This complete new guide to auditing network security is an indispensable resource for security, network, and IT professionals, and for the consultants and technology partners who serve them.   Cisco network security expert Chris Jackson begins with a thorough overview of the auditing process, including coverage of the latest regulations, compliance issues, and industry best practices. The author then demonstrates how to segment security architectures into domains and measure security effectiveness through a comprehensive systems approach.   Network Security Auditing thoroughly covers the use of both commercial and open source tools to assist in auditing and validating security policy assumptions. The book also introduces leading IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001, explaining their values, usages, and effective integrations with Cisco security products.   This book arms you with detailed auditing checklists for each domain, realistic design insights for meeting auditing requirements, and practical guidance for using complementary solutions to improve any company’s security posture. Master the five pillars of security auditing: assessment, prevention, detection, reaction, and recovery. Recognize the foundational roles of security policies, procedures, and standards. Understand current laws related to hacking, cracking, fraud, intellectual property, spam, and reporting. Analyze security governance, including the roles of CXOs, security directors, administrators, users, and auditors. Evaluate people, processes, and technical security controls through a system-based approach. Audit security services enabled through Cisco products. Analyze security policy and compliance requirements for Cisco networks. Assess infrastructure security and intrusion prevention systems. Audit network access control and secure remote access systems. Review security in clients, hosts, and IP communications. Evaluate the performance of security monitoring and management systems. This security book is part of the Cisco Press Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end, self-defending networks.  

Table of Contents:
Introduction    xxi Chapter 1 The Principles of Auditing    1 Security Fundamentals: The Five Pillars    1 Assessment    2 Prevention    3 Detection    3 Reaction    4 Recovery    4 Building a Security Program    4 Policy    5 Procedures    6 Standards    7 Security Controls    7 Administrative Controls    7 Technical Controls    8 Physical Controls    8 Preventative Controls    8 Detective Controls    8 Corrective Controls    8 Recovery Controls    9 Managing Risk    9 Risk Assessment    10 Risk Mitigation    14 Risk in the Fourth Dimension    16 How, What, and Why You Audit    17 Audit Charter    17 Engagement Letter    18 Types of Audits    19 Security Review    19 Security Assessment    19 Security Audit    20 The Role of the Auditor    20 Places Where Audits Occur    21 Policy Level    21 Procedure Level    21 Control Level    22 The Auditing Process    22 Planning Phase: Audit Subject, Objective, and Scope    22 Research Phase: Planning, Audit Procedures, and Evaluation Criteria    23 Data Gathering Phase: Checklists, Tools, and Evidence    23 Data Analysis Phase: Analyze, Map, and Recommend    24 Audit Report Phase: Write, Present, and File the Audit Report    24 Follow-Up Phase: Follow up, Follow up, Follow up!    25 Summary    25 References in This Chapter    26 Chapter 2 Information Security and the Law    27 IT Security Laws    27 Hacking, Cracking, and Fraud Laws    29 Computer Fraud and Abuse Act    29 Access Device Statute    31 Electronic Communications Privacy Act    34 Title I: Wiretap Act    34 Title II: Stored Communications Act    37 Title III: Pen/Trap Statute    38 Intellectual Property Laws    39 Digital Millennium Copyright Act    39 Economic Espionage Act    41 CAN-SPAM Act of    2003    42 State and Local Laws    43 Reporting a Crime    44 Regulatory Compliance Laws    46 SOX    46 HIPAA    48 Privacy Rule    50 Security Rule    51 Transactions and Code Sets Standard Rule    52 Identifiers Rule    52 Enforcement Rule    52 GLBA    54 PCI DSS    55 Summary    59 References in This Chapter    60 Federal Hacking Laws    60 State Laws    60 Chapter 3 Information Security Governance, Frameworks, and Standards    61 Understanding Information Security Governance    61 People: Roles and Responsibilities    64 Information Security Governance Organizational Structure    65 Board of Directors    65 Security Steering Committee    65 CEO or Executive Management    66 CIO/CISO    66 Security Director    66 Security Analyst    66 Security Architect    66 Security Engineer    67 Systems Administrator    67 Database Administrator    67 IS Auditor    67 End User    67 Spotting Weaknesses in the People Aspect of Security    67 Process: Security Governance Frameworks    68 COSO    68 Control Environment    69 Risk Assessment    70 Control Activities    70 Information and Communication    70 Monitoring    70 COBIT    71 ITIL    75 Technology: Standards Procedures and Guidelines    76 ISO    27000 Series of Standards    76 NIST    78 Center for Internet Security    80 NSA    80 DISA    81 SANS    82 ISACA    83 Cisco Security Best