Considerations.

E-Mail. DNS. HTTP/HTTPS. FTP. Instant Messaging. Application Evaluation. Summary. References. Applied Knowledge Questions.

9. Identity Design Considerations.

Basic Foundation Identity Concepts. Types of Identity. Factors in Identity. Role of Identity in Secure Networking. Identity Technology Guidelines. Identity Deployment Recommendations. Summary. References. Applied Knowledge Questions.

10. IPsec VPN Design Considerations.

VPN Basics. Types of IPsec VPNs. IPsec Modes of Operation and Security Options. Topology Considerations. Design Considerations. Site-to-Site Deployment Examples. IPsec Outsourcing. Summary. References. Applied Knowledge Questions.

11. Supporting-Technology Design Considerations.

Content. Load Balancing. Wireless LANs. IP Telephony. Summary. References. Applied Knowledge Questions.

12. Designing Your Security System.

Network Design Refresher. Security System Concepts. Impact of Network Security on the Entire Design. Ten Steps to Designing Your Security System. Summary. Applied Knowledge Questions.

III. SECURE NETWORK DESIGNS.

13. Edge Security Design.

What Is the Edge? Expected Threats. Threat Mitigation. Identity Considerations. Network Design Considerations. Small Network Edge Security Design. Medium Network Edge Security Design. High-End Resilient Edge Security Design. Provisions for E-Commerce and Extranet Design. Summary. References. Applied Knowledge Questions.

14. Campus Security Design.

What Is the Campus? Campus Trust Model. Expected Threats. Threat Mitigation. Identity Considerations. Network Design Considerations. Small Network Campus Security Design. Medium Network Campus Security Design. High-End Resilient Campus Security Design. Summary. References. Applied Knowledge Questions.

15. Teleworker Security Design.

Defining the Teleworker Environment. Expected Threats. Threat Mitigation. Identity Considerations. Network Design Considerations. Software-Based Teleworker Design. Hardware-Based Teleworker Design. Design Evaluations. Summary. Reference. Applied Knowledge Questions.

IV. NETWORK MANAGEMENT, CASE STUDIES, AND CONCLUSIONS.

16. Secure Network Management and Network Security Management.

Utopian Management Goals. Organizational Realities. Protocol Capabilities. Tool Capabilities. Secure Management Design Options. Network Security Management Best Practices. Summary. References. Applied Knowledge Questions.

17. Case Studies.

Introduction. Real-World Applicability. Organization. NetGamesRUs.com. University of Insecurity. Black Helicopter Research Limited. Summary. Reference. Applied Knowledge Questions.

18. Conclusions.

Introduction. Management Problems Will Continue. Security Will Become Computationally Less Expensive. Homogeneous and Heterogeneous Networks. Legislation Should Garner Serious Consideration. IP Version 6 Changes Things. Network Security Is a System. Summary. References.

Appendix A: Glossary of Terms.
Appendix B: Answers to Applied Knowledge Questions.

Chapters 1-16.

Appendix C: Sample Security Policies.
Index.