| 41. | - IP Network Traffic Plane Security Concepts
- By
Gregg Schudel, David J. Smith
- Jun 18, 2008
- This chapter introduces the concepts of defense in depth and breadth as applied to IP traffic plane security.
|
| 42. | - SSL VPN Design Considerations
- By
Jazib Frahim, Qiang Huang
- Jun 10, 2008
- This chapter discusses design issues you should consider when you build a Secure Socket Layer (SSL) Virtual Private Network (VPN) solution.
|
| 43. | - Attacking the Spanning Tree Protocol
- By
Eric Vyncke, Christopher Paggen
- Jun 4, 2008
- Conducting STP attacks is now within the reach of a wide population, thanks to the availability of point-and-shoot attacks tools. Fortunately, simple features widely available on a range of switches, such as BPDU-guard, provide effective measures against spanning-tree–based exploits.
|
| 44. | - SSH Security Primer: Server Security Settings
- By
John Traenkenschuh
- Feb 23, 2007
- John Tränkenschuh describes the settings and implementation details important to your OpenSSH server installation. Because an OpenSSH server functions as a VPN gateway as much as a means to transfer files and invoke commands remotely, it's important to get this right.
|
| 45. | - SSH Security Primer: Client Security
- By
John Traenkenschuh
- Feb 16, 2007
- John Tränkenschuh provides a quick survey of SSH client security issues and suggested configurations for the reference SSH distribution, OpenSSH.
|
| 46. | - Broadband Routers and Firewalls
- By
Ido Dubrawsky, Wes Noonan
- Nov 17, 2006
|
| 47. | - Building a Human Firewall: Raising Awareness to Protect Against Social Engineering
- By
Thierry Wohnlich
- Oct 27, 2006
- Thierry Wohnlich proposes an alternate view of information security awareness, a view that takes into consideration the reasons behind the need for awareness, and discusses the role of the individuals in relation to information technology.
|
| 48. | - Creating Custom Policies for the Cisco Security Agent
- By
Chad Sullivan, Jeff Asher, Paul Mauvais
- Jul 14, 2006
- Creating your own policies is a major part of operating a successful CSA deployment. To accomplish this, you must thoroughly understand the components available to you and the methods of research available. Understanding the rule types and the events caused by those rules helps you move forward in your deployment and perform day-to-day support. A solid grasp of the fundamentals and advanced components not only makes you an effective administrator but also an efficient one. This chapter will help you get started with this.
|
| 49. | - Troubleshooting Cisco Secure ACS on Windows
- By
Mynul Hoda
- Jun 16, 2006
- Cisco Secure Access Control Server, which is known as CS ACS, fills the server-side requirement of the Authentication, Authorization, and Accounting (AAA) client server equation. For many security administrators, the robust and powerful AAA engine, along with CS ACS's ability to flexibly integrate with a number of external user databases, makes the CS ACS software the first and sometimes only choice for an AAA server-side solution. This chapter explores CS ACS in detail and walks you through troubleshooting steps. The chapter focuses on the approach required to troubleshoot any issue efficiently, either with the CS ACS software itself or with the whole AAA process.
|
| 50. | - Penetration Testing and Network Defense: Performing Host Reconnaissance
- By
Andrew Whitaker, Daniel Newman
- Jun 2, 2006
- Malicious hackers also value reconnaissance as the first step in an effective attack. For them, seeing what is on the "other side of the hill" is crucial to knowing what type of attack to launch. Although penetration testers might not always have the luxury of time that a malicious hacker might have, they do recognize the value of reconnaissance. This chapter will help you develop network reconnaissance skills to help you protect your network from intrusion.
|
| 51. | - Intrusion Prevention: Signatures and Actions
- By
Earl Carter, Jonathan Hogue
- May 26, 2006
- Attack signatures have been around for long enough that the definition should be universally understood, but that's not the case. Simply put, an IPS signature is any distinctive characteristic that identifies something. Using this definition, all IPS products use signatures of some kind, regardless of what the product descriptions claim. To find something and stop it, you must be able to identify it, and for you to identify it, it must display a distinct characteristic. This chapter introduces you to the concept of signatures.
