Cisco Networking Simplified @ JDJ
来源:互联网 发布:python入门书籍 知乎 编辑:程序博客网 时间:2024/05/01 21:42
Network Security
The following sections describe the different categories of network security.
Identity
Identity is the identification of network users, hosts, applications, services, and resources. Examples of technologies that enable identification include Remote Authentication Dial-In User Service (RADIUS), Kerberos, one-time passwords, digital certificates, smart cards, and directory services.
Perimeter Security
Perimeter security controls access to critical network applications, data, and services so that only legitimate users and information can access these assets. Examples include access lists on routers and switches, firewalls, virus scanners, and content filters.
Data Privacy
The ability to provide secure communication is crucial when you must protect information from eavesdropping. Digital encryption technologies and protocols such as Internet Protocol Security (IPSec) are the primary means for protecting data, especially when implementing virtual private networks (VPNs).
Security Monitoring
Regardless of how security is implemented, it is still necessary to monitor a network and its components to ensure that the network remains secure. Network-security monitoring tools and intrusion detection systems (IDSs) provide visibility to the security status of the network.
Policy Management
Tools and technologies are worthless without well-defined security policies. Effective policies balance the imposition of security measures against the productivity gains realized with little security. Centralized policy-management tools that can analyze, interpret, configure, and monitor the state of security policies help consolidate the successful deployment of rational security policies.
A company's network is like any other corporate asset: It is valuable to the success and revenue of that company. More than ever, the corporate computer network is the most valuable asset of many companies. Therefore, it must be protected. Generally, middle- to large-size companies appoint a chief security officer, whose job is to develop and enforce corporate security policies. Security threats present themselves in many forms:
A hacker breaking into the network to steal confidential information or destroy corporate data
A natural disaster such as a fire, tornado, or earthquake destroying computer and network equipment
A disgruntled employee intentionally trying to modify, steal, or destroy corporate information and devices
A computer virus
An act of war or terrorism Common security threats introduced by people include the following:
Network packet sniffers
IP spoofing
Password attacks
Distribution of sensitive internal information to external sources
Man-in-the-middle attacks Internet security is also a big concern given the exposure of corporate data resources to the publicly accessible Internet. Traditionally, you could achieve security by physically separating corporate networks from public networks. However, with corporate Web servers and databases - and the desire to provide access to corporate resources to employees over the Internet - companies must be especially diligent in protecting their networks.
Another recent area for security concern is wireless networking. Traditional networking occurred over physical wires or fibers. However, the current trend is to provide networking services over radio frequencies. Companies are installing wireless networking in their buildings so employees can link to the corporate network from conference rooms and other shared locations from their laptop computers. Additionally, service providers are now offering public wireless Internet services.
Identity and Network Access Control
You can define identity terms of authentication and authorization:
A computer or computer user identifies itself to the network or network resources.
Authorization occurs after authentication. After the computer or user successfully identifies itself, the network or server authorizes the individual or computer to perform certain things with a certain level of access. 802.1x is a link layer protocol used for transporting higher-level authentication protocols defined by the Institute of Electrical and Electronic Engineers (IEEE).
One form of authentication occurs through the exchange of passwords. This form is generally a one-way transaction in which a user or computer identifies itself to a network or server.
A popular method for securely identifying a machine or individual uses digital signatures. For example, if you send an e-mail to someone, he might want to verify that you were indeed the originator of the e-mail. Algorithms such as Secure Hash Algorithm (SHA), Message Digest 5 (MD5) (similar to checksum), and triple Digital Encryption Standard (3DES) encrypt and securely "sign" the message. Then, the sender and receiver match public and private keys. The combination of these methods allows both parties to trust (or not trust) each other when exchanging information.
Visit Ciscopress.com/index.html" target=new />www.Ciscopress.com for a detailed description and to learn how to purchase this title.
TOP 13 SECURITY VULNERABILITIES
Inadequate router access control.
Unsecured and unmonitored remote access points, providing easy access to corporate networks.
Information leakage revealing operating system and application information.
Hosts running unnecessary services.
Weak, easily guessed, and reused passwords.
User or test accounts with excessive privileges.
Misconfigured Internet servers, especially for anonymous FTP.
Misconfigured firewalls.
Software that is outdated, vulnerable, or left in default configurations.
Lack of accepted and well-promulgated security policies, procedures, guidelines, and minimum baseline standards.
Excessive trust domains in UNIX and NT environments, giving hackers unauthorized access to sensitive systems.
Unauthenticated services such as the X Window System.
Inadequate logging, monitoring, and detection capabilities. ABOUT THE BOOK
Cisco Networking Simplified by Paul Della Maggiora and Jim Doherty
ISBN:1-58720-074-0
Publisher: Cisco Press (www.Ciscopress.com)
Illustrations and copy reproduced from the book Cisco Networking Simplified. Copyright 2004, Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses.
<script type="text/javascript"><!--google_ad_client = "pub-2947489232296736";/* 728x15, 创建于 08-4-23MSDN */google_ad_slot = "3624277373";google_ad_width = 728;google_ad_height = 15;//--></script><script type="text/javascript"src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>- Cisco Networking Simplified @ JDJ
- Cisco Networking Simplified (2nd Edition)
- Pass4Sure Cisco Storage Networking
- Cisco Express Forwarding (Networking Technology)
- Cisco 802.11 Wireless Networking Quick Reference
- CCENT: Cisco Certified Entry Networking Technician: ICND1
- Rockwell to Resell Cisco Networking Technology
- CCENT Cisco Certified Entry Networking Technician Study Guide
- Pass4Sure Cisco Content Networking 642-961 also called Cisco Data Center Networking Infrastructure Solutions design is a Content
- Pass4Sure Cisco Content Networking 642-961 also called Cisco Data Center Networking Infrastructure Solutions design is a Content
- Networking
- Networking
- Networking
- Networking
- Networking
- Networking
- Networking
- Pass4Sure Cisco CCNA 640-721 also called Implementing Cisco Unified Wireless Networking Essentials (IUWNE) is a CCNA exam of Cis
- 屏幕抖动脚本
- Nokia 9210 Communicator @ JDJ
- 奇特的录制鼠标动作程序
- J2ME Benchmarking: A Review @ JDJ
- 请看用javascript设置和读取cookie的简单例子
- Cisco Networking Simplified @ JDJ
- 请看用javascript设置和读取cookie的简单例子.....
- Conditional Compilation In Java @ JDJ
- 取得鼠标所在位置的对象
- An Introduction to Genetic Algorithms In Java @ JDJ
- 取得页面内的所有链接
- Dynamic Sorting With Java @ JDJ
- 确认是否关闭浏览器或转到其它页面(JavaScript)
- NeXTensio2 @ JDJ