Remote Access Network Design Overview 1142
Key Devices 1143
Implementing the Remote Access Devices 1144
Software Access Option 1144
Remote Site Firewall Option 1149
VPN Hardware Client Option 1151
Remote Site Router Option 1156
Summary 1159
Exam Essentials 1159
Index 1161
Introduction
This Study Guide is an introduction to the Cisco Certified Security Professional (CCSP) cer-tification track. It will help improve your Cisco security skills so that you can have more opportunities for a better job or job security. Security experience has been the buzzword and it will continue to be because networks need security.
Cisco has been pushing further into the security market, and having a Cisco security certification will greatly expand your opportunities. Let this Study Guide be not only your resource for the Securing Cisco IOS Networks, Cisco Secure PIX Firewall Advanced, Cisco Security Intrusion Detection Systems, Cisco Secure VPN, and Cisco SAFE Implementation exams but also an aid when you’re gaining hands-on experience in the field.
Not only will this Study Guide help with your pursuit of you CCSP, but it will improve your understanding of everything related to security internetworking, which is relevant to much more than Cisco products. You’ll have a solid knowledge of network security and how different technologies work together to form a secure network. Even if you don’t plan on becoming a security professional, the concepts covered in this Study Guide are beneficial to every network-ing professional. Employees with a Cisco security certification are in high demand, even at com-panies with only a few Cisco devices. Since you have decided to become Cisco security–certified, this Study Guide will put you way ahead on the path to that goal.
The CCSP reach is beyond the popular certifications such as the CCNA/CCDA and CCNP/
CCDP to provide you with a greater understanding of today’s secure network, with insight into the Cisco secure world of internetworking.
You might be thinking, “Why are networks so vulnerable to security breaches? Why can’t the operating systems provide protection?” The answer is straightforward: Users want lots of features, and software vendors give the users what they want because features sell. Capabilities such as sharing files and printers and logging in to the corporate infrastructure from the Internet aren’t just desired, they’re expected. The new corporate battle cry is, “Give us complete corpo-rate access from the Internet and make it super fast and easy—but make sure it’s really secure!”
Are software developers to blame? There are just too many security issues for any one com-pany to be at fault. But it’s true that providing all the features that any user could possibly want on a network at the click of a mouse creates some major security issues. It’s also true that we didn’t have the types of hackers we have today until we accidentally opened the door for them.
To become truly capable of defending yourself, you must understand the vulnerabilities of a plethora of technologies and networking equipment.
So, our goal is twofold: First, we’re going to give you the information you need to understand all those vulnerabilities; and second, we’re going to show you how to create a single, network-wide security policy. Before we do so, there are two key questions behind most security issues on the Internet:
How do you protect confidential information but still allow access by the corporate users who need to get to that information?
How do you protect your network and its resources from unknown or unwanted users outside your network?
4422Book.fm Page xxvii Saturday, January 29, 2005 9:49 PM
xxviii Introduction
If you’re going to protect something, you have to know where it is, right? Where important/
confidential information is stored is key for any network administrator concerned with security.
You’ll find the goods in two places: physical storage media (such as hard drives and RAM) and in transit across a network in the form of packets. This book’s focus is mainly on network security issues pertaining to the transit of confidential information across a network. But it’s important to remember that both physical media and packets need to be protected from intruders within your network and outside it. TCP/IP is used in all the examples in this book because it’s the most pop-ular protocol suite these days and also because it has some inherent security weaknesses.
From there, we’ll look beyond TCP/IP to help you understand how both operating systems and network equipment come with their own vulnerabilities that you must address as well.
If you don’t have passwords and authentication properly set on your network equipment, you’re in obvious trouble. If you don’t understand your routing protocols and, especially, how they adver-tise throughout your network, you might as well leave the building unlocked at night. Furthermore, how much do you know about your firewall? Do you have one? If so, where are its weak spots?
If you don’t cover all these bases, your equipment will be your network’s Achilles heel.