Download cisco press business case for network security EBooks | Read online cisco press business case for network security EBooks
The Business Case for Network Security,Advocacy, Governance, and ROI
Understand the total cost of ownership and return on investment for network security solutions Understand what motivates hackers and how to classify threats Learn how to recognize common vulnerabilities and common types of attacks Examine modern day security systems, devices, and mitigation techniques Integrate policies and personnel with security equipment to effectively lessen security risks Analyze the greater implications of security breaches facing corporations and executives today Understand the governance aspects of network security to help implement a climate of change throughout your organization Learn how to qualify your organization’s aversion to risk Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI Learn the essential elements of security policy development and how to continually assess security needs and vulnerabilities The Business Case for Network Security: Advocacy, Governance, and ROI addresses the needs of networking professionals and business executives who seek to assess their organization’s risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board. Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow financial modeling exercises to be performed easily. An essential IT security-investing tool written from a business management perspective, The Business Case for Network Security: Advocacy, Governance, and ROI helps you determine the effective ROP for your business. This volume is in the Network Business Series offered by Cisco Press®. Books in this series provide IT executives, decision makers, and networking professionals with pertinent information about today’s most important technologies and business strategies.
by Catherine Paquet
View | |Buy/Download
Implementing Cisco IOS Network Security (IINS),(CCNA Security exam 640-553) (Authorized Self-Study Guide)
Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA® Security foundation learning. This book provides you with the knowledge needed to secure Cisco® routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure. This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS® security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances. Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book. Implementing Cisco IOS Network Security (IINS) is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. Develop a comprehensive network security policy to counter threats against information security Configure routers on the network perimeter with Cisco IOS Software security features Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network Configure site-to-site VPNs using Cisco IOS features Configure IPS on Cisco network routers Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic This volume is in the Certification Self-Study Series offered by Cisco Press®. Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.
by Catherine Paquet
View | |Buy/Download
Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide,
Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide Second Edition Foundation learning for the CCNA Security IINS 640-554 exam Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition, is a Cisco-authorized, self-paced learning tool for CCNA® Security 640-554 foundation learning. This book provides you with the knowledge needed to secure Cisco® networks. By reading this book, you will gain a thorough understanding of how to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. This book focuses on using Cisco IOS routers to protect the network by capitalizing on their advanced features as a perimeter router, firewall, intrusion prevention system, and site-to-site VPN device. The book also covers the use of Cisco Catalyst switches for basic network security, the Cisco Secure Access Control System (ACS), and the Cisco Adaptive Security Appliance (ASA). You learn how to perform basic tasks to secure a small branch office network using Cisco IOS security features available through web-based GUIs (Cisco Configuration Professional) and the CLI on Cisco routers, switches, and ASAs. Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book. Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. -- Develop a comprehensive network security policy to counter threats against information security -- Secure borderless networks -- Learn how to use Cisco IOS Network Foundation Protection (NFP) and Cisco Configuration Professional (CCP) -- Securely implement the management and reporting features of Cisco IOS devices -- Deploy Cisco Catalyst Switch security features -- Understand IPv6 security features -- Plan threat control strategies -- Filter traffic with access control lists -- Configure ASA and Cisco IOS zone-based firewalls -- Implement intrusion prevention systems (IPS) and network address translation (NAT) -- Secure connectivity with site-to-site IPsec VPNs and remote access VPNs This volume is in the Foundation Learning Guide Series offered by Cisco Press®. These guides are developed together with Cisco as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams. Category: Cisco Certification Covers: CCNA Security IINS exam 640-554
