Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Security
Table Of Contents
1. Inside Network Perimeter Security ............................................ Error! Bookmark not defined.
2. Table of Contents ....................................................................... Error! Bookmark not defined.
3. Copyright .................................................................................... Error! Bookmark not defined.
4. About the Authors ..................................................................... Error! Bookmark not defined.
5. About the Technical Editors ....................................................... Error! Bookmark not defined.
6. Acknowledgments...................................................................... Error! Bookmark not defined.
7. We Want to Hear from You! ...................................................... Error! Bookmark not defined.
8. Reader Services .......................................................................... Error! Bookmark not defined.
9. Preface ....................................................................................... Error! Bookmark not defined.
9.1 Rickety Planes ..................................................................................................................... 9
9.2 Fires in the West ................................................................................................................. 9
9.3 Rapid Advances in Technology.......................................................................................... 10
9.4 Decline in Personal Service ............................................................................................... 11
9.5 Continuous Inspections..................................................................................................... 12
9.6 Defense in Depth .............................................................................................................. 12
9.7 Core Business Sector ......................................................................................................... 13
10. Introduction ............................................................................. Error! Bookmark not defined.
10.1 Who Should Read This Book .............................................. Error! Bookmark not defined.
10.2 Why We Created This Book's Second Edition .................... Error! Bookmark not defined.
10.3 Overview of the Book's Contents....................................... Error! Bookmark not defined.
10.4 Conventions ....................................................................... Error! Bookmark not defined.
11. Part I: The Essentials of Network Perimeter Security ............. Error! Bookmark not defined.
11.1 Chapter 1. Perimeter Security Fundamentals ................... Error! Bookmark not defined.
11.1.1 Terms of the Trade ...................................................... Error! Bookmark not defined.
11.1.2 Defense in Depth ........................................................ Error! Bookmark not defined.
11.1.3 Case Study: Defense in Depth in Action...................... Error! Bookmark not defined.
11.1.4 Summary ..................................................................... Error! Bookmark not defined.
11.2 Chapter 2. Packet Filtering ................................................ Error! Bookmark not defined.
11.2.1 TCP/IP Primer: How Packet Filtering Works ............... Error! Bookmark not defined.
11.2.2 TCP and UDP Ports ...................................................... Error! Bookmark not defined.
12.6.1 Rapid Changes in the Marketplace ............................. Error! Bookmark not defined.
12.6.2 What Is IPS? ................................................................ Error! Bookmark not defined.
12.6.3 IPS Limitations ............................................................. Error! Bookmark not defined.
12.6.4 NIPS ............................................................................. Error! Bookmark not defined.
12.6.5 Host-Based Intrusion Prevention Systems .................. Error! Bookmark not defined.
12.6.6 Summary ..................................................................... Error! Bookmark not defined.
13. Part III: Designing a Secure Network Perimeter...................... Error! Bookmark not defined.
13.1 Chapter 12. Fundamentals of Secure Perimeter Design ... Error! Bookmark not defined.
13.1.1 Gathering Design Requirements ................................. Error! Bookmark not defined.
13.1.2 Design Elements for Perimeter Security ..................... Error! Bookmark not defined.
13.1.3 Summary ..................................................................... Error! Bookmark not defined.
13.1.4 References .................................................................. Error! Bookmark not defined.
13.2 Chapter 13. Separating Resources .................................... Error! Bookmark not defined.
13.2.1 Security Zones ............................................................. Error! Bookmark not defined.
13.2.2 Common Design Elements .......................................... Error! Bookmark not defined.
13.2.3 VLAN-Based Separation .............................................. Error! Bookmark not defined.
13.2.4 Summary ..................................................................... Error! Bookmark not defined.
13.2.5 References .................................................................. Error! Bookmark not defined.
13.3 Chapter 14. Wireless Network Security ............................ Error! Bookmark not defined.
13.3.1 802.11 Fundamentals ................................................. Error! Bookmark not defined.
