LAN Switch Security

LAN Switch Security
Author: Eric Vyncke
Publisher: Cisco Press
Total Pages: 616
Release: 2007-09-06
Genre: Computers
ISBN: 0134433602
GET BOOK

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches. After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. Use port security to protect against CAM attacks Prevent spanning-tree attacks Isolate VLANs with proper configuration techniques Protect against rogue DHCP servers Block ARP snooping Prevent IPv6 neighbor discovery and router solicitation exploitation Identify Power over Ethernet vulnerabilities Mitigate risks from HSRP and VRPP Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols Understand and prevent DoS attacks against switches Enforce simple wirespeed security policies with ACLs Implement user authentication on a port base with IEEE 802.1x Use new IEEE protocols to encrypt all Ethernet frames at wirespeed. This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Cisco Wireless LAN Security

Cisco Wireless LAN Security
Author: Krishna Sankar
Publisher: Cisco Press
Total Pages: 464
Release: 2005
Genre: Computers
ISBN: 9781587051548
GET BOOK

Secure a wireless Local Area Network with guidance from Cisco Systems experts. Showing how to use tools such as security checklists, design templates, and other resources to ensure WLAN security, this book illustrates security basics, standards, and vulnerabilities, and provides examples of architecture, design, and best practices.

Network Security Principles and Practices

Network Security Principles and Practices
Author: Saadat Malik
Publisher: Cisco Press
Total Pages: 826
Release: 2003
Genre: Computers
ISBN: 9781587050251
GET BOOK

Expert solutions for securing network infrastructures and VPNs bull; Build security into the network by defining zones, implementing secure routing protocol designs, and building safe LAN switching environments Understand the inner workings of the Cisco PIX Firewall and analyze in-depth Cisco PIX Firewall and Cisco IOS Firewall features and concepts Understand what VPNs are and how they are implemented with protocols such as GRE, L2TP, and IPSec Gain a packet-level understanding of the IPSec suite of protocols, its associated encryption and hashing functions, and authentication techniques Learn how network attacks can be categorized and how the Cisco IDS is designed and can be set upto protect against them Control network access by learning how AAA fits into the Cisco security model and by implementing RADIUS and TACACS+ protocols Provision service provider security using ACLs, NBAR, and CAR to identify and control attacks Identify and resolve common implementation failures by evaluating real-world troubleshooting scenarios As organizations increase their dependence on networks for core business processes and increase access to remote sites and mobile workers via virtual private networks (VPNs), network security becomes more and more critical. In today's networked era, information is an organization's most valuable resource. Lack of customer, partner, and employee access to e-commerce and data servers can impact both revenue and productivity. Even so, most networks do not have the proper degree of security. Network Security Principles and Practices provides an in-depth understanding of the policies, products, and expertise that brings organization to this extremely complex topic and boosts your confidence in the performance and integrity of your network systems and services. Written by a CCIE engineer who participated in the development of the CCIE Security exams, Network Security Principles and Practices is the first book that provides a comprehensive review of topics important to achieving CCIE Security certification. Network Security Principles and Practices is a comprehensive guide to network security threats and the policies and tools developed specifically to combat those threats. Taking a practical, applied approach to building security into networks, the book shows you how to build secure network architectures from the ground up. Security aspects of routing protocols, Layer 2 threats, and switch security features are all analyzed. A comprehensive treatment of VPNs and IPSec is presented in extensive packet-by-packet detail. The book takes a behind-the-scenes look at how the Cisco PIX(r) Firewall actually works, presenting many difficult-to-understand and new Cisco PIX Firewall and Cisco IOSreg; Firewall concepts. The book launches into a discussion of intrusion detection systems (IDS) by analyzing and breaking down modern-day network attacks, describing how an IDS deals with those threats in general, and elaborating on the Cisco implementation of IDS. The book also discusses AAA, RADIUS, and TACACS+ and their usage with some of the newer security implementations such as VPNs and proxy authentication. A complete section devoted to service provider techniques for enhancing customer security and providing support in the event of an attack is also included. Finally, the book concludes with a section dedicated to discussing tried-and-tested troubleshooting tools and techniques that are not only invaluable to candidates working toward their CCIE Security lab exam but also to the security network administrator running the operations of a network on a daily basis.