by Catherine Paquet
View | |Buy/Download
Cisco Callmanager Best Practices,A Cisco Avvid Solution
Delivers the proven solutions that make a difference in your Cisco IP Telephony deployment * Learn dial plan best practices that help you configure features such as intercom, group speed dials, music on hold, extension mobility, and more * Understand how to manage and monitor your system proactively for maximum uptime * Use dial plan components to reduce your exposure to toll fraud * Take advantage of call detail records for call tracing and accounting, as well as troubleshooting * Utilize the many Cisco IP Telephony features to enable branch site deployments * Discover the best ways to install, upgrade, patch, and back up CallManager * Learn how backing up to remote media provides both configuration recovery and failure survivability IP telephony represents the future of telecommunications: a converged data and voice infrastructure boasting greater flexibility and more cost-effective scalability than traditional telephony. Having access to proven best practices, developed in the field by Cisco(r) IP Telephony experts, helps you ensure a solid, successful deployment.Cisco CallManager Best Practices offers best practice solutions for CallManager and related IP telephony components such as IP phones, gateways, and applications. Written in short, to-the-point sections, this book lets you explore the tips, tricks, and lessons learned that will help you plan, install, configure, back up, restore, upgrade, patch, and secure Cisco CallManager, the core call processing component in a Cisco IP Telephony deployment. You'll also discover the best ways to use services and parameters, directory integration, call detail records, management and monitoring applications, and more. Customers inspired this book by asking the same questions time after time: How do I configure intercom? What's the best way to use partitions and calling search spaces? How do I deploy CallManager regionally on my WAN? What do all those services really do? How do I know how many calls are active? How do I integrate CallManager with Active Directory? Years of expert experiences condensed for you in this book enable you to run a top-notch system while enhancing the performance and functionality of your IP telephony deployment.
by Salvatore Collora
View | |Buy/Download
Selecting MPLS VPN Services,
Selecting MPLS VPN Services helps you analyze migration options, anticipate migration issues, and properly deploy IP/MPLS VPNs. Detailed configurations illustrate effective deployment while case studies present available migration options and walk you through the process of selecting the best option for your network. Part I addresses the business case for moving to an IP/MPLS VPN network, with a chapter devoted to the business and technical issues you should review when evaluating IP/MPLS VPN offerings from major providers. Part II inclues detailed deployment guidelines for the technologies used in the IP/MPLS VPN.
by Chris Lewis
View | |Buy/Download
Storage Networking Protocol Fundamentals,
A comparative analysis of Ethernet, TCP/IP, and Fibre Channel in the context of SCSI Introduces network administrators to the requirements of storage protocols Explains the operation of network protocols to storage administrators Compares and contrasts the functionality of Ethernet, TCP/IP, and Fibre Channel Documents the details of the major protocol suites, explains how they operate, and identifies common misunderstandings References the original standards and specifications so you can get a complete understanding of each protocol Helps you understand the implications of network design choices Discusses advanced network functionality such as QoS, security, management, and protocol analysis Corporations increasingly depend on computer and communication technologies to remain competitive in the global economy. Customer relationship management, enterprise resource planning, and e-mail are a few of the many applications that generate new data every day. Effectively storing, managing, and accessing that data is a primary business challenge in the information age. Storage networking is a crucial component of the solution to meet that challenge. Written for both storage administrators who need to learn more about networking and network administrators who need to learn more about storage, Storage Networking Protocol Fundamentals is a concise introduction to storage networking protocols. The book picks up where Storage Networking Fundamentals left off by focusing on the networking protocols that underlie modern open systems: block-oriented storage networks. The first part of the book