product iamge

Managing and Securing a Cisco SWAN

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

This book is essential reading for any network admin, network engineer, or security consultant responsible for the design, deployment and/or management of a Cisco Structured Wireless-Aware Network. It covers all product features, with particular attention to the challenges of integrating legacy Cisco products into a Wireless-Aware network. Specifically, the book also includes coverage of Cisco IOS Software-based Cisco Aironet Series access points, Cisco and Cisco Compatible client adapters and the CiscoWorks Wireless LAN Solution Engine (WLSE). - Emphasis on AUTOMATING and SIMPLIFYING the management of mixed environment (wired and wireless) networks. - Describes how to centralized control and configuration of thousands of networking devices - Security blueprint to help detect rogue access points and achieve fast, secure roaming for mobile applications

Author(s): Dale Liu
Edition: 1st
Publisher: Syngress
Year: 2009

Language: English
Pages: 596

Copyright Page......Page 2
Contents......Page 21
Lead Author and Technical Editor......Page 18
Contributing Authors......Page 19
An Overview of Cisco Router and Switch Forensics......Page 25
Network Architectures......Page 26
Routers......Page 29
Routers......Page 30
Switches......Page 31
Syslog......Page 32
Who Spotted It......Page 33
Relevant Laws......Page 34
Law Enforcement Issues......Page 35
Setting Up a Secure Network......Page 36
How to Respond......Page 37
Frequently Asked Questions......Page 38
Digital Forensics and Analyzing Data......Page 39
The Phases of Digital Forensics......Page 40
Collection......Page 41
Preparation......Page 43
Hardware Documentation Difficulties......Page 45
SANs......Page 46
Difficulties When
Collecting Data from Virtual Machines......Page 47
Difficulties When Conducting
Memory Acquisition and Analysis......Page 48
Utility of Hash Sets......Page 49
Trusted Platform Module (TPM)......Page 50
Analysis......Page 51
Metadata......Page 53
Binary and Malware Analysis......Page 54
Analysis of an Enterprise Event......Page 55
Timelines......Page 56
GREP......Page 57
Security Event Management Systems......Page 58
Reporting......Page 59
The Phases of Digital Forensics......Page 60
Frequently Asked Questions......Page 61
Endnotes......Page 62
Seizure of Digital Information......Page 63
Introduction......Page 64
Defining Digital Evidence......Page 65
Digital Evidence Seizure Methodology......Page 68
Seizure Methodology in Depth......Page 70
Step 1: Digital Media Identification
......Page 71
Step 3: Seizure of Storage Devices and Media......Page 72
To Pull the Plug or not to Pull the Plug, that is the Question
......Page 73
Factors Limiting the
Wholesale Seizure of Hardware......Page 74
Disk Encryption......Page 75
Privacy Concerns......Page 76
The Concept of the First Responder......Page 77
Other Options for
Seizing Digital Evidence......Page 78
Responding to a Victim of a
Crime where Digital Evidence is Involved......Page 79
Seizure Example......Page 80
Determining the Presence and
Location of Evidentiary Data Objects......Page 82
Obtaining Information
from a Running Computer......Page 83
Imaging Information On-Scene......Page 84
Imaging Finite Data Objects On-Scene......Page 85
Use of Tools for Digital Evidence Collection......Page 86
Common Threads
within Digital Evidence Seizure......Page 88
Determining the Most
Appropriate Seizure Method......Page 90
Summary......Page 92
Common Threads within Digital Evidence Seizure......Page 94
Determining the Most Appropriate Seizure Method......Page 95
Frequently Asked Questions......Page 96
Endnotes......Page 97
The Mindset
of a Network Administrator......Page 99
The God Complex......Page 100
