Network Security Architectures


book cover
Network Security Architectures
By Sean Convery
...............................................
Publisher: Cisco Press
Pub Date: April 19, 2004
Print ISBN: 158705115X
Pages: 792
 



Table of Contents  | Index
overview

Expert guidance on designing secure networks

  • Understand security best practices and how to take advantage of the networking gear you already have

  • Review designs for campus, edge, and teleworker networks of varying sizes

  • Learn design considerations for device hardening, Layer 2 and Layer 3 security issues, denial of service, IPsec VPNs, and network identity

  • Understand security design considerations for common applications such as DNS, mail, and web

  • Identify the key security roles and placement issues for network security elements such as firewalls, intrusion detection systems, VPN gateways, content filtering, as well as for traditional network infrastructure devices such as routers and switches

  • Learn 10 critical steps to designing a security system for your network

  • Examine secure network management designs that allow your management communications to be secure while still maintaining maximum utility

  • Try your hand at security design with three included case studies

  • Benefit from the experience of the principal architect of the original Cisco Systems SAFE Security Blueprint

Written by the principal architect of the original Cisco Systems SAFE Security Blueprint, Network Security Architectures is your comprehensive how-to guide to designing and implementing a secure network. Whether your background is security or networking, you can use this book to learn how to bridge the gap between a highly available, efficient network and one that strives to maximize security. The included secure network design techniques focus on making network and security technologies work together as a unified system rather than as isolated systems deployed in an ad-hoc way.

Beginning where other security books leave off, Network Security Architectures shows you how the various technologies that make up a security system can be used together to improve your network's security. The technologies and best practices you'll find within are not restricted to a single vendor but broadly apply to virtually any network system. This book discusses the whys and hows of security, from threats and counter measures to how to set up your security policy to mesh with your network architecture. After learning detailed security best practices covering everything from Layer 2 security to e-commerce design, you'll see how to apply the best practices to your network and learn to design your own security system to incorporate the requirements of your security policy. You'll review detailed designs that deal with today's threats through applying defense-in-depth techniques and work through case studies to find out how to modify the designs to address the unique considerations found in your network.

Whether you are a network or security engineer, Network Security Architectures will become your primary reference for designing and building a secure network.

This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.



book cover
Network Security Architectures
By Sean Convery
...............................................
Publisher: Cisco Press
Pub Date: April 19, 2004
Print ISBN: 158705115X
Pages: 792
 