introduces you to the field of storage networking and the Open Systems Interconnection (OSI) reference model. The second part compares networked storage technologies, including iSCSI (Small Computer Systems Interface over IP) and Fibre Channel. It also examines in detail each of the major protocol suites layer-by-layer within the OSI reference model. The third part discusses advanced functionalities of these technologies, such as quality of service (QoS), load-balancing functions, security, management, and protocol analysis. You can read this book cover to cover or use it as a reference, directly accessing the particular topics of interest to you. “Storage networking is a critical concept for today’s businesses, and this book provides a unique and helpful way to better understand it. Storage networking is also continuously evolving, and as such this book may be seen as an introduction to the information technology infrastructures of the future.†—from the foreword by Claudio DeSanti, vice-chairman of the ANSI INCITS T11 Technical Committee
by James Long
View | |Buy/Download
Cisco Express Forwarding,
Cisco Express Forwarding Understanding and troubleshooting CEF in Cisco routers and switches Nakia Stringfield, CCIE® No. 13451 Russ White, CCIE No. 2635 Stacia McKee How does a router switch a packet? What is the difference between routing a packet, switching a frame, and packet switching? What is the Cisco® Express Forwarding (CEF) feature referred to in Cisco documentation and commonly found in Cisco IOS® commands? CEF is a general term that describes the mechanism by which Cisco routers and Catalyst® switches packet-switch (route) frames. CEF is found in almost all Cisco routers and Catalyst switches, and understanding how CEF operates can improve the performance, scalability, and efficiency of your network. Cisco Express Forwarding demystifies the internal workings of Cisco routers and switches, making it easier for you to optimize performance and troubleshoot issues that arise in Cisco network environments. This book addresses common misconceptions about CEF and packet switching across various platforms, helping you to improve your troubleshooting skills for CEF- and non-CEF-related problems. The first part of the book provides an overview of packet-switching architectures and CEF operation and advanced features. It also covers the enhanced CEF structure and general troubleshooting. The second part of the book provides case studies that focus on the common topics that have been problematic for customers and those supporting Cisco networks. Full of practical examples and configurations, this book draws on years of experience to help you keep your Cisco networks running efficiently. Nakia Stringfield, CCIE® No. 13451, is a network consulting engineer for Advanced Services at Cisco, supporting top financial customers with network design and applying best practices. She was formerly a senior customer support engineer for the Routing Protocols Technical Assistance Center (TAC) team troubleshooting issues related to CEF and routing protocols. Nakia has been with Cisco for more than six years, previously serving as a technical leader for the Architecture TAC team. Russ White, CCIE No. 2635, is a Principle Engineer in the Routing Protocol Design and Architecture team at Cisco. He is a member of the IETF Routing Area Directorate, co-chair of the Routing Protocols Security Working Group in the IETF, a regular speaker at Cisco Networkers, a member of the CCIE Content Advisory Group, and the coauthor of six other books about routing and routing protocols, including Optimal Routing Design from Cisco Press. Russ primarily works in the development of new features and design architectures for routing protocols. Stacia McKee is a customer support engineer and technical leader of the Routing Protocols Technical Assistance Center (TAC) team. This team focuses on providing post-sales support of IP routing protocols, MPLS, QoS, IP multicast, and many other Layer 3 technologies. Stacia has been with Cisco for more than six years, previously serving as a technical leader of the Architecture TAC team and a member of the WAN/Access TAC team. Learn the key features of packet-switching architectures Understand the basics of the CEF architecture and operation Examine the enhanced CEF structure, which improves scalability Learn how to troubleshoot in software-switching environments Understand the effect of CEF on a Cisco Catalyst 6500 Supervisor 720 Configure and troubleshoot load sharing with CEF Evaluate the effect of CEF in an MPLS VPN environment Review CEF design considerations that impact scalability Part I Understanding, Configuring, and Troubleshooting CEF Chapter 1 Introduction to Packet-Switching Architectures Chapter 2 Understanding Cisco Express Forwarding Chapter 3 CEF Enhanced Scalability Chapter 4 Basic IP Connectivity and CEF Troubleshooting Part II CEF Case Studies Chapter 5 Understanding Packet Switching on the Cisco Catalyst 6500 Supervisor 720 Chapter 6 Load Sharing with CEF Chapter 7 Understanding CEF in an MPLS VPN Environment Part III Appendix Appendix A Scalability This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers. Category: Networking Covers: Routing and Switching 1587052369
