Network Security Fundamentals [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Network Security Fundamentals [Electronic resources] - نسخه متنی

Gert De Laet, Gert Schauwers

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Acknowledgments

Icons Used in This Book

Command Syntax Conventions

Foreword

Introduction

Part I. Introduction

Chapter 1. Network Security Overview

Defining Trust

Weaknesses and Vulnerabilities

Responsibilities for Network Security

Security Objectives

Conclusion

Q&A

Chapter 2. Understanding VulnerabilitiesThe Need for Security

Risk and Vulnerability

TCP/IP Suite Weaknesses

Buffer Overflows

Spoofing Techniques

Social Engineering

Conclusion

Q&A

Chapter 3. Understanding Defenses

Digital IDs

Intrusion Detection System

PC CardBased Solutions

Physical Security

Encrypted Login

Firewalls

Reusable Passwords

Antivirus Software

Encrypted Files

Biometrics

Conclusion

Q&A

Part II. Building Blocks

Chapter 4. Cryptography

Cryptography versus Cryptanalysis

Modern-Day Techniques

Conclusion

Q&A

Chapter 5. Security Policies

Defining a Security Policy?

Importance of a Security Policy

Development Process

Incident Handling Process

Security Wheel

Sample Security Policy

Conclusion

Q&A

Chapter 6. Secure Design

Network DesignPrinciples

Network DesignMethodology

Return on Investment

Physical Security Issues

Switches and Hubs

Conclusion

Q&A

Part III. Tools and Techniques

Chapter 7. Web Security

Hardening

Case Study

Conclusion

Q&A

Chapter 8. Router Security

Basic Router Security

Router Security to Protect the Network

CBAC

Case Study

Conclusion

Q&A

References in This Chapter

Chapter 9. Firewalls

Firewall Basics

Different Types of Firewalls

Enhancements for Firewalls

Case Study: Placing Filtering Routers and Firewalls

Summary

Q&A

Chapter 10. Intrusion Detection System Concepts

Introduction to Intrusion Detection

Host-Based IDSs

Network-Based IDSs

IDS Management CommunicationsMonitoring the Network

Sensor Maintenance

Case Study: Deployment of IDS Sensors in the Organization and Their Typical Placement

Conclusion

Q&A

Chapter 11. Remote Access

AAA Model

AAA Servers

Lock-and-Key Feature

Two-Factor Identification

Case Study: Configuring Secure Remote Access

Summary

Q&A

Chapter 12. Virtual Private Networks

Generic Routing Encapsulation Tunnels

IP Security

VPNs with IPSec

Case Study: Remote Access VPN

Conclusion

Q&A

Chapter 13. Public Key Infrastructure

Public Key Distribution

Trusted Third Party

PKI Topology

Enrollment Procedure

Revocation Procedure

Case Study: Creating Your Own CA

Conclusion

Q&A

Chapter 14. Wireless Security

Different WLAN Configurations

What Is a WLAN?

How Wireless Works

Risks of Open Wireless Ports

War-Driving and War-Chalking

SAFE WLAN Design Techniques and Considerations

Case Study: Adding Wireless Solutions to a Secure Network

Conclusion

Q&A

Chapter 15. Logging and Auditing

Logging

SYSLOG

Simple Network Management Protocol

Remote Monitoring

Service Assurance Agent

Case Study

Conclusion

Q&A

Part IV. Appendixes

Appendix A. SAFE Blueprint

Introduction to the SAFE Blueprint

SAFE Blueprint: Overview of the Architecture

Summary

References in This Appendix

Appendix B. SANS Policies

SANS Overview

SANS Initiatives and Programs

Security Policy Project

Is It a Policy, a Standard, or a Guideline?

References in This Appendix

Appendix C. NSA Guidelines

Security Guides

References in This Appendix

Appendix D. Answers to Chapter Q&A

Chapter 1 Q&A

Chapter 2 Q&A

Chapter 3 Q&A

Chapter 4 Q&A

Chapter 5 Q&A

Chapter 6 Q&A

Chapter 7 Q&A

Chapter 8 Q&A

Chapter 9 Q&A

Chapter 10 Q&A

Chapter 11 Q&A

Chapter 12 Q&A

Chapter 13 Q&A

Chapter 14 Q&A

Chapter 15 Q&A

Bibliography

Books

Website References

Index
توضیحات
افزودن یادداشت جدید

Index

[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[Q]
[R]
[S]
[T]
[U]
[V]
[W]
[X]
[Z]

AAA (authentication, authorization, and accounting)

