Sybex - Active Defense, Sybex
[ Pobierz całość w formacie PDF ]
release TeamOR 2001
[x] web.security
Active Defense — A Comprehensive Guide to Network Security
Table of Contents
Active Defense — A Comprehensive Guide to Network Security
- 4
Chapter 1
-
Why Secure Your Network? - 8
Chapter 2
-
How Much Security Do You Need? - 14
Chapter 3
-
Understanding How Network Systems Communicate - 27
Chapter 4
-
Topology Security - 62
Chapter 5
-
Firewalls - 81
Chapter 6
-
Configuring Cisco Router Security Features - 116
Chapter 7
-
Check Point’s FireWall-1 - 143
Chapter 8
-
Intrusion Detection Systems - 168
Chapter 9
-
Authentication and Encryption - 187
Chapter 10
-
Virtual Private Networking - 202
Chapter 11
-
Viruses, Trojans, and Worms: Oh My! - 218
Chapter 12
-
Disaster Prevention and Recovery - 233
Chapter 13
-
NetWare - 256
Chapter 14
-
NT and Windows 2000 - 273
Chapter 15
-
UNIX - 309
Chapter 16
-
The Anatomy of an Attack - 334
Chapter 17
-
Staying Ahead of Attacks - 352
Appendix A
-
About the CD-ROM - 366
Appendix B
-
Sample Network Usage Policy - 367
page 2
Introduction
- 6
Active Defense — A Comprehensive Guide to Network Security
Synopsis
by
Barry Nance
In one book, Brenton and Hunt deal with all the major issues you face when you want to make your network
secure. The authors explain the need for security, identify the various security risks, show how to design a
security policy and illustrate the problems poor security can allow to happen. Paying individual attention to
NetWare, Windows and Unix environments, they describe how networks operate, and the authors discuss
network cables, protocols, routers, bridges, hubs and switches from a security perspective. Brenton and
Hunt explore security tools such as firewalls, Cisco router configuration settings, intrusion detection systems,
authentication and encryption software, Virtual Private Networks (VPNs), viruses, trojans and worms.
Back Cover
•
Develop a Systematic Approach to Network Security
•
Limit Your Exposure to Viruses and Minimize Damage When They
Strike
•
Choose a Firewall and Configure It to Serve Your Exact Needs
•
Monitor Your Network and React Effectively to Hackers
Get the Know-How To Optimize Today's Leading Security Technologies
Today's networks incorporate more security features than ever before, yet
hacking grows more common and more severe. Technology alone is not the
answer. You need the knowledge to select and deploy the technology
effectively, and the guidance of experts to develop a comprehensive plan that
keeps your organization two steps ahead of mischief and thievery. Active
Defense: A Comprehensive Guide to Network Security gives you precisely the
knowledge and expertise you're looking for. You'll work smarter by day, and
sleep easier by night.
Coverage includes:
•
Configuring Cisco router security features
•
Selecting and configuring a firewall
•
Configuring an Intrusion Detection System
•
Providing data redundancy
•
Configuring a Virtual Private Network
•
Recognizing hacker attacks
•
Getting up-to-date security information
•
Locking down Windows NT and 2000 servers
•
Securing UNIX, Linux, and FreeBSD systems
•
Protecting NetWare servers from attack
About the Authors
Chris Brenton is a network consultant specializing in network security and
multiprotocol environments. He is the author of several Sybex books,
including Mastering Cisco Routers.
Cameron Hunt is a network professional specializing in information security.
He has worked for the U.S. military and a wide range of corporations. He
currently serves as a trainer and consultant.
page 3
Active Defense — A Comprehensive Guide to Network Security
Active Defense — A Comprehensive Guide to
Network Security
Overview
Chris Brenton
with
Cameron Hunt
Associate Publisher:
Richard J. Staron
Contracts and Licensing Manager:
Kristine O’Callaghan
Acquisitions and Developmental Editor:
Maureen Adams
Editor:
Colleen Wheeler Strand
Production Editor:
Elizabeth Campbell
Technical Editor:
Scott Warmbrand
Book Designer:
Kris Warrenburg
Graphic Illustrator:
Tony Jonick
Electronic Publishing Specialist:
Maureen Forys, Happenstance Type-O-Rama
Proofreaders:
Nanette Duffy, Emily Hsuan, Nelson Kim, Laurie O’Connell, Nancy Riddiough
Indexer:
Rebecca Plunkett
CD Coordinator:
Christine Harris
CD Technician:
Kevin Ly
Cover Designer:
Richard Miller, Calyx Design
Cover Illustrator:
Richard Miller, Calyx Design
Copyright © 2001 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No
part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but
not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written
permission of the publisher.