by Nakia Stringfield
View | |Buy/Download
Advanced Host Intrusion Prevention with CSA,
Protecting systems within an enterprise has proven as important to overall security as securing the enterprise perimeter. Over the past few years, the number of vulnerabilities stemming from weaknesses in applications and operating systems has grown dramatically. In direct correlation with the number of weaknesses discovered, the number of viruses, worms, and security attacks has also exploded across the Internet. To add to the typical virus issues that businesses have had to confront, there are also malicious programs infiltrating organizations today in the form of spyware and adware. Prevent day-zero attacks Enforce acceptable-use policies Develop host-IPS project implementation plans Evaluate management hierarchy installation options, including single-server, multiserver, and built-in database usage Learn about CSA agents and manual and scripted installation options Understand policy components and custom policy creation Use and filter information from CSA event logs Troubleshoot CSA deployments with agent and management server logs and built-in troubleshooting tools Protecting systems where the private data and intellectual property resides is no longer considered a function of perimeter defense systems but has instead become the domain of endpoint protection software, such as host Intrusion Prevention Systems (IPS). Cisco® Security Agent (CSA) is the Cisco Systems® host-IPS solution. CSA provides the security controls that corporations need to deal with threats to host and desktop computing resources. Advanced Host Intrusion Prevention with CSAis a practical guide to getting the most out of CSA deployments. Through methodical explanation of advanced CSA features and concepts, this book helps ease the fears of security administrators seeking to install and configure a host IPS. This book explains in detail such topics as installation of the management servers, installation of the agents for mass deployment, granular agent policy creation, advanced policy creation, real-world troubleshooting techniques, and best practices in implementation methodology. This guide also provides a practical installation framework taken from the actual installation and support experience of the authors. This book helps you implement host IPS appropriately, giving your organization better protection from the various threats that are impacting your business while at the same time enabling you to comply with various legal requirements put forth in such legislation as HIPAA, SOX, SB1386, and VISA PCI.
by Chad Sullivan
View | |Buy/Download
PacketCable Implementation,
PacketCable Implementation is the first complete primer on PacketCable network design, provisioning, configuration, management, and security. Drawing on consulting experience with every leading cable operator, Jeff Riddel presents real-world case studies, sample network designs, configurations, and practical tips for all facets of PacketCable planning and deployment. This book's end-to-end coverage has been designed for cable engineers and networking professionals with widely diverse backgrounds and experience. Topics covered include PacketCable specifications and functional components, multimedia terminal adapters (MTA) provisioning, call signaling, media streaming, quality of service (QoS), event messaging, security, and much more. Every chapter contains tables and charts that serve as quick, easy references to key points. Each chapter closes with a summary and chapter review questions designed to help you assess and deepen your understanding. PacketCable Implementation brings together everything you need to know about cable networking to service delivery. Discover the PacketCable "big picture," including key application opportunities Learn about the latest generation of PacketCable standards and specifications, including PacketCable 2.0 and DOCSIS 3.0 Understand the functional components of a PacketCable network and how they fit together Walk step-by-step through provisioning, including protocols, flows, and MTA configuration Gain an in-depth understanding of call signaling: message formats, Network-based Call Signaling (NCS), PSTN interconnects, Call Management Server Signaling (CMSS), and more Implement efficient, high-performance media streaming Deploy, analyze, manage, and troubleshoot a state-of-the-art QoS framework Manage crucial network considerations, including lawful intercept This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers. Category: Cisco Press–Networking Covers: Broadband Multimedia
by Jeff Riddel
View | |Buy/Download
TCP/IP First-Step,
Your first step into the world of TCP/IP networking!
