Header

Sections

Syndication

Blogroll:

||||| ALL Cisco-Network ARTICLES |||||
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Securing the Network 2

Email to a friend email

email

Print version print

print

Securing the Network 2

Jul 06,2009 by alperen

small font

medium font

large font

Secure network design example

Improve network security

Secure network devices

Use access control lists (ACLs) to secure the network

As you saw in the preceding chapter, the network has many threats. Developing a comprehensive security program to combat those threats requires planning in the initial stages, and a lot of tweaking and revising as time goes on. Just as the organization attempts to move the network to a more secure state, the threats are also evolving, changing and often growing stronger. Network security will never be a “set it and forget it” world.

This book looks at many technologies and methods to secure access to and operation of the computer networks. While many variations exist, some of the most important ones include the following concepts.

Physical security	Once stated, this seems so obvious, but it’s often overlooked. Network devices must be physically secured from unauthorized access or even theft. Password recovery techniques make it quite easy for anyone to access and reconfigure a device if they can have physical access to it.
Vulnerability patching	Network devices from workstations to routers have or develop vulnerabilities that can usually be mitigated by applying software patches, performing upgrades, and disabling any unnecessary services.
Encryption	If making the data path absolutely secure isn’t possible, then encrypt the data. Encryption, such as IPSec, means anyone capturing the data will find useless gibberish.
Firewalls	Firewalls filter traffic based on predefined permit-and-deny rules. Ideally, a firewall devotes 100 percent of its resources to protecting the network.
Intrusion detection	Intrusion detection systems (IDS) detect certain patterns of data that match known “signatures” of improper activities. The IDS system can then notify network management or even implement measures to block the activity.
Authorization systems	Secure authorization systems, such as one-time passwords (OTP), limit the usefulness of a password that’s been compromised or captured through sniffing activity.

In this chapter, you learn some other simple techniques to improve network security. Some of these techniques should be familiar from other certifications, but each one provides a small piece of the strategy necessary to secure the network.

166 times read

Related news

» Introduction to Cisco IOS Firewall
by alperen posted on Sep 10,2009
» Conclusion: Maintaining a Secure Infrastructure
by alperen posted on Apr 19,2010
» Secure
by admin posted on Nov 24,2008
» Cisco Security Wheel
by alperen posted on Jul 04,2009
» IOS IDS vs. Cisco Secure IDS
by alperen posted on Sep 11,2009

Did you enjoy this article?

(total 0 votes)

comment

Comments (0 posted)

More Top News

CCSP-Cisco Certified Security Professional

Cisco SAFE Implementation

Preparation Documents

Skills Required for the Exam

Cisco SAFE Implementation Questions and Answers

Access Control Lists Cisco

Access List Basics

Standard Access Lists

Extended Access Lists

TCP Access Lists

UDP Access Lists

ICMP Access Lists

Named Access Lists

Signature and Alarm Management Review

Signature and Alarm Management Review Questions and Answers

Managing Alarms

Event Viewer Customization

Preference Settings

Sensor Installation

Connecting to Your Network Sensor Appliance

Sensor Bootstrap

Sensor Installation and Configuration Review

Sensor Installation and Configuration Questions and Answers

Signature and Alarm Management

CIDS Signatures

Signature Series

Signature Implementations

Signature Classes

Signature Types

Signature Severity

Most Popular

Privilege Levels

Managing the Router's ARP Cache

Configuring SIP on a Cisco Router

IDS Signatures Grouped by Software Release Version

Most Commented

Exploring the Navigation Bar

Site Qualification Test (SQT)

PDAs as Diagnostic Tools

Featured Author

alperen