Job Security......Page 101
Salaries......Page 102
Social Engineering......Page 103
Google Them......Page 104
No-Tech Hacking......Page 105
Social Engineering......Page 107
Frequently Asked Questions......Page 108
Arrival on the Scene......Page 109
Introduction......Page 110
Preliminary Checklists......Page 111
Equipment......Page 112
Communicating with On-Scene Personnel......Page 113
Policies and Procedures......Page 114
Diagrams......Page 116
Passwords......Page 121
Access Control Lists......Page 122
Evidence Tape and Bags......Page 123
Safety......Page 124
To Stop an Attack You Must Be Able to Identify the Attack......Page 125
Maintaining or Restoring Business Continuity......Page 126
Follow Agency Guidelines......Page 127
Cooperating and Coordinating with Other Agencies......Page 128
Internet Crime Reporting Resources......Page 129
The Incident......Page 131
Securing the Scene: Protecting Equipment and Data......Page 132
The Incident......Page 133
Frequently Asked Questions......Page 134
Diagramming
the Network Infrastructure......Page 135
None......Page 136
Inaccurate......Page 138
Physical Layout......Page 140
Cabling......Page 141
Wireless Access Points......Page 142
Routers......Page 143
Servers......Page 144
E-Mail......Page 146
SQL and Oracle......Page 147
UNIX, Linux, and Windows......Page 148
DNS......Page 149
Laptops......Page 150
Subnets......Page 151
Virtual Local Area Network (VLAN)......Page 152
Topology......Page 153
Firewall Settings......Page 156
Access Control Lists......Page 158
Firewall Settings......Page 160
IDS Settings......Page 161
Virtual Private Network Access......Page 162
VNC......Page 163
SSH......Page 164
The Incident......Page 165
Physical Layout......Page 167
The Incident......Page 168
Frequently Asked Questions......Page 169
Cisco IOS Router Basics......Page 172
Connecting to the Router......Page 173
HyperTerminal......Page 174
The Console Port......Page 175
The Auxiliary Port......Page 181
Telnet......Page 182
Web Interface......Page 187
Cisco Network Assistant......Page 190
Router Modes......Page 191
User Modes 1 through 14......Page 192
Commands......Page 193
Global Configuration Mode......Page 194
Routing Protocols......Page 195
Interior and Exterior Gateway Protocols......Page 196
Distance Vector Routing Protocols......Page 197
RIP......Page 198
EIGRP......Page 200
BGP......Page 201
OSPF......Page 202
Backing Up Configurations......Page 204
TFTP......Page 205
Restoring Configurations......Page 206
Router Issues......Page 208
Final Security Issues......Page 209
ACLs......Page 211
Router Passwords......Page 216
The Incident......Page 217
Routing Protocols......Page 226
The Incident......Page 227
Frequently Asked Questions......Page 228
Understanding
the Methods
and Mindset
of the Attacker
......Page 230
Information Gathering......Page 231
Google Hacking......Page 232
No-Tech Hacking......Page 234
Scanning and Probing......Page 236
Nmap......Page 237
Netcat......Page 241
Nessus......Page 243
Maltego......Page 248
Other Scanning Tools......Page 250
Metasploit......Page 256
MSF Version 3......Page 258
MSF Version 2......Page 259
Milw0rm......Page 261
Password Cracking......Page 262
Backdoors......Page 264
Rootkits......Page 265
Tunneling......Page 266
Anti-Forensics......Page 267
The Incident......Page 268
Maintaining Access......Page 270
The Incident......Page 271
Frequently Asked Questions......Page 272
Collecting the Non-Volatile Data from a Router......Page 273
Initial Steps......Page 274
Obtain the Router Password......Page 275
Procedures......Page 276
Serial Cable......Page 277
HyperTerminal......Page 278
Web-Based Interface......Page 281
Cisco Network Assistant......Page 282
Router Non-Volatile Data Collection Procedures......Page 284
TFTP......Page 296
