LAN Switch Security


Book Description

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco® Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks. Divided into four parts, LAN Switch Security provides you with steps you can take to ensure the integrity of both voice and data traffic traveling over Layer 2 devices. Part I covers vulnerabilities in Layer 2 protocols and how to configure switches to prevent attacks against those vulnerabilities. Part II addresses denial-of-service (DoS) attacks on an Ethernet switch and shows how those attacks can be mitigated. Part III shows how a switch can actually augment the security of a network through the utilization of wirespeed access control list (ACL) processing and IEEE 802.1x for user authentication and authorization. Part IV examines future developments from the LinkSec working group at the IEEE. For all parts, most of the content is vendor independent and is useful for all network architects deploying Ethernet switches. After reading this book, you will have an in-depth understanding of LAN security and be prepared to plug the security holes that exist in a great number of campus networks. Use port security to protect against CAM attacks Prevent spanning-tree attacks Isolate VLANs with proper configuration techniques Protect against rogue DHCP servers Block ARP snooping Prevent IPv6 neighbor discovery and router solicitation exploitation Identify Power over Ethernet vulnerabilities Mitigate risks from HSRP and VRPP Stop information leaks with CDP, PaGP, VTP, CGMP and other Cisco ancillary protocols Understand and prevent DoS attacks against switches Enforce simple wirespeed security policies with ACLs Implement user authentication on a port base with IEEE 802.1x Use new IEEE protocols to encrypt all Ethernet frames at wirespeed. This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.




Cisco Wireless LAN Security


Book Description

Secure a wireless Local Area Network with guidance from Cisco Systems experts. Showing how to use tools such as security checklists, design templates, and other resources to ensure WLAN security, this book illustrates security basics, standards, and vulnerabilities, and provides examples of architecture, design, and best practices.




Network Security Principles and Practices


Book Description

Expert solutions for securing network infrastructures and VPNs bull; Build security into the network by defining zones, implementing secure routing protocol designs, and building safe LAN switching environments Understand the inner workings of the Cisco PIX Firewall and analyze in-depth Cisco PIX Firewall and Cisco IOS Firewall features and concepts Understand what VPNs are and how they are implemented with protocols such as GRE, L2TP, and IPSec Gain a packet-level understanding of the IPSec suite of protocols, its associated encryption and hashing functions, and authentication techniques Learn how network attacks can be categorized and how the Cisco IDS is designed and can be set upto protect against them Control network access by learning how AAA fits into the Cisco security model and by implementing RADIUS and TACACS+ protocols Provision service provider security using ACLs, NBAR, and CAR to identify and control attacks Identify and resolve common implementation failures by evaluating real-world troubleshooting scenarios As organizations increase their dependence on networks for core business processes and increase access to remote sites and mobile workers via virtual private networks (VPNs), network security becomes more and more critical. In today's networked era, information is an organization's most valuable resource. Lack of customer, partner, and employee access to e-commerce and data servers can impact both revenue and productivity. Even so, most networks do not have the proper degree of security. Network Security Principles and Practices provides an in-depth understanding of the policies, products, and expertise that brings organization to this extremely complex topic and boosts your confidence in the performance and integrity of your network systems and services. Written by a CCIE engineer who participated in the development of the CCIE Security exams, Network Security Principles and Practices is the first book that provides a comprehensive review of topics important to achieving CCIE Security certification. Network Security Principles and Practices is a comprehensive guide to network security threats and the policies and tools developed specifically to combat those threats. Taking a practical, applied approach to building security into networks, the book shows you how to build secure network architectures from the ground up. Security aspects of routing protocols, Layer 2 threats, and switch security features are all analyzed. A comprehensive treatment of VPNs and IPSec is presented in extensive packet-by-packet detail. The book takes a behind-the-scenes look at how the Cisco PIX(r) Firewall actually works, presenting many difficult-to-understand and new Cisco PIX Firewall and Cisco IOSreg; Firewall concepts. The book launches into a discussion of intrusion detection systems (IDS) by analyzing and breaking down modern-day network attacks, describing how an IDS deals with those threats in general, and elaborating on the Cisco implementation of IDS. The book also discusses AAA, RADIUS, and TACACS+ and their usage with some of the newer security implementations such as VPNs and proxy authentication. A complete section devoted to service provider techniques for enhancing customer security and providing support in the event of an attack is also included. Finally, the book concludes with a section dedicated to discussing tried-and-tested troubleshooting tools and techniques that are not only invaluable to candidates working toward their CCIE Security lab exam but also to the security network administrator running the operations of a network on a daily basis.




Network Security Technologies and Solutions (CCIE Professional Development Series)


Book Description

CCIE Professional Development Network Security Technologies and Solutions A comprehensive, all-in-one reference for Cisco network security Yusuf Bhaiji, CCIE No. 9305 Network Security Technologies and Solutions is a comprehensive reference to the most cutting-edge security products and methodologies available to networking professionals today. This book helps you understand and implement current, state-of-the-art network security technologies to ensure secure communications throughout the network infrastructure. With an easy-to-follow approach, this book serves as a central repository of security knowledge to help you implement end-to-end security solutions and provides a single source of knowledge covering the entire range of the Cisco network security portfolio. The book is divided into five parts mapping to Cisco security technologies and solutions: perimeter security, identity security and access management, data privacy, security monitoring, and security management. Together, all these elements enable dynamic links between customer security policy, user or host identity, and network infrastructures. With this definitive reference, you can gain a greater understanding of the solutions available and learn how to build integrated, secure networks in today’s modern, heterogeneous networking environment. This book is an excellent resource for those seeking a comprehensive reference on mature and emerging security tactics and is also a great study guide for the CCIE Security exam. “Yusuf’s extensive experience as a mentor and advisor in the security technology field has honed his ability to translate highly technical information into a straight-forward, easy-to-understand format. If you’re looking for a truly comprehensive guide to network security, this is the one! ” –Steve Gordon, Vice President, Technical Services, Cisco Yusuf Bhaiji, CCIE No. 9305 (R&S and Security), has been with Cisco for seven years and is currently the program manager for Cisco CCIE Security certification. He is also the CCIE Proctor in the Cisco Dubai Lab. Prior to this, he was technical lead for the Sydney TAC Security and VPN team at Cisco. Filter traffic with access lists and implement security features on switches Configure Cisco IOS router firewall features and deploy ASA and PIX Firewall appliances Understand attack vectors and apply Layer 2 and Layer 3 mitigation techniques Secure management access with AAA Secure access control using multifactor authentication technology Implement identity-based network access control Apply the latest wireless LAN security solutions Enforce security policy compliance with Cisco NAC Learn the basics of cryptography and implement IPsec VPNs, DMVPN, GET VPN, SSL VPN, and MPLS VPN technologies Monitor network activity and security incident response with network and host intrusion prevention, anomaly detection, and security monitoring and correlation Deploy security management solutions such as Cisco Security Manager, SDM, ADSM, PDM, and IDM Learn about regulatory compliance issues such as GLBA, HIPPA, and SOX This book is part of the Cisco CCIE Professional Development Series from Cisco Press, which offers expert-level instr




Managing Cisco Network Security


Book Description

Learn how to secure your network with the official MCNS Coursebook




Cisco LAN Switching (CCIE Professional Development series)


