Network Security Fundamentals [Electronic resources] نسخه متنی

Introduction

The past couple of years have witnessed a dramatic increase in the attention paid to computer network security in both corporate and government institutions. The Internet has fundamentally changed the way organizations conduct business. Reliance on access to network resources has never been greater. This, in turn, makes the impact of network downtime increasingly devastating. The findings of multiple computer crime and security surveys confirm that the threat of computer crime and other information security breaches continues unabated and that the financial toll is mounting.

Companies have long struggled with threats from the hacking community. Add to that recent political acts targeting western business interests and the recent focus on cyber-security (which puts the responsibility on the end user), and it is easy to see why the percentage of IT budgets spent on security continues to rise.

Keeping pace with the rapid security technology evolution and the growing complexity of threats is a challenge, even in the best of times. New security solutions are continually being rolled out as many companies struggle to cut costs and make sure new solutions are deployed with fewer support personnel. This increased focus on security has sent IT managers and personnel scrambling to acquire the proper expertise to implement complex, multilayered solutions. Often, managers making decisions on technology investments have trouble understanding the scope and depth of both the problems and the solutions. Meanwhile, the administrators and engineers implementing the solutions are often overworked and underskilled. New research from Gartner indicates that most information technology security breaches take advantage of known, patchable flaws that exist because of poor enterprise security practices and lack of investment in system protection. Gartner projects that through 2005, 90 percent of attacks will exploit known security flaws for which a patch is available. Gartner places the blame primarily on poor security practices and IT departments that are overworked and lacking in trained security professionals.

The purpose of

Network Security Fundamentals is to explain each part of an end-to-end network security architecture, showing how each piece of the puzzle fits together. The book provides an introduction to the key tools and techniques essential for securing a network of any size. This book answers the need for an easy-to-understand manual for managers seeking the knowledge to make important business decisions. At the same time, the book supplies the network administrator or engineer who is new to the field with a solid introduction to how the technologies can be deployed.

Goals of This Book

Network Security Fundamentals introduces the topic of network security in an easy-to-understand and comprehensive manner. The book is designed to provide a fundamental understanding of the various components of network security architecture and to show readers how each component can be implemented to maximum effect. The main strength of this book is that it consolidates a large amount of information into a single place and makes it easy to understand by keeping the material at an introductory level. The book is written for those IT professionals who have some networking background but are new to the security field. It is also appropriate for IT managers who are seeking an overview of key network security technologies to understand what current technologies are capable of and which components are appropriate for their environment.

As introductory material to network security, this book is both comprehensive and easy to understand. Straightforward language is used to introduce topics and to show what the various devices do and how they work. A series of case studies illuminates concepts and shows the reader how the concepts can be applied to solve real-world problems. Most IT departments do not have network security experts, and this book enables the staff of these departments to better understand what resources they need and how to deploy them.

Who Should Read This Book?

Network Security Fundamentals serves two primary audiences. The first is network or systems administrators, network engineers, network designers, and other network support personnel who are new to the field of network security. These people are either responsible for implementing network security defenses on networks of any size or are interested in enhancing their expertise to include network security know-how. The second audience includes IT managers who are responsible for making product and strategy decisions. These individuals need a broad overview of general network security topics. In many cases, these networking professionals know about some but not all aspects of security at a very basic level. Another audience is students and other professionals seeking to enter the IT market who want to expand their knowledge base and explore the burgeoning field of network security.

Organization of This Book

Network Security Fundamentals is divided into four parts.

Part I covers the basics. It is an introductory section that covers terms and concepts and introduces the foundations of a solid security structure. Weaknesses and vulnerabilities are discussed, along with an overview of the traditional defenses used to thwart attacks.

Part II examines two components of security, cryptography and security policies. One or the other (often both) is needed to build a secure system. A short chapter covering the nuances of secure network design is also included in this section.

Part III looks at the various security components. Separate chapters cover web security, router security, firewalls, intrusion detection systems (IDSs), remote access security, virtual private networks (VPNs), Public Key Infrastructure (PKI), wireless security, and logging and auditing. Each chapter in this section is a self-contained tutorial, allowing readers to skip around to those topics of greatest interest or primary concern. Some chapters contain case studies that illustrate concepts in a real-world situation. The case study is an ongoing, cumulative examination of Company XYZ. Each chapter ends with a Q&A section to help you assess how well you mastered the topics covered in the chapter.

Part IV includes several appendixes for reference, including an overview of the Cisco SAFE blueprint, NSA guidelines, SANS policies, an answer key to the Q&A sections within each chapter, and a list of other resources in the Bibliography.

The sections that follow describe the contents of each chapter in greater detail.

Part I: Introduction

• Chapter 1, "Network Security Overview"
  Chapter 1 covers the general network security terms and sets the stage for the following chapters. It covers in detail how to define trust, weaknesses and vulnerabilities, responsibilities, and security objectives.