Practices    84 Summary    85 References in This Chapter    86 Web Resources    86 Chapter 4 Auditing Tools and Techniques    87 Evaluating Security Controls    87 Auditing Security Practices    89 Testing Security Technology    91 Security Testing Frameworks    92 OSSTMM    93 ISSAF    93 NIST    800-115    94 OWASAP    94 Security Auditing Tools    95 Service Mapping Tools    96 Nmap    96 Hping    100 Vulnerability Assessment Tools    101 Nessus    101 RedSeal SRM    105 Packet Capture Tools    111 Tcpdump    111 Wireshark/Tshark    114 Penetration Testing Tools    116 Core Impact    116 Metasploit    120 BackTrack    127 Summary    128 References in This Chapter    128 Security Testing Frameworks    128 Security Testing Tools    129 Chapter 5 Auditing Cisco Security Solutions    131 Auditors and Technology    131 Security as a System    132 Cisco Security Auditing Domains    133 Policy, Compliance, and Management    134 Infrastructure Security    135 Perimeter Intrusion Prevention    136 Access Control    136 Secure Remote Access    137 Endpoint Protection    138 Unified Communications    139 Defining the Audit Scope of a Domain    139 Identifying Security Controls to Assess    141 Mapping Security Controls to Cisco Solutions    143 The Audit Checklist    144 Summary    150 Chapter 6 Policy, Compliance, and Management    153 Do You Know Where Your Policy Is?    153 Auditing Security Policies    154 Standard Policies    158 Acceptable Use    158 Minimum Access    158 Network Access    158 Remote Access    159 Internet Access    159 User Account Management    159 Data Classification    159 Change Management    160 Server Security    161 Mobile Devices    161 Guest Access    161 Physical Security    161 Password Policy    162 Malware Protection    162 Incident Handling    162 Audit Policy    162 Software Licensing    162 Electronic Monitoring and Privacy    163 Policies for Regulatory and Industry Compliance    163 Cisco Policy Management and Monitoring Tools    165 Cisco MARS    165 Cisco Configuration Professional    167 Cisco Security Manager    169 Cisco Network Compliance Manager    171 Checklist    174 Summary    176 References in This Chapter    176 Chapter 7 Infrastructure Security    177 Infrastructure Threats    177 Unauthorized Access    177 Denial of Service    178 Traffic Capture    178 Layer    2 Threats    179 Network Service Threats    180 Policy Review    180 Infrastructure Operational Review    181 The Network Map and Documentation    182 Logical Diagrams    182 Physical Diagrams    182 Asset Location and Access Requirements    182 Data Flow and Traffic Analysis    183 Administrative Accounts    183 Configuration Management    184 Vulnerability Management    184 Disaster Recovery    184 Wireless Operations    185 Infrastructure Architecture Review    185 Management Plane Auditing    186 Cisco Device Management Access    187 Syslog    193 NTP    194 Netflow    195 Control Plane Auditing    196 IOS Hardening    196 Routing Protocols    198 Protecting the Control Plane    199 Data Plane Auditing    201 Access Control Lists    202 iACLs    202 Unicast Reverse Path Forwarding    203 Layer    2 Security    204 VTP    204 Port Security    205 DHCP Snooping    205 Dynamic ARP Inspection    206 IP Source Guard    206 Disable Dynamic Trunking    206 Protecting Spanning Tree    207 Switch Access Controls Lists    208 Protect Unused Ports    209 Wireless Security    210 Wireless Network Architecture    210 Cisco Adaptive Wireless Intrusion Prevention System    211 Protecting Wireless Access    212 Wireless Service Availability    213 Rogue Access Point Detection    214 General Network Device Security Best Practices    216 Technical Testing    217 Router Testing    219 Switch Testing    221 Wireless Testing    225 Checklist    230 Summary    235 References in This Chapter    236 Chapter 8 Perimeter Intrusion Prevention    237 Perimeter Threats and Risk    237 Policy Review    238 Perimeter Operations Review    239 Management and Change Control    239 Monitoring and Incident Handling    240 Perimeter Architecture Review    242 What Are You Protecting?    243 Perimeter Design Review    243 Logical Architecture    244 Physical Architecture    245 What Is the Risk?    246 Good Design Practices    247 Auditing Firewalls    247 Review Firewall Design    248 Simple Firewall    248 Screening Router and Firewall    248 Firewall with DMZ    249 Firewall with DMZ and Services Network    249 High Availability Firewall    250 IOS Firewall Deployment    250 Review Firewall Configuration    251 Firewall Modes of Operation    252 Firewall Virtualization    253 Filtering Methods    253 Network Address Translation    255 Secure Management    256 Logging    256 Other Configuration Checks    256 Review Rule Base    257 Cisco Firewall Rule Basics    257 Rule Review    259 Rule Optimization    260 The ASA Modular Policy Framework and Application Inspection    261 IOS Zone-Based Firewall    263 Auditing IPS    265 How IPS Works    266 Review IPS Deployment    268 Review IPS Configuration    269 Protect the Management Interface    271 Administrative Access and Authentication    271 NTP Configuration    274 Signature Updates    274 Event Logging    275 Review IPS Signatures    276 