An earlier version of this book was published under the title Mastering Network Security © 1999 SYBEX Inc.
Library of Congress Card Number: 2001088118
ISBN: 0-7821-2916-1
SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States
and/or other countries.
Mastering is a trademark of SYBEX Inc.
Screen reproductions produced with FullShot 99. FullShot 99 © 1991–1999 Inbit Incorporated. All rights
reserved.
FullShot is a trademark of Inbit Incorporated.
The CD interface was created using Macromedia Director, COPYRIGHT 1994, 1997–1999 Macromedia Inc. For
more information on Macromedia and Macromedia Director, visit
page 4
Active Defense — A Comprehensive Guide to Network Security
TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from
descriptive terms by following the capitalization style used by the manufacturer.
The author and publisher have made their best efforts to prepare this book, and the content is based upon final
release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied
by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with
regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not
limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind
caused or alleged to be caused directly or indirectly from this book.
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
This book is dedicated to my son,
Skylar Griffin Brenton. May the joy you have
brought into my life be returned to you threefold.
—
Chris Brenton
This book is dedicated to security professionals
everywhere—only the truly paranoid know peace!
—
Cameron Hunt
Acknowledgments
I would like to thank all the Sybex people who took part in pulling this book together. This includes Guy Hart-
Davis (a.k.a. “The Text Butcher”) for getting me started on the right track. Yet again I owe you a bottle of home-
brewed mead. I also want to say thank you to Maureen Adams for kicking in on the initial development and CD-
ROM work. I also wish to thank my technical editor, Jim Polizzi, whose up-front and challenging style helped to
keep me on my toes.
I also wish to thank a few people over at Alpine Computers in Holliston, Mass., for giving input, making
suggestions, and just being a cool crew. This includes Cheryl “I Was the Evil Queen but Now I’m Just the Witch
Who Lives in the Basement” Gordon for her years of experience and mentoring. Thanks to Chuckles Ahern, Dana
Gelinas, Gene Garceau, Phil Sointu, Ron Hallam, Gerry Fowley, the guys in the ARMOC, Bob Sowers, Steve
Howard, Alice Peal, and all the members of the firewall and security group for keeping me challenged technically
(or technically challenged, whichever the case may be).
On a more personal note, I would like to thank Sean Tangney, Deb Tuttle, Al “That Was Me behind You with the
BFG” Goodniss, Maria Goodniss, Chris Tuttle, Toby Miller, Lynn Catterson, and all the Babylonian honeys for
being such an excellent group of friends. Thanks to Morgan Stern, who is one of the smartest computer geeks I
know and is more than happy to share his knowledge with anyone who asks. Thanks also to Fred Tuttle for being a
cool old-time Vermonter and for showing that people can still run for political office and keep a sense of humor.
I also wish to thank my parents Albert and Carolee, as well as my sister Kym. The happiness I have today comes
from the love, guidance, and nurturing I have received from you over many years. I could not have wished for a
better group of people to call my family.
Finally, I would like to thank my wonderful wife and soul mate Andrea for being the best thing ever to walk into
my life. My life would not be complete without you in it, and this book would not have been possible without your
support. Thank you for making me the luckiest man alive.
—
Chris Brenton
I’d like to thank my friends for their patience, my family for their tolerance, and of course, Nikka, whose
knowledge of all my vices and vulnerabilities allowed her to use an astonishing array of incentives to force my
timely completion of this book.
I owe an incredible debt to the many security professionals—who have shared their nuanced understanding of
current security technologies and the issues surrounding their use—for the preparation of this book. This revision
is as much yours as mine.
I owe Jill Schlessinger a tremendous debt for giving me this opportunity in the first place. She patiently listened to
my radical revision plan, ignored it, and forced me to follow common sense. She was right all along. Maureen
Adams accomplished institutional miracles, while Elizabeth Campbell and Colleen Strand employed the most
page 5
[ Pobierz całość w formacie PDF ]