Network Perimeter Security: Building Defense In-Depth, 1st Edition (Hardback) book cover

Network Perimeter Security

Building Defense In-Depth, 1st Edition

By Cliff Riggs

Auerbach Publications

424 pages | 66 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849316289
pub: 2003-10-27
SAVE ~$21.00
$140.00
$119.00
x
eBook (VitalSource) : 9780429211577
pub: 2003-10-27
from $28.98


FREE Standard Shipping!

Description

Today's network administrators are fully aware of the importance of security; unfortunately, they have neither the time nor the resources to be full-time InfoSec experts. Oftentimes quick, temporary security fixes are the most that can be expected. The majority of security books on the market are also of little help. They are either targeted toward individuals pursuing security certifications or toward those interested in hacker methods. These overly detailed volumes fail to deliver the easily referenced tactical information needed to provide maximum security within the constraints of time and budget.

Network Perimeter Security: Building Defense In-Depth reveals how you can evaluate the security needs of your network, develop a security policy for your company, and create a budget based upon that policy. It assists you in designing the security model, and outlines the testing process.

Through the concepts and case studies presented in this book, you will learn to build a comprehensive perimeter defense architecture based upon multiple layers of protection, with expert recommendations for configuring firewalls, routers, intrusion detection system, and other security tools and network components. This detailed volume enables you to secure your network on time, within budget, and without having to pursue attain a security certification.

Table of Contents

PREFACE

Who is this Book For?

The Path to Network Security

Who Should Read This Book?

MANAGING NETWORK SECURITY

The Big Picture: Security Policies from A to Z

Administrative Countermeasures

Physical Countermeasures

Technological Countermeasures

Creating the Security Standards Document

Creating the Configuration Guide Document

Pulling it All Together: Sample Security Policy Creation

Proteris Security Standards and Procedures

THE NETWORK STACK AND SECURITY

Connecting the Network

Protocols

Servers and Hosts

CRYPTOGRAPHY AND VPN TERMINOLOGY

Keys

Certificates

Hashing

Digital Signatures

Common Encryption Algorithms

Split Tunneling

APPLICATION SECURITY NEEDS

The Network Time Protocol

Domain Name System Servers

ACCESS CONTROL

Passwords

Biometrics

RADIUS/TACACS+

THE PUBLIC KEY INFRASTRUCTURE

PKI Protocols

PKI Implementation

FIREWALLS

Types of Firewalls

Decisions, Decisions

Router Security Considerations

The Router as the Firewall

Improving Your Security Beyond Basic Packet Filtering

Application Layer Filtering

Specific Protocol Considerations

Additional Router Firewall Features

Writing and Applying Filters

Maintaining Firewalls

NAT, Firewalls, VPNs and the DMZ

INTRUSION DETECTION SYSTEMS

Signature Based IDS

Statistical Based IDS

Host Based versus Network Based IDS

Tuning the IDS

IDS Placement

Reactive IDS

Integrating the Firewall and IDS

Other IDS Systems

VIRTUAL PRIVATE NETWORKS

VPN Limitations

VPN Solutions

IP-Based Virtual Private Networks

Internet Protocol Security

Key Exchanges

Internet Key Exchange

Integrating Network Address Translation and IPSec

Integrating the VPN and Firewall

Quality of Service and the VPN

WIRELESS NETWORK SECURITY

NETWORK PENETRATION TESTING

Outsourcing Network Penetration Testing

Putting it all Together

INCIDENT RESPONSE

Prevention

Detection

Evaluation

Containment

Investigation

Eradication

Post-Mortem

DISASTER RECOVERY AND CONTINUITY PLANNING

Types of Disaster Recovery Plans

ACCEPTABLE USE POLICIES

THE FINAL WORD

Subject Categories

BISAC Subject Codes/Headings:
COM043000
COMPUTERS / Networking / General
COM053000
COMPUTERS / Security / General