Verfügbarkeit: Network security technologies and solutions

Network security technologies and solutions: [a comprehensive, all-in-one reference for Cisco network security]

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Bhaiji, Yusuf (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Indianapolis, IN Cisco Press 2008
Schriftenreihe:	Cisco CCIE professional development series
Schlagworte:	Computer networks > Security measures Cisco Rechnernetz Zugriffskontrolle
Online-Zugang:	Inhaltsverzeichnis
Beschreibung:	Includes bibliographical references and index Nebentitel: CCIE professional development
Beschreibung:	XXXVII, 792 S. Ill., graph. Darst.
ISBN:	1587052466 9781587052460

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV035014469
003	DE-604
005	20110329
007	t
008	080821s2008 ad\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2008003231
020			\|a 1587052466 \|c pbk \|9 1-587-05246-6
020			\|a 9781587052460 \|c pbk \|9 978-1-587-05246-0
035			\|a (OCoLC)254553012
035			\|a (DE-599)GBV560699344
040			\|a DE-604 \|b ger
041	0		\|a eng
049			\|a DE-473 \|a DE-634 \|a DE-858
050		0	\|a TK5105.59
082	0		\|a 005.8
084			\|a ST 200 \|0 (DE-625)143611: \|2 rvk
100	1		\|a Bhaiji, Yusuf \|e Verfasser \|4 aut
245	1	0	\|a Network security technologies and solutions \|b [a comprehensive, all-in-one reference for Cisco network security] \|c Yusuf Bhaiji
246	1	3	\|a CCIE professional development Network security technologies and solutions
264		1	\|a Indianapolis, IN \|b Cisco Press \|c 2008
300			\|a XXXVII, 792 S. \|b Ill., graph. Darst.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
490	0		\|a Cisco CCIE professional development series
500			\|a Includes bibliographical references and index
500			\|a Nebentitel: CCIE professional development
650		4	\|a Computer networks \|x Security measures
650	0	7	\|a Cisco \|0 (DE-588)4483705-7 \|2 gnd \|9 rswk-swf
650	0	7	\|a Rechnernetz \|0 (DE-588)4070085-9 \|2 gnd \|9 rswk-swf
650	0	7	\|a Zugriffskontrolle \|0 (DE-588)4293034-0 \|2 gnd \|9 rswk-swf
689	0	0	\|a Cisco \|0 (DE-588)4483705-7 \|D s
689	0	1	\|a Rechnernetz \|0 (DE-588)4070085-9 \|D s
689	0	2	\|a Zugriffskontrolle \|0 (DE-588)4293034-0 \|D s
689	0		\|5 DE-604
856	4	2	\|m Digitalisierung UB Bamberg \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016683662&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-016683662

Datensatz im Suchindex

_version_	1804137936888791040
adam_text	vii Contents at a Glance Foreword xxxii Introduction xxxiii Part I Perimeter Security 3 Chapter 1 Overview of Network Security 5 Chapter 2 Access Control 21 Chapter 3 Device Security 53 Chapter 4 Security Features on Switches 83 Chapter 5 Cisco IOS Firewall 113 Chapter 6 Cisco Firewalls: Appliance and Module 139 Chapter 7 Attack Vectors and Mitigation Techniques 207 Part II Identity Security and Access Management 265 Chapter 8 Securing Management Access 267 Chapter 9 Cisco Secure ACS Software and Appliance 289 Chapter 10 Multifactor Authentication 311 Chapter 11 Layer 2 Access Control 325 Chapter 12 Wireless LAN (WLAN) Security 347 Chapter 13 Network Admission Control (NAC) 373 Part III Data Privacy 405 Chapter 14 Cryptography 407 Chapter 15 IPsec VPN 423 Chapter 16 Dynamic Multipoint VPN (DMVPN) 469 Chapter 17 Group Encrypted Transport VPN (GET VPN) 503 Chapter 18 Secure Sockets Layer VPN (SSL VPN) 521 Chapter 19 Multiprotocol Label Switching VPN (MPLS VPN) 533 Part IV Security Monitoring 559 Chapter 20 Network Intrusion Prevention 561 Chapter 21 Host Intrusion Prevention 613 Chapter 22 Anomaly Detection and Mitigation 639 Chapter 23 Security Monitoring and Correlation 669 Part V Security Management 697 Chapter 24 Security and Policy Management 699 Chapter 25 Security Framework and Regulatory Compliance 747 Index 770 viii Contents Parti Chapter 1 Foreword xxxii Introduction xxxiii Perimeter Security 3 Overview of Network Security 5 Fundamental Questions for Network Security 5 Transformation of the Security Paradigm 7 Principles of Security—The CIA Model 8 Confidentiality 9 Integrity 9 Availability 9 Policies, Standards, Procedures, Baselines, Guidelines 9 Security Policy 9 Examples of Security Policies 10 Standards 11 Procedures 11 Baselines 12 Guidelines 12 Security Models 13 Perimeter Security 13 Is Perimeter Security Disappearing? 14 The Difficulty of Defining Perimeter 14 A Solid Perimeter Security Solution 14 Security in Layers 15 Multilayer Perimeter Solution The Domino Effect 16 Security Wheel 17 Summary 19 References 19 15 Chapter 2 Access Control 21 Traffic Filtering Using ACLs 21 ACL Overview 21 ACL Applications 21 When to Configure ACLs 23 ix IP Address Overview 23 Classes of IP Addresses 24 Understanding IP Address Classes 24 Private IP Address (RFC 1918) 26 Subnet Mask Versus Inverse Mask Overview 27 Subnet Mask 28 Inverse Mask 28 ACL Configuration 29 Creating an ACL 29 Assigning a Unique Name or Number to Each ACL 29 Applying an ACL to an Interface 30 Direction of the ACL 32 Understanding ACL Processing 32 Inbound ACL 32 Outbound ACL 33 Packet Flow Rules for Various Packet Types 33 Guidelines for Implementing ACLs 36 Types of Access Lists 36 Standard ACLs 37 Extended ACLs 38 IP Named ACLs 39 Lock and Key (Dynamic ACLs) 40 Reflexive ACLs 42 Established ACLs 43 Time-Based ACLs Using Time Ranges 44 Distributed Time-Based ACLs 45 Configuring Distributed Time-Based ACLs 45 Turbo ACLs 46 Receive ACLs (rACL) 46 Infrastructure Protection ACLs (iACL) 47 Transit ACLs 47 Classification ACLs 48 Debugging Traffic Using ACLs 49 Summary 50 References 50 Chapter 3 Device Security 53 Device Security Policy 53 Hardening the Device 55 Physical Security 55 Passwords 55 Creating Strong Passwords 56 Pass-Phrase Technique 56 Password Encryption 57 ROMMON Security 57 User Accounts 60 Privilege Levels 61 Infrastructure ACL 62 Interactive Access Methods 62 Console Port 62 VTY Ports 63 VTY Access Using Telnet 63 VTY Access Using SSH 64 Auxiliary Port 65 Banner Messages 65 Cisco IOS Resilient Configuration 67 Cisco Discovery Protocol (CDP) 68 TCP/UDP Small-Servers 69 Finger 69 Identification (auth) Protocol 69 DHCP and BOOTP Service 69 Trivial File Transfer Protocol (TFTP) Server 70 File Transfer Protocol (FTP) Server 70 Autoloading Device Configuration 70 PAD 70 IP Source Routing 71 Proxy Address Resolution Protocol (ARP) 71 Gratuitous ARP 72 IP Directed Broadcast 72 IP Mask Reply 72 IP Redirects 72 ICMP Unreachable 73 HTTP 73 Network Time Protocol (NTP) 74 Simple Network Management Protocol (SNMP) 75 Auto-Secure Feature 75 Securing Management Access for Security Appliance 76 PIX 500 and ASA 5500 Security Appliance — Device Access Security 76 Telnet Access 76 SSH Access 77 HTTPS Access for ADSM 77 Authenticating and Authorizing Using Local and AAA Database 78 xi IPS 4200 Series Appliance Sensors (formerly known as IDS 4200) 78 IPS Device Manager (IDM) 78 HTTP/HTTPS Access 79 Telnet and SSH Access 79 Access Control List 79 User Accounts 80 Device Security Checklist 80 Summary 81 References 81 Chapter 4 Security Features on Switches 83 Securing Layer 2 83 Port-Level Traffic Controls 84 Storm Control 84 Protected Ports (PVLAN Edge) 85 Private VLAN (PVLAN) 85 Configuring PVLAN 89 Port Blocking 91 Port Security 92 Access Lists on Switches 94 Router ACL 94 Port ACL 94 VLAN ACL (VACL) 95 VACL on a Bridged Port 95 VACL on a Routed Port 95 Configuring VACL 96 MAC ACL 97 Spanning Tree Protocol Features 98 Bridge Protocol Data Unit (BPDU) Guard 98 Root Guard 98 EtherChannel Guard 99 Loop Guard 99 Dynamic Host Configuration Protocol (DHCP) Snooping 100 IP Source Guard 102 Dynamic ARP Inspection (DAI) 103 DAI in a DHCP Environment 105 DAI in a Non-DHCP Environment 106 Rate Limiting Incoming ARP Packets 106 ARP Validation Checks 107 XII Advanced Integrated Security Features on High-End Catalyst Switches 107 Control Plane Policing (CoPP) Feature 107 CPU Rate Limiters 109 Layer 2 Security Best Practices 109 Summary 110 References 111 Chapter 5 Cisco IOS Firewall 113 Router-Based Firewall Solution 113 Context-Based Access Control (CBAC) 115 CB AC Functions 116 Traffic Filtering 116 Traffic Inspection 116 Alerts and Audit Trails 117 How CBAC Works 117 Packet Inspection 118 Timeout and Threshold Values 118 The Session State Table 118 UDP Connections 119 ; Dynamic ACL Entries 119 Embryonic (Half-Open) Sessions 120 Per-Host DoS Prevention 120 CBAC-Supported Protocols 121 Configuring CBAC 122 Step 1— Select an Interface: Internal or External 122 Step 2— Configure an IP Access List 123 Step 3— Define an Inspection Rule 123 Step 4— Configure Global Timeouts and Thresholds 123 Step 5— Apply the Access List and the Inspection Rule to an Interface 125 Step 6— Verifying and Monitoring CBAC 126 Putting It All Together 126 IOS Firewall Advanced Features 127 HTTP Inspection Engine 127 E-Mail Inspection Engine 128 Firewall ACL Bypass 129 Transparent IOS Firewall (Layer 2) 130 Virtual Fragmentation Reassembly ( VFR) 130 VRF-Aware IOS Firewall 131 Inspection of Router-Generated Traffic 131 xiii Zone-Based Policy Firewall (ZFW) 132 Zone-Based Policy Overview 132 Security Zones 133 Configuring Zone-Based Policy Firewall 134 Configuring ZFW Using Cisco Policy Language (CPL) 134 Application Inspection and Control (AIC) 136 Summary 137 References 137 Chapter 6 Cisco Firewalls: Appliance and Module 139 Firewalls Overview 139 Hardware Versus Software Firewalls 140 Cisco PIX 500 Series Security Appliances 140 Cisco ASA 5500 Series Adaptive Security Appliances 142 Cisco Firewall Services Module (FWSM) 143 Firewall Appliance Software for PIX 500 and ASA 5500 144 Firewall Appliance OS Software 145 Firewall Modes 145 Routed Firewall Mode 146 Transparent Firewall Mode (Stealth Firewall) 146 Stateful Inspection 148 Application Layer Protocol Inspection 148 Adaptive Security Algorithm Operation 150 Security Context 152 Multiple Contexts — Routed Mode (with Shared Resources) 153 Multiple Contexts — Transparent Mode 153 Configuring Security Context 155 Security Levels 157 Redundant Interface 158 IP Routing 159 Static and Default Routes 159 Static Route 160 Static Route Tracking 160 Default Route 161 Equal Cost Multiple Path (ECMP) Forwarding 162 xiv Open Shortest Path First (OSPF) 163 Configuring OSPF 164 Securing OSPF 165 Monitoring OSPF 166 Routing Information Protocol (RIP) 167 Configuring RIP 167 Enhanced Interior Gateway Routing Protocol (EIGRP) 168 Configuring EIGRP Stub Routing 169 Securing EIGRP 169 Network Address Translation (NAT) 170 NAT Control 171 NAT Types 172 Dynamic NAT 173 Dynamic PAT 174 Configure Dynamic NAT and PAT 176 Static NAT 176 Static Port Address Translation (PAT) 178 Bypassing NAT When NAT Control Is Enabled 179 Identity NAT (nat 0 Command) 179 Static Identity NAT (static Command) 180 NAT Exemption (nat 0 with ACL) 182 Policy NAT 183 Order of NAT Processing 184 Controlling Traffic Flow and Network Access 185 ACL Overview and Applications on Security Appliance 185 Controlling Inbound and Outbound Traffic Through the Security Appliance by Using Access Lists 186 Step 1— Defining an Access List 186 Step 2— Applying an Access List to an Interface 186 Simplifying Access Lists with Object Groups 188 Modular Policy Framework (MPF) 190 Configuring MPF 190 Step 1— Identifying Traffic Flow 190 Step 2— Creating a Policy Map 191 Step 3— Applying a Policy 191 Cisco Any Connect VPN Client 192 Redundancy and Load Balancing 193 Failover Requirements 194 Failover Link 194 State Link 194 XV Failover Implementation 195 Serial Cable Failover Link (PIX 500 Series Only) 196 LAN-Based Failover Link 197 Asymmetric Routing Support (ASR) 197 Firewall Module Software for Firewall Services Module (FWSM) 198 Firewall Module OS Software 199 Network Traffic Through the Firewall Module 199 Installing the FWSM 200 Router/MSFC Placement 200 In Single Context 200 In Multiple Context Mode 201 Configuring the FWSM 202 Summary 204 References 205 Chapter 7 Attack Vectors and Mitigation Techniques 207 Vulnerabilities, Threats, and Exploits 207 Classes of Attacks 208 Attack Vectors 208 Attackers Family 210 Risk Assessment 211 Mitigation Techniques at Layer 3 212 Traffic Characterization 212 Using an ACL to Characterize ICMP Flood or Smurf Attack 212 Using an ACL to Characterize SYN Attacks 215 IP Source Tracker 219 How IP Source Tracker Works 219 Configuring IP Source Tracker 220 IP Spoofing Attacks 220 Antispoofing with Access Lists 221 Antispoofing with uRPF 222 Antispoofing with IP Source Guard 222 Packet Classification and Marking Techniques 224 Committed Access Rate (CAR) 225 How CAR Works 225 Configuring Committed Access Rate (CAR) 226 Modular QoS CLI (MQC) 227 Traffic Policing 229 xvi Network-Based Application Recognition (NBAR) 230 Protocol Discovery 230 Packet Description Language Module (PDLM) 231 Configuring NBAR 231 TCP Intercept 232 How TCP Intercept Works 232 Configuring TCP Intercept 233 TCP Intercept on Firewall 234 Policy-Based Routing (PBR) 234 Unicast Reverse Path Forwarding (uRPF) 236 How uRPF Works 236 Configuring uRPF 238 NetFlow 239 How NetFlow Works 240 Configuring NetFlow 240 NetFlow Ecosystem 241 Mitigation Techniques at Layer 2 242 CAM Table Overflow — MAC Attack 242 Background 242 The Problem 242 CAM Table Overflow Attack Mitigation 243 MAC Spoofing Attack 243 Background 243 The Problem 243 MAC Spoofing Attack Mitigation 244 ARP Spoofing Attack 245 Background 245 The Problem 245 ARP Spoofing Attack Mitigation 245 VTP Attack 246 Background 246 The Problem 246 VTP Attack Mitigation 247 VLAN Hopping Attack 247 Background 247 The Problem 248 VLAN Hopping Attack Mitigation 249 PVLAN Attack 249 Background 249 The Problem 250 PVLAN Attack Mitigation 251 Spanning-Tree Attacks 252 Background 252 XVII The Problem 253 Spanning-Tree Attacks Mitigation 253 DHCP Spoofing and Starvation Attacks 253 Background 253 The Problem 253 DHCP Spoofing and Starvation Attacks Mitigation 254 802.lx Attacks 254 Background 254 The Problem 255 802.1 χ Attacks Mitigation 255 Security Incident Response Framework 256 What Is a Security Incident? 256 Security Incident Response Process 257 Incident Response Team (IRT) 257 Security Incident Response Methodology 258 Step 1— Planning and Preparation 259 Step 2— Identification and Classification 260 Step 3— Reaction 260 Step 4— Postmortem and Follow-Up 260 Step 5— Archiving 261 Summary 262 References 262 Partii Identity Security and Access Management 265 Chapter 8 Securing Management Access 267 AAA Security Services 267 AAA Paradigm 268 Authentication 268 Authorization 269 Accounting 269 AAA Dependencies 269 Authentication Protocols 270 RADIUS (Remote Authentication Dial-In User Service) 270 RADIUS Packet 271 RADIUS Communication 271 RADIUS Security 273 TACACS+ (Terminal Access Controller Access Control System) 274 TACACS+ Packet 275 TACACS+ Communication 276 TACACS+ Security 277 Comparison of RADIUS and TACACS+ 278 xviii Implementing AAA 278 AAA Methods 279 Authentication Methods 280 Authorization Methods 280 Accounting Methods 281 Server Groups 281 Service Types for AAA Functions 282 Authentication Services 282 Authorization Services 283 Accounting Service 284 Configuration Examples 285 PPP Authentication, Authorization, and Accounting Using RADIUS 285 Login Authentication and Command Authorization and Accounting Using TACACS+ 285 Login Authentication with Password