1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Chapter 2: Securing the Network

Chapter 2: Securing the Network

Overview

In this chapter, you will learn how to:

  • Secure network design example

  • Improve network security

  • Secure network devices

  • Use access control lists (ACLs) to secure the network

As you saw in the preceding chapter, the network has many threats. Developing a comprehensive security program to combat those threats requires planning in the initial stages, and a lot of tweaking and revising as time goes on. Just as the organization attempts to move the network to a more secure state, the threats are also evolving, changing and often growing stronger. Network security will never be a “set it and forget it” world.

This book looks at many technologies and methods to secure access to and operation of the computer networks. While many variations exist, some of the most important ones include the following concepts.

Physical security

Once stated, this seems so obvious, but it’s often overlooked. Network devices must be physically secured from unauthorized access or even theft. Password recovery techniques make it quite easy for anyone to access and reconfigure a device if they can have physical access to it.

Vulnerability patching

Network devices from workstations to routers have or develop vulnerabilities that can usually be mitigated by applying software patches, performing upgrades, and disabling any unnecessary services.

Encryption

If making the data path absolutely secure isn’t possible, then encrypt the data. Encryption, such as IPSec, means anyone capturing the data will find useless gibberish.

Firewalls

Firewalls filter traffic based on predefined permit-and-deny rules. Ideally, a firewall devotes 100 percent of its resources to protecting the network.

Intrusion detection

Intrusion detection systems (IDS) detect certain patterns of data that match known “signatures” of improper activities. The IDS system can then notify network management or even implement measures to block the activity.

Authorization systems

Secure authorization systems, such as one-time passwords (OTP), limit the usefulness of a password that’s been compromised or captured through sniffing activity.

In this chapter, you learn some other simple techniques to improve network security. Some of these techniques should be familiar from other certifications, but each one provides a small piece of the strategy necessary to secure the network.




BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Chapter 1: Understanding Network Security Threats
Chapter 2: Securing the Network
Secure Network Design Example
Securing Network Devices
Using Access Control Lists to Secure the Network
Chapter Review
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars