End-to-End Network Security: Defense-in-Depth [Paperback]

Omar Santos (Author)

Book Description

Publication Date: September 3, 2007 | ISBN-10: 1587053322 | ISBN-13: 978-1587053320 | Edition: 1

End-to-End Network Security

Defense-in-Depth

 

Best practices for assessing and improving network defenses and responding to security incidents

 

Omar Santos

 

Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity–all blurring the boundaries between the network and perimeter.

 

End-to-End Network Security is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds.

 

End-to-End Network Security provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters.

 

Adopting the techniques and strategies outlined in this book enables you to prevent day-zero attacks, improve your overall security posture, build strong policies, and deploy intelligent, self-defending networks.

 

“Within these pages, you will find many practical tools, both process related and technology related, that you can draw on to improve your risk mitigation strategies.”

 

–Bruce Murphy, Vice President, World Wide Security Practices, Cisco

 

Omar Santos is a senior network security engineer at Cisco®. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations.

 

• Guard your network with firewalls, VPNs, and intrusion prevention systems
• Control network access with AAA
• Enforce security policies with Cisco Network Admission Control (NAC)
• Learn how to perform risk and threat analysis
• Harden your network infrastructure, security policies, and procedures against security threats
• Identify and classify security threats
• Trace back attacks to their source
• Learn how to best react to security incidents
• Maintain visibility and control over your network with the SAVE framework
• Apply Defense-in-Depth principles to wireless networks, IP telephony networks, data centers, and IPv6 networks

 

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

 

Category: Networking: Security

Covers: Network security and incident response

 

$55.00 USA / $63.00 CAN

Editorial Reviews

About the Author

Omar Santos is a senior network security engineer and Incident Manager within the Product Security Incident Response Team (PSIRT) at Cisco. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the United States Marine Corps (USMC) and the U.S. Department of Defense (DoD). He is also the author of many Cisco online technical documents and configuration guidelines. Before his current role, Omar was a technical leader within the World Wide Security Practice and Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. He is an active member of the InfraGard organization. InfraGard is a cooperative undertaking that involves the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants. InfraGard is dedicated to increasing the security of the critical infrastructures of the United States of America. Omar has also delivered numerous technical presentations to Cisco customers and partners, as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of the Cisco Press books:Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting, and Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance.

 

Excerpt. © Reprinted by permission. All rights reserved.

End-to-End Network Security Defense-in-Depth

Introduction

The network security lifecycle requires specialized support and a commitment to best practice standards. In this book, you will learn best practices that draw upon disciplined processes, frameworks, expert advice, and proven technologies that will help you protect your infrastructure and organization. You will learn end-to-end security best practices, from strategy development to operations and optimization.

This book covers the six-step methodology of incident readiness and response. You must take a proactive approach to security; an approach that starts with assessment to identify and categorize your risks. In addition, you need to understand the network security technical details in relation to security policy and incident response procedures. This book covers numerous best practices that will help you orchestrate a long-term strategy for your organization.

Who Should Read This Book?

The answer to this question is simple—everyone. The principles and best practices covered in this book apply to every organization. Anyone interested in network security should become familiar with the information included in this book—from network and security engineers to management and executives. This book covers not only numerous technical topics and scenarios, but also covers a wide range of operational best practices in addition to risk analysis and threat modeling.

How This Book Is Organized

Part I of this book includes Chapter 1 which covers an introduction to security technologies and products. In Part II, which encompasses Chapters 2 through 7, you will learn the six-step methodology of incident readiness and response. Part III includes Chapters 8 through 11 which cover strategies used to protect wireless networks, IP telephony implementations, data centers, and IPv6 networks. Real-life case studies are covered in Part IV which contains Chapter 12.

The following is a chapter-by-chapter summary of the contents of the book.

Part I, "Introduction to Network Security Solutions," includes:

• Chapter 1, "Overview of Network Security Technologies." This chapter covers an introduction to security technologies and products. It starts with an overview of how to place firewalls to provide perimeter security and network segmentation while enforcing configured policies. It then dives into virtual private network (VPN) technologies and protocols—including IP Security (IPsec) and Secure Socket Layer (SSL). In addition, this chapter covers different technologies such as intrusion detection systems (IDS), intrusion protection systems (IPS), anomaly detection systems, and network telemetry features that can help you identify and classify security threats. Authentication, authorization, and accounting (AAA) offers different solutions that provide access control to network resources. This chapter introduces AAA and identity management concepts. Furthermore, it includes an overview of the Cisco Network Admission Control solutions that are used to enforce security policy compliance on all devices that are designed to access network computing resources, thereby limiting damage from emerging security threats. Routing techniques can be used as security tools. This chapter provides examples of different routing techniques, such as Remotely Triggered Black Hole (RTBH) routing and sinkholes that are used to increase the security of the network and to react to new threats.