Retry Lockout 286 Summary 287 References 287 Chapter 9 Cisco Secure ACS Software and Appliance 289 Cisco Secure ACS Software for Windows 289 AAA Server: Cisco Secure ACS 290 Protocol Compliance 291 Advanced ACS Functions and Features 293 Shared Profile Components (SPC) 293 Downloadable IP ACLs 293 Network Access Filter (NAF) 294 RADIUS Authorization Components 294 Shell Command Authorization Sets 294 Network Access Restrictions (NAR) 295 Machine Access Restrictions (MAR) 295 Network Access Profiles (NAP) 296 Cisco NAC Support 296 Configuring ACS 297 Cisco Secure ACS Appliance 307 Summary 309 References 309 xix Chapter 10 Multifactor Authentication 311 Identification and Authentication 311 Two-Factor Authentication System 312 One-Time Password (OTP) 312 S/KEY 313 Countering Replay Attacks Using the OTP Solution ЗІЗ Attributes of a Two-Factor Authentication System 314 Smart Cards and Tokens 314 RSASecurlD 315 Cisco Secure ACS Support for Two-Factor Authentication Systems 315 How Cisco Secure ACS Works 316 Configuring Cisco Secure ACS for RADIUS-Enabled Token Server 317 Configuring Cisco Secure ACS for RSA SecurlD Token Server 321 Summary 322 References 322 Chapter 11 Layer 2 Access Control 325 Trust and Identity Management Solutions 326 Identity-Based Networking Services (IBNS) 327 Cisco Secure ACS 328 External Database Support 329 IEEE 802.lx 329 IEEE 802. lx Components 330 Port States: Authorized Versus Unauthorized 332 ΕΑΡ Methods 334 Deploying an 802. lx Solution 334 Wired LAN (Point-to-Point) 334 Wireless LAN (Multipoint) 335 Implementing 802.lx Port-Based Authentication 337 Configuring 802. lx and RADIUS on Cisco Catalyst Switches Running Cisco IOS Software 337 Enabling Multiple Hosts for a Noncompliant Access Point Terminating on the Switch 338 RADIUS Authorization 338 Configuring 802.lx and RADIUS on Cisco Aironet Wireless LAN Access Point Running Cisco IOS 342 Supplicant Settings for IEEE 802.lx on Windows XP Client 343 XX Summary 344 References 344 Chapter 12 Wireless LAN (WLAN) Security 347 Wireless LAN (WLAN) 347 Radio Waves 347 IEEE Protocol Standards 348 Communication Method — Radio Frequency (RF) 348 WLAN Components 349 WLAN Security 350 Service Set Identifiers (SSID) 351 MAC Authentication 352 Client Authentication (Open and Shared Key) 352 Static Wired Equivalent Privacy (WEP) 353 WPA, WPA2, and 802.11 i (WEP Enhancements) 353 IEEE 802.ІХ and ΕΑΡ 355 ΕΑΡ Message Digest 5 (EAP-MD5) 356 ΕΑΡ Transport Layer Security (EAP-TLS) 357 ΕΑΡ Tunneled Transport Layer Security (EAP-TTLS) 359 ΕΑΡ Flexible Authentication via Secure Tunneling (EAP-FAST) 359 Protected ΕΑΡ (ΡΕΑΡ) 362 Cisco Lightweight ΕΑΡ (LEAP) 364 ΕΑΡ Comparison Chart 365 WLAN NAC 366 WLAN IPS 367 VPN IPsec 367 Mitigating WLAN Attacks 367 Cisco Unified Wireless Network Solution 368 Components of Cisco Unified Wireless Network 369 Summary 370 References 371 Chapter 13 Network Admission Control (NAC) 373 Building the Self-Defending Network (SDN) 373 Network Admission Control (NAC) 375 Why NAC? 375 Cisco NAC 376 Comparing NAC Appliance with NAC Framework 378 Cisco NAC Appliance Solution 378 Mechanics of Cisco NAC Appliance 379 NAC Appliance Components 379 NAC Appliance Deployment Scenarios 380 xxi Cisco NAC Framework Solution 382 Mechanics of the Cisco NAC Framework Solution 383 NAC Framework Components 386 NAC Framework Deployment Scenarios 391 NAC Framework Enforcement Methods 392 Implementing NAC-LS-IP 394 Implementing NAC-L2-IP 396 Implementing NAC-L2-802. lx 399 Summary 402 References 403 Part III Data Privacy 405 Chapter 14 Cryptography 407 Secure Communication 407 Cryptosystem 407 Cryptography Overview 408 Cryptographic Terminology 408 Cryptographic Algorithms 410 Symmetric Key Cryptography 410 Asymmetric Key Cryptography 412 Hash Algorithm 416 Virtual Private Network (VPN) 420 Summary 421 References 421 Chapter 15 IPsec VPN 423 Virtual Private Network (VPN) 423 Types of VPN Technologies 423 Secure VPN (Cryptographic VPN) 424 Trusted VPN (Non-Cryptographic VPN) 424 Hybrid VPN 425 Types of VPN Deployment 425 IPsec VPN (Secure VPN) 425 IPsec Request for Comments (RFCs) 426 Generic IPsec RFCs 426 IPsec Protocols RFCs 427 IPsec Key Exchange RFCs 427 IPsec Cryptographie Algorithm RFCs 428 IPsec Policy-Handling RFCs 430 IPsec Modes 430 xxii IPsec Protocol Headers 432 IPsec Anti-Replay Service 434 ISAKMP and IKE 435 Understanding IKE (Internet Key Exchange) Protocol 435 IKEv2 (Internet Key Exchange—Version 2) 438 ISAKMP Profiles 441 IPsec Profiles 443 IPsec Virtual Tunnel Interface (IPsec VTI) 443 Public Key Infrastructure (PKI) 445 PKI Components 446 Certificate Enrollment 447 Implementing IPsec VPN 449 Cisco IPsec VPN Implementations 449 Site-to-Site IPsec VPN 451 Remote Access IPsec VPN 455 Cisco Easy VPN 456 Dynamic VTI (DVTI) 461 Summary 465 References 466 Chapter 16 Dynamic Multipoint VPN (DMVPN) 469 DMVPN Solution Architecture 469 DMVPN Network Designs 470 DMVPN Solution Components 472 How DMVPN Works 473 DMVPN Data Structures 474 DMVPN Deployment Topologies 475 Implementing DMVPN Hub-and-Spoke Designs 476 Implementing Single Hub Single DMVPN (SHSD) Topology 477 Implementing Dual Hub Dual DMVPN (DHDD) Topology 483 Implementing Server Load-Balancing (SLB) Topology 484 Implementing Dynamic Mesh Spoke-to-Spoke DMVPN Designs 486 Implementing Dual Hub Single DMVPN (DHSD) Topology 488 Implementing Multihub Single DMVPN (MHSD) Topology 498 Implementing Hierarchical (Tree-Based) Topology 499 Summary 500 References 501 xxiii Chapter 17 Group Encrypted Transport VPN (GET VPN) 503 GET VPN Solution Architecture 503 GET VPN Features 504 Why GET VPN? 505 GET VPN and DMVPN 506 GET VPN Deployment Consideration 507 GET VPN Solution Components 507 How GET VPN Works 509 IP Header Preservation 511 Group Member ACL 512 Implementing Cisco IOS GET VPN 513 Summary 519 References 519 Chapter 18 Secure Sockets Layer VPN (SSL VPN) 521 Secure Sockets Layer (SSL) Protocol 521 522 SSL VPN Solution Architecture SSL VPN Overview 523 SSL VPN Features 523 SSL VPN Deployment Consideration SSL VPN Access Methods 525 SSL VPN Citrix Support 527 524 Implementing Cisco IOS SSL VPN 528 Cisco AnyConnect VPN Client 530 Summary 531 References 531 Chapter 19 Multiprotocol Label Switching VPN (MPLS VPN) 533 533 Multiprotocol Label Switching (MPLS) MPLS Architecture Overview 534 How MPLS Works 534 MPLS VPN and IPsec VPN 536 Deployment Scenarios 538 Connection-Oriented and Connectionless VPN Technologies MPLS VPN (Trusted VPN) 540 Comparison of L3 and L2 VPNs 540 539 XXIV Layer 3 VPN (L3VPN) 542 Components of L3VPN 543 How L3VPN Implementation Works 543 How VRF Tables Work 543 Implementing L3VPN 544 Layer 2 VPN (L2VPN) 551 Implementing L2VPN 553 Implementing Ethernet VLAN over MPLS Service—Using VPWS Based Architecture 553 Implementing Ethernet VLAN over MPLS Service — Using VPLS-Based Architecture 554 Summary 556 References 557 Part IV Security Monitoring 559 Chapter 20 Network Intrusion Prevention 561 Intrusion System Terminologies 561 Network Intrusion Prevention Overview 562 Cisco IPS 4200 Series Sensors 563 Cisco IDS Services Module (IDSM-2) 565 Cisco Advanced Inspection and Protection Security Services Module (AIP-SSM) 567 Cisco IPS Advanced Integration Module (IPS-AIM) 568 Cisco IOS IPS 569 Deploying IPS 570 Cisco IPS Sensor OS Software 572 Cisco IPS Sensor Software 574 Sensor Software — System Architecture 574 Sensor Software — Communication Protocols 575 Sensor Software — User Roles 576 Sensor Software — Partitions 577 Sensor Software — Signatures and Signature Engines 578 Sensor Software—IPS Events 580 Sensor Software—IPS Event Actions 582 Sensor Software—IPS Risk Rating (RR) 583 Sensor