Hardening Network Security [Illustrated] [Paperback]

John Mallery (Author), Jason Zann (Author), Patrick Kelly (Author), Wesley Noonan (Author), Eric S. Seagren (Author), Paul Love (Author), Rob Kraft (Author), Mark O'Neill (Author), Robert McMullin (Author)

Book Description

ISBN-10: 0072257032 | ISBN-13: 978-0072257038 | Publication Date: January 11, 2005 | Edition: 1

Take a proactive approach to network security by implementing preventive measures against attacks--before they occur. Written by a team of security experts, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan.

Features a four-part hardening methodology:

• Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack
• Take It From The Top--Systematic approach to hardening your enterprise from the top down
• Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing
• How to Succeed--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program

Editorial Reviews

From the Back Cover

Take a proactive approach to enterprise network security by implementing preventive measures against attacks before they occur. Written by a team of IT security specialists, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Whether you’re working on a Windows, UNIX, wireless, or mixed network, you’ll get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan. With coverage of all major platforms and applications, this book is an essential security tool for on-the-job IT professionals. Features a four-part hardening methodology:

• Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack
• Take It From The Top--Systematic approach to hardening your enterprise from the top down, focusing on network, data, and software access, storage, and communications
• Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing
• How to Succeed at Hardening Network Security--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program

John Mallery is a Managing Consultant at BKD, LLP, and a veteran security specialist.

Jason Zann, CISSP, is an Information Security Consultant for DST Systems.

Patrick Kelly, CISSP, CCSE, MCSE, MCP+I, is an Information Assurance Engineer for ComGlobal Systems, Inc.

Paul Love, MS Network Security, CISSP, CISM, CISA, is a Security Manager with a large financial institution.

Wesley Noonan, MCSE, CCNA, CCDA, NNCSS, Security+, is a Senior Network Consultant for Collective Technologies, LLC.

Eric S. Seagren, CISSP, ISSAP, SCNP, CCNA, CNE, MCP+I, MCSE, is an IT architect, designing secure, scalable, and redundant networks.

Rob Kraft is the director of software development for KCX, Inc. Mark O’Neil is the CTO of Vordel and principal author of Web Services Security.

Series Editor and author Roberta Bragg, CISSP, MCSE: Security, Security+, writes a column for Redmond Magazine and writes the weekly Security Watch newsletter. She is the author of Hardening Windows Systems and several other information security books.

About the Author

John Mallery is a Managing Consultant at BKD, LLP, and a veteran security specialist. Previously, he was CTO of Clarence M. Kelley and Associates, Inc, a private investigation and security consulting company founded by the former director of the FBI. John is a nationally recognized public speaker and trainer in the area of computer forensics and computer security. He has developed continuing legal education programs for the legal community and POST accredited programs for law enforcement. His presentations always receive excellent evaluations at national conferences. John draws upon his unique experiences as an investigator, network security consultant, and comedian to provide presentations that are both informative and entertaining. John is a member of the Information Technology Security Council for ASIS International, a member of the High Technology Crime Investigation Association, Infragard, and a contributing editor for Security Technology and Design magazine.

Jason Zann, CISSP, is currently an Information Security Consultant for DST Systems, Inc. With over nine years as an information security professional, he has been responsible for management, operational, and technical developments for information security products, systems, networks, and processes on a global scale. He has worked for corporate, product, and consulting organizations delivering a range of information security concepts and solutions.

Patrick W. Kelly, CISSP, CCSE, MCSE, MCP+I, currently serves as Information Assurance Engineer for ComGlobal Systems, Inc. Patrick has more than 15 years of combined application development and network security experience. In his current position he is responsible for Enterprise Security Awareness Programs, Vulnerability and Risk Assessment, and Security Component Design and Build. Throughout his career, Patrick has been responsible for implementation and development of network security programs. Some of these projects include: Intrusion Detection and Reaction Systems, Firewall Technology Design and Implementation