Part II, "Security Lifecycle: Frameworks and Methodologies," includes:

• Chapter 2, "Preparation Phase." This chapter covers numerous best practices on how to better prepare your network infrastructure, security policies, procedures, and organization as a whole against security threats and vulnerabilities. This is one of the most important chapters of this book. It starts by teaching you risk analysis and threat modeling techniques. You will also learn guidelines on how to create strong security policies and how to create Computer Security Incident Response Teams (CSIRT). Topics such as security intelligence and social engineering are also covered in this chapter. You will learn numerous tips on how to increase the security of your network infrastructure devices using several best practices to protect the control, management, and data plane. Guidelines on how to better secure end-user systems and servers are also covered in this chapter.

• Chapter 3, "Identifying and Classifying Security Threats." This chapter covers the next two phases of the six-step methodology for incident response—identification and classification of security threats. You will learn how important it is to have complete network visibility and control to successfully identify and classify security threats in a timely fashion. This chapter covers different technologies and tools such as Cisco NetFlow, SYSLOG, SNMP, and others which can be used to obtain information from your network and detect anomalies that might be malicious activity. You will also learn how to use event correlation tools such as CS-MARS and open source monitoring systems in conjunction with NetFlow to allow you to gain better visibility into your network. In addition, this chapter covers details about anomaly detection, IDS, and IPS solutions by providing tips on IPS/IDS tuning and the new anomaly detection features supported by Cisco IPS.

• Chapter 4, "Traceback." Tracing back the source of attacks, infected hosts in worm outbreaks, or any other security incident can be overwhelming for many network administrators and security professionals. Attackers can use hundreds or thousands of botnets or zombies that can greatly complicate traceback and hinder mitigation once traceback succeeds. This chapter covers several techniques that can help you successfully trace back the sources of such threats. It covers techniques used by service providers and enterprises.

• Chapter 5, "Reacting to Security Incidents." This chapter covers several techniques that you can use when reacting to security incidents. It is extremely important for organizations to have adequate incident handling policies and procedures in place. This chapter shows you several tips on how to make sure that your policies and procedures are adequate to successfully respond to security incidents. You will also learn general information about different laws and practices to use when investigating security incidents and computer crimes. In addition, this chapter includes details about different tools you can use to mitigate attacks and other security incidents with your network infrastructure components including several basic computer forensics topics.

• Chapter 6, "Postmortem and Improvement." It is highly recommended that you complete a postmortem after responding to security incidents. This postmortem should identify the strengths and weaknesses of the incident response effort. With this analysis, you can identify weaknesses in systems, infrastructure defenses, or policies that allowed the incident to take place. In addition, a postmortem helps you identify problems with communication channels, interfaces, and procedures that hampered the efficient resolution of the reported problem. This chapter covers several tips on creating postmortems and executing post-incident tasks. It includes guidelines for collecting post-incident data, documenting lessons learned during the incident, and building action plans to close gaps that are identified.

• Chapter 7, "Proactive Security Framework." This chapter covers the Security Assessment, Validation, and Execution (SAVE) framework. SAVE, formerly known as the Cisco Operational Process Model (COPM), is a framework initially developed for service providers, but its practices are applied to enterprises and organizations. This chapter provides examples of techniques and practices that can allow you to gain and maintain visibility and control over the network during normal operations or during the course of a security i...

Product Details

• Paperback: 480 pages
• Publisher: Cisco Press; 1 edition (September 3, 2007)
• Language: English
• ISBN-10: 1587053322
• ISBN-13: 978-1587053320
• Product Dimensions: 9 x 7.4 x 1.1 inches
• Shipping Weight: 1.7 pounds (View shipping rates and policies)
• Average Customer Review: 3.8 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #1,365,826 in Books (See Top 100 in Books)

More About the Author

Omar Santos is an Incident Manager and Senior Engineer at Cisco's Product Security Incident Response Team (PSIRT). Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the United States Marine Corps (USMC) and the U.S. Department of Defense (DoD). He is also the author of many Cisco online technical documents and configuration guidelines. Prior to his current role, he was a technical leader within the World Wide Security Practice and Cisco's Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. He is an active member of the security community, where he helps businesses, academic institutions, state and local law enforcement agencies, and other participants that is dedicated to increasing the security of the critical infrastructure.

Omar has also delivered numerous technical presentations at conferences and to Cisco customers and partners; as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of the Cisco Press books:

* Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
* Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition)
* Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting * End-to-End Network Security: Defense-in-Depth

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

4.0 out of 5 stars comprehensive outlook, November 7, 2007

By 

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE)    (TOP 1000 REVIEWER)    (HALL OF FAME REVIEWER)    (REAL NAME)   

This review is from: End-to-End Network Security: Defense-in-Depth (Paperback)

The book furnishes a comprehensive understanding of how to secure a network. Firewalls are the first and most common defense. If your network is large enough, then you may or should have several of these, between your internal subnets. And the network routes that face the rest of the internet should have a DMZ.