Software—IPS Threat Rating 584 Sensor Software — IPS Interfaces 585 xxv Sensor Software — IPS Interface Modes 589 Sensor Software— IPS Blocking (Shun) 593 Sensor Software — IPS Rate Limiting 594 Sensor Software — IPS Virtualization 595 Sensor Software — IPS Security Policies 596 Sensor Software — IPS Anomaly Detection (AD) 597 IPS High Availability 598 IPS Fail-Open Mechanism 599 Failover Mechanism 599 Fail-Open and Failover Deployments 600 Load-Balancing Technique 600 IPS Appliance Deployment Guidelines 600 Cisco Intrusion Prevention System Device Manager (IDM) 601 Configuring IPS Inline VLAN Pair Mode 601 Configuring IPS Inline Interface Pair Mode 604 Configuring Custom Signature and IPS Blocking 609 Summary 610 References 611 Chapter 21 Host Intrusion Prevention 613 Securing Endpoints Using a Signatureless Mechanism 613 Cisco Security Agent (CSA) 614 CSA Architecture 615 CSA Interceptor and Correlation 616 CSA Correlation Extended Globally 618 CSA Access Control Process 618 CSA Defense-in-Depth — Zero-Day Protection 619 CSA Capabilities and Security Functional Roles 619 CSA Components 622 Configuring and Managing CSA Deployment by Using CSA MC 623 Managing CSA Hosts 624 Managing CSA Agent Kits 626 Managing CSA Groups 630 CSA Agent User Interface 632 CSA Policies, Rule Modules, and Rules 635 Summary 636 References 637 xxvi Chapter 22 Anomaly Detection and Mitigation 639 Attack Landscape 639 Denial-of-Service (DoS) Attack Defined 639 Distributed Denial-of-Service (DDoS) Attack—Defined 641 Anomaly Detection and Mitigation Systems 641 Cisco DDoS Anomaly Detection and Mitigation Solution 643 Cisco Traffic Anomaly Detector 644 Cisco Guard DDoS Mitigation 647 Putting It All Together for Operation 649 Configuring and Managing the Cisco Traffic Anomaly Detector 653 Managing the Detector 655 Initializing the Detector Through CLI Console Access 655 Configuring the Detector (Zones, Filters, Policies, and Learning Process) 656 Configuring and Managing Cisco Guard Mitigation 660 Managing the Guard 661 Initializing the Guard Using the CLI Console Access 661 Configuring the Guard (Zones, Filters, Policies, Learning Process) 663 Summary 666 References 667 Chapter 23 Security Monitoring and Correlation 669 Security Information and Event Management 669 Cisco Security Monitoring, Analysis, and Response System (CS-MARS) Security Threat Mitigation (STM) System 672 Topological Awareness and Network Mapping 674 Key Concepts — Events, Sessions, Rules, and Incidents 676 Event Processing in CS-MARS 677 False Positive in CS-MARS 678 Deploying CS-MARS 679 Standalone and Local Controllers (LC) 680 Global Controllers (GC) 682 Software Versioning Information 683 Reporting and Mitigation Devices 684 Levels of Operation 685 Traffic Flows and Ports to Be Opened 687 670 xxvii Web-Based Management Interface 689 Initializing CS-MARS 691 Summary 693 References 694 Part V Security Management 697 Chapter 24 Security and Policy Management 699 Cisco Security Management Solutions 699 Cisco Security Manager 700 Cisco Security Manager — Features and Capabilities 700 Cisco Security Manager — Firewall Management 703 Cisco Security Manager — VPN Management 704 Cisco Security Manager — IPS Management 704 Cisco Security Manager — Platform Management 706 Cisco Security Manager — Architecture 706 Cisco Security Manager — Configuration Views 707 Cisco Security Manager — Managing Devices 710 Cisco Security Manager — Workflow Mode 710 Cisco Security Manager — Role-Based Access Control (RBAC) 711 Cisco Security Manager — Cross-Launch xDM 713 Cisco Security Manager — Supported Devices and OS Versions 715 Cisco Security Manager — Server and Client Requirements and Restrictions 716 Cisco Security Manager — Traffic Flows and Ports to Be Opened 719 Cisco Router and Security Device Manager (SDM) 721 Cisco SDM—Features and Capabilities 722 Cisco SDM—How It Works 723 Cisco SDM — Router Security Audit Feature 725 Cisco SDM — One-Step Lockdown Feature 726 Cisco SDM — Monitor Mode 728 Cisco SDM—Supported Routers and IOS Versions 729 Cisco SDM — System Requirements 730 Cisco Adaptive Security Device Manager (ASDM) 732 Cisco ASDM — Features and Capabilities 732 Cisco ASDM—How It Works 733 Cisco ASDM—Packet Tracer Utility 736 Cisco ASDM — Syslog to Access Rule Correlation 737 Cisco ASDM — Supported Firewalls and Software Versions 738 Cisco ASDM — User Requirements 738 xxviii Cisco PIX Device Manager (PDM) 739 Cisco IPS Device Manager (IDM) 740 Cisco IDM— How It Works 741 Cisco IDM — System Requirements 742 Summary 743 References 743 Chapter 25 Security Framework and Regulatory Compliance 747 Security Model 747 Policies, Standards, Guidelines, and Procedures 749 Security Policy 749 Standards 750 Guidelines 750 Procedures 750 Best Practices Framework 751 ISO/IEC 17799 (Now 1ЅОЛЕС 27002) 751 COBIT 752 Comparing 17799/27002 and COBIT 753 Compliance and Risk Management 754 Regulatory Compliance and Legislative Acts 754 GLBA—Gramm-Leach-Bliley Act 754 Who Is Affected 754 GLBA Requirements 755 Penalties for Violations 756 Cisco Solutions Addressing GLBA 756 GLBA Summary 757 HIPAA — Health Insurance Portability and Accountability Act 757 Who Is Affected 758 The HIPAA Requirements 758 Penalties for Violations 758 Cisco Solutions Addressing HIPAA 759 HIPAA Summary 760 SOX—Sarbanes-Oxley Act 760 Who Is Affected 760 SOX Act Requirements 761 Penalties for Violations 763 Cisco Solutions Addressing SOX 764 SOX Summary 764 XXIX Worldwide Outlook of Regulatory Compliance Acts and Legislations 765 In the United States 765 In Europe 766 In the Asia-Pacific Region 766 Cisco Self-Defending Network Solution 767 Summary 767 References 768 Index 770
adam_txt	vii Contents at a Glance Foreword xxxii Introduction xxxiii Part I Perimeter Security 3 Chapter 1 Overview of Network Security 5 Chapter 2 Access Control 21 Chapter 3 Device Security 53 Chapter 4 Security Features on Switches 83 Chapter 5 Cisco IOS Firewall 113 Chapter 6 Cisco Firewalls: Appliance and Module 139 Chapter 7 Attack Vectors and Mitigation Techniques 207 Part II Identity Security and Access Management 265 Chapter 8 Securing Management Access 267 Chapter 9 Cisco Secure ACS Software and Appliance 289 Chapter 10 Multifactor Authentication 311 Chapter 11 Layer 2 Access Control 325 Chapter 12 Wireless LAN (WLAN) Security 347 Chapter 13 Network Admission Control (NAC) 373 Part III Data Privacy 405 Chapter 14 Cryptography 407 Chapter 15 IPsec VPN 423 Chapter 16 Dynamic Multipoint VPN (DMVPN) 469 Chapter 17 Group Encrypted Transport VPN (GET VPN) 503 Chapter 18 Secure Sockets Layer VPN (SSL VPN) 521 Chapter 19 Multiprotocol Label Switching VPN (MPLS VPN) 533 Part IV Security Monitoring 559 Chapter 20 Network Intrusion Prevention 561 Chapter 21 Host Intrusion Prevention 613 Chapter 22 Anomaly Detection and Mitigation 639 Chapter 23 Security Monitoring and Correlation 669 Part V Security Management 697 Chapter 24 Security and Policy Management 699 Chapter 25 Security Framework and Regulatory Compliance 747 Index 770 viii Contents Parti Chapter 1 Foreword xxxii Introduction xxxiii Perimeter Security 3 Overview of Network Security 5 Fundamental Questions for Network Security 5 Transformation of the Security Paradigm 7 Principles of Security—The CIA Model 8 Confidentiality 9 Integrity 9 Availability 9 Policies, Standards, Procedures, Baselines, Guidelines 9 Security Policy 9 Examples of Security Policies 10 Standards 11 Procedures 11 Baselines 12 Guidelines 12 Security Models 13 Perimeter Security 13 Is Perimeter Security Disappearing? 