Foreword p. xxvi Introduction p. xxvii Audience p. xxvii Organization p. xxvii Cisco Security Specialist 1 p. xxx Introduction to Network Security p. 3 Need for Network Security p. 5 Security Threats p. 6 Security Concepts p. 10 The Phases of an Attack p. 11 Attack Methodologies p. 15 Network Attack Points p. 16 Hacking Tools and Techniques p. 19 Summary p. 29 Review Questions p. 30 Cisco Security Wheel p. 33 Securing the Network p. 34 Monitoring Network Security p. 42 Testing Network Security p. 43 Improving Network Security p. 44 Summary p. 46 Review Questions p. 48 Intrusion Detection and the CSIDS Environment p. 51 Intrusion Detection Systems p. 53 IDS Triggers p. 54 IDS Monitoring Locations p. 61 Hybrid Characteristics p. 66 Summary p. 67 Review Questions p. 68 Cisco Secure IDS Overview p. 71 System Function and Features p. 72 Sensor Platforms and Modules p. 77 Director Platforms p. 80 Cisco Secure IDS and the PostOffice Protocol p. 84 Summary p. 90 Review Questions p. 91 CSIDS Installation p. 95 Cisco Secure IDS Sensor Deployment p. 97 Preparing for Deployment: Analyzing Your Network Topology p. 97 Executing the Deployment: Sensor Installation Considerations p. 103 Summary p. 112
Review Questions p. 112 Cisco Secure Policy Manager Installation p. 117 CSPM Overview p. 117 CSPM Installation Requirements p. 121 CSPM Installation Settings and Options p. 124 Starting CSMP p. 136 Summary p. 139 Review Questions p. 140 4200 Series Sensor Installation Within CSPM p. 145 Understanding the Sensor Appliance p. 145 Configuring the Sensor Bootstrap p. 151 Adding a Sensor to a CSPM Director p. 158 Summary p. 170 Review Questions p. 171 Alarm Management and Intrusion Detection Signatures p. 175 Working with Cisco Secure IDS Alarms in CSPM p. 177 Managing Alarms p. 178 Customizing the Event Viewer p. 201 Preference Settings p. 208 Connection Status Pane p. 214 Summary p. 221 Review Questions p. 225 Understanding Cisco Secure IDS Signatures p. 231 Signature Definition p. 231 Signature Classes p. 234 Signature Types p. 235 Signature Severity p. 237 Summary p. 239 Review Questions p. 241 Signature Series p. 245 IP Signatures (1000 Series) p. 245 ICMP Signatures (2000 Series) p. 257 TCP Signatures (3000 Series) p. 268 UDP Signatures (4000 Series) p. 316 Web/HTTP Signatures (5000 Series) p. 321 Cross-Protocol Signatures (6000 Series) p. 349 String-Matching Signatures (8000 Series) p. 374 Policy-Violation Signatures (10000 Series) p. 378 Summary p. 378 Review Questions p. 379 CSIDS Configuration p. 383
Sensor Configuration Within CSPM p. 385 CSPM Sensor Configuration Screens p. 386 Basic Configuration Changes p. 410 Log File Configuration p. 414 Advanced Configuration Changes p. 416 Pushing a New Configuration to Your Sensor p. 420 Summary p. 421 Review Questions p. 422 Signature and Intrusion Detection Configuration p. 427 Basic Signature Configuration p. 428 Signature Templates p. 439 Signature Filtering p. 444 Advanced Signature Configuration p. 451 Creating ACL Signatures p. 455 Summary p. 457 Review Questions p. 458 IP Blocking Configurations p. 463 Understanding ACLs p. 464 ACL Placement Considerations p. 471 Configuring the Sensor for IP Blocking p. 474 Summary p. 485 Review Questions p. 486 Catalyst 6000 IDS Module Configuration p. 489 Understanding the Catalyst 6000 IDS Module p. 489 IDSM Ports and Traffic Flow p. 493 Capturing Traffic p. 495 Configuration Tasks p. 498 Updating IDSM Components p. 514 Troubleshooting p. 519 Summary p. 523 Review Questions p. 524 Cisco Secure Intrusion Detection Director (CSIDD) p. 529 Cisco Secure ID Director Installation p. 531 Director Software Installation p. 531 Starting the Director p. 536 Sensor Configuration p. 540 Summary p. 549 Review Questions p. 550 The Configuration File Management Utility (nrconfigure) p. 555 Working with nrconfigure p. 556 Host Types for Add Host Wizard p. 560