Wesley J. Noonan (Houston, TX), MCSE, CCNA, CCDA, NNCSS, Security +, has been working in the computer industry for more than 11 years, specializing in Windows-based networks and network infrastructure design and implementation. He is a Senior Network Consultant for Collective Technologies, LLC (http://www.colltech.com), a company that specializes in storage, server and network design, architecture, implementation, and security. Wes got his start in the United States Marine Corps working on its Banyan VINES network, and has since worked on building and designing secure networks ranging in size from 25 to 25,000 users. Wes prreviously worked in R&D for BMC Software, Inc., on their PATROL management solutions, architecting and testing their network and application management products. Wes is also an active trainer, developing and teaching his own custom, Cisco-based routing and switching curriculum. He has spoken at a number of technical conferences and user groups and is a member of the Ask the Experts panel at http://searchwindowssecutiry.techtarget.com. Wes is also the author of Hardening Network Infrastructure (McGraw-Hill/Osbourne, 2004).

Eric S. Seagren,(Missouri City, TX), CISSP, ISSAP, SCNP, CCNA, CNE, MCP+I, MCSE, has nine years of experience in the computer industry, with the last eight years spent in the financial services industry working for a fortune 100 company. Eric started his computer career working on Novell servers and performing general network troubleshooting for a small Houston-based company. While working in the financial services industry, his duties have included server administration, disaster recovery responsibilities, business continuity coordinator, and Y2K remediation responsibilities. He has spent the last four years as an IT architect, designing secure, scalable, and redundant networks. His design experience includes the implementation of intrusion detection systems, and the security evaluation of network designs and network device configurations.

Paul Love, CISSP, CISA, CISM, Security +, is a Security Manager for a large financial institution and has been in the IT field for 15 years. Paul holds a master of science degree in network security and a bachelor’s degree in information systems. He is a coauthor of the book Hardening Linux (McGraw-Hill/Osborne, 2004) and has been the technical editor for over ten best-selling Linux and Unix books. Paul ran a successful Linux portal site during the dot com era.

Rob Kraft is the director of software development for KCX, Inc. Rob spent two years as a Microsoft Certified Trainer teaching classes on SQL Server and Visual Basic. He is also certified by IBM to teach DB2 and WebSphere. In addition to teaching, Rob spent 15 years developing applications on a range of platforms, development languages, and database management systems. Rob coauthored books on Microsoft SQL Server and has presented SQL Server, Internet Security, and Visual Basic at conferences and seminars. In his spare time, Rob assists local nonprofits with IT and other needs. You may contact Rob at http://www.RobKraft.org.

Mark O’Neill is the principal author of Web Services Security (McGraw-Hill/Osborne, 2003). Mark has written on the topic of XML and web services security in magazines such as Web Services Journal, XML Journal, Java Pro, Enterprise Architect, Infoconomy, and Technology for Finance. As Chief Technical Officer at Vordel, a pioneering vendor of XML security products, Mark has met many early adopters of XML, gathering and synthesizing their security requirements. Mark regularly presents training courses on web services security in London, California, and on the U.S. East Coast. For the past four years, he has been chosen as a speaker on the topic of XML security at the RSA Conference, the infosec industry’s largest annual conference. Mark lives in an old house in Boston’s up-and-coming Roslindale neighborhood, with Kristen and their two-year-old son Ben.

Product Details

• Paperback: 608 pages
• Publisher: McGraw-Hill Osborne Media; 1 edition (January 11, 2005)
• Language: English
• ISBN-10: 0072257032
• ISBN-13: 978-0072257038
• Product Dimensions: 8.9 x 7.4 x 4.7 inches
• Shipping Weight: 2.2 pounds (View shipping rates and policies)
• Average Customer Review: 4.8 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #364,934 in Books (See Top 100 in Books)

More About the Author

Paul has been in the Information Security field for about 20 years, and has recently expanded his role into Business Continuity. Paul is passionate about understanding how Information Security and Business Continuity can help organizations achieve their goals. Paul's philosophy is that the best path to security and business continuity is the least complex and most business aligned approach.

----

More detailed biography - http://www.securecomputer.org/about/

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

4.0 out of 5 stars Thorough overview of security improvement, but beware some details, February 4, 2006

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Hardening Network Security (Paperback)

As a security consultant I am sometimes asked for reference books for new security managers. These individuals need help bringing their enterprise under control. Hardening Network Security is a good book for this sort of problem, although it is important to recognize a few technical errors outlined below.