By now, most readers are already aware of the need for firewalls. What you get here are practical steps in installing and managing these. But another key extra is how to maintain virtual private nets. An acknowledgement that many companies have people who need to access securely from outside the corporate network. A VPN can be much trickier to set up, and there is a computational cost to using it.

The text also goes into how to handle IPv6 networks, and when these interact with the usual IPv4 networks of the outside world. A bit unclear what is the market demand for these IPv6 nets, thus far. I've nothing against them. But v6 deployment has been much slower than expected. Still, it's good that the book includes them in its discussion.

5 of 5 people found the following review helpful:

4.0 out of 5 stars Comprehensive look at how to secure a Cisco infrastructure, November 14, 2007

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: End-to-End Network Security: Defense-in-Depth (Paperback)

One of the mistakes many organizations make when it comes to information security is thinking that the firewall will do it all. Management often replies incredulously to a hacking incident with the thought "but don't we have a firewall".

Organizations need to realize a single appliance alone won't protect their enterprise, irrespective of what the makers of such appliances suggest and promise. A true strategy of security defense in depth is required to ensure a comprehensive level of security is implemented. Defense in depth uses multiple computer security technologies to keep organizations risks in check. One example of defense in depth is having an anti-virus and anti-spyware solution both at the user's desktop, and also at the gateway.

With that, End-to-End Network Security: Defense-in-Depth provides an in-depth look at the various issues around defense in depth. Rather than taking a very narrow approach to security, the book focuses on the comprehensive elements of designing a secure information security infrastructure that can really work to ensure an organization is protected against the many different types of threats it will face on a daily basis.

The books 12 chapters provide a broad look at the various ways in which to secure a network. Aside from a minor mistake in chapter 1 where the author confuses encryptions standards and encryption algorithms (but then again, many people make the same mistake), the book provides a clear and to the point approach to the topic at hand. After reading the book, one will have a large amount of the information needed to secure their Cisco-based network.

While it is not in the title, the book is completely centered on Cisco hardware, software, and Cisco IOS. It is a Cisco Press title written by a Cisco employee, as you would expect, it has a heavy Cisco slant. For those that do not work in a Cisco environment, the information in the book will likely be far too Cisco centric for their needs. A review of the index shows that the book provides a near A-Z overview of information security. One of the only missing letters is `J', but then again, that would require writing about Juniper.

Chapter 1 starts off with a detailed overview of the fundamentals of network security technologies. Chapter 2 details the various security frameworks and methodologies around securing network devices. The six-step methodology that the author writes of is comprised of preparation, identification, classification, traceback, reaction and postmortem.

The author mistakenly writes that manual analysis of complex firewall policies is almost impossible because it is very time-consuming. The truth is that the time-consuming aspect does not make it impossible. It can be done, but the author is correct that the use of automated tools makes such analysis much quicker and easier.

Chapters 5 and 6 provide an excellent overview of reacting to information security incidents. The chapters cover all of the necessary details, from laws, log finals, postmortem and more.

Chapter 9 provides and extensive overview of the various elements of IPT security. It includes various ways to protect the many parts of a Cisco IPT infrastructure. In this chapter and the others, the author does a very good job of detailing the various configurations steps necessary to secure a Cisco device, both at the graphical level and also at the ISO command line level.

Chapter 12 concludes the book with 3 case studies of using defense in depth a small, medium and large enterprise networks. Different size networks have different requirements and constraints and are not secured in the same manner.

Overall, End-to-End Network Security: Defense-in-Depth is an excellent and comprehensive book on how to secure a Cisco infrastructure. It details the many threats such an environment will face, and lists countermeasures to mitigate each of those threats. Anyone involved in securing Cisco-based networks will find this book to be quite helpful in their effort to secure their network.

4.0 out of 5 stars Solid reference, August 8, 2011

By 

Avidreader - See all my reviews

This review is from: End-to-End Network Security: Defense-in-Depth (Paperback)

This book's focus is securing Cisco-based networking infrastructure using IOS features and dedicated Cisco security appliances and tools. Understandably, some products referenced have reached End of Life status, like the CSA and CS-MARS.

In the context of CISSP CBK, content applies primarily to "Telecommunications and Network Security", with a sprinkle across some of the other domains. Author skillfully blends together detailed configuration examples, deployment recommendations, several case studies, and articulation of security principles that can apply to any size network or business.

If end-to-end network security and defense-in-depth means to you the inclusion of protection against malware, application layer threats, and social engineering, there is little in the book on these topics. However, if you are looking for a one-stop reference on deployment guidance to harden Cisco-based networks along with a comprehensive list of network security protocols, this is a great reference. With a few exceptions it is as much applicable today as when 1st published in 2007.

One humorous typo is "Security lifecycle:" in "Contents at a glance", vs. "Security lifestyle:" in "Contents" and on page 41 introducing Part II. Your choice!