Chapter 9: Firewall Fundamentals and Network Address TranslationFirewall Designs Best practices documents are a composite effort of security practitioners. This partial list of best practices is generic and serves only as a starting point for your own firewall security policy: • Position firewalls at key security boundaries, separating security domains with different levels of trust. • Firewalls are the prim...
29 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 978 | Lượt tải: 0
Chapter 8: Access Control Lists for Threat MitigationAdvance IPv6 ACL Reflexive ACLs and time-based ACLs are also available in IPv6. An IPv6 ACL can match the following IPv6 headers: • routing: Matches any route header • mobility: Matches any mobility header • dest-option-type: Matches any destination option header • auth: Matches IPsec’s AH • undetermined-transport: Matches any packet whose La...
48 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 1081 | Lượt tải: 0
Chapter 7: Planning a Threat Control StrategyThe following are the main points conveyed in this chapter: • Threat control and containment should distribute security intelligence, improve incident analysis and correlation, and respond automatically. • Cisco threat control and containment solutions provide multiple deployment options: appliance, hardware module, software based, and virtualize...
18 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 1106 | Lượt tải: 0
Chapter 6: Securing the Data Plane in IPv6 EnvironmentsBy combining multiple techniques, attackers can accomplish stealth attacks that result in trust exploitation and information theft. Figure 6-14 illustrates an attack that combines dual-stacked hosts, which are subject to rogue router advertisements. This type of attack could exploit the routing header (RH) to pivot using multiple hops; and by using...
28 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 1050 | Lượt tải: 0
Chapter 5: Securing the Data Plane on Cisco Catalyst SwitchesMAC Address Notification The MAC Address Notification feature sends SNMP traps to the network management station (NMS) whenever a new MAC address is added to or an old address is deleted from the forwarding tables.
36 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 992 | Lượt tải: 0
Chapter 4: Securing the Management Plane on Cisco IOS Devices and AAADynamic Access Policies on Cisco ASA For those readers familiar with Cisco ASA, you will relate Figure 4-24 to the dynamic access policies (DAP) used in VPN settings, where the ASA assigns a policy to an incoming connection based on many criteria, including not only the user’s identity, but also how the computer is used to connect, whether the com...
126 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 1015 | Lượt tải: 0
Chapter 3: Network Foundation Protection and Cisco Configuration ProfessionalLayer 2 Data Plane Protection Data plane protection mechanisms depend on feature availability for specific devices. In a switching infrastructure, these Cisco Catalyst integrated security capabilities provide data plane security on the Cisco Catalyst switches using integrated tools: • Port security prevents MAC flooding attacks. • DHCP snooping ...
20 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 988 | Lượt tải: 0
Chapter 2: Security Strategy and Cisco Borderless NetworkSummary In this chapter, you learned about the Cisco Borderless Network Architecture. This chapter examined the Cisco Security portfolio of products and, more specifically, reviewed the following: • Cisco SecureX Architecture (at a high level), highlighting its features and benefits and providing examples of Cisco products that fall within this c...
24 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 1066 | Lượt tải: 0
Chapter 1: Network Security Concepts and PoliciesSecurity Policies The three reasons for having a security policy are as follows: • To inform users, staff, and managers • To specify mechanisms for security • To provide a baseline A properly defined security policy does the following: • Protects people and information • Sets the rules for expected behavior • Authorizes staff to monitor, pr...
26 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 974 | Lượt tải: 0
Cẩm nang kỹ thuật CCTVCách giải quyết: - Tính toán tối ưu khoảng cách truyền dẫn tín hiệu phù hợp với chất lượng cáp truyền dẫn hoặc phải dùng các bộ khuyếch đại tín hiệu nếu bắt buộc phải truyền tín hiệu ở một khoảng cách quá xa. - Nên đi riêng rẽ hệ thống camera hoặc chỉ đi chung dây với hệ thống dây điều khiển tín hiệu trong hệ thống điện và điều khiển, không n...
40 trang | Chia sẻ: vutrong32 | Ngày: 16/10/2018 | Lượt xem: 1060 | Lượt tải: 2
