larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Network Security First-Step, 2nd Edition

Best Value Purchase

Book + eBook Bundle

  • Your Price: $37.92
  • List Price: $60.78
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Individual Purchases


  • Your Price: $29.59
  • List Price: $36.99
  • Usually ships in 24 hours.

eBook (Watermarked)

  • Your Price: $19.03
  • List Price: $23.79
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

  • About
  • Description
  • Extras
  • Sample Content
  • Updates


  • For everyone who wants to learn about network security and build a career in this crucial, fast-growing profession
  • Updated, easy-to-understand introductions to hackers, attacks, security tools/technologies, networking equipment, wireless security, and more
  • Authoritative, step-by-step, best-practice guidance on preparing for and reacting to security incidents

  • Copyright 2012
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 448
  • Edition: 2nd
  • Book
  • ISBN-10: 1-58720-410-X
  • ISBN-13: 978-1-58720-410-4

Network Security first-step

Second Edition

Tom Thomas and Donald Stoddard

Your first step into the world of network security

  • No security experience required
  • Includes clear and easily understood explanations
  • Makes learning easy

Your first step to network security begins here!

  • Learn how hacker attacks work, from start to finish
  • Choose the right security solution for each type of risk
  • Create clear and enforceable security policies, and keep them up to date
  • Establish reliable processes for responding to security advisories
  • Use encryption effectively, and recognize its limitations
  • Secure your network with firewalls, routers, and other devices
  • Prevent attacks aimed at wireless networks

No security experience required!

Computer networks are indispensible, but they also are not secure. With the proliferation of security threats, many people and companies are looking for ways to increase the security of their networks and data. Before you can effectively implement security technologies and techniques, you need to make sense of this complex and quickly evolving world of hackers and malware, as well as the tools to combat them.

Network Security First-Step, Second Edition explains the basics of network security in easy-to-grasp language that all of us can understand. This book takes you on a guided tour of the core technologies that make up and control network security. Whether you are looking to take your first step into a career in network security or simply are interested in gaining knowledge of the technology, this book is for you!

Online Sample Chapter

Network Security First-Step: Firewalls

Sample Pages

Download the sample pages (includes Chapter 7 and Index)