Connecting to a Previously Configured Sensor p. 561 Verifying That the Sensor Is Added to nrconfigure p. 565 Verifying That the Sensor Is Added to the Cisco Secure IDS Submap p. 566 Deleting a Sensor p. 566 Removing the Sensor Icon p. 567 Working with the Configuration Library p. 568 Summary p. 572 Review Questions p. 573 Cisco IOS Firewall Intrusion Detection System p. 577 Cisco IOS Firewall IDS and Intrusion Detection p. 578 Supported Router Platforms p. 580 Deployment Issues p. 580 Signatures p. 581 Configuration Tasks p. 582 Summary p. 605 Review Questions p. 606 Cisco Secure IDS Upcoming Releases p. 611 Planned Cisco Secure IDS Enhancements p. 613 Version 3.0 p. 614 Version 4.0 p. 620 Sensor Enhancements p. 625 Cisco Secure IDS-User-Defined Signatures p. 628 Summary p. 634 Appendixes p. 637 Deploying Intrusion Detection: Case Studies p. 639 Using Cisco IOS Firewall IDS p. 639 Sending SYSLOG Data to a Cisco Secure IDS Sensor p. 650 Managing a Router with a Cisco Secure IDS Sensor p. 657 Cisco Secure IDS Tiered Director Hierarchy p. 669 Setting Up Multiple IDSM Blades in the Same Chassis p. 678 Cisco Secure IDS Architecture p. 687 Cisco Secure IDS Software Architecture p. 687 Cisco Secure IDS Communications p. 693 Cisco Secure IDS Commands p. 693 Cisco Secure IDS Directory Structure p. 696 Cisco Secure IDS Configuration Files p. 699 Communications p. 712 Cisco Secure ID Director Basic Troubleshooting p. 721 Director Problems p. 721 Sensor Problems p. 727 Oracle Problems p. 728
Data Management Package Problems p. 731 nrconfigure Problems p. 733 Online Help and NSDB p. 734 Cisco Secure IDS Log Files p. 737 Levels of Logging p. 737 Log File Naming Conventions p. 738 Log File Locations p. 740 Closing Active Files p. 740 Archived Log Files p. 740 Event Record Fields p. 740 Advanced Tips p. 749 Correcting a Sensor That Does Not Sniff p. 749 Using the Sensor COM Port for Console Access p. 757 Excluding False-Positive Alarms p. 759 Cisco Secure IDS Signature Structures and Implementations p. 765 Cisco Secure IDS Signatures and Recommended Alarm Levels p. 779 General Signatures p. 780 Connection Signatures p. 790 String Signatures p. 793 ACL Signatures p. 794 Cisco IOS Firewall IDS Signature List p. 797 Information Signatures p. 798 Attack Signatures p. 799 Cisco Secure Communications Deployment Worksheet p. 803 Glossary p. 807 Answers to Review Questions p. 815 Chapter 1 Answers p. 815 Chapter 2 Answers p. 816 Chapter 3 Answers p. 817 Chapter 4 Answers p. 818 Chapter 5 Answers p. 819 Chapter 6 Answers p. 820 Chapter 7 Answers p. 821 Chapter 8 Answers p. 823 Chapter 9 Answers p. 825 Chapter 10 Answers p. 826 Chapter 11 Answers p. 827 Chapter 12 Answers p. 828 Chapter 13 Answers p. 830 Chapter 14 Answers p. 831 Chapter 15 Answers p. 833
Chapter 16 Answers p. 834 Chapter 17 Answers p. 834 Index p. 837 Table of Contents provided by Blackwell's Book Services and R.R. Bowker. Used with permission.