With this concise, problem-solving guide, networking professionals will learn how to identify network security threats and implement uniform security throughout their networks, secure remote dial-in access with CiscoSecure ACS and Cisco IOS AAA features, protect Internet access on their perimeter routers with the CiscoSecure IOS firewall software, and implement secure VPNs using IPSec and Cisco Encryption Technology. Step-by-step instructions and immediate solutions will help administrators implement and update security defenses. Also, every configuration in this book was completely tested and perfected with actual Cisco routers.
Author(s): Joe Harris
Edition: 1
Publisher: Paraglyph Press
Year: 2002
Language: English
Pages: 292
Cover......Page 0
Table of Contents......Page 2
Cisco Network Security Little Black Book......Page 5
How to Use this Book......Page 8
The Little Black Book Philosophy......Page 10
Enterprise Security Problems......Page 11
Enterprise Security Challenges......Page 12
Enterprise Security Policy......Page 13
Securing the Enterprise......Page 14
Configuring Console Security......Page 18
Configuring Telnet Security......Page 20
Configuring Enable Mode Security......Page 21
Disabling Password Recovery......Page 22
Configuring Privilege Levels for Users......Page 24
Configuring Password Encryption......Page 25
Configuring Banner Messages......Page 26
Configuring SNMP Security......Page 28
Configuring RIP Authentication......Page 29
Configuring EIGRP Authentication......Page 31
Configuring OSPF Authentication......Page 35
Configuring Route Filters......Page 39
Suppressing Route Advertisements......Page 44
Access Control Security......Page 47
AAA Protocols......Page 52
Cisco Secure Access Control Server......Page 57
Configuring TACACS+ Globally......Page 60
Configuring TACACS+ Individually......Page 62
Configuring RADIUS Globally......Page 65
Configuring RADIUS Individually......Page 66
Configuring Authentication......Page 68
Configuring Authorization......Page 76
Configuring Accounting......Page 79
Installing and Configuring Cisco Secure NT......Page 82
Defining Networks......Page 89
Cisco Express Forwarding......Page 90
TCP Intercept......Page 91
Network Address Translation......Page 93
Committed Access Rate......Page 94
Logging......Page 96
Configuring Cisco Express Forwarding......Page 97
Configuring Unicast Reverse Path Forwarding......Page 99
Configuring TCP Intercept......Page 102
Configuring Network Address Translation (NAT)......Page 107
Configuring Committed Access Rate (CAR)......Page 120
Configuring Logging......Page 123
Context-Based Access Control......Page 127
Port Application Mapping......Page 131
IOS Firewall Intrusion Detection......Page 133
Configuring Context-Based Access Control......Page 135
Configuring Port Application Mapping......Page 147
Configuring IOS Firewall Intrusion Detection......Page 153
Cryptography......Page 160
Symmetric and Asymmetric Key Encryption......Page 164
Digital Signature Standard......Page 170
Cisco Encryption Technology Overview......Page 171
Configuring Cisco Encryption Technology......Page 172
In Brief......Page 193
IPSec Packet Types......Page 194
IPSec Modes of Operation......Page 195
Key Management......Page 197
Encryption......Page 200
Immediate Solutions......Page 201
Configuring IPSec Using Pre-Shared Keys......Page 202
Configuring IPSec Using Manual Keys......Page 218
Configuring Tunnel EndPoint Discovery......Page 228
In Brief......Page 235
Wildcard Masks......Page 237
Extended Access Lists......Page 238
Reflexive Access Lists......Page 239
Dynamic Access Lists......Page 240
Additional Access List Features......Page 242
Configuring Standard IP Access Lists......Page 243
Configuring Extended IP Access Lists......Page 246
Configuring Extended TCP Access Lists......Page 251
Configuring Named Access Lists......Page 254
Configuring Commented Access Lists......Page 256
Configuring Dynamic Access Lists......Page 258
Configuring Reflexive Access Lists......Page 264
Configuring Time-Based Access Lists......Page 267
Appendix A: IOS Firewall IDS Signature List......Page 270
Configuring Management Access......Page 276
Configuring Port Security......Page 277
Configuring Permit Lists......Page 279
Configuring AAA Support......Page 280
List of Figures......Page 285
List of Tables......Page 287
List of Listings......Page 288