Self-Defending Networks: The Next Generation of Network Security

Protect your network with self-regulating network security solutions that combat both internal and external threats.

• Provides an overview of the security components used to design proactive network security
• Helps network security professionals understand what the latest tools and techniques can do and how they interact
• Presents detailed information on how to use integrated management to increase security
• Includes a design guide with step-by-step implementation instructions

Self-Defending Networks: The Next Generation of Network Security helps networking professionals understand how to deploy an end-to-end, integrated network security solution. It presents a clear view of the various components that can be used throughout the network to not only monitor traffic but to allow the network itself to become more proactive in preventing and mitigating network attacks. This security primer provides unique insight into the entire range of Cisco security solutions, showing what each element is capable of doing and how all of the pieces work together to form an end-to-end Self-Defending Network. While other books tend to focus on individual security components, providing in-depth configuration guidelines for various devices and technologies, Self-Defending Networks instead presents a high-level overview of the entire range of technologies and techniques that comprise the latest thinking in proactive network security defenses. This book arms network security professionals with the latest information on the comprehensive suite of Cisco security tools and techniques. Network Admission Control, Network Infection Containment, Dynamic Attack Mitigation, DDoS Mitigation, Host Intrusion Prevention, and Integrated Security Management are all covered, providing the most complete overview of various security systems. It focuses on leveraging integrated management, rather than including a device-by-device manual to implement self-defending networks.

 

Table of Contents

Foreword

    Introduction

Chapter 1    Understanding Types of Network Attacks and Defenses

    Categorizing Network Attacks

        Virus

        Worm

        Trojan Horse

        Denial-of-Service

        Distributed Denial-of-Service

        Spyware

        Phishing

    Understanding Traditional Network Defenses

        Router Access Lists

        Firewalls

        Intrusion Detection Systems

        Virtual Private Networks

        Antivirus Programs

    Introducing Cisco Self-Defending Networks

        DDoS Mitigation

        Intrusion Prevention Systems

        Adaptive Security Appliance

        Incident Control Service

        Network Admission Control

        IEEE 802.1x

        Host Intrusion Prevention: CSA

        Cisco Security Centralized Management

    Summary

    References

Chapter 2    Mitigating Distributed Denial-of-Service Attacks

    Understanding Types of DDoS Attacks

    DDoS Mitigation Overview

    Using Cisco Traffic Anomaly Detector

        Configuring the Traffic Anomaly Detector

        Zone Creation

        Traffic Anomaly Detector Zone Filters

        Policy Template

        Learning Phase

        Detecting and Reporting Traffic Anomalies

    Configuring Cisco Guard

        Bootstrapping

        Zone Creation and Synchronization

        Cisco Guard Zone Filters

        Zone Traffic Diversion

        Learning Phase

        Activating Zone Protection

        Generating Attack Reports

    Summary

    References

Chapter 3    Cisco Adaptive Security Appliance Overview

    Antispoofing

    Intrusion Prevention Service

        Launch ASDM for IPS Configuration

        Configure Service Policy Rules

        Define IPS Signatures

    Protocol Inspection Services

    HTTP Inspection Engine

        TCP Map

        HTTP Map

    Configuring Content Security and Control Security

        Content Security and Control Services Module (CSC-SSM) Setup

        Web

            URL Blocking

            URL Filtering

            Scanning

            File Blocking

        Mail

        Scanning

        Antispam

        Content Filtering

    File Transfer

    Summary

    References

Chapter 4    Cisco Incident Control Service

    Implementing Outbreak Management with Cisco ICS

        Outbreak Management Summary

        Information and Statistics on Network Threats from Trend Micro

        New Outbreak Management Task

        Outbreak Settings

    Displaying Outbreak Reports

        OPACL Settings

        Exception List

        Report Settings

        Watch List Settings

        Automatic Outbreak Management Task

    Displaying Devices

        Device List

        Add Device

    Viewing Logs

        Incident Log Query

        Event Log Query

        Outbreak Log Query

        Log Maintenance

    Summary

    References

Chapter 5    Demystifying 802.1x

    Fundamentals of 802.1x

    Introducing Cisco Identity-Based Networking Services

    Machine Authentication

    802.1x and NAC

    Using EAP Types

        EAP MD5

        EAP TLS

        LEAP

        PEAP

        EAP FAST

    VPN and 802.1x

    Summary

    References

Chapter 6    Implementing Network Admission Control

    Network Admission Control Overview

    NAC Framework Benefits

    NAC Framework Components

        Endpoint Security Application

        Posture Agent

        Network Access Devices

        Policy Server

        Management and Reporting Tools

    Operational Overview

    Network Admission for NAC-enabled Endpoints

        Endpoint Attempts to Access the Network

        NAD Notifies Policy Server

        Cisco Secure ACS Compares Endpoint to NAC Policy

        Cisco Secure ACS Forwards Information to Partner Policy Servers

        Cisco Secure ACS Makes a Decision

        Cisco Secure ACS Sends Enforcement Actions

        NAD Enforces Actions

        Posture Agent Actions

        Endpoint Polled for Change of Compliance

        Revalidation Process

    Network Admission for NAC Agentless Hosts

    Deployment Models

        LAN Access Compliance

        WAN Access Compliance

        Remote Access Compliance

    Summary

    References

Chapter 7    Network Admission Control Appliance

    NAC Appliance Features

    NAC Appliance Manager

    Device Management

        CCA Servers

        Filters

        Clean Access

    Switch Management

    User Management

    Monitoring

    Administration

    Summary

    References

Chapter 8    Managing the Cisco Security Agent

    Management Center for Cisco Security Agents

        Deploying Cisco Secure Agent Kits

        Displaying the End-Station Hostname in the Device Groups

        Reviewing Policies

        Attaching Rules to a Policy

        Generating and Deploying Rules

        Using Event Monitor

        Running Cisco Security Agent Analysis

    Cisco Security Agent

        Status

        System Security

    Summary

    References

Chapter 9    Cisco Security Manager

    Getting Started

    Device View

        Add Device

        Configure Access Conrol Lists (ACLs) from Device View

        Configuring Interface Roles

        Apply Access Control List (ACL) Rules to Multiple Devices

        Invoking the Policy Query

        Using Analysis and Hit Count Functions

    Map View

        Showing Devices on the Topology Map

        Adding Cloud Networks and Hosts to the Topology Map

        Configuring Firewall Access Control List (ACLs) Rules from Topology Map

    Policy View

        Access Control List (ACL) Rules Security Policy

        Policy Inheritance and Mandatory Security Policies

    IPS Management

    Object Manager

    Value Override Per Device

    Summary

    References

Chapter 10    Cisco Security Monitoring, Analysis, and Response System

    Understanding Cisco Security MARS Features

    Summary Dashboard

    Incidents

        Displaying Path of Incident and Mitigating the Attack

        Hotspot Graph and Attack Diagram

    Rules

    Query/Reports

    Management

    Admin

    Cisco Security Manager Linkages

    Summary

    References