Inside Network Perimeter Security, Second Edition by Stephen Northcutt, Lenny Zeltser, Scott Winters, Karen Kent, Ronald

W. Ritchey

Publisher: Sams Pub Date: March 04, 2005 Print ISBN-10: 0-672-32737-6 Print ISBN-13: 978-0-67232737-7 Pages: 768 Slots: 1.0 Table of Contents Index Copyright About the Authors About the Technical Editors Acknowledgments We Want to Hear from You! Reader Services Preface Introduction Part I: The Essentials of Network Perimeter Security Chapter 1. Perimeter Security Fundamentals Terms of the Trade Defense in Depth Case Study: Defense in Depth in Action Summary Chapter 2. Packet Filtering TCP/IP Primer: How Packet Filtering Works TCP and UDP Ports TCP's Three-way Handshake The Cisco Router as a Packet Filter An Alternative Packet Filter: IPChains The Cisco ACL Effective Uses of Packet-Filtering Devices Egress Filtering Tracking Rejected Traffic Problems with Packet Filters Dynamic Packet Filtering and the Reflexive Access List Summary References Chapter 3. Stateful Firewalls How a Stateful Firewall Works The Concept of State Stateful Filtering and Stateful Inspection Summary References Chapter 4. Proxy Firewalls Fundamentals of Proxying Pros and Cons of Proxy Firewalls Types of Proxies Tools for Proxying Summary

Chapter 5. Security Policy Firewalls Are Policy How to Develop Policy Perimeter Considerations Summary References Part II: Fortifying the Security Perimeter Chapter 6. The Role of a Router The Router as a Perimeter Device The Router as a Security Device Router Hardening Summary Chapter 7. Virtual Private Networks VPN Basics Advantages and Disadvantages of VPNs IPSec Basics Other VPN Protocols: PPTP and L2TP Summary References Chapter 8. Network Intrusion Detection Network Intrusion Detection Basics The Roles of Network IDS in a Perimeter Defense IDS Sensor Placement Case Studies Summary Chapter 9. Host Hardening The Need for Host Hardening Removing or Disabling of Unnecessary Programs Limiting Access to Data and Configuration Files Controlling User and Privileges Maintaining Host Security Logs Applying Patches Additional Hardening Guidelines Summary Chapter 10. Host Defense Components Hosts and the Perimeter Antivirus Software Host-Based Firewalls Host-Based Intrusion Detection Challenges of Host Defense Components Summary References Chapter 11. Intrusion Prevention Systems Rapid Changes in the Marketplace What Is IPS? IPS Limitations NIPS Host-Based Intrusion Prevention Systems Summary Part III: Designing a Secure Network Perimeter Chapter 12. Fundamentals of Secure Perimeter Design Gathering Design Requirements Design Elements for Perimeter Security Summary References Chapter 13. Separating Resources Security Zones Common Design Elements VLAN-Based Separation

Summary References Chapter 14. Wireless Network Security 802.11 Fundamentals Securing Wireless Networks Auditing Wireless Security Case Study: Effective Wireless Architecture Summary References Chapter 15. Software Architecture Software Architecture and Network Defense How Software Architecture Affects Network Defense Software Component Placement Identifying Potential Software Architecture Issues Software Testing Network Defense Design Recommendations Case Study: Customer Feedback System Case Study: Web-Based Online Billing Application Summary References Chapter 16. VPN Integration Secure Shell Secure Sockets Layer Remote Desktop Solutions IPSec Other VPN Considerations VPN Design Case Study Summary References Chapter 17. Tuning the Design for Performance Performance and Security Network Security Design Elements That Impact Performance Impact of Encryption Using Load Balancing to Improve Performance Mitigating the Effects of DoS Attacks Summary References Chapter 18. Sample Designs Review of Security Design Criteria Case Studies Summary Part IV: Maintaining and Monitoring Perimeter Security Chapter 19. Maintaining a Security Perimeter System and Network Monitoring Incident Response Accommodating Change Summary References Chapter 20. Network Log Analysis The Importance of Network Log Files Log Analysis Basics Analyzing Router Logs Analyzing Network Firewall Logs Analyzing Host-Based Firewall and IDS Logs Summary Chapter 21. Troubleshooting Defense Components The Process of Troubleshooting Troubleshooting Rules of Thumb The Troubleshooter's Toolbox

Summary References Chapter 22. Assessment Techniques Roadmap for Assessing the Security of Your Network Planning Reconnaissance Network Service Discovery Vulnerability Discovery Verification of Perimeter Components Remote Access Exploitation Results Analysis and Documentation Summary Chapter 23. Design Under Fire The Hacker Approach to Attacking Networks Adversarial Review GIAC GCFW Student Practical Designs Summary References Chapter 24. A Unified Security Perimeter: The Importance of Defense in Depth Castles: An Example of Defense-in-Depth Architecture Absorbent Perimeters Defense in Depth with Information Summary Part V: Appendixes Appendix A. Cisco Access List Sample Configurations Complete Access List for a Private-Only Network Complete Access List for a Screened Subnet Network That Allows Public Server Internet Access Example of a Router Configuration as Generated by the Cisco Auto Secure Feature Appendix B. Crypto 101 Encryption Algorithms References Index