Preface xiIntroduction xiiiChapter 1. Fundamentals of Network Security 11.1. Introduction 11.1.1. The main objectives of securing a network 21.1.2. Information security terminology 21.2. Types of network security 41.2.1. Physical security 41.2.2. Logical security 41.2.3. Administrative security 51.3. The main risks related to the logical security of the network 51.3.1. Different kinds of network attacks 51.3.2. Network security measures 71.3.3. Vulnerability audit measures 81.4. Exercises to test learning 8Chapter 2. Securing Network Devices 152.1. Types of network traffic 152.2. Securing the management plan 162.3. Securing passwords 162.4. Implementing connection restrictions 172.4.1. Configuring a login banner 172.4.2. Configuring connection parameters 172.5. Securing access through console lines, VTY and auxiliaries 182.5.1. Securing access through the console line and deactivating the auxiliary line 182.5.2. Securing VTY access with ssh 182.6. Allocation of administrative roles 192.6.1. Privilege levels of the IOS system 192.6.2. Configuring a privilege level 192.6.3. Setting a privilege level per user 202.6.4. Setting a privilege level for console, VTY, and auxiliary line access 202.6.5. Securing access with the management of "views" and "super-views" 212.6.6. Securing configuration files and the IOS system 222.6.7. Using automated security features 232.7. Securing the control plane 242.7.1. Introduction 242.7.2. MD5 authentication 242.7.3. Configuring OSPF protocol authentication 242.7.4. Configuring EIGRP protocol authentication 252.7.5. Configuring RIP authentication 262.8. Exercises for application 26Chapter 3. Supervising a Computer Network 413.1. Introduction 413.2. Implementing an NTP server 423.2.1. Introduction to the NTP 423.2.2. How the NTP works 423.2.3. NTP configuration 433.3. Implementing a Syslog server 443.3.1. Introduction to the Syslog 443.3.2. How Syslog works 453.3.3. Configuring a Syslog client 463.4. Implementing the Simple Network Management Protocol (SNMP) 463.4.1. Introducing the SNMP 463.4.2. How SNMP works 473.4.3. SNMP configuration 493.5. Exercises for application 50Chapter 4. Securing Access Using AAA 674.1. Introduction 674.2. AAA authentication 684.2.1. Local AAA authentication 684.2.2. AAA authentication based on a server 694.3. AAA authorizations 714.4. AAA traceability 714.5. Exercises for application 72Chapter 5. Using Firewalls 795.1. Introducing firewalls 805.2. Types of firewalls 805.3. Setting up a firewall 805.4. Different firewall strategies 815.5. ACL-based firewalls 815.5.1. Introduction 815.5.2. The location of ACLs 815.5.3. IPv4 ACLs 815.5.4. IPv6 ACLs 825.5.5. ACL recommendation 835.6. Zone-based firewalls 845.6.1. Introduction 845.6.2. Types of security zones in a network 845.6.3. Rules applied to interzone traffic 855.6.4. Terminology 865.6.5. Configuring a ZFW 865.7. Creating zones 865.8. Creating Class-Maps 865.9. Creating the Policy-Map to apply the Class-Maps 875.10. Defining the zone pairs 875.11. Applying the policy maps to the zone pairs 875.12. Assigning interfaces to zones 875.13. Exercises for application 88Chapter 6. Putting in Place an Intrusion Prevention System (IPS) 1016.1. Introduction to a detector 1026.2. The differences between an IDS and an IPS 1026.3. Types of IPS 1036.4. Cisco IP solutions 1036.5. Modes of deploying IPS 1036.6. Types of alarms 1046.7. Detecting malicious traffic 1046.7.1. Modes of detection 1046.7.2. Signature-based detection 1046.7.3. Other modes of detecting malicious traffic 1056.8. Signature micro-engines 1066.9. Severity levels of the signatures 1076.10. Monitoring and managing alarms and alerts 1086.11. List of actions to be taken during an attack 1086.12. Configuration of an IOS IPS 1096.13. Recommended practices 1116.14. Exercises for application 112Chapter 7. Securing a Local Network 1257.1. Introduction 1257.2. Types of attacks on Layer 2 1267.2.1. MAC address flooding attacks 1267.2.2. MAC spoofing attack 1277.2.3. The DHCP starvation attack 1277.2.4. VLAN hopping attacks 1287.2.5. STP-based attacks 1307.3. The best security practices for protecting Layer 2 1317.4. Exercises for application 132Chapter 8. Cryptography 1438.1. Basic concepts in cryptography 1438.1.1. Definition 1438.1.2. Terminology 1448.2. The different classifications of cryptology 1448.2.1. Traditional cryptography 1458.2.2. Modern cryptography 1468.2.3. Symmetric and asymmetric encryption 1478.3. Key management 1498.3.1. Introduction 1498.3.2. Diffie-Hellman key exchange 1498.4. Hash functions 1518.5. HMAC codes 1518.6. Asymmetric cryptography 1518.6.1. Introduction 1518.6.2. How it works 1528.6.3. Digital signatures 1538.6.4. Public key infrastructure 1558.7. Exercises for application 159Chapter 9. IPsec VPNs 1739.1. The IPsec protocol 1739.1.1. Objectives of IPsec 1739.1.2. Basic IPsec protocols 1749.1.3. The IPsec framework 1749.1.4. The IPsec security association 1759.1.5. IPsec modes 1759.2. IKE protocol 1769.2.1. Introduction 1769.2.2. Components of IKE 1769.2.3. IKE phases 1769.3. The site-to-site VPN configuration 1789.3.1. Introduction 1789.3.2. Configuration of IPsec VPN 1799.4. Exercises for application 181Chapter 10. Studying Advanced Firewalls 18910.1. Cisco ASA firewalls 18910.1.1. Introduction 18910.1.2. ASA models 19010.1.3. Modes for using ASA devices 19010.1.4. An overview of ASA 5505 19110.1.5. ASA levels of security 19210.1.6. Configuring an ASA with CLI 19310.2. Exercises for application 19810.3. Configuring Cisco elements with graphical tools 21010.3.1. An overview of the CCP 21010.3.2. An overview of the ASDM 21010.3.3. Using CCP and ASDM 21010.4. The TMG 2010 firewall 21110.4.1. Introduction 21110.4.2. Installation and configuration 211References 243Index 245

Ali Sadiqui is a trainer-researcher at the Office de la Formation Professionnelle et de la Promotion du Travail (OFPPT), Morocco. He is a member of several research laboratories and obtained his doctorate from the Sidi Mohamed Ben Abdellah University, Morocco.