Table of Contents

Introduction xxii

Chapter 1 There Be Hackers Here! 1

Essentials First: Looking for a Target 2

Hacking Motivations 3

Targets of Opportunity 4

Are You a Target of Opportunity? 6

Targets of Choice 7

Are You a Target of Choice? 7

The Process of an Attack 9

Reconnaissance 9

Footprinting (aka Casing the Joint) 11

Scanning 18

Enumeration 23

Enumerating Windows 24

Gaining Access 26

Operating System Attacks 27

Application Attacks 27

Misconfiguration Attacks 28

Scripted Attacks 29

Escalating Privilege 30

Covering Tracks 31

Where Are Attacks Coming From? 32

Common Vulnerabilities, Threats, and Risks 33

Overview of Common Attacks and Exploits 36

Network Security Organizations 39

CERT Coordination Center 40


Center for Internet Security (CIS) 40


Internet Storm Center 41

National Vulnerability Database 41

Security Focus 42

Learning from the Network Security Organizations 42

Chapter Summary 43

Chapter Review 43

Chapter 2 Security Policies 45

Responsibilities and Expectations 50

A Real-World Example 50

Who Is Responsible? You Are! 50

Legal Precedence 50

Internet Lawyers 51

Evolution of the Legal System 51

Criminal Prosecution 52

Real-World Example 52

Individuals Being Prosecuted 53

International Prosecution 53

Corporate Policies and Trust 53

Relevant Policies 54

User Awareness Education 54

Coming to a Balance 55

Corporate Policies 55

Acceptable Use Policy 57

Policy Overview 57

Purpose 58

Scope 58

General Use and Ownership 58

Security and Proprietary Information 59

Unacceptable Use 60

System and Network Activities 61

Email and Communications Activities 62

Enforcement 63

Conclusion 63

Password Policy 64

Overview 64

Purpose 64

Scope 64

General Policy 65

General Password Construction Guidelines 66

Password Protection Standards 67

Enforcement 68

Conclusion 68

Virtual Private Network (VPN) Security Policy 69

Purpose 69

Scope 69

Policy 70

Conclusion 71

Wireless Communication Policy 71

Scope 72

Policy Statement 72

General Network Access Requirements 72

Lab and Isolated Wireless Device Requirements 72

Home Wireless Device Requirements 73

Enforcement 73

Definitions 73

Revision History 73

Extranet Connection Policy 74

Purpose 74

Scope 74

Security Review 75

Third-Party Connection Agreement 75

Business Case 75

Point of Contact 75

Establishing Connectivity 75

Modifying or Changing Connectivity and Access 76

Terminating Access 76

Conclusion 76

ISO Certification and Security 77

Delivery 77

ISO/IEC 27002 78

Sample Security Policies on the Internet 79

Industry Standards 79

Payment Card Industry Data Security Standard (PCI DSS) 80

Sarbanes-Oxley Act of 2002 (SOX) 80

Health Insurance Portability and Accounting Act (HIPAA) of 1996 81

Massachusetts 201: Standards for the Protection of Personal Information of Residents of the Commonwealth 81

