Cisco Router Firewall Security
作者:Richard A. Deal
出版日期:August 10, 2004
页数:912
ISBN:1-58705-175-3
本书永久链接:http://www.ppurl.com/2009/01/cisco-router-firewall-security.html
共享用户信息
 |
|
书籍简介
Harden perimeter routers with Cisco firewall functionality and features to ensure network security
Detect and prevent denial of service (DoS) attacks with TCP Intercept, Context-Based Access Control (CBAC), and rate-limiting techniques
Use Network-Based Application Recognition (NBAR) to detect and filter unwanted and malicious traffic
Use router authentication to prevent spoofing and routing attacks
Activate basic Cisco IOS filtering features like standard, extended, timed, lock-and-key, and reflexive ACLs to block various types of security threats and attacks, such as spoofing, DoS, Trojan horses, and worms
Use black hole routing, policy routing, and Reverse Path Forwarding (RPF) to protect against spoofing attacks
Apply stateful filtering of traffic with CBAC, including dynamic port mapping
Use Authentication Proxy (AP) for user authentication
Perform address translation with NAT, PAT, load distribution, and other methods
Implement stateful NAT (SNAT) for redundancy
Use Intrusion Detection System (IDS) to protect against basic types of attacks
Obtain how-to instructions on basic logging and learn to easily interpret results
Apply IPSec to provide secure connectivity for site-to-site and remote access connections
Read about many, many more features of the IOS firewall for mastery of router security
The Cisco IOS firewall offers you the feature-rich functionality that you’ve come to expect from best-of-breed firewalls: address translation, authentication, encryption, stateful filtering, failover, URL content filtering, ACLs, NBAR, and many others. Cisco Router Firewall Security teaches you how to use the Cisco IOS firewall to enhance the security of your perimeter routers and, along the way, take advantage of the flexibility and scalability that is part of the Cisco IOS Software package.
Each chapter in Cisco Router Firewall Security addresses an important component of perimeter router security. Author Richard Deal explains the advantages and disadvantages of all key security features to help you understand when they should be used and includes examples from his personal consulting experience to illustrate critical issues and security pitfalls. A detailed case study is included at the end of the book, which illustrates best practices and specific information on how to implement Cisco router security features.
Whether you are looking to learn about firewall security or seeking how-to techniques to enhance security in your Cisco routers, Cisco Router Firewall Security is your complete reference for securing the perimeter of your network.
This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.
+ 展开目录About the Author
About the Technical Editors
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Introduction
Goals and Methods
Who Should Read This Book?
How This Book Is Organized
Additional Information
Part I. Security Overview and Firewalls
Chapter 1. Security Threats
Planning for Security
Causes of Security Problems
Types of Security Threats
Categories of Threats
Security Solutions
Summary
Chapter 2. Introduction to Firewalls
Firewall Overview
Controlling Traffic and the OSI Reference Model
Firewall Categories
Firewall Design
Cisco IOS Security
Summary
Part II. Managing Access to Routers
Chapter 3. Accessing a Router
Types of Authentication
Methods of User EXEC Access
Privileged EXEC Access
Other Access Items
Example Configuration
Summary
Chapter 4. Disabling Unnecessary Services
Disabling Global Services
Disabling Interface Services
Manual Configuration Example of Disabling Services on a Perimeter Router
AutoSecure
Summary
Chapter 5. Authentication, Authorization, and Accounting
AAA Overview
Authentication
Authorization
Accounting
Secure Copy
Summary
Part III. Nonstateful Filtering Technologies
Chapter 6. Access List Introduction
Access List Overview
Basic ACL Configuration
Wildcard Masks
Summary
Chapter 7. Basic Access Lists
Types of ACLs
Additional ACL Features
Protection Against Attacks
Blocking Unnecessary Services
Summary
Part IV. Stateful and Advanced Filtering Technologies
Chapter 8. Reflexive Access Lists
Overview of Reflexive ACLs
Configuring Reflexive ACLs
Reflexive ACL Examples
Summary
Chapter 9. Context-Based Access Control
Cisco IOS Firewall Features
CBAC Functions
Operation of CBAC
Supported Protocols for CBAC
CBAC Performance
CBAC Limitations
CBAC Configuration
CBAC Examples
Summary
Chapter 10. Filtering Web and Application Traffic
Java Applets
URL Filtering
Network-Based Application Recognition
Summary
Part V. Address Translation and Firewalls
Chapter 11. Address Translation
Address Translation Overview
How Address Translation Works
Address Translation Configuration
NAT and CBAC Example
Summary
Chapter 12. Address Translation Issues
Embedded Addressing Information
Controlling Address Translation
Address Translation and Redundancy
Traffic Distribution with Server Load Balancing
Summary
Part VI. Managing Access Through Routers
Chapter 13. Lock-and-Key Access Lists
Lock-and-Key Overview
Lock-and-Key Configuration
Lock-and-Key Example
Summary
Chapter 14. Authentication Proxy
Introduction to AP
AP Configuration
Verifying and Troubleshooting AP
AP Examples
Summary
Chapter 15. Routing Protocol Protection
Static and Black Hole Routing
Interior Gateway Protocol Security
BGP Security
Reverse-Path Forwarding (Unicast Traffic)
Summary
Part VII. Detecting and Preventing Attacks
Chapter 16. Intrusion-Detection System
IDS Introduction
IDS Signatures
Cisco Router IDS Solution
IDS Configuration
IDS Example
Summary
Chapter 17. DoS Protection
Detecting DoS Attacks
CEF Switching
TCP Intercept
CBAC and DoS Attacks
Rate Limiting
Summary
Chapter 18. Logging Events
Basic Logging
Time and Date and the Cisco IOS
Embedded Syslog Manager
Additional Logging Information
Summary
Part VIII. Virtual Private Networks
Chapter 19. IPSec Site-to-Site Connections
IPSec Preparation
IKE Phase 1: Management Connection
IKE Phase 1 Peer Authentication
IKE Phase 2: Data Connection
IPSec Connection Troubleshooting
L2L Example
Summary
Chapter 20. IPSec Remote-Access Connections
Remote Access Overview
IPSec Remote-Access Connection Process
IPSec Remote-Access EVS Setup
IPSec Remote Access Example
Summary
Part IX. Case Study
Chapter 21. Case Study
Company Profile
Proposal
Case Study Configuration
Summary
