1st Edition

Securing and Controlling Cisco Routers





ISBN 9780849312908
Published May 15, 2002 by Auerbach Publications
736 Pages 32 B/W Illustrations

USD $140.00

Prices & shipping based on shipping country


Preview

Book Description

Securing and Controlling Cisco Routers demonstrates proven techniques for strengthening network security. The book begins with an introduction to Cisco technology and the TCP/IP protocol suite. Subsequent chapters cover subjects such as routing, routing protocols, IP addressing, and Cisco Authentication, Authorization, and Accounting services (AAA). The text then addresses standard, extended, time-based, dynamic, and reflexive access lists, as well as context-based control and Cisco Encryption Technology.

At the end of most chapters, readers will find the unique opportunity to practice what they have learned. Readers will be able to log on to a real router, practice commands, and gather information as shown in the chapter. To further round out this understanding of routers, Securing and Controlling Cisco Routers reviews Trojan Ports and Services and provides additional resources such as Web sites, mailing lists, bibliographies, glossaries, acronyms, and abbreviations.

Table of Contents

THE BASICS
The Need for Security
The New Reality
Designing the Security Infrastructure
Identifying Security Risks and Threats
Practice Session
Security and Audit Checklist
Conclusion
Understanding OSI and TCP/IP
The OSI Model
TCP/IP Overview
Practice Session
Security and Audit Checklist
Conclusion
Routed and Routing Protocols
Routing Activities
Routable Protocols
Routing Protocols
Routing Protocol Basics
Practice Session
Security and Audit Checklist
Conclusion
Understanding Router Basics
Router Overview
Router Modes
Router Components
Router Status
Practice Session
Security and Audit Checklist
Conclusion
Router Management
Router Setup
Updating the IOS
Troubleshooting
Logging
Recording Access List Violations
Log Processing
Simple Network Management Protocol (SNMP)
Cisco Discovery Protocol
Last Word on Management
Practice Session
Security and Audit Checklist
Conclusion

PREVENTING UNAUTHORIZED ACCESS: NETWORKING DEVICE
Implementing Non-AAA Authentication
Authentication
Using Router Passwords
Configuring Line Password Protection
Setting TACACS Passwords for Privileged EXEC Mode
Establishing Username Authentication
Enabling CHAP or PAP Authentication
Configuring TACACS and Extended TACACS Password Protection
General Interactive Access
Warning Banners and Router Identification
Practice Session
Security and Audit Checklist
Conclusion
Implementing AAA Security Services
Accessing the Network
Defining AAA
Selecting Security Servers
Practice Session
Security and Audit Checklist
Conclusion
Implementing AAA Authentication
Using Method Lists
AAA Authentication Methods
Configuring Login Authentication
Configuring PPP Authentication
Configuring ARA Authentication
Configuring NASI Authentication
Specifying the Amount of Time for Login Input
Enabling Password Protection at the Privileged Level
Changing the Text Displayed at the Password Prompt
Configuring Message Banners for AAA Authentication
Practice Session
Security and Audit Checklist
Conclusion
Implementing AAA Authorization
Starting with AAA Authorization
Understanding AAA Authorization
Disabling Authorization for Global Configuration Commands
Authorization for Reverse Telnet
Authorization Attribute-Value Pairs
Practice Session
Security and Audit Checklist
Conclusion
Implementing AAA Accounting
Starting with Accounting
Configuring Accounting
Understanding AAA Accounting Types
Applying a Named List
Suppress Generation of Accounting Records for Null Username Sessions
Generating Interim Accounting Records
Monitoring Accounting
Practice Session
Security and Audit Checklist
Conclusion
Configuring TACACS and Extended TACACS
Breaking Down the Protocols
Understanding the TACACS Protocols
Configuring TACACS and Extended TACACS
Setting TACACS Password Protection at the User Level
Setting TACACS Password Protection at the Privileged Level
Enabling TACACS and XTACACS for Use
Practice Session
Security and Audit Checklist
Conclusion
Configuring TACACS+
Understanding the TACACS+ Protocol
Comparing TACACS+ and RADIUS
Understanding TACACS+ Operation
TACACS+ Configuration Task List
Configuring TACACS+
Practice Session
Security and Audit Checklist
Conclusion
Configuring RADIUS
RADIUS Overview
Understanding RADIUS Operation
RADIUS Configuration Task List
Configuring RADIUS
Practice Session
Security and Audit Checklist
Conclusion
Configuring Kerberos
Kerberos Overview
Supporting Kerberos Client
Configuring the Router to Use the Kerberos Protocol
Telneting to the Router
Monitoring and Maintaining Kerberos
Practice Session
Security and Audit Checklist
Conclusion

PREVENTING UNAUTHORIZED ACCESS: NETWORKING
Basic Traffic Filtering I
Access List Overview
Understanding Access List Configuration
Comparing Basic and Advanced Access Lists
Creating Access Lists
Applying Access Lists to Interfaces
Creating and Editing Access List Statements on a TFTP Server
Practice Session
Security and Audit Checklist
Conclusion
Basic Traffic Filtering II
Extended IP Access Lists
Named Access Lists
Implementing Routing Policies
Monitoring and Verifying Access and Prefix Lists
Practice Session
Security and Audit Checklist
Conclusion
Advanced Traffic Filtering I
Using Time Ranges
Configuring Time-Based Access
Using Lock-and-Key
Configuring Lock-and-Key
Lock-and-Key Configuration Tips
Verifying and Maintaining Lock-and-Key Configuration
Practice Session
Security and Audit Checklist
Conclusion
Advanced Traffic Filtering II
About Reflexive Access Lists
Configuring Reflexive Access Lists
Example Reflexive Access Lists Configurations
About Context-Based Access Control
Understanding CBAC
How CBAC Works
Configuring Context-Based Access Control
Practice Session
Security and Audit Checklist
Conclusion

Preventing Network Dat Interception
Using Encryption and IKE
Code Wars
Cisco Encryption Technology
CA Interoperability Overview
Overview of Certification Authorities
Configuring Certification Authority Interoperability
Understanding Internet Key Exchange
Troubleshooting CA Interoperability and IKE
Practice Session
Security and Audit Checklist
Conclusion
Configuring IPSec
IPSec Network Security
Understanding IPSec
Configuring IPSec
Practice Session
Security and Audit Checklist
Conclusion

PREVENTING DENIAL OF SERVICE
Configuring Denial of Service Security Features
Understanding Denial of Service
Controlling the Hostile Environment
About TCP Intercept
Configuring TCP Intercept
Monitoring and Maintaining TCP Intercept
About Network Address Translation
Configuring and Deploying NAT
Queuing and Traffic Policing
Detecting Unauthorized Configuration Changes
Resolving Names
Practice Session
Security and Audit Checklist
Conclusion

PREVENTING FRAUDULENT ROUTE UPDATES AND OTHER UNAUTHORIZED CHANGES
Configuring Neighbor Authentication and Other Security Features
Using Neighbor Authentication
Understanding Neighbor Authentication
Removing Unnecessary Services
Configuring Secure Shell
Some Final Guidelines for Configuring a Router
Practice Session
Security and Audit Checklist
Conclusion

APPENDICES

Appendix A IP Addressing
Appendix B Subnetting
Appendix C IP Protocol Numbers
Appendix D Well-Known Ports and Services
Appendix E Hacker, Cracker, Malware and Trojan Horse Ports
Appendix F ICMP Types and Codes
Appendix G Determining Wildcard Mask Ranges
Appendix H Logical Operations
Appendix I Helpful Resources
Appendix J Bibliography
Appendix K Acronyms and Abbreviations
Appendix L Glossary

...
View More