14 The Difficulty of Defining Perimeter 14 A Solid Perimeter Security Solution 14 Security in Layers 15 Multilayer Perimeter Solution The Domino Effect 16 Security Wheel 17 Summary 19 References 19 15 Chapter 2 Access Control 21 Traffic Filtering Using ACLs 21 ACL Overview 21 ACL Applications 21 When to Configure ACLs 23 ix IP Address Overview 23 Classes of IP Addresses 24 Understanding IP Address Classes 24 Private IP Address (RFC 1918) 26 Subnet Mask Versus Inverse Mask Overview 27 Subnet Mask 28 Inverse Mask 28 ACL Configuration 29 Creating an ACL 29 Assigning a Unique Name or Number to Each ACL 29 Applying an ACL to an Interface 30 Direction of the ACL 32 Understanding ACL Processing 32 Inbound ACL 32 Outbound ACL 33 Packet Flow Rules for Various Packet Types 33 Guidelines for Implementing ACLs 36 Types of Access Lists 36 Standard ACLs 37 Extended ACLs 38 IP Named ACLs 39 Lock and Key (Dynamic ACLs) 40 Reflexive ACLs 42 Established ACLs 43 Time-Based ACLs Using Time Ranges 44 Distributed Time-Based ACLs 45 Configuring Distributed Time-Based ACLs 45 Turbo ACLs 46 Receive ACLs (rACL) 46 Infrastructure Protection ACLs (iACL) 47 Transit ACLs 47 Classification ACLs 48 Debugging Traffic Using ACLs 49 Summary 50 References 50 Chapter 3 Device Security 53 Device Security Policy 53 Hardening the Device 55 Physical Security 55 Passwords 55 Creating Strong Passwords 56 Pass-Phrase Technique 56 Password Encryption 57 ROMMON Security 57 User Accounts 60 Privilege Levels 61 Infrastructure ACL 62 Interactive Access Methods 62 Console Port 62 VTY Ports 63 VTY Access Using Telnet 63 VTY Access Using SSH 64 Auxiliary Port 65 Banner Messages 65 Cisco IOS Resilient Configuration 67 Cisco Discovery Protocol (CDP) 68 TCP/UDP Small-Servers 69 Finger 69 Identification (auth) Protocol 69 DHCP and BOOTP Service 69 Trivial File Transfer Protocol (TFTP) Server 70 File Transfer Protocol (FTP) Server 70 Autoloading Device Configuration 70 PAD 70 IP Source Routing 71 Proxy Address Resolution Protocol (ARP) 71 Gratuitous ARP 72 IP Directed Broadcast 72 IP Mask Reply 72 IP Redirects 72 ICMP Unreachable 73 HTTP 73 Network Time Protocol (NTP) 74 Simple Network Management Protocol (SNMP) 75 Auto-Secure Feature 75 Securing Management Access for Security Appliance 76 PIX 500 and ASA 5500 Security Appliance — Device Access Security 76 Telnet Access 76 SSH Access 77 HTTPS Access for ADSM 77 Authenticating and Authorizing Using Local and AAA Database 78 xi IPS 4200 Series Appliance Sensors (formerly known as IDS 4200) 78 IPS Device Manager (IDM) 78 HTTP/HTTPS Access 79 Telnet and SSH Access 79 Access Control List 79 User Accounts 80 Device Security Checklist 80 Summary 81 References 81 Chapter 4 Security Features on Switches 83 Securing Layer 2 83 Port-Level Traffic Controls 84 Storm Control 84 Protected Ports (PVLAN Edge) 85 Private VLAN (PVLAN) 85 Configuring PVLAN 89 Port Blocking 91 Port Security 92 Access Lists on Switches 94 Router ACL 94 Port ACL 94 VLAN ACL (VACL) 95 VACL on a Bridged Port 95 VACL on a Routed Port 95 Configuring VACL 96 MAC ACL 97 Spanning Tree Protocol Features 98 Bridge Protocol Data Unit (BPDU) Guard 98 Root Guard 98 EtherChannel Guard 99 Loop Guard 99 Dynamic Host Configuration Protocol (DHCP) Snooping 100 IP Source Guard 102 Dynamic ARP Inspection (DAI) 103 DAI in a DHCP Environment 105 DAI in a Non-DHCP Environment 106 Rate Limiting Incoming ARP Packets 106 ARP Validation Checks 107 XII Advanced Integrated Security Features on High-End Catalyst Switches 107 Control Plane Policing (CoPP) Feature 107 CPU Rate Limiters 109 Layer 2 Security Best Practices 109 Summary 110 References 111 Chapter 5 Cisco IOS Firewall 113 Router-Based Firewall Solution 113 Context-Based Access Control (CBAC) 115 CB AC Functions 116 Traffic Filtering 116 Traffic Inspection 116 Alerts and Audit Trails 117 How CBAC Works 117 Packet Inspection 118 Timeout and Threshold Values 118 The Session State Table 118 UDP Connections 119 ; Dynamic ACL Entries 119 Embryonic (Half-Open) Sessions 120 Per-Host DoS Prevention 120 CBAC-Supported Protocols 121 Configuring CBAC 122 Step 1— Select an Interface: Internal or External 122 Step 2— Configure an IP Access List 123 Step 3— Define an Inspection Rule 123 Step 4— Configure Global Timeouts and Thresholds 123 Step 5— Apply the Access List and the Inspection Rule to an Interface 125 Step 6— Verifying and Monitoring CBAC 126 Putting It All Together 126 IOS Firewall Advanced Features 127 HTTP Inspection Engine 127 E-Mail Inspection Engine 128 Firewall ACL Bypass 129 Transparent IOS Firewall (Layer 2) 130 Virtual Fragmentation Reassembly ( VFR) 130 VRF-Aware IOS Firewall 131 Inspection of Router-Generated Traffic 131 xiii Zone-Based Policy Firewall (ZFW) 132 Zone-Based Policy Overview 132 Security Zones 133 Configuring Zone-Based Policy Firewall 134 Configuring ZFW Using Cisco Policy Language (CPL) 134 Application Inspection and Control (AIC) 136 Summary 137 References 137 Chapter 6 Cisco Firewalls: Appliance and Module 139 Firewalls Overview 139 Hardware Versus Software Firewalls 140 Cisco PIX 500 Series Security Appliances 140 Cisco ASA 5500 Series Adaptive Security Appliances 142 Cisco Firewall Services Module (FWSM) 143 Firewall Appliance Software for PIX 500 and ASA 5500 144 Firewall Appliance OS Software 145 Firewall Modes 145 Routed Firewall Mode 146 Transparent Firewall Mode (Stealth Firewall) 146 Stateful Inspection 148 Application Layer Protocol Inspection 148 Adaptive Security Algorithm Operation 150 Security Context 152 Multiple Contexts — Routed Mode (with Shared Resources) 153 Multiple Contexts — Transparent Mode 153 Configuring Security Context 155 Security Levels 157 Redundant Interface 158 IP Routing 159 Static and Default Routes 159 Static Route 160 Static Route Tracking 160 Default Route 161 Equal Cost Multiple Path (ECMP) Forwarding 162 xiv Open Shortest Path First (OSPF) 163 Configuring OSPF 164 Securing OSPF 165 Monitoring OSPF 166 Routing Information Protocol (RIP) 167 Configuring RIP 167 Enhanced Interior Gateway Routing Protocol (EIGRP) 168 Configuring EIGRP Stub Routing 169 Securing EIGRP 169 Network Address Translation (NAT) 170 NAT Control 171 NAT Types 172 Dynamic NAT 173 Dynamic PAT 174 Configure Dynamic NAT and PAT 176 Static NAT 176 Static Port Address Translation (PAT) 178 Bypassing NAT When NAT Control Is Enabled 179 Identity NAT (nat 0 Command) 179 Static Identity NAT (static Command) 180 NAT Exemption (nat 0 with ACL) 182 Policy NAT 183 Order of NAT Processing 184 Controlling Traffic Flow and Network Access 185 ACL Overview and Applications on Security Appliance 185 Controlling Inbound and Outbound Traffic Through the Security Appliance by Using Access Lists 186 Step 1— Defining an Access List 186 Step 2— Applying an Access List to an Interface 186 Simplifying Access Lists with Object Groups 188 Modular Policy Framework (MPF) 190 Configuring MPF 190 Step 1— Identifying Traffic Flow 190 Step 2— Creating a Policy Map 191 Step 3— Applying a Policy 191 Cisco Any Connect VPN Client 192 Redundancy and Load Balancing 193 Failover Requirements 194 Failover Link 194 State Link 194 XV Failover Implementation 195 Serial Cable Failover Link (PIX 500 Series Only) 196 LAN-Based Failover Link 197 Asymmetric Routing Support (ASR) 197 Firewall "Module" Software for Firewall Services Module (FWSM) 198 Firewall Module OS Software 199 Network Traffic Through the Firewall Module 199 Installing the FWSM 200 Router/MSFC Placement 200 In Single Context 200 In Multiple Context Mode 201 Configuring the FWSM 202 Summary 204 References 205 Chapter 7 Attack Vectors and Mitigation Techniques 207 Vulnerabilities, Threats, and Exploits 207 Classes of Attacks 208 Attack Vectors 208 Attackers Family 210 Risk Assessment 211 Mitigation