Book Description

This is the eBook version of the printed book. If the print book includes a CD-ROM, this content is not included within the eBook version. The most complete guide to Cisco Catalyst(r) switch network design, operation, and configuration Master key foundation topics such as high-speed LAN technologies, LAN segmentation, bridging, the Catalyst command-line environment, and VLANs Improve the performance of your campus network by utilizing effective Cisco Catalyst design, configuration, and troubleshooting techniques Benefit from the most comprehensive coverage of Spanning-Tree Protocol, including invaluable information on troubleshooting common Spanning Tree problems Master trunking concepts and applications, including ISL, 802.1Q, LANE, and MPOA Understand when and how to utilize Layer 3 switching techniques for maximum effect Understand Layer 2 and Layer 3 switching configuration with the Catalyst 6000 family, including coverage of the powerful MSFC Native IOS Mode Cisco LAN Switchingprovides the most comprehensive coverage of the best methods for designing, utilizing, and deploying LAN switching devices and technologies in a modern campus network. Divided into six parts, this book takes you beyond basic switching concepts by providing an array of proven design models, practical implementation solutions, and troubleshooting strategies. Part I discusses important foundation issues that provide a context for the rest of the book, including Fast and Gigabit Ethernet, routing versus switching, the types of Layer 2 switching, the Catalyst command-line environment, and VLANs. Part II presents the most detailed discussion of Spanning-Tree Protocol in print, including common problems, troubleshooting, and enhancements, such as PortFast, UplinkFast, BackboneFast, and PVST+. Part III examines the critical issue of trunk connections, the links used to carry multiple VLANs through campus networks. Entire chapters are dedicated to LANE and MPOA. Part IV addresses advanced features, such as Layer 3 switching, VTP, and CGMP and IGMP. Part V covers real-world campus design and implementation issues, allowing you to benefit from the collective advice of many LAN switching experts. Part VI discusses issues specific to the Catalyst 6000/6500 family of switches, including the powerful Native IOS Mode of Layer 3 switching. Several features in Cisco LAN Switchingare designed to reinforce concepts covered in the book and to help you prepare for the CCIE exam. In addition to the practical discussion of advanced switching issues, this book also contains case studies that highlight real-world design, implementation, and management issues, as well as chapter-ending review questions and exercises. This book is part of the Cisco CCIE Professional Development Series from Cisco Press, which offers expert-level instruction on network design, deployment, and support methodologies to help networking professionals manage complex networks and prepare for CCIE exams.




Cisco Networks


Book Description

This book is a concise one-stop desk reference and synopsis of basic knowledge and skills for Cisco certification prep. For beginning and experienced network engineers tasked with building LAN, WAN, and data center connections, this book lays out clear directions for installing, configuring, and troubleshooting networks with Cisco devices. The full range of certification topics is covered, including all aspects of IOS, NX-OS, and ASA software. The emphasis throughout is on solving the real-world challenges engineers face in configuring network devices, rather than on exhaustive descriptions of hardware features. This practical desk companion doubles as a comprehensive overview of the basic knowledge and skills needed by CCENT, CCNA, and CCNP exam takers. It distills a comprehensive library of cheat sheets, lab configurations, and advanced commands that the authors assembled as senior network engineers for the benefit of junior engineers they train, mentor on the job, and prepare for Cisco certification exams. Prior familiarity with Cisco routing and switching is desirable but not necessary, as Chris Carthern, Dr. Will Wilson, Noel Rivera, and Richard Bedwell start their book with a review of the basics of configuring routers and switches. All the more advanced chapters have labs and exercises to reinforce the concepts learned. This book differentiates itself from other Cisco books on the market by approaching network security from a hacker’s perspective. Not only does it provide network security recommendations but it teaches you how to use black-hat tools such as oclHashcat, Loki, Burp Suite, Scapy, Metasploit, and Kali to actually test the security concepts learned. Readers of Cisco Networks will learn How to configure Cisco switches, routers, and data center devices in typical corporate network architectures The skills and knowledge needed to pass Cisco CCENT, CCNA, and CCNP certification exams How to set up and configure at-home labs using virtual machines and lab exercises in the book to practice advanced Cisco commands How to implement networks of Cisco devices supporting WAN, LAN, and data center configurations How to implement secure network configurations and configure the Cisco ASA firewall How to use black-hat tools and network penetration techniques to test the security of your network




Packet Guide to Routing and Switching


Book Description

Go beyond layer 2 broadcast domains with this in-depth tour of advanced link and internetwork layer protocols, and learn how they enable you to expand to larger topologies. An ideal follow-up to Packet Guide to Core Network Protocols, this concise guide dissects several of these protocols to explain their structure and operation. This isn’t a book on packet theory. Author Bruce Hartpence built topologies in a lab as he wrote this guide, and each chapter includes several packet captures. You’ll learn about protocol classification, static vs. dynamic topologies, and reasons for installing a particular route. This guide covers: Host routing—Process a routing table and learn how traffic starts out across a network Static routing—Build router routing tables and understand how forwarding decisions are made and processed Spanning Tree Protocol—Learn how this protocol is an integral part of every network containing switches Virtual Local Area Networks—Use VLANs to address the limitations of layer 2 networks Trunking—Get an indepth look at VLAN tagging and the 802.1Q protocol Routing Information Protocol—Understand how this distance vector protocol works in small, modern communication networks Open Shortest Path First—Discover why convergence times of OSPF and other link state protocols are improved over distance vectors