by Mark A. Sportack
View | |Buy/Download
The Art of Network Architecture,
The Art of Network Architecture Business-Driven Design The business-centered, business-driven guide to architecting and evolving networks The Art of Network Architecture is the first book that places business needs and capabilities at the center of the process of architecting and evolving networks. Two leading enterprise network architects help you craft solutions that are fully aligned with business strategy, smoothly accommodate change, and maximize future flexibility. Russ White and Denise Donohue guide network designers in asking and answering the crucial questions that lead to elegant, high-value solutions. Carefully blending business and technical concerns, they show how to optimize all network interactions involving flow, time, and people. The authors review important links between business requirements and network design, helping you capture the information you need to design effectively. They introduce today's most useful models and frameworks, fully addressing modularity, resilience, security, and management. Next, they drill down into network structure and topology, covering virtualization, overlays, modern routing choices, and highly complex network environments. In the final section, the authors integrate all these ideas to consider four realistic design challenges: user mobility, cloud services, Software Defined Networking (SDN), and today's radically new data center environments. * Understand how your choices of technologies and design paradigms will impact your business * Customize designs to improve workflows, support BYOD, and ensure business continuity * Use modularity, simplicity, and network management to prepare for rapid change * Build resilience by addressing human factors and redundancy * Design for security, hardening networks without making them brittle * Minimize network management pain, and maximize gain * Compare topologies and their tradeoffs * Consider the implications of network virtualization, and walk through an MPLS-based L3VPN example * Choose routing protocols in the context of business and IT requirements * Maximize mobility via ILNP, LISP, Mobile IP, host routing, MANET, and/or DDNS * Learn about the challenges of removing and changing services hosted in cloud environments * Understand the opportunities and risks presented by SDNs * Effectively design data center control planes and topologies
by Russ White
View | |Buy/Download
Comparing, Designing, and Deploying VPNs,
A detailed guide for deploying PPTP, L2TPv2, L2TPv3, MPLS Layer-3, AToM, VPLS and IPSec virtual private networks.
by Mark Lewis (CCIE.)
View | |Buy/Download
End-to-End Network Security,Defense-in-Depth
End-to-End Network Security Defense-in-Depth Best practices for assessing and improving network defenses and responding to security incidents Omar Santos Information security practices have evolved from Internet perimeter protection to an in-depth defense model in which multiple countermeasures are layered throughout the infrastructure to address vulnerabilities and attacks. This is necessary due to increased attack frequency, diverse attack sophistication, and the rapid nature of attack velocity—all blurring the boundaries between the network and perimeter. End-to-End Network Security is designed to counter the new generation of complex threats. Adopting this robust security strategy defends against highly sophisticated attacks that can occur at multiple locations in your network. The ultimate goal is to deploy a set of security capabilities that together create an intelligent, self-defending network that identifies attacks as they occur, generates alerts as appropriate, and then automatically responds. End-to-End Network Security provides you with a comprehensive look at the mechanisms to counter threats to each part of your network. The book starts with a review of network security technologies then covers the six-step methodology for incident response and best practices from proactive security frameworks. Later chapters cover wireless network security, IP telephony security, data center security, and IPv6 security. Finally, several case studies representing small, medium, and large enterprises provide detailed example configurations and implementation strategies of best practices learned in earlier chapters. Adopting the techniques and strategies outlined in this book enables you to prevent day-zero attacks, improve your overall security posture, build strong policies, and deploy intelligent, self-defending networks. “Within these pages, you will find many practical tools, both process related and technology related, that you can draw on to improve your risk mitigation strategies.†—Bruce Murphy, Vice President, World Wide Security Practices, Cisco Omar Santos is a senior network security engineer at Cisco®. Omar has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government. Prior to his current role, he was a technical leader within the World Wide Security Practice and the Cisco Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. Guard your network with firewalls, VPNs, and intrusion prevention systems Control network access with AAA Enforce security policies with Cisco Network Admission Control (NAC) Learn how to perform risk and threat analysis Harden your network infrastructure, security policies, and procedures against security threats Identify and classify security threats Trace back attacks to their source Learn how to best react to security incidents Maintain visibility and control over your network with the SAVE framework Apply Defense-in-Depth principles to wireless networks, IP telephony networks, data centers, and IPv6 networks This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks. Category: Networking: Security Covers: Network security and incident response
by Omar Santos
View | |Buy/Download
Cisco ISE for BYOD and Secure Unified Access,
Implement state-of-the-art identity-based security with Cisco Trusted Security and Identity Services Engine * *Covers pioneering Cisco products in one of today's fastest-growing security categories *Shows how to differentiate network access based on device types, user attributes, or location * Includes step-by-step wired and wireless configurations *Shows how to configure device profiling, endpoint posture assessments, and guest services *Demonstrates enforcement via dynamic VLAN assignment, downloadable ACLs, and Secure Group Access/Secure Group Tags. Using Cisco Secure Unified Access Architecture and Cisco Identity Services Engine, you can secure and regain control of borderless networks in a Bring Your Own Device (BYOD) world. This book covers the complete lifecycle of protecting a modern borderless network using these advanced solutions, from planning an architecture through deployment, management, and troubleshooting. Cisco ISE for BYOD and Secure Unified Access begins by reviewing the business case for an identity solution. Next, you'll walk through identifying users, devices, and security posture; gain a deep understanding of Cisco's Secure Unified Access solution; and master powerful techniques for securing borderless networks, from device isolation to protocol-independent network segmentation. You'll find in-depth coverage of all relevant technologies and techniques, including 802.1X, profiling, device onboarding, guest lifecycle management, network admission control, RADIUS, and Security Group Access. Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors present detailed sample configurations to help you plan your own integrated identity solution. Whether you're a technical professional or an IT manager, this guide will help you provide reliable secure access for BYOD, CYOD (Choose Your Own Device), or any IT model you choose.
