Securing and Controlling Cisco Routers: 1st Edition (Paperback) book cover

Securing and Controlling Cisco Routers

1st Edition

By Peter T. Davis

Auerbach Publications

736 pages | 32 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9780849312908
pub: 2002-05-15
SAVE ~$26.00
$130.00
$104.00
x
Hardback: 9781138436992
pub: 2017-07-27
SAVE ~$41.00
$205.00
$164.00
x
eBook (VitalSource) : 9780429134067
pub: 2002-05-15
from $62.50


FREE Standard Shipping!

Description

Securing and Controlling Cisco Routers demonstrates proven techniques for strengthening network security. The book begins with an introduction to Cisco technology and the TCP/IP protocol suite. Subsequent chapters cover subjects such as routing, routing protocols, IP addressing, and Cisco Authentication, Authorization, and Accounting services (AAA). The text then addresses standard, extended, time-based, dynamic, and reflexive access lists, as well as context-based control and Cisco Encryption Technology.

At the end of most chapters, readers will find the unique opportunity to practice what they have learned. Readers will be able to log on to a real router, practice commands, and gather information as shown in the chapter. To further round out this understanding of routers, Securing and Controlling Cisco Routers reviews Trojan Ports and Services and provides additional resources such as Web sites, mailing lists, bibliographies, glossaries, acronyms, and abbreviations.

Table of Contents

THE BASICS

The Need for Security

The New Reality

Designing the Security Infrastructure

Identifying Security Risks and Threats

Practice Session

Security and Audit Checklist

Conclusion

Understanding OSI and TCP/IP

The OSI Model

TCP/IP Overview

Practice Session

Security and Audit Checklist

Conclusion

Routed and Routing Protocols

Routing Activities

Routable Protocols

Routing Protocols

Routing Protocol Basics

Practice Session

Security and Audit Checklist

Conclusion

Understanding Router Basics

Router Overview

Router Modes

Router Components

Router Status

Practice Session

Security and Audit Checklist

Conclusion

Router Management

Router Setup

Updating the IOS

Troubleshooting

Logging

Recording Access List Violations

Log Processing

Simple Network Management Protocol (SNMP)