My favorite part of the book is Ch 1 ("Do these seven things before you do anything else"). The seven are (1) change default account settings; (2) use administrator accounts for administrator tasks only; (3) identify unused or unnecessary ports; (4) disable/shut down/remove unused and unnecessary services and daemons; (5) remove rogue connections; (6) set up filters for malicious content; and (7) test backup and restore procedures. Ch 1 was the most helpful section, in my opinion. The author should have mentioned Windows tools from SysInternals, however, and warned that rootkits obscure processes, files, and other information reported by compromised operating systems.

Part II gives hardening recommendations for the enterprise. Segmentation, identity management, authentication, Web services, mobile devices, stored data, databases, OS access control, encrypting transport, remote access, wireless, UNIX, IDS and incident response, malware, and "wetware" appear in Part II. Part III discusses operational issues like assessments, change management, patching, and security reviews. Part IV finishes with management politics and "security apathy."

A great deal of the material is helpful. Most of the book takes a high-level approach to enterprise security. Some sections (like the Web services chapter) are far too complex for managers; their eyes will cross while reviewing SOAP headers. Some sections have a dated feel, like the mention of standard and extended Cisco ACLs (Ch 2) without discussion of reflexive or other modern ACLs. The same chapter says routers filter at layer 3, ignoring the fact that the extended ACLs just mentioned operate at layer 4 (where TCP and UDP ports appear). Page 54 in Ch 2 says "circuit-level firewalls work at Layer 6, the presentation layer...[and] verify the handshaking process of each connection (SYN,ACK,SYN-ACK)." Ouch, that is wrong on multiple levels. One note on a typo -- in Figure 11.3, Zone 1 and Zone 3 should be interchanged.

Ch 6 mentions Bluetooth, but says Bluetooth attacks are "relatively close proximity" problems where "attacks on these types of devices [are] limited to 10 meters." We know this is not true. Ch 14 covers intrusion detection and response, which I reviewed closely. Page 369 makes the following odd statement: "Spanning and mirroring have inherent weaknesses, as they will not forward 100 percent of the traffic to the NIDS port. In addition, the mirrored switch can produce collisions, and the operation of the switch begins to approach the same functionality of a hub." That is a really bizarre claim, especially because the author's "solution" to this problem is worse than a SPAN port. He advocates using taps (on each "resource to monitor", which is expensive), and shows in Figure 14-1 connecting the tap outputs to a hub, where the IDS also listens. That configuration is guaranteed to drop traffic due to collisions; please see my blog for details.

There is a lot of good material in Hardening Network Security, so I didn't want to lower my rating for the several serious technical shortcomings I previously identified. Rather, buy the book, cross out the incorrect material listed, and enjoy the rest.

2 of 2 people found the following review helpful:

5.0 out of 5 stars Common sense advice, February 22, 2005

By 

Paul Klahn (Kansas City, MO) - See all my reviews
(REAL NAME)   

This review is from: Hardening Network Security (Paperback)

This book is a useful compilation of common sense, practical security recommendations and procedures for the everyday manager or administrator. It is written in a way that covers a variety of critical topics without getting overly technical or talking of the sake of talking.

There are frequent references to additional resources you can use to drill down in any of the topic areas. The use of several authors to share their stronger areas makes this a better resource. The book does a good job of approaching timely security risks such as database and application security, as well as devoting several chapters to management issues of great use to technical staff and management.

The recurring "HEADS UP!" type of reference boxes are overly annoying, but I assume this is a publisher issue and they really don't detract from the content.

0 of 1 people found the following review helpful:

5.0 out of 5 stars CISA Lifesaver, June 20, 2010

By 

J. Foley (Tallahassee, FL) - See all my reviews
(REAL NAME)   

This review is from: Hardening Network Security (Paperback)

I just finished taking the CISA examination one week ago. I have an audit background but had to learn the IT information from the ground up.

I purchased a half-dozen books and this was one of two books that I ended up using every day. While a technical guide, the excellent writing style helps it serve as an excellent mentor to the individual who has only a limited knowledge of network security.

This will remain a primary reference on my desktop for a long time. The other book is Network Security Bible.