Index_C
C
caller ID verification, 153
Capacity Management Team, 508
Capacity Planner, 508
CAs (certificate authorities), 148
Catalyst 6000 series switches, 104
CBAC (Context Based Access Control), 187 “189
CBT (computer-based training), 512
CC (Coordination Center), CERT, 395, 449
CCIE (Cisco Certified Internetwork Expert), 502
CDP (Cisco Discovery Protocol), 164, 257
CERT
Coordination Center (CC), 395, 449
security policy recommendations, 391
certificate authorities (CAs), 148
certifications, 502
Certified Information Systems Security Professional (CISSP), 502
chalk-talk session, 509
champions
candidates, 484
finding/ rewarding , 483
change control patch policy, 450 “451
change control process. See also patches/updates
emergency change management, 445 “446
factors in success of, 444 “445
identifying change management team, 428 “432
managing. See change management
monitoring change, 529 “530
overview, 428
planning. See change planning
change control request, 438
change controller, 431 “432, 507
change management
acquiring resources for, 440
communicating the change, 438
implementing the change, 440 “442
renewing change control request, 438
reviewing the change, 443
steps in, 438
verification of results and updating documentation and applications, 442 “443
change management team, 428 “432
change planning
identifying the change that is needed, 432 “433
identifying the scope of change that is needed, 433
planning change, 436 “438
recognizing need for change, 432
risk assessment, 433 “434
steps in, 432
testing changes, 434 “436
Check Point Management Interface (CPMI), 43
CheckPoint firewalls
antivirus protection in, 236
BGP and, 70
encapsulating data in IPsec and, 52 “60
OSPF and, 70
redundancy protection, 66
remote administration, 42 “43, 47
RIP and, 69
SecurePlatform NG with Application Intelligence Build 142, 40
SNMP and, 60 “61
static routes, 68
syslog and, 64
TFTP and, 64
Chief Security Officer (CSO), 507
circuits, 8
CIRT (Computer Incident Response Team)
membership in, 519 “521
mission of, 518 “519
options for building, 519
responsibilities of, 521 “523
CIRT Team Leader, 520
Cisco Aironet 1200
CDP configuration, 257
changing default administrator name and password, 249 “250
DNS service and, 258
MAC address filtering, 259 “261
NTP configuration, 256
SNMP configuration, 255 “256
SSID configuration, 252 “253
WAP configuration, 257 “258
WAP logging, 255
WEP configuration, 264
wireless modes supported, 258
WPA with RADIUS configuration, 270
WPA-PSK configuration, 267 “268
Cisco Catalyst 2950 switch
authentication, 304 “305
port mirroring, 213 “214
Cisco Certified Internetwork Expert (CCIE), 502
Cisco Discovery Protocol (CDP), 164, 257
Cisco IDS
alerts, 99 “102
blocking traffic, 103 “104
logs, 96 “98
NTP configuration, 82
remote access, 81
tuning sensors, 90 “94
user roles, 82
Cisco Monitoring Center for Security, 96
Cisco NetFlow, 334 “335
Cisco SAA (Service Assurance Agent), 334 “335
Cisco Secure ACS
authentication, 291 “292
CiscoSecure group configuration, 290 “291
database group mapping, 288 “290
server configuration, 287 “288, 308 “310
user policy configuration, 288
Cisco Secure PIX Firewall
accounting, 301 “302
authentication, 292 “295
authorization, 297 “300
blocking traffic with, 103 “104
configuration management alerts, 332
IPsec and, 51 “52, 344
NTP and, 62
OSPF and, 70
redundancy protection, 65 “66
remote administration, 42, 45 “46
RIP and, 69
SNMP and, 60
static routes, 67
syslog and, 63
TFTP and, 64
version 6.3, 40
Websense working with, 222 “223
Cisco Security Monitor, 96 “97
Cisco VPN 3005
assigning filtering rules to interfaces, 127 “128
authentication and authorization, 121 “123
digital certificates, 150
disabling management protocols, 110 “111
disabling unnecessary IKE proposals, 125 “126
disabling unnecessary security associations, 125
disabling unnecessary tunneling protocols, 123 “124
IPsec-based VPNs, 135
overview, 106
routing protocols, 131
VRRP (Virtual Router Redundancy Protocol) and, 129 “130
CiscoWorks, 314, 453
CISSP (Certified Information Systems Security Professional), 502
clients . See also wireless clients
802.1x networks, 303
client-based Internet content filters, 207
ISAKMP client mode, 141
Nessus, 413 “415
VPN, 150 “151
Windows XP, 308
commands accounting, 301
commands authorization, 296
communication
change management and, 439
incident response and, 526, 532
with management, 485 “486
methods , 481 “482
with users, 481 “483
community strings, SNMP, 60 “61
compressed files, 226
computer-based training (CBT), 512
conferences, as training resource, 512
configuration autoloading, 168
configuration management, 330 “333
creating standards, 330 “331
documentation, 331
implementing standards, 331
overview, 330
reviewing standards, 333
validation and auditing, 331 “332
connectivity
Internet access module and, 354
remote access and, 7
testing in change management, 441
VPN connections, 106 “108
content filters
configuring in Internet access module, 360
content filtering/Internet policy, 34
e-mail. See e-mail content filters
Internet. See Internet content filters
overview, 206
where and how performed, 6
Context Based Access Control (CBAC), 187 “189
contractors, to augment staff, 501
Coordination Center (CC), CERT, 395, 449
core dumps, 175
core module, enterprise campus, 378
core team members , CIRT, 519
cost justification. See also security cost justification
assigning value to assets and information, 490 “491
training, 511
value proposition and, 487
CPMI (Check Point Management Interface), 43
critical resources, 86
critical segments, 8
cross-training, 510
CSO (Chief Security Officer), 507
Hardening Network Infrastructure. Bulletproof Your Systems Before You Are Hacked.
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2004
Pages: 125
Pages: 125