SAS 70 Series 82

Chapter Summary 82

Chapter Review 83

Chapter 3 Processes and Procedures 85

Security Advisories and Alerts: Getting the Intel You Need to Stay Safe 86

Responding to Security Advisories 87

Step 1: Awareness 88

Step 2: Incident Response 90

Step 3: Imposing Your Will 95

Steps 4 and 5: Handling Network Software Updates (Best Practices) 96

Industry Best Practices 98

Use a Change Control Process 98

Read All Related Materials 98

Apply Updates as Needed 99

Testing 99

Uninstall 99

Consistency 99

Backup and Scheduled Downtime 100

Have a Back-Out Plan 100

Forewarn Helpdesk and Key User Groups 100

Don't Get More Than Two Service Packs Behind 100

Target Noncritical Servers/Users First 100

Service Pack Best Practices 101

Hotfix Best Practices 101

Service Pack Level Consistency 101

Latest Service Pack Versus Multiple Hotfixes 101

Security Update Best Practices 101

Apply Admin Patches to Install Build Areas 102

Apply Only on Exact Match 102

Subscribe to Email Notification 102

Summary 102

Chapter Review and Questions 104

Chapter 4 Network Security Standards and Guidelines 105

Cisco SAFE 2.0 106

Overview 106

Purpose 106

Cisco Validated Design Program 107

Branch/WAN Design Zone Guides 107

Campus Design Zone Guides 107

Data Center Design Zone Guides 108

Security Design Zone Guides 109

Cisco Best Practice Overview and Guidelines 110

Basic Cisco IOS Best Practices 110

Secure Your Passwords 110

Limit Administrative Access 111

Limit Line Access Controls 111

Limit Access to Inbound and Outbound Telnet (aka vty Port) 112

Establish Session Timeouts 113

Make Room Redundancy 113

Protect Yourself from Common Attacks 114

Firewall/ASAs 115

Encrypt Your Privileged User Account 115

Limit Access Control 116

Make Room for Redundant Systems 116

General Best Practices 117

Configuration Guides 117

Intrusion Prevention System (IPS) for IOS 117

NSA Security Configuration Guides 118

Cisco Systems 119

Switches Configuration Guide 119

VoIP/IP Telephony Security Configuration Guides 119

Microsoft Windows 119

Microsoft Windows Applications 120

Microsoft Windows 7/Vista/Server 2008 120

Microsoft Windows XP/Server 2003 121

Apple 121

Microsoft Security 121

Security Policies 121

Microsoft Windows XP Professional 122

Microsoft Windows Server 2003 122

Microsoft Windows 7 122

Windows Server 2008 123

Microsoft Security Compliance Manager 124

Chapter Summary 125

Chapter Link Toolbox Summary 125

Chapter 5 Overview of Security Technologies 127

Security First Design Concepts 128

Packet Filtering via ACLs 131

Grocery List Analogy 132

Limitations of Packet Filtering 136

Stateful Packet Inspection 136

Detailed Packet Flow Using SPI 138

Limitations of Stateful Packet Inspection 139

Network Address Translation (NAT) 140

Increasing Network Security 142

NAT's Limitations 143

Proxies and Application-Level Protection 144

Limitations of Proxies 146

Content Filters 147

Limitations of Content Filtering 150

Public Key Infrastructure 150

PKI's Limitations 151

Reputation-Based Security 152

Reactive Filtering Can't Keep Up 154

Cisco Web Reputation Solution 155

AAA Technologies 156

Authentication 156

Authorization 157

Accounting 157

Remote Authentication Dial-In User Service (RADIUS) 158

Terminal Access Controller Access Control System (TACACS) 159


Two-Factor Authentication/Multifactor Authentication 161

IEEE 802.1x: Network Access Control (NAC) 162

Network Admission Control 163

Cisco TrustSec 164

Solution Overview 164

Cisco Identity Services Engine 166

Chapter Summary 168

Chapter Review Questions 168

Chapter 6 Security Protocols 169

Triple DES Encryption 171

Encryption Strength 171

Limitations of 3DES 172

Advanced Encryption Standard (AES) 172

Different Encryption Strengths 173

Limitations of AES 173

Message Digest 5 Algorithm 173

MD5 Hash in Action 175

Secure Hash Algorithm (SHA Hash) 175

Types of SHA 176

SHA-1 176

SHA-2 176

Point-to-Point Tunneling Protocol (PPTP) 177

PPTP Functionality 177

Limitations of PPTP 178

Layer 2 Tunneling Protocol (L2TP) 179

L2TP Versus PPTP 180

Benefits of L2TP 180

L2TP Operation 181

Secure Shell (SSH) 182

SSH Versus Telnet 184

SSH Operation 186

Tunneling and Port Forwarding 187

Limitations of SSH 188

SNMP v3 188

Security Built In 189

Chapter Summary 192

Chapter Review Questions 192

Chapter 7 Firewalls 193

Firewall Frequently Asked Questions 194

Who Needs a Firewall? 195

Why Do I Need a Firewall? 195

Do I Have Anything Worth Protecting? 195

What Does a Firewall Do? 196

Firewalls Are The Security Policy 197

We Do Not Have a Security Policy 200

Firewall Operational Overview 200

Firewalls in Action 202

Implementing a Firewall 203

Determine the Inbound Access Policy 205

Determine Outbound Access Policy 206

Essentials First: Life in the DMZ 206

Case Studies 208

Case Study: To DMZ or Not to DMZ? 208

Firewall Limitations 214

Chapter Summary 215

Chapter Review Questions 216

Chapter 8 Router Security 217

Edge Router as a Choke Point 221