Cisco Discovery Protocol

Last Word on Management

Practice Session

Security and Audit Checklist

Conclusion

PREVENTING UNAUTHORIZED ACCESS: NETWORKING DEVICE

Implementing Non-AAA Authentication

Authentication

Using Router Passwords

Configuring Line Password Protection

Setting TACACS Passwords for Privileged EXEC Mode

Establishing Username Authentication

Enabling CHAP or PAP Authentication

Configuring TACACS and Extended TACACS Password Protection

General Interactive Access

Warning Banners and Router Identification

Practice Session

Security and Audit Checklist

Conclusion

Implementing AAA Security Services

Accessing the Network

Defining AAA

Selecting Security Servers

Practice Session

Security and Audit Checklist

Conclusion

Implementing AAA Authentication

Using Method Lists

AAA Authentication Methods

Configuring Login Authentication

Configuring PPP Authentication

Configuring ARA Authentication

Configuring NASI Authentication

Specifying the Amount of Time for Login Input

Enabling Password Protection at the Privileged Level

Changing the Text Displayed at the Password Prompt

Configuring Message Banners for AAA Authentication

Practice Session

Security and Audit Checklist

Conclusion

Implementing AAA Authorization

Starting with AAA Authorization

Understanding AAA Authorization

Disabling Authorization for Global Configuration Commands

Authorization for Reverse Telnet

Authorization Attribute-Value Pairs

Practice Session

Security and Audit Checklist

Conclusion

Implementing AAA Accounting

Starting with Accounting

Configuring Accounting

Understanding AAA Accounting Types

Applying a Named List

Suppress Generation of Accounting Records for Null Username Sessions

Generating Interim Accounting Records

Monitoring Accounting

Practice Session

Security and Audit Checklist

Conclusion

Configuring TACACS and Extended TACACS

Breaking Down the Protocols

Understanding the TACACS Protocols

Configuring TACACS and Extended TACACS

Setting TACACS Password Protection at the User Level

Setting TACACS Password Protection at the Privileged Level

Enabling TACACS and XTACACS for Use

Practice Session

Security and Audit Checklist

Conclusion

Configuring TACACS+

Understanding the TACACS+ Protocol

Comparing TACACS+ and RADIUS

Understanding TACACS+ Operation

TACACS+ Configuration Task List

Configuring TACACS+

Practice Session

Security and Audit Checklist

Conclusion

Configuring RADIUS

RADIUS Overview

Understanding RADIUS Operation

RADIUS Configuration Task List

Configuring RADIUS

Practice Session

Security and Audit Checklist

Conclusion

Configuring Kerberos

Kerberos Overview

Supporting Kerberos Client

Configuring the Router to Use the Kerberos Protocol

Telneting to the Router

Monitoring and Maintaining Kerberos

Practice Session

Security and Audit Checklist

Conclusion

PREVENTING UNAUTHORIZED ACCESS: NETWORKING

Basic Traffic Filtering I

Access List Overview

Understanding Access List Configuration

Comparing Basic and Advanced Access Lists

Creating Access Lists

Applying Access Lists to Interfaces

Creating and Editing Access List Statements on a TFTP Server

Practice Session

Security and Audit Checklist

Conclusion

Basic Traffic Filtering II

Extended IP Access Lists

Named Access Lists

Implementing Routing Policies

Monitoring and Verifying Access and Prefix Lists

Practice Session

Security and Audit Checklist

Conclusion

Advanced Traffic Filtering I

Using Time Ranges

Configuring Time-Based Access

Using Lock-and-Key

Configuring Lock-and-Key

Lock-and-Key Configuration Tips

Verifying and Maintaining Lock-and-Key Configuration

Practice Session

Security and Audit Checklist

Conclusion

Advanced Traffic Filtering II

About Reflexive Access Lists

Configuring Reflexive Access Lists

Example Reflexive Access Lists Configurations

About Context-Based Access Control

Understanding CBAC

How CBAC Works

Configuring Context-Based Access Control

Practice Session

Security and Audit Checklist

Conclusion

Preventing Network Dat Interception

Using Encryption and IKE

Code Wars

Cisco Encryption Technology

CA Interoperability Overview

Overview of Certification Authorities

Configuring Certification Authority Interoperability

Understanding Internet Key Exchange

Troubleshooting CA Interoperability and IKE

Practice Session

Security and Audit Checklist

Conclusion

Configuring IPSec

IPSec Network Security

Understanding IPSec

Configuring IPSec

Practice Session

Security and Audit Checklist

Conclusion

PREVENTING DENIAL OF SERVICE

Configuring Denial of Service Security Features

Understanding Denial of Service

Controlling the Hostile Environment

About TCP Intercept

Configuring TCP Intercept

Monitoring and Maintaining TCP Intercept

About Network Address Translation

Configuring and Deploying NAT

Queuing and Traffic Policing

Detecting Unauthorized Configuration Changes

Resolving Names

Practice Session

Security and Audit Checklist

Conclusion

PREVENTING FRAUDULENT ROUTE UPDATES AND OTHER UNAUTHORIZED CHANGES

Configuring Neighbor Authentication and Other Security Features

Using Neighbor Authentication

Understanding Neighbor Authentication

Removing Unnecessary Services

Configuring Secure Shell

Some Final Guidelines for Configuring a Router

Practice Session

Security and Audit Checklist

Conclusion

APPENDICES

Appendix A IP Addressing

Appendix B Subnetting

Appendix C IP Protocol Numbers

Appendix D Well-Known Ports and Services

Appendix E Hacker, Cracker, Malware and Trojan Horse Ports

Appendix F ICMP Types and Codes

Appendix G Determining Wildcard Mask Ranges

Appendix H Logical Operations

Appendix I Helpful Resources

Appendix J Bibliography

Appendix K Acronyms and Abbreviations

Appendix L Glossary

Subject Categories

BISAC Subject Codes/Headings:
COM043000
COMPUTERS / Networking / General
COM053000
COMPUTERS / Security / General