by Aaron T. Woland
View | |Buy/Download
Network Security Principles and Practices,
Expert solutions for securing network infrastructures and VPNs Build security into the network by defining zones, implementing secure routing protocol designs, and building safe LAN switching environments Understand the inner workings of the Cisco PIX Firewall and analyze in-depth Cisco PIX Firewall and Cisco IOS Firewall features and concepts Understand what VPNs are and how they are implemented with protocols such as GRE, L2TP, and IPSec Gain a packet-level understanding of the IPSec suite of protocols, its associated encryption and hashing functions, and authentication techniques Learn how network attacks can be categorized and how the Cisco IDS is designed and can be set upto protect against them Control network access by learning how AAA fits into the Cisco security model and by implementing RADIUS and TACACS+ protocols Provision service provider security using ACLs, NBAR, and CAR to identify and control attacks Identify and resolve common implementation failures by evaluating real-world troubleshooting scenarios As organizations increase their dependence on networks for core business processes and increase access to remote sites and mobile workers via virtual private networks (VPNs), network security becomes more and more critical. In today's networked era, information is an organization's most valuable resource. Lack of customer, partner, and employee access to e-commerce and data servers can impact both revenue and productivity. Even so, most networks do not have the proper degree of security. Network Security Principles and Practices provides an in-depth understanding of the policies, products, and expertise that brings organization to this extremely complex topic and boosts your confidence in the performance and integrity of your network systems and services. Written by the CCIE engineer who wrote the CCIE Security lab exam and who helped develop the CCIE Security written exam, Network Security Principles and Practices is the first book to help prepare candidates for the CCIE Security exams. Network Security Principles and Practices is a comprehensive guide to network security threats and the policies and tools developed specifically to combat those threats. Taking a practical, applied approach to building security into networks, the book shows you how to build secure network architectures from the ground up. Security aspects of routing protocols, Layer 2 threats, and switch security features are all analyzed. A comprehensive treatment of VPNs and IPSec is presented in extensive packet-by-packet detail. The book takes a behind-the-scenes look at how the Cisco PIX(r) Firewall actually works, presenting many difficult-to-understand and new Cisco PIX Firewall and Cisco IOS(r) Firewall concepts. The book launches into a discussion of intrusion detection systems (IDS) by analyzing and breaking down modern-day network attacks, describing how an IDS deals with those threats in general, and elaborating on the Cisco implementation of IDS. The book also discusses AAA, RADIUS, and TACACS+ and their usage with some of the newer security implementations such as VPNs and proxy authentication. A complete section devoted to service provider techniques for enhancing customer security and providing support in the event of an attack is also included. Finally, the book concludes with a section dedicated to discussing tried-and-tested troubleshooting tools and techniques that are not only invaluable to candidates working toward their CCIE Security lab exam but also to the security network administrator running the operations of a network on a daily basis.
by Saadat Malik
View | |Buy/Download
Amazon.com Widgets