Limitations of Choke Routers 223

Routers Running Zone Based Firewall 224

Zone-Based Policy Overview 225

Zone-Based Policy Configuration Model 226

Rules for Applying Zone-Based Policy Firewall 226

Designing Zone-Based Policy Network Security 227

Using IPsec VPN with Zone-Based Policy Firewall 228

Intrusion Detection with Cisco IOS 229

When to Use the FFS IDS 230

FFS IDS Operational Overview 231

FFS Limitations 233

Secure IOS Template 234

Routing Protocol Security 251

OSPF Authentication 251

Benefits of OSPF Neighbor Authentication 252

When to Deploy OSPF Neighbor Authentication 252

How OSPF Authentication Works 253

Chapter Summary 254

Chapter Review Questions 255

Chapter 9 IPsec Virtual Private Networks (VPNs) 257

Analogy: VPNs Securely Connect IsLANds 259

VPN Overview 261

VPN Benefits and Goals 263

VPN Implementation Strategies 264

Split Tunneling 265

Overview of IPsec VPNs 265

Authentication and Data Integrity 268

Tunneling Data 269

VPN Deployment with Layered Security 270

IPsec Encryption Modes 271

IPsec Tunnel Mode 271

Transport Mode 272

IPsec Family of Protocols 272

Security Associations 273

ISAKMP Overview 273

Internet Key Exchange (IKE) Overview 274

IKE Main Mode 274

IKE Aggressive Mode 275

IPsec Security Association (IPsec SA) 275

IPsec Operational Overview 276

IKE Phase 1 277

IKE Phase 2 278

Perfect Forward Secrecy 278

Diffie-Hellman Algorithm 279

Router Configuration as VPN Peer 281

Configuring ISAKMP 281

Preshared Keys 282

Configuring the ISAKMP Protection Suite 282

Configuring the ISAKMP Key 283

Configuring IPsec 284

Step 1: Create the Extended ACL 284

Step 2: Create the IPsec Transforms 284

Step 3: Create the Crypto Map 285

Step 4: Apply the Crypto Map to an Interface 286

Firewall VPN Configuration for Client Access 286

Step 1: Define Interesting Traffic 288

Step 2: IKE Phase 1[udp port 500] 288

Step 3: IKE Phase 2 288

Step 4: Data Transfer 289

Step 5: Tunnel Termination 289

SSL VPN Overview 289

Comparing SSL and IPsec VPNs 290

Which to Deploy: Choosing Between IPsec and SSL VPNs 292

Remote-Access VPN Security Considerations 293

Steps to Securing the Remote-Access VPN 294

Cisco AnyConnect VPN Secure Mobility Solution 295

Chapter Summary 296

Chapter Review Questions 297

Chapter 10 Wireless Security 299

Essentials First: Wireless LANs 301

What Is Wi-Fi? 302

Benefits of Wireless LANs 303

Wireless Equals Radio Frequency 303

Wireless Networking 304

Modes of Operation 305

Coverage 306

Bandwidth Availability 307

WarGames Wirelessly 307

Warchalking 308

Wardriving 309

Warspamming 311

Warspying 312

Wireless Threats 312

Sniffing to Eavesdrop and Intercept Data 313

Denial-of-Service Attacks 315

Rogue/Unauthorized Access Points 316

Misconfiguration and Bad Behavior 317

AP Deployment Guidelines 317

Wireless Security 318

Service Set Identifier (SSID) 318

Device and Access Point Association 319

Wired Equivalent Privacy (WEP) 319

WEP Limitations and Weaknesses 320

MAC Address Filtering 320

Extensible Authentication Protocol (EAP) 321

LEAP 322




Essential Wireless Security 323

Essentials First: Wireless Hacking Tools 325

NetStumbler 325

Wireless Packet Sniffers 326

Aircrack-ng 327

OmniPeek 327

Wireshark 329

Chapter Summary 329

Chapter Review Questions 330

Chapter 11 Intrusion Detection and Honeypots 331

Essentials First: Intrusion Detection 333

IDS Functional Overview 335

Host Intrusion Detection System 340

Network Intrusion Detection System 341

Wireless IDS 343

Network Behavior Analysis 344

How Are Intrusions Detected? 345

Signature or Pattern Detection 346

Anomaly-Based Detection 346

Stateful Protocol Analysis 347

Combining Methods 347

Intrusion Prevention 347

IDS Products 348

Snort! 348

Limitations of IDS 350

Essentials First: Honeypots 354

Honeypot Overview 354

Honeypot Design Strategies 356

Honeypot Limitations 357

Chapter Summary 357

Chapter Review Questions 357

Chapter 12 Tools of the Trade 359

Essentials First: Vulnerability Analysis 361

Fundamental Attacks 361

IP Spoofing/Session Hijacking 362

Packet Analyzers 363

Denial of Service (DoS) Attacks 363

Other Types of Attacks 366

Back Doors 368

Security Assessments and Penetration Testing 370

Internal Vulnerability and Penetration Assessment 370

Assessment Methodology 371

External Penetration and Vulnerability Assessment 371

Assessment Methodology 372

Physical Security Assessment 373

Assessment Methodology 373

Miscellaneous Assessments 374

Assessment Providers 375

Security Scanners 375

Features and Benefits of Vulnerability Scanners 376

Freeware Security Scanners 376

Metasploit 376

NMAP 376


Nessus 377

Retina Version 5.11.10 380

CORE IMPACT Pro (a Professional Penetration Testing Product) 382

In Their Own Words 383

Scan and Detection Accuracy 384

Documentation 384

Documentation and Support 386

Vulnerability Updates 386

Chapter Summary 386

Chapter Review Questions 387

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020