Network Security Fundamentals [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Network Security Fundamentals [Electronic resources] - نسخه متنی

Gert De Laet, Gert Schauwers

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Acknowledgments

Icons Used in This Book

Command Syntax Conventions

Foreword

Introduction

Part I. Introduction

Chapter 1. Network Security Overview

Defining Trust

Weaknesses and Vulnerabilities

Responsibilities for Network Security

Security Objectives

Conclusion

Q&A

Chapter 2. Understanding VulnerabilitiesThe Need for Security

Risk and Vulnerability

TCP/IP Suite Weaknesses

Buffer Overflows

Spoofing Techniques

Social Engineering

Conclusion

Q&A

Chapter 3. Understanding Defenses

Digital IDs

Intrusion Detection System

PC CardBased Solutions

Physical Security

Encrypted Login

Firewalls

Reusable Passwords

Antivirus Software

Encrypted Files

Biometrics

Conclusion

Q&A

Part II. Building Blocks

Chapter 4. Cryptography

Cryptography versus Cryptanalysis

Modern-Day Techniques

Conclusion

Q&A

Chapter 5. Security Policies

Defining a Security Policy?

Importance of a Security Policy

Development Process

Incident Handling Process

Security Wheel

Sample Security Policy

Conclusion

Q&A

Chapter 6. Secure Design

Network DesignPrinciples

Network DesignMethodology

Return on Investment

Physical Security Issues

Switches and Hubs

Conclusion

Q&A

Part III. Tools and Techniques

Chapter 7. Web Security

Hardening

Case Study

Conclusion

Q&A

Chapter 8. Router Security

Basic Router Security

Router Security to Protect the Network

CBAC

Case Study

Conclusion

Q&A

References in This Chapter

Chapter 9. Firewalls

Firewall Basics

Different Types of Firewalls

Enhancements for Firewalls

Case Study: Placing Filtering Routers and Firewalls

Summary

Q&A

Chapter 10. Intrusion Detection System Concepts

Introduction to Intrusion Detection

Host-Based IDSs

Network-Based IDSs

IDS Management CommunicationsMonitoring the Network

Sensor Maintenance

Case Study: Deployment of IDS Sensors in the Organization and Their Typical Placement

Conclusion

Q&A

Chapter 11. Remote Access

AAA Model

AAA Servers

Lock-and-Key Feature

Two-Factor Identification

Case Study: Configuring Secure Remote Access

Summary

Q&A

Chapter 12. Virtual Private Networks

Generic Routing Encapsulation Tunnels

IP Security

VPNs with IPSec

Case Study: Remote Access VPN

Conclusion

Q&A

Chapter 13. Public Key Infrastructure

Public Key Distribution

Trusted Third Party

PKI Topology

Enrollment Procedure

Revocation Procedure

Case Study: Creating Your Own CA

Conclusion

Q&A

Chapter 14. Wireless Security

Different WLAN Configurations

What Is a WLAN?

How Wireless Works

Risks of Open Wireless Ports

War-Driving and War-Chalking

SAFE WLAN Design Techniques and Considerations

Case Study: Adding Wireless Solutions to a Secure Network

Conclusion

Q&A

Chapter 15. Logging and Auditing

Logging

SYSLOG

Simple Network Management Protocol

Remote Monitoring

Service Assurance Agent

Case Study

Conclusion

Q&A

Part IV. Appendixes

Appendix A. SAFE Blueprint

Introduction to the SAFE Blueprint

SAFE Blueprint: Overview of the Architecture

Summary

References in This Appendix

Appendix B. SANS Policies

SANS Overview

SANS Initiatives and Programs

Security Policy Project

Is It a Policy, a Standard, or a Guideline?

References in This Appendix

Appendix C. NSA Guidelines

Security Guides

References in This Appendix

Appendix D. Answers to Chapter Q&A

Chapter 1 Q&A

Chapter 2 Q&A

Chapter 3 Q&A

Chapter 4 Q&A

Chapter 5 Q&A

Chapter 6 Q&A

Chapter 7 Q&A

Chapter 8 Q&A

Chapter 9 Q&A

Chapter 10 Q&A

Chapter 11 Q&A

Chapter 12 Q&A

Chapter 13 Q&A

Chapter 14 Q&A

Chapter 15 Q&A

Bibliography

Books

Website References

Index
توضیحات
افزودن یادداشت جدید

VPNs with IPSec


As you noticed in the previous discussion, IPSec can use a robust set of protocols and processes. You can use them without knowing much about the protocols, but good practice dictates some preparation steps that need to be taken care of before you can effectively configure a device with IPSec. These steps can be organized as follows:


Step 1.

Establish an IKE policy
This policy must be identical on both sides of the VPN. The following elements go into an IKE policy:

-

Key distribution method
Manual or certificate authority. This is explained in more detail in Chapter 13.

-

Authentication method
This is mainly determined by the key distribution method you have selected. Manual distribution uses preshared keys, whereas certificate authority distribution uses RSA encrypted nonces or RSA signatures.

-

IP address or hostnames of peers

Step 2.

Establish an IPSec policy
Only certain traffic has to go through the IPSec tunnel. Of course, you can decide to send all traffic between peers through that tunnel, but there is a significant performance penalty when using IPSec. It is better to be selective. As in step 1, both peers need to have the same IPSec policies. The following information is needed for an IPSec policy:

-

IPSec protocol
AH and/or ESP

-

Authentication
MD5 or SHA-1

-

Encryption
DES, 3DES, or AES

-

Transform set
One of the transform sets available in Table 12-1

-

Identify traffic
Identification of traffic to be sent through the tunnel; specify the protocol, source, destination, and port

-

SA establishment

Step 3.

Examine the configuration as it is at this stage
Check your devices to avoid conflicts with existing settings on one of the devices.

Step 4.

Test the network before IPSec
Check whether you can ping the peers that are going to participate in IPSec. If you cannot ping them, you must fix this before you can configure IPSec.

Step 5.

Permit IPSec ports and protocols
If there are access lists enabled on the devices along the path of the VPN, make sure that those devices permit the IPSec traffic.


NOTE

If you use access lists, it might be interesting to know that when AH and ESP are used together, the IP protocol number is that of AH.

After completing these steps, you can begin the configuration process. You can think of configuring IPSec as the following five-step process:


Step 1.

Interesting traffic initiates the setup of an IPSec tunnel.

Step 2.

IKE Phase 1 authenticates peers and establishes a secure tunnel for IPSec negotiation.

Step 3.

IKE Phase 2 completes the IPSec negotiation and establishes the tunnel.

Step 4.

Secure VPN communication can occur.

Step 5.

When there is no traffic to use IPSec, the tunnel is torn down, either explicitly or because the security association (SA) timed out.



/ 196