• Chapter 2, "Understanding VulnerabilitiesThe Need for Security"
  After completion of Chapter 2, the reader gains a better understanding of what makes systems inherently weak. After the general introduction, different vulnerabilities and techniques are covered. The reader gets a clear indication of the need for security, with special attention to assigning the proper responsibilities in the organization.

• Chapter 3, "Understanding Defenses"
  There are countless tools, techniques, systems, services, and processes available to protect your data in today's challenging network environment. This chapter gives an overview of the techniques used for countering the weaknesses and those who exploit them. This chapter is an overview chapter, and many of the techniques are outlined at a basic level, especially those that are expanded on during Part III of this book, "Tools and Techniques."

• Chapter 4, "Cryptography"
  This chapter provides more details on the history of cryptography. It supplies a closer look at some modern-day techniques such as 3DES and RSA. There is also a brief discussion about hashing, and the chapter concludes by explaining the use of certificates and the different certification authorities that are in use today.

• Chapter 5, "Security Policies"
  If a company wants to protect its network effectively, it must implement a security policy. It is important to maintain a good balance between the level of security and the ability of the user to get to the information. This chapter guides the reader through the development of a security policyhow to define it, develop it, adopt it, and enforce it.

• Chapter 6, "Secure Design"
  The goal of network security is to protect networks against attacks, with the intention of ensuring data and system availability, confidentiality, and integrity. This chapter briefly covers the nuances of a secure network design, taking that goal into consideration.

• Chapter 7, "Web Security"
  Chapter 7 covers web security and focuses on securing HTTP traffic. It discusses the techniques used to harden operating systems, servers, and browsers and also explains restricting access through the use of certificates and credentials.

• Chapter 8, "Router Security"
  Router security covers a broad spectrum of networking. This covers not only the security needed to protect the network but also basic router security such as administrative access and services. Advanced techniques such as Context-Based Access Control (CBAC) are also covered.

• Chapter 9, "Firewalls"
  This chapter compares the functions of appliances such as PIX, software solutions such as Check Point, and personal firewalls. It focuses on the definition of a firewall and its purpose and use in today's large-scale IP-based networks, where attacks can occur from within and from external sources. The chapter explains how firewalls play an important role in defending against these threats.

• Chapter 10, "Intrusion Detection System Concepts"
  This chapter describes the concept, use, applications, and limitations of IDSs. After the introduction, deployment and analysis are discussed. The concluding case study is a practical example of how organizations can inspect and monitor the overall network activity using IDSs to protect their assets.

• Chapter 11, "Remote Access"
  This chapter describes how to configure, test, and use remote access. The overall goal of remote access is to grant trusted access to the corporate network over an untrusted network such as the Internet. The concluding case study is a practical example of how organizations can implement access to the corporate network for its worldwide work force by using remote access technology in a secure manner.

• Chapter 12, "Virtual Private Networks"
  Chapter 12 describes VPNs, which are a service that offers a secure, reliable connection over a shared public infrastructure such as the Internet. The concluding case study is a practical example of how Cisco defines a VPN as an encrypted connection between private networks over a public network.

• Chapter 13, "Public Key Infrastructure"
  This chapter provides an overview of the PKI technologies that are widely used in today's computing and networking environments. PKI provides a framework upon which security services, such as encryption, authentication, and nonrepudiation, can be based.

• Chapter 14, "Wireless Security"
  This chapter covers wireless security. Wireless networking has some limitations, involves risks, and requires necessary defense techniques, as described in this chapter. All network architectures, including the wireless networking segment of an organization's network, should be based on sound security policies. Wireless security policies are covered in the last part of the chapterSAFE wireless design techniques.

• Chapter 15, "Logging and Auditing"
  This chapter gives an overview of the logging and auditing tools that are available today. Tools and protocols such as SYSLOG, SNMP, RMON, and SAA are discussed. It is always important to know what is going on in your network, especially if you have a large or midsize network. The tools explained in this chapter help you to accomplish this goal.

• Appendix A, "SAFE Blueprint"
  This appendix covers the Cisco developed design guideline called Security Architecture for Enterprises (SAFE). The principle goal of the Cisco security blueprint is to provide to interested parties best practice information on designing and implementing secure networks. By taking a defense-in-depth approach to network security design, this blueprint serves as a guide to network designers considering the security requirements of their networks.

• Appendix B, "SANS Policies"
  This appendix gives a brief introduction to the SANS Institute, what it is, and what it does. The appendix explains the Security Policy Project as well as some examples of security policies.

• Appendix C, "NSA Guidelines"
  This appendix covers the National Security Agency (NSA), the cryptology organization in the United States. It coordinates, directs, and performs highly specialized activities to protect American information systems and to produce foreign intelligence information. The NSA is a high-technology organization, and as such, it is on the frontier of communications and data processing.

• Appendix D, ""Answers to Chapter Q&A"
  This appendix provides the answers to all of the Q&A exercises found at the end of Chapters 1 through 15.

• Bibliography
  The Bibliography lists references and resources that are useful for understanding the fundamentals of network security. It is a collection of references used throughout this book.