Hardening Cisco Routers

Autor:: Thomas Akin

Hardening Cisco Routers Thomas Akin - okladka książki

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 194
Dostępne formaty:: ePub

Mobi

Ebook 72,24 zł najniższa cena z 30 dni

~~89,90 zł~~ (-15%)
76,42 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

72,24 zł najniższa cena z 30 dni

Przenieś na półkę

Do przechowalni

As a network administrator, auditor or architect, you know the importance of securing your network and finding security solutions you can implement quickly. This succinct book departs from other security literature by focusing exclusively on ways to secure Cisco routers, rather than the entire network. The rational is simple: If the router protecting a network is exposed to hackers, then so is the network behind it. Hardening Cisco Routers is a reference for protecting the protectors. Included are the following topics:

The importance of router security and where routers fit into an overall security plan
Different router configurations for various versions of Cisco?s IOS
Standard ways to access a Cisco router and the security implications of each
Password and privilege levels in Cisco routers
Authentication, Authorization, and Accounting (AAA) control
Router warning banner use (as recommended by the FBI)
Unnecessary protocols and services commonly run on Cisco routers
SNMP security
Anti-spoofing
Protocol security for RIP, OSPF, EIGRP, NTP, and BGP
Logging violations
Incident response
Physical security

Written by Thomas Akin, an experienced Certified Information Systems Security Professional (CISSP) and Certified Cisco Academic Instructor (CCAI), the book is well organized, emphasizing practicality and a hands-on approach. At the end of each chapter, Akin includes a Checklist that summarizes the hardening techniques discussed in the chapter. The Checklists help you double-check the configurations you have been instructed to make, and serve as quick references for future security procedures.Concise and to the point, Hardening Cisco Routers supplies you with all the tools necessary to turn a potential vulnerability into a strength. In an area that is otherwise poorly documented, this is the one book that will help you make your Cisco routers rock solid.

Wybrane bestsellery

Ebooka "Hardening Cisco Routers" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Hardening Cisco Routers" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Hardening Cisco Routers" zobaczysz:

Oceny i opinie klientów: Hardening Cisco Routers Thomas Akin (0)

Szczegóły książki

ISBN Ebooka:: 978-05-965-5190-2, 9780596551902
Data wydania ebooka :: 2002-02-21 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 761.7kB
Rozmiar pliku Mobi:: 2MB

Zgłoś erratę

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Sieci komputerowe » Cisco

Spis treści książki

Hardening Cisco Routers
- SPECIAL OFFER: Upgrade this ebook with OReilly
- Preface
  - Organization
  - Audience
  - Conventions Used in This Book
  - How to Contact Us
  - Acknowledgments
- 1. Router Security
  - 1.1. Router Security?
  - 1.2. Routers: The Foundation of the Internet
  - 1.3. What Can Go Wrong
    - 1.3.1. Consequences of Compromised Routers
  - 1.4. What Routers Are at Risk?
  - 1.5. Moving Forward
- 2. IOS Version Security
  - 2.1. The Need for a Current IOS
  - 2.2. Determining the IOS Version
  - 2.3. IOS Versions and Vulnerabilities
    - 2.3.1. IOS Versions
    - 2.3.2. IOS Naming Scheme
    - 2.3.3. Vulnerabilities
  - 2.4. IOS Security Checklist
- 3. Basic Access Control
  - 3.1. Authentication Versus Authorization
  - 3.2. Points of Access
  - 3.3. Basic Access Control
    - 3.3.1. Authentication and Authorization
      - 3.3.1.1. Console password
      - 3.3.1.2. AUX and VTY passwords
      - 3.3.1.3. Privileged-level access control
      - 3.3.1.4. Local username access control
      - 3.3.1.5. TACACS access control
      - 3.3.1.6. Disabling console, auxiliary, and VTY logins
    - 3.3.2. TFTP Access
  - 3.4. Remote Administration
    - 3.4.1. Danger of Remote Administration
    - 3.4.2. Dial-up Access
      - 3.4.2.1. Reverse Telnet
    - 3.4.3. VTY Access
      - 3.4.3.1. Disabling VTY access
      - 3.4.3.2. SSH
      - 3.4.3.3. Limiting VTY access by IP
      - 3.4.3.4. Additional VTY settings
    - 3.4.4. HTTP/Web Access
      - 3.4.4.1. Limiting HTTP access by IP
      - 3.4.4.2. HTTP authentication
  - 3.5. Protection with IPSec
    - 3.5.1. Setting up ISAKMP
    - 3.5.2. Creating the IPSec Extended ACL
    - 3.5.3. Creating IPSec Transforms
    - 3.5.4. Creating the Crypto Map
    - 3.5.5. Applying the Crypto Map to an Interface
  - 3.6. Basic Access Control Security Checklist
- 4. Passwords and Privilege Levels
  - 4.1. Password Encryption
    - 4.1.1. Vigenere Versus MD5
  - 4.2. Clear-Text Passwords
  - 4.3. service password-encryption
  - 4.4. Enable Security
  - 4.5. Strong Passwords
  - 4.6. Keeping Configuration Files Secure
  - 4.7. Privilege Levels
    - 4.7.1. Changing Privilege Levels
    - 4.7.2. Default Privilege Levels
    - 4.7.3. Privilege-Level Passwords
    - 4.7.4. Line Privilege Levels
    - 4.7.5. Username Privilege Levels
    - 4.7.6. Changing Command Privilege Levels
    - 4.7.7. Privilege Mode Example
    - 4.7.8. Recommended Privilege-Level Changes
  - 4.8. Password Checklist
- 5. AAA Access Control
  - 5.1. Enabling AAA
  - 5.2. Local Authentication
  - 5.3. TACACS+ Authentication
    - 5.3.1. TACACS+ Enable Password
    - 5.3.2. HTTP Authentication with TACACS+
    - 5.3.3. TACACS+ Authorization
      - 5.3.3.1. EXEC authorization
      - 5.3.3.2. Command authorization
  - 5.4. RADIUS Authentication
    - 5.4.1. RADIUS Enable Password
    - 5.4.2. HTTP Authentication with RADIUS
    - 5.4.3. RADIUS Authorization
  - 5.5. Kerberos Authentication
  - 5.6. Token-Based Access Control
  - 5.7. AAA Security Checklist
- 6. Warning Banners
  - 6.1. Legal Issues
  - 6.2. Example Banner
  - 6.3. Adding Login Banners
    - 6.3.1. MOTD Banner
    - 6.3.2. Login Banner
    - 6.3.3. AAA Authentication Banner
    - 6.3.4. EXEC Banner
  - 6.4. Warning Banner Checklist
- 7. Unnecessary Protocols and Services
  - 7.1. ICMP
    - 7.1.1. ICMP MTU Discovery
    - 7.1.2. ICMP Redirects
      - 7.1.2.1. ICMP redirectssending
      - 7.1.2.2. ICMP redirectsreceiving
    - 7.1.3. ICMP-Directed Broadcasts
    - 7.1.4. ICMP Mask Reply
    - 7.1.5. ICMP Unreachables
    - 7.1.6. ICMP Timestamp and Information Requests
  - 7.2. Source Routing
  - 7.3. Small Services
  - 7.4. Finger
  - 7.5. HTTP
  - 7.6. CDP
  - 7.7. Proxy ARP
  - 7.8. Miscellaneous
  - 7.9. SNMP
  - 7.10. Unnecessary Protocols and Services Checklist
- 8. SNMP Security
  - 8.1. SNMP Versions
    - 8.1.1. SNMP Version 1
    - 8.1.2. SNMP Version 2c
    - 8.1.3. SNMP Version 3
  - 8.2. Securing SNMP v1 and v2c
    - 8.2.1. Enabling SNMP v1 and v2c
      - 8.2.1.1. Community strings
      - 8.2.1.2. Read-only access
      - 8.2.1.3. Read/write access
    - 8.2.2. Disabling SNMP v1 and v2c
      - 8.2.2.1. Disabling read-only access
      - 8.2.2.2. Disabling read/write access
    - 8.2.3. Limiting SNMP v1 and v2c Access by IP
      - 8.2.3.1. Read-only access
      - 8.2.3.2. Read/write access
    - 8.2.4. SNMP Read/Write and TFTP
    - 8.2.5. Limiting SNMP v1 and v2c Access with Views