LAN Switching and Wireless, CCNA Exploration Companion Guide


Book Description

LAN Switching and Wireless CCNA Exploration Companion Guide Wayne Lewis, Ph.D. LAN Switching and Wireless, CCNA Exploration Companion Guide is the official supplemental textbook for the LAN Switching and Wireless course in the Cisco Networking Academy CCNA® Exploration curriculum version 4. This course provides a comprehensive approach to learning the technologies and protocols needed to design and implement a converged switched network. The Companion Guide, written and edited by a Networking Academy instructor, is designed as a portable desk reference to use anytime, anywhere. The book’s features reinforce the material in the course to help you focus on important concepts and organize your study time for exams. New and improved features help you study and succeed in this course: Chapter objectives: Review core concepts by answering the questions listed at the beginning of each chapter. Key terms: Refer to the updated lists of networking vocabulary introduced and turn to the highlighted terms in context in each chapter. Glossary: Consult the all-new comprehensive glossary with more than 190 terms. Check Your Understanding questions and answer key: Evaluate your readiness with the updated end-of-chapter questions that match the style of questions you see on the online course quizzes. The answer key explains each answer. Challenge questions and activities: Strive to ace more challenging review questions and activities designed to prepare you for the complex styles of questions you might see on the CCNA exam. The answer key explains each answer. Wayne Lewis is the Cisco Academy Manager for the Pacific Center for Advanced Technology Training (PCATT), based at Honolulu Community College. How To: Look for this icon to study the steps that you need to learn to perform certain tasks. Packet Tracer Activities: Explore networking concepts in activities interspersed throughout some chapters using Packet Tracer v4.1 developed by Cisco. The files for these activities are on the accompanying CD-ROM. Also available for the LAN Switching and Wireless course: LAN Switching and Wireless, CCNA Exploration Labs and Study Guide ISBN-10: 1-58713-202-8 ISBN-13: 978-1-58713-202-5 Companion CD-ROM **See instructions within the ebook on how to get access to the files from the CD-ROM that accompanies this print book.** The CD-ROM provides many useful tools and information to support your education: Packet Tracer Activity exercise files A Guide to Using a Networker’s Journal booklet Taking Notes: A .txt file of the chapter objectives More IT Career Information Tips on Lifelong Learning in Networking This book is part of the Cisco Networking Academy Series from Cisco Press®. Books in this series support and complement the Cisco Networking online curriculum.




Routing and Switching Essentials Companion Guide


Book Description

Routing and Switching Essentials Companion Guide is the official supplemental textbook for the Routing and Switching Essentials course in the Cisco® Networking Academy® CCNA® Routing and Switching curriculum. This course describes the architecture, components, and operations of routers and switches in a small network. You learn how to configure a router and a switch for basic functionality. By the end of this course, you will be able to configure and troubleshoot routers and switches and resolve common issues with RIPv1, RIPv2, single-area and multi-area OSPF, virtual LANs, and inter-VLAN routing in both IPv4 and IPv6 networks. The Companion Guide is designed as a portable desk reference to use anytime, anywhere to reinforce the material from the course and organize your time. The book's features help you focus on important concepts to succeed in this course: Chapter objectives-Review core concepts by answering the focus questions listed at the beginning of each chapter. Key terms-Refer to the lists of networking vocabulary introduced and highlighted in context in each chapter. Glossary-Consult the comprehensive Glossary with more than 200 terms. Summary of Activities and Labs-Maximize your study time with this complete list of all associated practice exercises at the end of each chapter. Check Your Understanding-Evaluate your readiness with the end-of-chapter questions that match the style of questions you see in the online course quizzes. The answer key explains each answer. Related Title: Routing and Switching Essentials Lab Manual How To-Look for this icon to study the steps you need to learn to perform certain tasks. Interactive Activities-Reinforce your understanding of topics by doing all the exercises from the online course identified throughout the book with this icon. Videos-Watch the videos embedded within the online course. Packet Tracer Activities-Explore and visualize networking concepts using Packet Tracer exercises interspersed throughout the chapters. Hands-on Labs-Work through all the course labs and additional Class Activities that are included in the course and published in the separate Lab Manual.