Router Commands to Run on the Cisco Router......Page 299
Analysis of Gathered Non-Volatile Router Data from a Cisco Router......Page 306
Analyzing What Happened......Page 307
Log Files......Page 316
Building Your Case......Page 318
The Incident......Page 319
Router Non-Volatile Data Collection Procedures......Page 323
The Incident......Page 324
Frequently Asked Questions......Page 325
Collecting the Volatile Data
from a Router......Page 326
Before You Connect to the Cisco Router......Page 327
Initial Steps......Page 328
Preinvestigation Tasks......Page 329
Obtain the Router Password......Page 332
Modes of Operation......Page 333
Remote Evidence May Be All That Is Available if the Passwords Have Been Modified......Page 334
SNMP......Page 336
HTTP......Page 340
Live Capture Procedures......Page 341
Background......Page 345
Connecting to the Cisco Router......Page 346
HyperTerminal......Page 347
Web-Based Interface......Page 348
Interactive Access......Page 349
Controlling VTYs and Ensuring VTY Availability......Page 350
Network-Based Backup of Config Files......Page 351
Configuration Files and States......Page 352
The Major Commands......Page 353
The show audit Command......Page 354
The show version Command......Page 356
The show access-lists Command......Page 357
The show banners Command......Page 358
The show arp and how ip arp Commands......Page 359
The show tech-support Command......Page 360
The show stacks Command......Page 361
The show logging Command......Page 362
AAA Logging......Page 363
ACL Violation Logging......Page 364
Advanced Data Collection......Page 365
Automated Router Forensics......Page 366
RAT......Page 367
How to Install RAT......Page 368
How to Run RAT......Page 372
Command Syntax......Page 377
CREED: The Cisco Router Evidence Extraction Disk......Page 378
Phase 1: Gain an Understanding of the System......Page 379
Phase 3: The Initial Steps......Page 380
The Incident......Page 381
Volatile Data Collection Procedures......Page 407
The Incident......Page 408
Frequently Asked Questions......Page 409
Endnotes......Page 410
Cisco IOS Switch Basics......Page 411
Switch Concepts......Page 412
Advantages over Hubs......Page 413
Cut-Through......Page 414
Store-and-Forward......Page 415
CAM......Page 416
MAC Flooding......Page 417
Layer 3 Switches......Page 418
Microsegmentation......Page 419
Broadcast Domains......Page 421
Port Security......Page 422
Connecting to the Switch......Page 423
Switch LED Indicators......Page 424
HyperTerminal......Page 425
The Console Port......Page 426
Telnet......Page 429
Web Interface......Page 431
Cisco Network Assistant......Page 432
Switch Modes......Page 436
Commands......Page 437
Commands......Page 438
Global Configuration Mode......Page 439
VLAN Database Configuration......Page 440
Managing IOS......Page 441
Configuration Files......Page 442
Backing Up Configurations......Page 443
Restoring Configurations......Page 444
Switch Issues......Page 445
Final Security Issues......Page 446
Boot Problems......Page 448
Switch Passwords......Page 449
The Incident......Page 450
Switch Terminology......Page 453
Backup and Restoration of Switches......Page 454
The Incident......Page 455
Frequently Asked Questions......Page 456
Collecting the Non-Volatile and Volatile Data from a Switch......Page 457
Interview the POC......Page 458
Obtain the Switch Password......Page 459
Document Your Steps......Page 460
Serial Cable......Page 461
HyperTerminal......Page 462
Telnet......Page 463
Cisco Network Assistant......Page 464
Documentation......Page 465
Cisco Network Assistant......Page 466
FTP......Page 467
Clock......Page 468
Version......Page 469
Startup Config......Page 470
Banners......Page 471
Logging......Page 472
Examining the VLAN Database......Page 473
Analyzing What Happened......Page 474
The Incident......Page 475
Volatile and Non-Volatile Data Collection Procedures......Page 481
The Incident......Page 482
Frequently Asked Questions......Page 483
Preparing Your Report......Page 484
Chain-of-Custody Form......Page 485
Agency-Specific Forms......Page 486
Evidence Forms......Page 487
Evidence Number......Page 488
Timeline of Recorded Events......Page 489
Trusted Binaries......Page 490
Drawings......Page 491
The Incident......Page 492
Shutdown Procedures......Page 493
Drawings......Page 494
Frequently Asked Questions......Page 495
Preparing to Testify......Page 496
Reports......Page 497
Forms......Page 498
Chain of Custody......Page 499
Checklists......Page 500
Video......Page 501
Charts......Page 502
Understanding the
Daubert and Frye Standards......Page 503
Tested Theories......Page 504
Peer-Reviewed and Publicized Theories......Page 505
Scientific Evidence......Page 506
Applicability to Procedures......Page 507
Federal Rules......Page 508
Preparation......Page 509
Errors and Omissions......Page 510
Words of Caution......Page 511
The Incident......Page 512
Visual Tools......Page 514
Errors and Omissions......Page 515
The Incident......Page 516
Frequently Asked Questions......Page 517
D......Page 518
E......Page 519
M......Page 520
R......Page 521
S......Page 522
Z......Page 523
Cisco Wireless Device Forensics......Page 524
Overview of 802.11 Standards......Page 525
Protecting the Data Link and Physical Layers......Page 526
Authentication......Page 527
Risk Assessment......Page 528
Hot Standby......Page 529
Configuring Hot Standby......Page 530
Implementing Firewalls for Additional Security......Page 531
Public Secure Packet Forwarding......Page 532
WLAN LAN Extension 802.1x/EAP......Page 533
EAP Request and Response......Page 534
802.1x......Page 535
EAP TLS......Page 536
LEAP Authentication Process......Page 537
Implementing LEAP......Page 538
Configuring ACS......Page 539
Configuring Access Points......Page 541
Configuring the Client......Page 544
WLAN LAN Extension IPSec......Page 548
IKE......Page 549
AH......Page 550
Implementing IPSec over WLAN......Page 551
Configuring the VPN Gateway......Page 553
Configuring an Access Point......Page 554
Configuring Filters Using the CLI in IOS......Page 555
Configuring Filters Using a Web Browser in IOS......Page 556
Configuring a VPN Client......Page 557
WEP......Page 559
IV and RC4 Vulnerabilities......Page 560
Message Integrity Check......Page 561
Using a Web Browser for Access Point Configuration......Page 562
The Cisco Wireless and Wireless-Aware Vision......Page 563
The Cisco Structured Wireless-Aware Network Product Line......Page 564
Client Adapters......Page 565
Cisco Wireless LAN Switches and Routers......Page 566
Cisco Wireless Antennas and Accessories......Page 567
Pilar Mount Diversity Omnidirectional Antenna 2.4 GHz (AIR-ANT3213)......Page 569
Directional Wall Mount Patch Antenna 2.4 GHz (AIR-ANT3549, AIR-ANT1729)......Page 570
Cisco’s 2.4 GHz Antennas Summary......Page 571
Cisco Wireless IP Phone......Page 573
Upgrading from VxWorks to IOS......Page 574
Using the Browser and VxWorks......Page 575
Aironet 1200 AP......Page 576
First-Time Basic Configuration......Page 578
Aironet 1100 AP......Page 580
Aironet 350 AP......Page 581
Cisco Aironet 350 Series Client Adapters......Page 582
Cisco Aironet 802.11a/b/g Client Adapters......Page 584
CiscoWorks Wireless LAN Solution Engine (WLSE) 2.x......Page 585
Fault Monitoring......Page 586
Configure Tab......Page 588
Reports......Page 590
Radio Manager......Page 591
WLAN LAN Extension 802.1x/EAP......Page 593
The Cisco Structured Wireless-Aware Network Product Line......Page 594
Cisco Aironet WLAN Client Adapters......Page 595
CiscoWorks Wireless LAN Solution Engine (WLSE) 2.x......Page 596