|
| 52. | - Home Network Router Security Secrets
- By
Andy Walker
- Apr 7, 2006
- Ever delve inside your home network routers and use the hidden security settings that can lock down a network nice and tight? Most people never do. Andy Walker reveals 10 secrets on how to easily access your router's security settings.
|
| 53. | - A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- By
Seth Fogie
- Mar 31, 2006
- Students-turned-IT managers faced off against experienced hackers at the Mid-Atlantic Regional Collegiate Cyber Defense Competition. Seth Fogie witnessed this real-world competition and reports on its unexpected twists, turns, and even drama.
|
| 54. | - Cisco ASA Security Contexts
- By
Omar Santos, Jazib Frahim
- Dec 16, 2005
- The virtual firewall methodology enables a physical firewall to be partitioned into multiple standalone firewalls. Each standalone firewall acts and behaves as an independent entity with its own configuration, interfaces, security policies, routing table, and administrators. In Cisco ASA, these virtual firewalls are known as security contexts. This chapter covers security contexts in detail.
|
| 55. | - Corporate Governance, Business Continuity Planning, and Disaster Recovery
- By
Michelle Johnston Sollicito
- Dec 1, 2005
- To protect business stakeholders, corporate governance focuses a sharp eye on all measures and systems within the organization to ensure compliance with laws, regulations, and standards. Michelle Johnston Sollicito points out the many required aspects of a proper business continuity plan and shows you where to look for holes in your process.
|
| 56. | - IPSec Authentication and Authorization Models
- By
Vijay Bollapragada, Mohamed Khalid, Scott Wainner
- Oct 21, 2005
- This chapter covers IPSec features and mechanisms that are primarily targeted at the authentication of remote access users. You'll learn about XAUTH, which provides extended authentication for IPSec telecommuters by using authentication schemes such as RADIUS. MODECFG uses a push model to push attributes to the IPSec client.
|
| 57. | - Analyzing MPLS VPN Security
- By
Michael H. Behringer, Monique Morrow
- Oct 6, 2005
- VPN users have certain expectations and requirements for their VPN service. In a nutshell, they want their service to be both private and secure. In other words, they want their VPN to be as secure as with dedicated circuits while gaining the scalability benefits of a shared infrastructure. Both concepts, of privacy and security, are not black and white, and need to be defined for a real world implementation. This chapter introduces you to VPN MPLS security requirements.
|
| 58. | - Two-Factor Authentication in Windows
- By
Rick Cook
- Oct 6, 2005
- Simple passwords aren't good enough any more, as the flood of stories about phishing, fraud, and compromised accounts by the millions demonstrate. The Next Big Thing in computer security is two-factor authentication and, like it or not, you're probably going to be dealing with it in the next year or so. But two-factor authentication is a concept, not a product, and how it's implemented is critical to its success.
|
| 59. | - Improve Your Network's Security Using Network Admission Control
- By
Sean Convery
- Aug 26, 2005
- Is there a place for security focused on the good guys in networking? There is, and one of the latest additions to this area of security is called Network Admission Control (NAC). Sean Convery introduces NAC, a security measure built around the idea that asking specific questions of an organization's end hosts can improve the overall security of a network by improving the compliance of end systems to a given admission policy.
|
| 60. | - Deploying Secure Internet Connectivity with Cisco ASA and PIX Firewalls
- By
Greg Abelar
- Aug 5, 2005
- This chapter provides you with the necessary information to use the ASDM Startup Wizard to perform the initial configuration of your network. It provides a step-by-step procedure explaining how to use the ASDM Startup Wizard to set up the initial configuration for your ASA/PIX Security Appliance.
|