Techniques at Layer 3 212 Traffic Characterization 212 Using an ACL to Characterize ICMP Flood or Smurf Attack 212 Using an ACL to Characterize SYN Attacks 215 IP Source Tracker 219 How IP Source Tracker Works 219 Configuring IP Source Tracker 220 IP Spoofing Attacks 220 Antispoofing with Access Lists 221 Antispoofing with uRPF 222 Antispoofing with IP Source Guard 222 Packet Classification and Marking Techniques 224 Committed Access Rate (CAR) 225 How CAR Works 225 Configuring Committed Access Rate (CAR) 226 Modular QoS CLI (MQC) 227 Traffic Policing 229 xvi Network-Based Application Recognition (NBAR) 230 Protocol Discovery 230 Packet Description Language Module (PDLM) 231 Configuring NBAR 231 TCP Intercept 232 How TCP Intercept Works 232 Configuring TCP Intercept 233 TCP Intercept on Firewall 234 Policy-Based Routing (PBR) 234 Unicast Reverse Path Forwarding (uRPF) 236 How uRPF Works 236 Configuring uRPF 238 NetFlow 239 How NetFlow Works 240 Configuring NetFlow 240 NetFlow Ecosystem 241 Mitigation Techniques at Layer 2 242 CAM Table Overflow — MAC Attack 242 Background 242 The Problem 242 CAM Table Overflow Attack Mitigation 243 MAC Spoofing Attack 243 Background 243 The Problem 243 MAC Spoofing Attack Mitigation 244 ARP Spoofing Attack 245 Background 245 The Problem 245 ARP Spoofing Attack Mitigation 245 VTP Attack 246 Background 246 The Problem 246 VTP Attack Mitigation 247 VLAN Hopping Attack 247 Background 247 The Problem 248 VLAN Hopping Attack Mitigation 249 PVLAN Attack 249 Background 249 The Problem 250 PVLAN Attack Mitigation 251 Spanning-Tree Attacks 252 Background 252 XVII The Problem 253 Spanning-Tree Attacks Mitigation 253 DHCP Spoofing and Starvation Attacks 253 Background 253 The Problem 253 DHCP Spoofing and Starvation Attacks Mitigation 254 802.lx Attacks 254 Background 254 The Problem 255 802.1 χ Attacks Mitigation 255 Security Incident Response Framework 256 What Is a Security Incident? 256 Security Incident Response Process 257 Incident Response Team (IRT) 257 Security Incident Response Methodology 258 Step 1— Planning and Preparation 259 Step 2— Identification and Classification 260 Step 3— Reaction 260 Step 4— Postmortem and Follow-Up 260 Step 5— Archiving 261 Summary 262 References 262 Partii Identity Security and Access Management 265 Chapter 8 Securing Management Access 267 AAA Security Services 267 AAA Paradigm 268 Authentication 268 Authorization 269 Accounting 269 AAA Dependencies 269 Authentication Protocols 270 RADIUS (Remote Authentication Dial-In User Service) 270 RADIUS Packet 271 RADIUS Communication 271 RADIUS Security 273 TACACS+ (Terminal Access Controller Access Control System) 274 TACACS+ Packet 275 TACACS+ Communication 276 TACACS+ Security 277 Comparison of RADIUS and TACACS+ 278 xviii Implementing AAA 278 AAA Methods 279 Authentication Methods 280 Authorization Methods 280 Accounting Methods 281 Server Groups 281 Service Types for AAA Functions 282 Authentication Services 282 Authorization Services 283 Accounting Service 284 Configuration Examples 285 PPP Authentication, Authorization, and Accounting Using RADIUS 285 Login Authentication and Command Authorization and Accounting Using TACACS+ 285 Login Authentication with Password Retry Lockout 286 Summary 287 References 287 Chapter 9 Cisco Secure ACS Software and Appliance 289 Cisco Secure ACS Software for Windows 289 AAA Server: Cisco Secure ACS 290 Protocol Compliance 291 Advanced ACS Functions and Features 293 Shared Profile Components (SPC) 293 Downloadable IP ACLs 293 Network Access Filter (NAF) 294 RADIUS Authorization Components 294 Shell Command Authorization Sets 294 Network Access Restrictions (NAR) 295 Machine Access Restrictions (MAR) 295 Network Access Profiles (NAP) 296 Cisco NAC Support 296 Configuring ACS 297 Cisco Secure ACS Appliance 307 Summary 309 References 309 xix Chapter 10 Multifactor Authentication 311 Identification and Authentication 311 Two-Factor Authentication System 312 One-Time Password (OTP) 312 S/KEY 313 Countering Replay Attacks Using the OTP Solution ЗІЗ Attributes of a Two-Factor Authentication System 314 Smart Cards and Tokens 314 RSASecurlD 315 Cisco Secure ACS Support for Two-Factor Authentication Systems 315 How Cisco Secure ACS Works 316 Configuring Cisco Secure ACS for RADIUS-Enabled Token Server 317 Configuring Cisco Secure ACS for RSA SecurlD Token Server 321 Summary 322 References 322 Chapter 11 Layer 2 Access Control 325 Trust and Identity Management Solutions 326 Identity-Based Networking Services (IBNS) 327 Cisco Secure ACS 328 External Database Support 329 IEEE 802.lx 329 IEEE 802. lx Components 330 Port States: Authorized Versus Unauthorized 332 ΕΑΡ Methods 334 Deploying an 802. lx Solution 334 Wired LAN (Point-to-Point) 334 Wireless LAN (Multipoint) 335 Implementing 802.lx Port-Based Authentication 337 Configuring 802. lx and RADIUS on Cisco Catalyst Switches Running Cisco IOS Software 337 Enabling Multiple Hosts for a Noncompliant Access Point Terminating on the Switch 338 RADIUS Authorization 338 Configuring 802.lx and RADIUS on Cisco Aironet Wireless LAN Access Point Running Cisco IOS 342 Supplicant Settings for IEEE 802.lx on Windows XP Client 343 XX Summary 344 References 344 Chapter 12 Wireless LAN (WLAN) Security 347 Wireless LAN (WLAN) 347 Radio Waves 347 IEEE Protocol Standards 348 Communication Method — Radio Frequency (RF) 348 WLAN Components 349 WLAN Security 350 Service Set Identifiers (SSID) 351 MAC Authentication 352 Client Authentication (Open and Shared Key) 352 Static Wired Equivalent Privacy (WEP) 353 WPA, WPA2, and 802.11 i (WEP Enhancements) 353 IEEE 802.ІХ and ΕΑΡ 355 ΕΑΡ Message Digest 5 (EAP-MD5) 356 ΕΑΡ Transport Layer Security (EAP-TLS) 357 ΕΑΡ Tunneled Transport Layer Security (EAP-TTLS) 359 ΕΑΡ Flexible Authentication via Secure Tunneling (EAP-FAST) 359 Protected ΕΑΡ (ΡΕΑΡ) 362 Cisco Lightweight ΕΑΡ (LEAP) 364 ΕΑΡ Comparison Chart 365 WLAN NAC 366 WLAN IPS 367 VPN IPsec 367 Mitigating WLAN Attacks 367 Cisco Unified Wireless Network Solution 368 Components of Cisco Unified Wireless Network 369 Summary 370 References 371 Chapter 13 Network Admission Control (NAC) 373 Building the Self-Defending Network (SDN) 373 Network Admission Control (NAC) 375 Why NAC? 375 Cisco NAC 376 Comparing NAC Appliance with NAC Framework 378 Cisco NAC Appliance Solution 378 Mechanics of Cisco NAC Appliance 379 NAC Appliance Components 379 NAC Appliance Deployment Scenarios 380 xxi Cisco NAC Framework Solution 382 Mechanics of the Cisco NAC Framework Solution 383 NAC Framework Components 386 NAC Framework Deployment Scenarios 391 NAC Framework Enforcement Methods 392 Implementing NAC-LS-IP 394 Implementing NAC-L2-IP 396 Implementing NAC-L2-802. lx 399 Summary 402 References 403 Part III Data Privacy 405 Chapter 14 Cryptography 407 Secure Communication 407 Cryptosystem 407 Cryptography Overview 408 Cryptographic Terminology 408 Cryptographic Algorithms 410 Symmetric Key Cryptography 410 Asymmetric Key Cryptography 412 Hash Algorithm 416 Virtual Private Network (VPN) 420 Summary 421 References 421 Chapter 15 IPsec VPN 423 Virtual Private Network (VPN) 423 Types of VPN Technologies 423 Secure VPN (Cryptographic VPN) 424 Trusted VPN (Non-Cryptographic VPN) 424 Hybrid VPN 425 Types of VPN Deployment 425 IPsec VPN (Secure VPN) 425 IPsec Request for Comments (RFCs) 426 Generic IPsec RFCs 426 IPsec Protocols RFCs 427 IPsec Key Exchange RFCs 427 IPsec Cryptographie Algorithm RFCs 428 IPsec Policy-Handling RFCs 430 IPsec Modes 430 xxii IPsec Protocol Headers 432 IPsec Anti-Replay Service 434 ISAKMP and IKE 435 Understanding IKE (Internet Key Exchange) Protocol 435 IKEv2 (Internet Key Exchange—Version 2) 438 ISAKMP Profiles 441 IPsec Profiles 443 IPsec Virtual Tunnel Interface (IPsec VTI) 443 Public Key Infrastructure (PKI) 445 PKI Components 446 Certificate Enrollment 447 Implementing IPsec VPN 449 Cisco IPsec VPN Implementations 449 Site-to-Site IPsec VPN 451 Remote Access IPsec VPN 455 Cisco Easy VPN 456 Dynamic VTI (DVTI) 461 Summary 465 References 466 Chapter 16 Dynamic Multipoint VPN (DMVPN) 469 DMVPN Solution Architecture 469 DMVPN Network Designs 470 DMVPN Solution Components 472 How DMVPN Works 473 DMVPN Data Structures 474 DMVPN Deployment Topologies 475 Implementing DMVPN Hub-and-Spoke Designs 476 Implementing Single Hub Single DMVPN (SHSD) Topology 477 Implementing Dual Hub Dual DMVPN (DHDD) Topology 483 Implementing Server Load-Balancing (SLB) Topology 484 Implementing Dynamic Mesh Spoke-to-Spoke DMVPN Designs 486 Implementing Dual Hub Single DMVPN (DHSD) Topology 488 Implementing Multihub Single DMVPN (MHSD) Topology 498 Implementing Hierarchical (Tree-Based) Topology 499 Summary 500 References 501 xxiii Chapter 17 Group Encrypted Transport VPN (GET VPN) 503 GET VPN Solution Architecture 503 GET VPN Features 504 Why GET VPN? 505 GET VPN and DMVPN 506 GET VPN Deployment Consideration 507 GET VPN Solution Components 507 How GET VPN Works 509 IP Header Preservation 511 Group Member ACL 512 Implementing Cisco IOS GET VPN 513 Summary 519 References 519 Chapter 18 Secure Sockets Layer VPN (SSL VPN) 521 Secure Sockets Layer (SSL) Protocol 521 522 SSL VPN Solution Architecture SSL VPN Overview 523 SSL VPN Features 523 SSL VPN Deployment Consideration SSL VPN Access Methods 525 SSL VPN Citrix Support 527 524 Implementing Cisco IOS SSL VPN 528 Cisco AnyConnect VPN Client 530 Summary 531 References 531 Chapter 19 Multiprotocol Label Switching VPN (MPLS VPN) 533 533 Multiprotocol Label Switching (MPLS) MPLS Architecture Overview 534 How MPLS Works 534 MPLS VPN and IPsec VPN 536 Deployment Scenarios 538 Connection-Oriented and Connectionless VPN Technologies MPLS VPN (Trusted VPN) 540 Comparison of L3 and L2 VPNs 540 539 XXIV Layer 3 VPN (L3VPN) 542 Components of L3VPN 543 How L3VPN Implementation Works 543 How VRF Tables Work 543 Implementing L3VPN 544 Layer 2 VPN (L2VPN) 551 Implementing L2VPN 553 Implementing Ethernet VLAN over MPLS Service—Using VPWS Based Architecture 553 Implementing Ethernet VLAN over MPLS Service — Using VPLS-Based Architecture 554 Summary 556 References 557 Part IV Security Monitoring 559 Chapter 20 Network Intrusion Prevention 561 Intrusion System Terminologies 561 Network Intrusion Prevention Overview 562 Cisco IPS 4200 Series Sensors 563 Cisco IDS Services Module (IDSM-2) 565 Cisco Advanced Inspection and Protection Security Services Module (AIP-SSM) 567 Cisco IPS Advanced Integration Module (IPS-AIM) 568 Cisco IOS IPS 569 Deploying IPS 570 Cisco IPS Sensor OS Software 572 Cisco IPS Sensor Software 574 Sensor Software — System Architecture 574 Sensor Software — Communication Protocols 575 Sensor Software — User Roles 576 Sensor Software — Partitions 577 Sensor Software — Signatures and Signature Engines 578 Sensor Software—IPS Events 580 Sensor Software—IPS Event Actions 582 Sensor Software—IPS Risk Rating (RR) 583 Sensor Software—IPS Threat Rating 584 Sensor Software — IPS Interfaces 585 xxv Sensor Software — IPS Interface Modes 589 Sensor Software— IPS Blocking (Shun) 593 Sensor Software — IPS Rate Limiting 594 Sensor Software — IPS Virtualization 595 Sensor Software — IPS Security Policies 596 Sensor Software — IPS Anomaly Detection (AD) 597 IPS High Availability 598 IPS Fail-Open Mechanism 599 Failover Mechanism 599 Fail-Open and Failover Deployments 600 Load-Balancing Technique 600 IPS Appliance Deployment Guidelines 600 Cisco Intrusion Prevention System Device Manager (IDM) 601 Configuring IPS Inline VLAN Pair Mode 601 Configuring IPS Inline Interface Pair Mode 604 Configuring Custom Signature and IPS Blocking 609 Summary 610 References 611 Chapter 21 Host Intrusion Prevention 613 Securing Endpoints Using a Signatureless Mechanism 613 Cisco Security Agent (CSA) 614 CSA Architecture 615 CSA Interceptor and Correlation 616 CSA Correlation Extended Globally 618 CSA Access Control Process 618 CSA Defense-in-Depth — Zero-Day Protection 619 CSA Capabilities and Security Functional Roles 619 CSA Components 622 Configuring and Managing CSA Deployment by Using CSA MC 623 Managing CSA Hosts 624 Managing CSA Agent Kits 626 Managing CSA Groups 630 CSA Agent User Interface 632 CSA Policies, Rule Modules, and Rules 635 Summary 636 References 637 xxvi Chapter 22 Anomaly Detection and Mitigation 639 Attack Landscape 639 Denial-of-Service (DoS) Attack Defined 639 Distributed Denial-of-Service (DDoS) Attack—Defined 641 Anomaly Detection and Mitigation Systems 641 Cisco DDoS Anomaly Detection and Mitigation Solution 643 Cisco Traffic Anomaly Detector 644 Cisco Guard DDoS Mitigation 647 Putting It All Together for Operation 649 Configuring and Managing the Cisco Traffic Anomaly Detector 653 Managing the Detector 655 Initializing the Detector Through CLI Console Access 655 Configuring the Detector (Zones, Filters, Policies, and Learning Process) 656 Configuring and Managing Cisco Guard Mitigation 660 Managing the Guard 661 Initializing the Guard Using the CLI Console Access 661 Configuring the Guard (Zones, Filters, Policies, Learning Process) 663 Summary 666 References 667 Chapter 23 Security Monitoring and Correlation 669 Security Information and Event Management 669 Cisco Security Monitoring, Analysis, and Response System (CS-MARS) Security Threat Mitigation (STM) System 672 Topological Awareness and Network Mapping 674 Key Concepts — Events, Sessions, Rules, and Incidents 676 Event Processing in CS-MARS 677 False Positive in CS-MARS 678 Deploying CS-MARS 679 Standalone and Local Controllers (LC) 680 Global Controllers (GC) 682 Software Versioning Information 683 Reporting and Mitigation Devices 684 Levels of Operation 685 Traffic Flows and Ports to Be Opened 687 670 xxvii Web-Based Management Interface 689 Initializing CS-MARS 691 Summary 693 References 694 Part V Security Management 697 Chapter 24 Security and Policy Management 699 Cisco Security Management Solutions 699 Cisco Security Manager 700 Cisco Security Manager — Features and Capabilities 700 Cisco Security Manager — Firewall Management 703 Cisco Security Manager — VPN Management 704 Cisco Security Manager — IPS Management 704 Cisco Security Manager — Platform Management 706 Cisco Security Manager — Architecture 706 Cisco Security Manager — Configuration Views 707 Cisco Security Manager — Managing Devices 710 Cisco Security Manager — Workflow Mode 710 Cisco Security Manager — Role-Based Access Control (RBAC) 711 Cisco Security Manager — Cross-Launch xDM 713 Cisco Security Manager — Supported Devices and OS Versions 715 Cisco Security Manager — Server and Client Requirements and Restrictions 716 Cisco Security Manager — Traffic Flows and Ports to Be Opened 719 Cisco Router and Security Device Manager (SDM) 721 Cisco SDM—Features and Capabilities 722 Cisco SDM—How It Works 723 Cisco SDM — Router Security Audit Feature 725 Cisco SDM — One-Step Lockdown Feature 726 Cisco SDM — Monitor Mode 728 Cisco SDM—Supported Routers and IOS Versions 729 Cisco SDM — System Requirements 730 Cisco Adaptive Security Device Manager (ASDM) 732 Cisco ASDM — Features and Capabilities 732 Cisco ASDM—How It Works 733 Cisco ASDM—Packet Tracer Utility 736 Cisco ASDM — Syslog to Access Rule Correlation 737 Cisco ASDM — Supported Firewalls and Software Versions 738 Cisco ASDM — User Requirements 738 xxviii Cisco PIX Device Manager (PDM) 