Network Security Technologies and Solutions (CCIE Professional Development Series)

Network Security Technologies and Solutions (CCIE Professional Development Series)
Author: Yusuf Bhaiji
Publisher: Pearson Education
Total Pages: 700
Release: 2008-03-20
Genre: Computers
ISBN: 0132796740
GET BOOK

CCIE Professional Development Network Security Technologies and Solutions A comprehensive, all-in-one reference for Cisco network security Yusuf Bhaiji, CCIE No. 9305 Network Security Technologies and Solutions is a comprehensive reference to the most cutting-edge security products and methodologies available to networking professionals today. This book helps you understand and implement current, state-of-the-art network security technologies to ensure secure communications throughout the network infrastructure. With an easy-to-follow approach, this book serves as a central repository of security knowledge to help you implement end-to-end security solutions and provides a single source of knowledge covering the entire range of the Cisco network security portfolio. The book is divided into five parts mapping to Cisco security technologies and solutions: perimeter security, identity security and access management, data privacy, security monitoring, and security management. Together, all these elements enable dynamic links between customer security policy, user or host identity, and network infrastructures. With this definitive reference, you can gain a greater understanding of the solutions available and learn how to build integrated, secure networks in today’s modern, heterogeneous networking environment. This book is an excellent resource for those seeking a comprehensive reference on mature and emerging security tactics and is also a great study guide for the CCIE Security exam. “Yusuf’s extensive experience as a mentor and advisor in the security technology field has honed his ability to translate highly technical information into a straight-forward, easy-to-understand format. If you’re looking for a truly comprehensive guide to network security, this is the one! ” –Steve Gordon, Vice President, Technical Services, Cisco Yusuf Bhaiji, CCIE No. 9305 (R&S and Security), has been with Cisco for seven years and is currently the program manager for Cisco CCIE Security certification. He is also the CCIE Proctor in the Cisco Dubai Lab. Prior to this, he was technical lead for the Sydney TAC Security and VPN team at Cisco. Filter traffic with access lists and implement security features on switches Configure Cisco IOS router firewall features and deploy ASA and PIX Firewall appliances Understand attack vectors and apply Layer 2 and Layer 3 mitigation techniques Secure management access with AAA Secure access control using multifactor authentication technology Implement identity-based network access control Apply the latest wireless LAN security solutions Enforce security policy compliance with Cisco NAC Learn the basics of cryptography and implement IPsec VPNs, DMVPN, GET VPN, SSL VPN, and MPLS VPN technologies Monitor network activity and security incident response with network and host intrusion prevention, anomaly detection, and security monitoring and correlation Deploy security management solutions such as Cisco Security Manager, SDM, ADSM, PDM, and IDM Learn about regulatory compliance issues such as GLBA, HIPPA, and SOX This book is part of the Cisco CCIE Professional Development Series from Cisco Press, which offers expert-level instr

Managing Cisco Network Security

Managing Cisco Network Security
Author: Michael J. Wenstrom
Publisher:
Total Pages: 0
Release: 2001
Genre: Bilgisayar ağları- Güvenlik önlemleri
ISBN: 9781578701032
GET BOOK

Learn how to secure your network with the official MCNS Coursebook

Cisco LAN Switching (CCIE Professional Development series)

Cisco LAN Switching (CCIE Professional Development series)
Author: Kennedy Clark
Publisher: Cisco Press
Total Pages: 1213
Release: 1999-08-26
Genre:
ISBN: 0672334259
GET BOOK

This is the eBook version of the printed book. If the print book includes a CD-ROM, this content is not included within the eBook version. The most complete guide to Cisco Catalyst(r) switch network design, operation, and configuration Master key foundation topics such as high-speed LAN technologies, LAN segmentation, bridging, the Catalyst command-line environment, and VLANs Improve the performance of your campus network by utilizing effective Cisco Catalyst design, configuration, and troubleshooting techniques Benefit from the most comprehensive coverage of Spanning-Tree Protocol, including invaluable information on troubleshooting common Spanning Tree problems Master trunking concepts and applications, including ISL, 802.1Q, LANE, and MPOA Understand when and how to utilize Layer 3 switching techniques for maximum effect Understand Layer 2 and Layer 3 switching configuration with the Catalyst 6000 family, including coverage of the powerful MSFC Native IOS Mode Cisco LAN Switchingprovides the most comprehensive coverage of the best methods for designing, utilizing, and deploying LAN switching devices and technologies in a modern campus network. Divided into six parts, this book takes you beyond basic switching concepts by providing an array of proven design models, practical implementation solutions, and troubleshooting strategies. Part I discusses important foundation issues that provide a context for the rest of the book, including Fast and Gigabit Ethernet, routing versus switching, the types of Layer 2 switching, the Catalyst command-line environment, and VLANs. Part II presents the most detailed discussion of Spanning-Tree Protocol in print, including common problems, troubleshooting, and enhancements, such as PortFast, UplinkFast, BackboneFast, and PVST+. Part III examines the critical issue of trunk connections, the links used to carry multiple VLANs through campus networks. Entire chapters are dedicated to LANE and MPOA. Part IV addresses advanced features, such as Layer 3 switching, VTP, and CGMP and IGMP. Part V covers real-world campus design and implementation issues, allowing you to benefit from the collective advice of many LAN switching experts. Part VI discusses issues specific to the Catalyst 6000/6500 family of switches, including the powerful Native IOS Mode of Layer 3 switching. Several features in Cisco LAN Switchingare designed to reinforce concepts covered in the book and to help you prepare for the CCIE exam. In addition to the practical discussion of advanced switching issues, this book also contains case studies that highlight real-world design, implementation, and management issues, as well as chapter-ending review questions and exercises. This book is part of the Cisco CCIE Professional Development Series from Cisco Press, which offers expert-level instruction on network design, deployment, and support methodologies to help networking professionals manage complex networks and prepare for CCIE exams.

Cisco Networks

Cisco Networks
Author: Chris Carthern
Publisher: Apress
Total Pages: 856
Release: 2015-11-27
Genre: Computers
ISBN: 1484208595
GET BOOK

This book is a concise one-stop desk reference and synopsis of basic knowledge and skills for Cisco certification prep. For beginning and experienced network engineers tasked with building LAN, WAN, and data center connections, this book lays out clear directions for installing, configuring, and troubleshooting networks with Cisco devices. The full range of certification topics is covered, including all aspects of IOS, NX-OS, and ASA software. The emphasis throughout is on solving the real-world challenges engineers face in configuring network devices, rather than on exhaustive descriptions of hardware features. This practical desk companion doubles as a comprehensive overview of the basic knowledge and skills needed by CCENT, CCNA, and CCNP exam takers. It distills a comprehensive library of cheat sheets, lab configurations, and advanced commands that the authors assembled as senior network engineers for the benefit of junior engineers they train, mentor on the job, and prepare for Cisco certification exams. Prior familiarity with Cisco routing and switching is desirable but not necessary, as Chris Carthern, Dr. Will Wilson, Noel Rivera, and Richard Bedwell start their book with a review of the basics of configuring routers and switches. All the more advanced chapters have labs and exercises to reinforce the concepts learned. This book differentiates itself from other Cisco books on the market by approaching network security from a hacker’s perspective. Not only does it provide network security recommendations but it teaches you how to use black-hat tools such as oclHashcat, Loki, Burp Suite, Scapy, Metasploit, and Kali to actually test the security concepts learned. Readers of Cisco Networks will learn How to configure Cisco switches, routers, and data center devices in typical corporate network architectures The skills and knowledge needed to pass Cisco CCENT, CCNA, and CCNP certification exams How to set up and configure at-home labs using virtual machines and lab exercises in the book to practice advanced Cisco commands How to implement networks of Cisco devices supporting WAN, LAN, and data center configurations How to implement secure network configurations and configure the Cisco ASA firewall How to use black-hat tools and network penetration techniques to test the security of your network

Routing and Switching Essentials Companion Guide

Routing and Switching Essentials Companion Guide
Author: Cisco Networking Academy
Publisher: Pearson Education
Total Pages: 850
Release: 2014
Genre: Computers
ISBN: 1587133180
GET BOOK

Routing and Switching Essentials Companion Guide is the official supplemental textbook for the Routing and Switching Essentials course in the Cisco® Networking Academy® CCNA® Routing and Switching curriculum. This course describes the architecture, components, and operations of routers and switches in a small network. You learn how to configure a router and a switch for basic functionality. By the end of this course, you will be able to configure and troubleshoot routers and switches and resolve common issues with RIPv1, RIPv2, single-area and multi-area OSPF, virtual LANs, and inter-VLAN routing in both IPv4 and IPv6 networks. The Companion Guide is designed as a portable desk reference to use anytime, anywhere to reinforce the material from the course and organize your time. The book's features help you focus on important concepts to succeed in this course: Chapter objectives-Review core concepts by answering the focus questions listed at the beginning of each chapter. Key terms-Refer to the lists of networking vocabulary introduced and highlighted in context in each chapter. Glossary-Consult the comprehensive Glossary with more than 200 terms. Summary of Activities and Labs-Maximize your study time with this complete list of all associated practice exercises at the end of each chapter. Check Your Understanding-Evaluate your readiness with the end-of-chapter questions that match the style of questions you see in the online course quizzes. The answer key explains each answer. Related Title: Routing and Switching Essentials Lab Manual How To-Look for this icon to study the steps you need to learn to perform certain tasks. Interactive Activities-Reinforce your understanding of topics by doing all the exercises from the online course identified throughout the book with this icon. Videos-Watch the videos embedded within the online course. Packet Tracer Activities-Explore and visualize networking concepts using Packet Tracer exercises interspersed throughout the chapters. Hands-on Labs-Work through all the course labs and additional Class Activities that are included in the course and published in the separate Lab Manual.

Packet Guide to Routing and Switching

Packet Guide to Routing and Switching
Author: Bruce Hartpence
Publisher: "O'Reilly Media, Inc."
Total Pages: 179
Release: 2011-09
Genre: Computers
ISBN: 1449306551
GET BOOK

Go beyond layer 2 broadcast domains with this in-depth tour of advanced link and internetwork layer protocols, and learn how they enable you to expand to larger topologies. An ideal follow-up to Packet Guide to Core Network Protocols, this concise guide dissects several of these protocols to explain their structure and operation. This isn’t a book on packet theory. Author Bruce Hartpence built topologies in a lab as he wrote this guide, and each chapter includes several packet captures. You’ll learn about protocol classification, static vs. dynamic topologies, and reasons for installing a particular route. This guide covers: Host routing—Process a routing table and learn how traffic starts out across a network Static routing—Build router routing tables and understand how forwarding decisions are made and processed Spanning Tree Protocol—Learn how this protocol is an integral part of every network containing switches Virtual Local Area Networks—Use VLANs to address the limitations of layer 2 networks Trunking—Get an indepth look at VLAN tagging and the 802.1Q protocol Routing Information Protocol—Understand how this distance vector protocol works in small, modern communication networks Open Shortest Path First—Discover why convergence times of OSPF and other link state protocols are improved over distance vectors

IPv6 Security

IPv6 Security
Author: Scott Hogg
Publisher: Pearson Education
Total Pages: 705
Release: 2008-12-11
Genre: Computers
ISBN: 1587058367
GET BOOK

IPv6 Security Protection measures for the next Internet Protocol As the world’s networks migrate to the IPv6 protocol, networking professionals need a clearer understanding of the security risks, threats, and challenges this transition presents. In IPv6 Security, two of the world’s leading Internet security practitioners review each potential security issue introduced by IPv6 networking and present today’s best solutions. IPv6 Security offers guidance for avoiding security problems prior to widespread IPv6 deployment. The book covers every component of today’s networks, identifying specific security deficiencies that occur within IPv6 environments and demonstrating how to combat them. The authors describe best practices for identifying and resolving weaknesses as you maintain a dual stack network. Then they describe the security mechanisms you need to implement as you migrate to an IPv6-only network. The authors survey the techniques hackers might use to try to breach your network, such as IPv6 network reconnaissance, address spoofing, traffic interception, denial of service, and tunnel injection. The authors also turn to Cisco® products and protection mechanisms. You learn how to use Cisco IOS® and ASA firewalls and ACLs to selectively filter IPv6 traffic. You also learn about securing hosts with Cisco Security Agent 6.0 and about securing a network with IOS routers and switches. Multiple examples are explained for Windows, Linux, FreeBSD, and Solaris hosts. The authors offer detailed examples that are consistent with today’s best practices and easy to adapt to virtually any IPv6 environment. Scott Hogg, CCIE® No. 5133, is Director of Advanced Technology Services at Global Technology Resources, Inc. (GTRI). He is responsible for setting the company’s technical direction and helping it create service offerings for emerging technologies such as IPv6. He is the Chair of the Rocky Mountain IPv6 Task Force. Eric Vyncke, Cisco Distinguished System Engineer, consults on security issues throughout Europe. He has 20 years’ experience in security and teaches security seminars as a guest professor at universities throughout Belgium. He also participates in the Internet Engineering Task Force (IETF) and has helped several organizations deploy IPv6 securely. Understand why IPv6 is already a latent threat in your IPv4-only network Plan ahead to avoid IPv6 security problems before widespread deployment Identify known areas of weakness in IPv6 security and the current state of attack tools and hacker skills Understand each high-level approach to securing IPv6 and learn when to use each Protect service provider networks, perimeters, LANs, and host/server connections Harden IPv6 network devices against attack Utilize IPsec in IPv6 environments Secure mobile IPv6 networks Secure transition mechanisms in use during the migration from IPv4 to IPv6 Monitor IPv6 security Understand the security implications of the IPv6 protocol, including issues related to ICMPv6 and the IPv6 header structure Protect your network against large-scale threats by using perimeter filtering techniques and service provider—focused security practices Understand the vulnerabilities that exist on IPv6 access networks and learn solutions for mitigating each This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: Security Covers: IPv6 Security