AAA model

accounting 2nd

authentication 2nd

authorization

configuration of CiscoSecure ACS 2nd

secuirty servers

RADIUS 2nd

securing network with AAA server

security servers 2nd

Kerberos 2nd

TACACS+ versus RADIUS

aaa new-model command

AAA services

acceptable use policy

security policy coverage of

access control

based on a PC's IP addresses

DAC model, attributes of

restricing access to a website

routers

administrative access

Access Control Entries (ACE)

access lists

dynamic

PIX Firewall

SNMP managers using community string

access lists, router 2nd

applied to an interface, configuring direction of the data flow

assigning to router interface

enhanced 2nd

dynamic access lists

time-based access lists

extended

reflexive access lists

extended access lists

extended numbered access list 2nd

identification numbers and types

named

commands

numbered access list commands

permissions, example of

permitting IPSec traffic on VPNs

standard numbered IP access lists, additional keywords

access points (APs) 2nd

beacon messages, SSID in

placement and configuration of 2nd

SAFE design recommendations

wireless clients communicating without

zone coverage area and

access-enable command

access-enable command

issued for user in a dynamic access list

access-list filters on routers, vulnerability of

accounting 2nd 3rd 4th

important function records

TACACS+

accounts

renaming critical accounts

ACK (Acknowledgment field), TCP headers

Acknowledgment number, TCP

ACS (Access Control Server)

configuration of 2nd

download site, trial copies

RADIUS authentication setup

active responses to attacks, network IDS

active scanning for wireless stations or access points

adaptive protocols, checking

Adaptive Security Algorithm (ASA)

Address Resolution Protocol (ARP)

spoofing

address space of program code, making nonexecutable

addresses

protocol, obtained by router for neighboring devices and platforms

administative personnel

access to routers

administration

VPN manager functions

Advanced Services for Network Security (ASNS)

AES (Advanced Encryption Standard)

AES algorithm

agents, SNMP

defining relationship with manager

AH (authentication header) protocol

establishing use of in IPSec policy

identified in IPSec transform sets

identifying for IKE Phase 2

transport mode

tunnel mode

Airsnort program

Aladdin eToken

alarms and events (RMON), monitoring traffic with

alarms, IDS

analyzing for IDS tuning

monitoring and tuning

network IDS

notification and reporting features

routers configured for network IDS

alerts and audit trails, generated by CBAC

algorithms

asymmetric key algorithms 2nd

Diffie-Hellman

PGP

RSA

definition of

hashing

SSL and TLS

symmetric key algorithms 2nd

AES

DES

Triple DES (3DES)

allow all model (security plan)

allowed and disallowed behavior, defining

analysis tools (network traffic analysis)

Annualized Rate of Occurrence (ARO)

anomaly-based IDSs

anonymous access

antireplay protection

antivirus software 2nd

application layer

data-driven attacks

application layer, OSI model

Kerberos authentication service

SNMP on

application-layer protocols, CBAC inspection of 2nd

example of

APs
[See access points]

ARO (Annualized Rate of Occurrence)

ARP (Address Resolution Protocol)

spoofing

ASA (Adaptive Security Algorithm)

PIX Firewall data flow

ASNS (Advanced Services for Network Security)

asymmetric key algorithms 2nd

Diffie-Hellman

PGP

RSA

asymmetric key encryption 2nd

attacks

broadcast, configuring router to prevent

buffer overflow

connection hijacking (TCP)

connection-killing (TCP/IP)

denial-of-service (DoS)

stopping with stateful firewall

denial-of-service attacks, using IP spoofing

deriving WEP key stream with protocol analyzer

email

ICMP packets, using to export confidential information

in cryptoanalysis[attacks:cryptoanalysis]

IP fragment attacks

network IDS responses to

prevented by policy-based IDS

rebuffed by network IDS (example)

SYN-flooding, prevention by CBAC

TCP SYN flood attacks

auditing

audit trails generated by CBAC

case study 2nd

education on
[See SANS Institute]

monitoring traffic with RMON and SNMP

network auditing in design process

SAA (Service Assurance Agent), using

SNMP
[See SNMP[auditing:SNMP]]

authenticated users

potential threats posed by

authentication 2nd 3rd 4th 5th [See also hash algorithms]

802.1X framework and EAP protocol

alternatives to reusable passwords

configuring for website access 2nd

encapsulating security payload
[See ESP protocol]

hardware keys, using

HMAC, used with IPSec

IPSec, identifying method for IKE Phase 1

Kerberos 2nd 3rd

open, for wireless networks

peer authentication methods on VPNs 2nd

PKI users

RADIUS

ACS setup for

attribute pairs (AV pairs)

summary of

shared key authentication, wireless networks

TACACS+ 2nd

TACAS+

token-based systems

user authentication method, selecting for VPN

WEP protocol

wireless station, using WEP

WLANs, stations and clients

authentication header protocol
[See AH protocol]

authentication policy

authentication, authorization, and accounting
[See AAA services] [See AAA]

authority and scope, statement of (security policy)

authorization 2nd 3rd

TACACS+

autocommand

automating signature updates for IDSs

AV pairs, RADIUS authentication

availability of data and resources

/ 196