739 Cisco IPS Device Manager (IDM) 740 Cisco IDM— How It Works 741 Cisco IDM — System Requirements 742 Summary 743 References 743 Chapter 25 Security Framework and Regulatory Compliance 747 Security Model 747 Policies, Standards, Guidelines, and Procedures 749 Security Policy 749 Standards 750 Guidelines 750 Procedures 750 Best Practices Framework 751 ISO/IEC 17799 (Now 1ЅОЛЕС 27002) 751 COBIT 752 Comparing 17799/27002 and COBIT 753 Compliance and Risk Management 754 Regulatory Compliance and Legislative Acts 754 GLBA—Gramm-Leach-Bliley Act 754 Who Is Affected 754 GLBA Requirements 755 Penalties for Violations 756 Cisco Solutions Addressing GLBA 756 GLBA Summary 757 HIPAA — Health Insurance Portability and Accountability Act 757 Who Is Affected 758 The HIPAA Requirements 758 Penalties for Violations 758 Cisco Solutions Addressing HIPAA 759 HIPAA Summary 760 SOX—Sarbanes-Oxley Act 760 Who Is Affected 760 SOX Act Requirements 761 Penalties for Violations 763 Cisco Solutions Addressing SOX 764 SOX Summary 764 XXIX Worldwide Outlook of Regulatory Compliance Acts and Legislations 765 In the United States 765 In Europe 766 In the Asia-Pacific Region 766 Cisco Self-Defending Network Solution 767 Summary 767 References 768 Index 770
any_adam_object	1
any_adam_object_boolean	1
author	Bhaiji, Yusuf
author_facet	Bhaiji, Yusuf
author_role	aut
author_sort	Bhaiji, Yusuf
author_variant	y b yb
building	Verbundindex
bvnumber	BV035014469
callnumber-first	T - Technology
callnumber-label	TK5105
callnumber-raw	TK5105.59
callnumber-search	TK5105.59
callnumber-sort	TK 45105.59
callnumber-subject	TK - Electrical and Nuclear Engineering
classification_rvk	ST 200
ctrlnum	(OCoLC)254553012 (DE-599)GBV560699344
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
discipline_str_mv	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01913nam a2200469 c 4500</leader><controlfield tag="001">BV035014469</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20110329 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">080821s2008 ad\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2008003231</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1587052466</subfield><subfield code="c">pbk</subfield><subfield code="9">1-587-05246-6</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781587052460</subfield><subfield code="c">pbk</subfield><subfield code="9">978-1-587-05246-0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)254553012</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)GBV560699344</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-473</subfield><subfield code="a">DE-634</subfield><subfield code="a">DE-858</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">TK5105.59</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 200</subfield><subfield code="0">(DE-625)143611:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Bhaiji, Yusuf</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Network security technologies and solutions</subfield><subfield code="b">[a comprehensive, all-in-one reference for Cisco network security]</subfield><subfield code="c">Yusuf Bhaiji</subfield></datafield><datafield tag="246" ind1="1" ind2="3"><subfield code="a">CCIE professional development Network security technologies and solutions</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Indianapolis, IN</subfield><subfield code="b">Cisco Press</subfield><subfield code="c">2008</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXXVII, 792 S.</subfield><subfield code="b">Ill., graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">Cisco CCIE professional development series</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Nebentitel: CCIE professional development</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Cisco</subfield><subfield code="0">(DE-588)4483705-7</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Zugriffskontrolle</subfield><subfield code="0">(DE-588)4293034-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Cisco</subfield><subfield code="0">(DE-588)4483705-7</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Zugriffskontrolle</subfield><subfield code="0">(DE-588)4293034-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Bamberg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016683662&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-016683662</subfield></datafield></record></collection>
id	DE-604.BV035014469
illustrated	Illustrated
index_date	2024-07-02T21:44:57Z
indexdate	2024-07-09T21:20:13Z
institution	BVB
isbn	1587052466 9781587052460
language	English
lccn	2008003231
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-016683662
oclc_num	254553012
open_access_boolean
owner	DE-473 DE-BY-UBG DE-634 DE-858
owner_facet	DE-473 DE-BY-UBG DE-634 DE-858
physical	XXXVII, 792 S. Ill., graph. Darst.
publishDate	2008
publishDateSearch	2008
publishDateSort	2008
publisher	Cisco Press
record_format	marc
series2	Cisco CCIE professional development series
spelling	Bhaiji, Yusuf Verfasser aut Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security] Yusuf Bhaiji CCIE professional development Network security technologies and solutions Indianapolis, IN Cisco Press 2008 XXXVII, 792 S. Ill., graph. Darst. txt rdacontent n rdamedia nc rdacarrier Cisco CCIE professional development series Includes bibliographical references and index Nebentitel: CCIE professional development Computer networks Security measures Cisco (DE-588)4483705-7 gnd rswk-swf Rechnernetz (DE-588)4070085-9 gnd rswk-swf Zugriffskontrolle (DE-588)4293034-0 gnd rswk-swf Cisco (DE-588)4483705-7 s Rechnernetz (DE-588)4070085-9 s Zugriffskontrolle (DE-588)4293034-0 s DE-604 Digitalisierung UB Bamberg application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016683662&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Bhaiji, Yusuf Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security] Computer networks Security measures Cisco (DE-588)4483705-7 gnd Rechnernetz (DE-588)4070085-9 gnd Zugriffskontrolle (DE-588)4293034-0 gnd
subject_GND	(DE-588)4483705-7 (DE-588)4070085-9 (DE-588)4293034-0
title	Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security]
title_alt	CCIE professional development Network security technologies and solutions
title_auth	Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security]
title_exact_search	Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security]
title_exact_search_txtP	Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security]
title_full	Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security] Yusuf Bhaiji
title_fullStr	Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security] Yusuf Bhaiji
title_full_unstemmed	Network security technologies and solutions [a comprehensive, all-in-one reference for Cisco network security] Yusuf Bhaiji
title_short	Network security technologies and solutions
title_sort	network security technologies and solutions a comprehensive all in one reference for cisco network security
title_sub	[a comprehensive, all-in-one reference for Cisco network security]
topic	Computer networks Security measures Cisco (DE-588)4483705-7 gnd Rechnernetz (DE-588)4070085-9 gnd Zugriffskontrolle (DE-588)4293034-0 gnd
topic_facet	Computer networks Security measures Cisco Rechnernetz Zugriffskontrolle
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016683662&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT bhaijiyusuf networksecuritytechnologiesandsolutionsacomprehensiveallinonereferenceforcisconetworksecurity AT bhaijiyusuf ccieprofessionaldevelopmentnetworksecuritytechnologiesandsolutions

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge