21
Self-Defending Networks: The Next Generation of Network Security
Filed Under (Network Security) by Abdul Jaleel Malik on 21-08-2008
Tagged Under : Cisco, Network, Network Security
ISBN-10: 1-58705-253-9; ISBN-13: 978-1-58705-253-8; Published: Aug 31, 2006; Copyright 2007; Dimensions 7-3/8×9-1/8; Pages: 250; Edition: 1st.
Protect your network with self-regulating network security solutions that combat both internal and external threats.
Provides an overview of the security components used to design proactive network security
Helps network security professionals understand what the latest tools and techniques can do and how they interact
Presents detailed information on how to use integrated management to increase security
Includes a design guide with step-by-step implementation instructions
Self-Defending Networks: The Next Generation of Network Security helps networking professionals understand how to deploy an end-to-end, integrated network security solution. It presents a clear view of the various components that can be used throughout the network to not only monitor traffic but to allow the network itself to become more proactive in preventing and mitigating network attacks. This security primer provides unique insight into the entire range of Cisco security solutions, showing what each element is capable of doing and how all of the pieces work together to form an end-to-end Self-Defending Network. While other books tend to focus on individual security components, providing in-depth configuration guidelines for various devices and technologies, Self-Defending Networks instead presents a high-level overview of the entire range of technologies and techniques that comprise the latest thinking in proactive network security defenses. This book arms network security professionals with the latest information on the comprehensive suite of Cisco security tools and techniques. Network Admission Control, Network Infection Containment, Dynamic Attack Mitigation, DDoS Mitigation, Host Intrusion Prevention, and Integrated Security Management are all covered, providing the most complete overview of various security systems. It focuses on leveraging integrated management, rather than including a device-by-device manual to implement self-defending networks.
How This Book Is Organized
This book is designed to be read as a beginning-to-intermediate overview of Cisco self-defending networks. The chapters cover the following topics:
Chapter 1, "Understanding Types of Network Attacks and Defenses" Starts with an overview of network security threats and then details specific components of a self-defending network.
Chapter 2, "Mitigating Distributed Denial-of-Service Attacks" Discusses the DDoS attack threats to an IP network and the components to mitigate this DDoS thread, including the DDoS service module for the Catalyst 6500/7600 family and the DDoS Device Manager.
Chapter 3, "Cisco Adaptive Security Appliance Overview" Discusses the Cisco security appliance for firewall, IPS, VPN, antivirus, antispam, antiphishing, and URL filtering. This chapter also details how you can use the Adaptive Security Appliance Device Manager (ASDM) to help create a self-defending network.
Chapter 4, "Cisco Incident Control Service" Examines the Cisco ICS product, developed with Trend Micro, that enables IOS routers, IPS Sensors, and the IPS module (AIP-SSM) of the Adaptive Security Appliance to update virus-related IPS signatures. This chapter also details the ability of Cisco ICS to configure access-list rules on IOS routers and ASA security appliances to help to protect the network against network virus infections.
Chapter 5, "Demystifying 802.lx" Examines the underlying technology of the IEEE 802.1x standard, which enables networks to identify, authenticate, and authorize users to the desired VLANs and applications. This chapter also details how 802.1x can be a component of NAC.
Chapter 6, "Implementing Network Admission Control" Provides an overview of the component of a self-defending network that authenticates and quarantines rogue users and users with down-level versions of OS patches and virus-protecting software. This chapter is dedicated to NAC framework, or a NAC solution that uses existing routers and switches.
Chapter 7, "Network Admission Control Appliance" Covers the fundamentals of and configuration of the NAC appliance (Cisco Clean Access) product line. Specifically, this chapter covers how this NAC appliance can provide an alternative to the embedded components of NAC framework that may be attractive to several target markets, including the education market. This chapter also details how 802.1x is not required to implement NAC with the NAC appliance.
Chapter 8, "Managing the Cisco Security Agent" Covers the fundamentals and configuration of the end-point or desktop self-defending component. It also discusses the product to provide end-point or desktop protection for up to 100,000 PCs or laptops with a single management center.
Chapter 9, "Cisco Security Manager" Covers the centralized management product (Cisco Security Manager), which can configure the self-defending network for routers, switches, ASA, and IPS devices. This chapter also details how a management station can manage a self-defending network.
Chapter 10, "Cisco Security Monitoring, Analysis, and Response System" Details how Cisco Security MARS can centrally monitor and provide mitigation for a self-defending network. Cisco Security MARS received monitoring input from many components in the self-defending network, including routers, switches, ASA devices, IPS devices, databases, hosts, and Cisco Security Agents.
Download
Self-Defending Networks: The Next Generation of Network Security
or
Self-Defending Networks: The Next Generation of Network Security
Brows it all in new way
The Self-Defending Networks: The Next Generation of Network Security by Abdul Jaleel Malik, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.