  - 8.3. Securing SNMP v3
    - 8.3.1. No Authentication/No Encryption
    - 8.3.2. Authentication/No Encryption
    - 8.3.3. Authentication/Encryption
    - 8.3.4. Limiting SNMP v3 Access by IP
    - 8.3.5. Limiting SNMP v3 Output with Views
  - 8.4. SNMP Management Servers
  - 8.5. SNMP Security Checklist
- 9. Secure Routing and Antispoofing
  - 9.1. Antispoofing
    - 9.1.1. Ingress and Egress Filtering
      - 9.1.1.1. Ingress
      - 9.1.1.2. Reserved and private networks
      - 9.1.1.3. Egress
    - 9.1.2. Unicast Reverse Packet Forwarding
  - 9.2. Routing Protocol Security
    - 9.2.1. Static Routing
    - 9.2.2. Authentication
      - 9.2.2.1. RIP v2
      - 9.2.2.2. EIGRP
      - 9.2.2.3. OSPF
      - 9.2.2.4. BGP
    - 9.2.3. Passive Interfaces
      - 9.2.3.1. Passive interfaces
      - 9.2.3.2. OSPF and EIGRP passive interfaces
    - 9.2.4. Route Filtering
      - 9.2.4.1. Global filtering
      - 9.2.4.2. Per-interface filtering
      - 9.2.4.3. Filtering at network borders
  - 9.3. Routing Protocol and Antispoofing Checklist
- 10. NTP
  - 10.1. NTP Overview
  - 10.2. Configuring NTP
    - 10.2.1. Central Server
      - 10.2.1.1. Existing timeserver
      - 10.2.1.2. Synchronized router as a timeserver
      - 10.2.1.3. Unsynchronized router as a timeserver
    - 10.2.2. Flat
    - 10.2.3. Hierarchical
    - 10.2.4. NTP Options
      - 10.2.4.1. Preferred server
      - 10.2.4.2. ntp max-associations
      - 10.2.4.3. ntp disable
    - 10.2.5. Time Zones
    - 10.2.6. Viewing Status
    - 10.2.7. Access Lists
    - 10.2.8. NTP Source Address
    - 10.2.9. Authentication
  - 10.3. NTP Checklist
- 11. Logging
  - 11.1. Logging in General
  - 11.2. Router Logging
    - 11.2.1. Timestamps
    - 11.2.2. Console Logging
      - 11.2.2.1. Changing the console logging level
      - 11.2.2.2. Disabling console logging
    - 11.2.3. Buffered Logging
    - 11.2.4. Terminal Monitor
    - 11.2.5. syslog
      - 11.2.5.1. syslog facilities
      - 11.2.5.2. Configuring syslog logging
      - 11.2.5.3. syslog sequence numbers
      - 11.2.5.4. Throttling syslog messages
    - 11.2.6. SNMP Traps
  - 11.3. ACL Violation Logging
    - 11.3.1. Antispoofing Violations
    - 11.3.2. VTY Access Logging
    - 11.3.3. Other Services
  - 11.4. AAA Accounting
    - 11.4.1. AAA Accounting Methods
    - 11.4.2. AAA Accounting Types
    - 11.4.3. AAA Accounting Configurations
      - 11.4.3.1. Accounting with TACACS+
      - 11.4.3.2. Accounting with RADIUS
      - 11.4.3.3. AAA authentication failure logging
  - 11.5. Logging Checklist
- A. Checklist Quick Reference
  - A.1. Hardening Your Routers
  - A.2. Auditing Your Routers
  - A.3. Cisco Router Security Checklist
    - A.3.1. IOS Security (Chapter 2)
    - A.3.2. Basic Access Control (Chapter 3)
    - A.3.3. Password Security (Chapter 4)
    - A.3.4. AAA Security (Chapter 5)
    - A.3.5. Warning Banners (Chapter 6)
    - A.3.6. Unnecessary Protocols and Services (Chapter 7)
    - A.3.7. SNMP Security (Chapter 8)
    - A.3.8. Routing Protocol and Antispoofing (Chapter 9)
    - A.3.9. NTP Security (Chapter 10)
    - A.3.10. Logging (Chapter 11)
    - A.3.11. Physical Security (Appendix B)
    - A.3.12. Incident Reponse (Appendix C)
- B. Physical Security
  - B.1. Protection Against People
    - B.1.1. Location
    - B.1.2. Doors
    - B.1.3. Locks
      - B.1.3.1. Keyed locks
      - B.1.3.2. Mechanical locks
      - B.1.3.3. Electronic locks
      - B.1.3.4. Card-access locks
      - B.1.3.5. Biometric locks
      - B.1.3.6. Dual-factor locks
    - B.1.4. Personnel
    - B.1.5. Backups
  - B.2. Protection Against Murphy and Mother Nature
    - B.2.1. Fire
    - B.2.2. Water
    - B.2.3. Heat
    - B.2.4. Humidity
    - B.2.5. Electricity
    - B.2.6. Dirt and Dust
  - B.3. Physical Security Checklist
- C. Incident Response
  - C.1. Warning!
  - C.2. Keys to Investigating
    - C.2.1. Change Nothing
    - C.2.2. Record Everything
  - C.3. Attack Versus Accident
  - C.4. Discover What Happened and the Scope of the Incident
  - C.5. Evidence Preservation
  - C.6. Recovering from the Incident
  - C.7. Preventing Future Incidents
  - C.8. Incident Response Checklist
- D. Configuration Examples
  - D.1. Basic Example Configuration
  - D.2. AAA Example Configuration
  - D.3. SNMP Example Configuration
    - D.3.1. SNMP Version 2c
    - D.3.2. SNMP Version 3
  - D.4. HTTP Configuration
- E. Resources
  - E.1. Web Sites
  - E.2. Books
- About the Author
- Colophon
- SPECIAL OFFER: Upgrade this ebook with OReilly