13.3.2 Securing Wireless Networks ....................................... Error! Bookmark not defined.
13.3.3 Auditing Wireless Security .......................................... Error! Bookmark not defined.
13.3.4 Case Study: Effective Wireless Architecture ............... Error! Bookmark not defined.
13.3.5 Summary ..................................................................... Error! Bookmark not defined.
13.3.6 References .................................................................. Error! Bookmark not defined.
13.4 Chapter 15. Software Architecture ................................... Error! Bookmark not defined.
13.4.1 Software Architecture and Network Defense ............. Error! Bookmark not defined.
13.4.2 How Software Architecture Affects Network Defense Error! Bookmark not defined.
13.4.3 Software Component Placement ................................ Error! Bookmark not defined.
13.4.4 Identifying Potential Software Architecture Issues .... Error! Bookmark not defined.
13.4.5 Software Testing ......................................................... Error! Bookmark not defined.
13.4.6 Network Defense Design Recommendations ............. Error! Bookmark not defined.
13.4.7 Case Study: Customer Feedback System .................... Error! Bookmark not defined.
13.4.8 Case Study: Web-Based Online Billing Application ..... Error! Bookmark not defined.
13.4.9 Summary ..................................................................... Error! Bookmark not defined.
13.4.10 References ................................................................ Error! Bookmark not defined.
13.5 Chapter 16. VPN Integration ............................................. Error! Bookmark not defined.
13.5.1 Secure Shell ................................................................. Error! Bookmark not defined.
13.5.2 Secure Sockets Layer ................................................... Error! Bookmark not defined.
13.5.3 Remote Desktop Solutions.......................................... Error! Bookmark not defined.
13.5.4 IPSec ............................................................................ Error! Bookmark not defined.
13.5.5 Other VPN Considerations .......................................... Error! Bookmark not defined.
13.5.6 VPN Design Case Study ............................................... Error! Bookmark not defined.
13.5.7 Summary ..................................................................... Error! Bookmark not defined.
13.5.8 References .................................................................. Error! Bookmark not defined.
13.6 Chapter 17. Tuning the Design for Performance .............. Error! Bookmark not defined.
13.6.1 Performance and Security........................................... Error! Bookmark not defined.
13.6.2 Network Security Design Elements That Impact PerformanceError! Bookmark not defined.
13.6.3 Impact of Encryption ................................................... Error! Bookmark not defined.
13.6.4 Using Load Balancing to Improve Performance .......... Error! Bookmark not defined.
13.6.5 Mitigating the Effects of DoS Attacks ......................... Error! Bookmark not defined.
13.6.6 Summary ..................................................................... Error! Bookmark not defined.
13.6.7 References .................................................................. Error! Bookmark not defined.
13.7 Chapter 18. Sample Designs.............................................. Error! Bookmark not defined.
13.7.1 Review of Security Design Criteria .............................. Error! Bookmark not defined.
13.7.2 Case Studies ................................................................ Error! Bookmark not defined.
13.7.3 Summary ..................................................................... Error! Bookmark not defined.
14. Part IV: Maintaining and Monitoring Perimeter Security ....... Error! Bookmark not defined.
14.1 Chapter 19. Maintaining a Security Perimeter ................. Error! Bookmark not defined.
14.1.1 System and Network Monitoring ................................ Error! Bookmark not defined.
14.1.2 Incident Response ....................................................... Error! Bookmark not defined.
14.1.3 Accommodating Change ............................................. Error! Bookmark not defined.
14.1.4 Summary ..................................................................... Error! Bookmark not defined.
14.1.5 References .................................................................. Error! Bookmark not defined.
14.2 Chapter 20. Network Log Analysis .................................... Error! Bookmark not defined.
14.2.1 The Importance of Network Log Files ......................... Error! Bookmark not defined.
switch. Segmenting internal networks with "firebreaks" allows us to have the interoperability
and reduce the risk of losing all our internal systems to a destructive worm "wildfire."
This book discusses a number of perimeter and internal network designs. Some are more
focused on security, whereas others are focused on performance. Some focus on uptime
and help you to understand how to choose these designs based on your organization's
requirements.
Note
One of the reasons that early airplanes were so dangerous is that a large number of them
were hand built. Even if the planes were built in a factory, after a couple of years, they
might as well be hand built because of the number of times they were repaired and
modified.
Can you see how similar the early airplanes are to our server and desktop operating
systems? We all agree that patching to reduce the vulnerability footprint is critical, but if no
two servers are alike, exactly how do you test the patch? Repeatable builds give an IT shop
a major increase in security just like factory-built aircraft.
So do appliance firewalls. They are factory built, plug and go. It's not guaranteed that their
OS is hardened, but you do know that the OS on the appliance is factory built, consistent,
and probably stripped of unneeded programs. These low-cost appliances are very useful for
segmenting an internal network.
important to have constant updates to maintain security in the face of the ever-changing
threat.
It is worth mentioning that ease of use and good security might be orthogonal. If it were as
easy to get into an airplane and fly as it is to get into a car and drive, the skies would be a
dangerous place. Appliance wireless access points often aggregate all wireless and built-in
wired ports into the same broadcast domains. Possibilities for attacks exist based on MAC
address spoofing, sniffing the internal traffic from outside the plant in the parking lot, the
use of rogue, unapproved access points bought at Best Buy and plugged into the Net,
access points with a bit more power than the FTC allows being broadcast into the internal
network from the parking lot, and failures of the authentication system. The most common
reason for aircraft crashes today is poor maintenance, and we are going to see the same
thing with wireless implementations as better security technology becomes available.