Signature Definitions    276 Event Action Rules    277 Target Value Rating    277 IOS IPS    278 Technical Control Testing    279 Firewall Rule Testing    279 Testing the IPS    281 Conducting an IPS Test    282 Reviewing the Logs    284 Checklist    284 Summary    287 References in This Chapter    288 Chapter 9 Access Control    289 Fundamentals of Access Control    289 Identity and Authentication    290 Access Control Threats and Risks    291 Access Control Policy    292 Access Control Operational Review    293 Identity Operational Good Practices    293 Authorization and Accounting Practices    294 Administrative Users    296 Classification of Assets    297 Access Control Architecture Review    297 Identity and Access Control Technologies    298 Network Admission Control    298 NAC Components    299 How NAC Works    300 NAC Deployment Considerations    302 NAC Posture Assessment    303 Identity-Based Networking Services    304 Deployment Methods    305 NAC Guest Server    306 NAC Profiler    306 Technical Testing    308 Authentication and Identity Handling    308 Posture Assessment Testing    309 Testing for Weak Authentication    309 Checklist    313 Summary    315 References in This Chapter    315 Chapter 10 Secure Remote Access    317 Defining the Network Edge    317 VPN Fundamentals    318 Confidentiality    319 Symmetric Encryption    320 Asymmetric Encryption    321 Integrity    323 Authentication and Key Management    324 IPsec, SSL, and dTLS    326 IPsec    326 Secure Socket Layer    328 Datagram Transport Layer Security (dTLS)    329 Remote Access Threats and Risks    329 Remote Access Policies    330 Remote Access Operational Review    331 VPN Device Provisioning    331 Mobile Access Provisioning    332 Mobile User Role-Based Access Control    333 Monitoring and Incident Handling    333 Remote Access Architecture Review    333 Site-to-Site VPN Technologies    335 Easy VPN    335 IPsec and Generic Router Encapsulation (GRE)    336 Dynamic Multipoint VPN (DMVPN)    336 Multi Protocol Label Switching (MPLS) and Virtual Routing and Forwarding (VRF) VPNs    337 GETVPN    339 Mobile User Access VPN    340 IPsec Client    341 Clientless SSL VPN    341 Cisco Secure Desktop    342 SSL Full Tunneling Client    344 VPN Network Placement    345 VPN Access Controls    346 Site-to-Site Access Controls    346 Mobile User Access Controls    347 Remote Access Good Practices    348 Technical Testing    350 Authentication    350 IPsec    351 SSL    352 Site-to-Site Access Control Testing    353 Mobile User Access Control Testing    353 Monitoring and Log Review    354 Checklist    354 Summary    358 References in This Chapter    358 Chapter 11 Endpoint Protection    359 Endpoint Risks    359 Endpoint Threats    360 Malware    360 Web-Based Threats    362 Social Networking and Web    2.0    365 E-Mail Threats    366 Data Loss Threats    367 Policy Review    368 Endpoint Protection Operational Control Review    370 Current Threat Intelligence    370 Vulnerability and Patch Management    373 Monitoring and Incident Handling    373 Security Awareness Program    374 Endpoint Architecture Review    374 Cisco Security Intelligence Operations    375 SensorBase    375 Cisco Threat Operations Center    375 Dynamic Update Function    376 Web Controls    376 Web Security Appliance    376 ASA    378 IPS    379 CSA    380 E-Mail Controls    380 E-Mail Policy Enforcement    381 E-Mail Authentication    381 Data Loss Prevention    383 Web    383 E-Mail    384 Client    385 Patch Management    386 Monitoring    386 Web    386 E-Mail    388 MARS    388 Technical Testing    388 Acceptable Use Enforcement    388 Malware Detection and Quarantine    389 SPAM, Phishing, and E-Mail Fraud    390 Encryption    390 Patch Management and Enforcement    390 Data Loss Prevention Testing    391 Detection and Response    391 Checklist    391 Summary    396 References in This Chapter    396 Chapter 12 Unified Communications    397 Unified Communications Risks    397 VoIP Threats    399 Denial of Service    399 Confidentiality    401 Fraud    401 UC Policy and Standards Review    403 UC Operational Control Review    404 User and Phone Provisioning    404 Change Management    405 Asset Management    405 Call Detail Record Review    406 Administrative Access    406 Vulnerability Management    406 Security Event Monitoring and Log Review    407 Disaster Recovery    408 UC Architecture Review    408 Unified Communications Fundamentals    409 H.323    410 MGCP    412 SCCP    412 SIP    413 Session Border Controller    415 RTP and SRTP    416 Call Processing    416 Infrastructure Controls    418 Switch Security    418 ACLs and Firewalling    420 IPS    421 Gateway Protection    422 Site to Site    422 Wireless    423 Call Control Protection    423 Communications Manager Hardening    423 Authentication, Integrity, and Encryption    424 Phone Proxy    426 Secure SIP Trunking    426 Toll Fraud Prevention    428 Application Controls    431 Voice Endpoint Controls    432 Monitoring and Management    433 Technical Testing    434 VLAN Separation    434 Eavesdropping    436 Gateway    438 Toll Fraud    438 Monitoring and Incident Detection    438 Checklist    439 Summary    444 References in This Chapter    445