Table of Contents  | Index

   Copyright
   About the Author
      About the Technical Reviewers
   Acknowledgments
   A Note from Cisco Systems on the SAFE Blueprint and Network Security Architectures
   Icons Used in This Book
   Command Syntax Conventions
   Foreword
   Preface
      This Book's Relationship to the SAFE White Papers
      Why Network Security?
      New Technologies, New Vulnerabilities
      How This Book Is Organized
      Who Should Read This Book?
      Caveats
      Summary
   Part I.  Network Security Foundations
      Chapter 1.  Network Security Axioms
      Network Security Is a System
      Business Priorities Must Come First
      Network Security Promotes Good Network Design
      Everything Is a Target
      Everything Is a Weapon
      Strive for Operational Simplicity
      Good Network Security Is Predictable
      Avoid Security Through Obscurity
      Confidentiality and Security Are Not the Same
      Summary
      Reference
      Applied Knowledge Questions
      Chapter 2.  Security Policy and Operations Life Cycle
      You Can't Buy Network Security
      What Is a Security Policy?
      Security System Development and Operations Overview
      Summary
      References
      Applied Knowledge Questions
      Chapter 3.  Secure Networking Threats
      The Attack Process
      Attacker Types
      Vulnerability Types
      Attack Results
      Attack Taxonomy
      Summary
      References
      Applied Knowledge Questions
      Chapter 4.  Network Security Technologies
      The Difficulties of Secure Networking
      Security Technologies
      Emerging Security Technologies
      Summary
      References
      Applied Knowledge Questions
   Part II.  Designing Secure Networks
      Chapter 5.  Device Hardening
      Components of a Hardening Strategy
      Network Devices
      NIDS
      Host Operating Systems
      Applications
      Appliance-Based Network Services
      Rogue Device Detection
      Summary
      References
      Applied Knowledge Questions
      Chapter 6.  General Design Considerations
      Physical Security Issues
      Layer 2 Security Considerations
      IP Addressing Design Considerations
      ICMP Design Considerations
      Routing Considerations
      Transport Protocol Design Considerations
      DoS Design Considerations
      Summary
      References
      Applied Knowledge Questions
      Chapter 7.  Network Security Platform Options and Best Deployment Practices
      Network Security Platform Options
      Network Security Device Best Practices
      Summary
      Reference
      Applied Knowledge Questions
      Chapter 8.  Common Application Design Considerations
      E-Mail
      DNS
      HTTP/HTTPS
      FTP
      Instant Messaging
      Application Evaluation
      Summary
      References
      Applied Knowledge Questions
      Chapter 9.  Identity Design Considerations
      Basic Foundation Identity Concepts
      Types of Identity
      Factors in Identity
      Role of Identity in Secure Networking
      Identity Technology Guidelines
      Identity Deployment Recommendations
      Summary
      References
      Applied Knowledge Questions
      Chapter 10.  IPsec VPN Design Considerations
      VPN Basics
      Types of IPsec VPNs
      IPsec Modes of Operation and Security Options
      Topology Considerations
      Design Considerations
      Site-to-Site Deployment Examples
      IPsec Outsourcing
      Summary
      References
      Applied Knowledge Questions
      Chapter 11.  Supporting-Technology Design Considerations
      Content
      Load Balancing
      Wireless LANs
      IP Telephony
      Summary
      References
      Applied Knowledge Questions
      Chapter 12.  Designing Your Security System
      Network Design Refresher
      Security System Concepts
      Impact of Network Security on the Entire Design
      Ten Steps to Designing Your Security System
      Summary
      Applied Knowledge Questions
   Part III.  Secure Network Designs
      Chapter 13.  Edge Security Design
      What Is the Edge?
      Expected Threats
      Threat Mitigation
      Identity Considerations
      Network Design Considerations
      Small Network Edge Security Design
      Medium Network Edge Security Design
      High-End Resilient Edge Security Design
      Provisions for E-Commerce and Extranet Design
      Summary
      References
      Applied Knowledge Questions
      Chapter 14.  Campus Security Design
      What Is the Campus?
      Campus Trust Model
      Expected Threats
      Threat Mitigation
      Identity Considerations
      Network Design Considerations
      Small Network Campus Security Design
      Medium Network Campus Security Design
      High-End Resilient Campus Security Design
      Summary
      References
      Applied Knowledge Questions
      Chapter 15.  Teleworker Security Design
      Defining the Teleworker Environment
      Expected Threats
      Threat Mitigation
      Identity Considerations
      Network Design Considerations
      Software-Based Teleworker Design
      Hardware-Based Teleworker Design
      Design Evaluations
      Summary
      Reference
      Applied Knowledge Questions
   Part IV.  Network Management, Case Studies, and Conclusions
      Chapter 16.  Secure Network Management and Network Security Management
      Utopian Management Goals
      Organizational Realities
      Protocol Capabilities
      Tool Capabilities
      Secure Management Design Options
      Network Security Management Best Practices
      Summary
      References
      Applied Knowledge Questions
      Chapter 17.  Case Studies
      Introduction
      Real-World Applicability
      Organization
      NetGamesRUs.com
      University of Insecurity
      Black Helicopter Research Limited
      Summary
      Reference
      Applied Knowledge Questions
      Chapter 18.  Conclusions
      Introduction
      Management Problems Will Continue
      Security Will Become Computationally Less Expensive
      Homogeneous and Heterogeneous Networks
      Legislation Should Garner Serious Consideration
      IP Version 6 Changes Things
      Network Security Is a System
      Summary
      References
      Appendix A.  Glossary of Terms
      Appendix B.  Answers to Applied Knowledge Questions
      Chapter 1
      Chapter 2
      Chapter 3
      Chapter 4
      Chapter 5
      Chapter 6
      Chapter 7
      Chapter 8
      Chapter 9
      Chapter 10
      Chapter 11
      Chapter 12
      Chapter 13
      Chapter 14
      Chapter 15
      Chapter 16
      Appendix C.  Sample Security Policies
      INFOSEC Acceptable Use Policy
      Password Policy
      Guidelines on Antivirus Process
   Index