Network Perimeter Security: Building Defense In-Depth

Access control, 147–165

AAA, 147

accounting, 152–154

assigning administrative status, 37

authorization, See Authorization

central servers (RADIUS/TACACS+), 163–165

default to secure state, 37

discretionary (DAC), 148–149

mandatory (MAC), 149–150

passwords, See Passwords

physical countermeasures, 45–46, 54

role-based (nondiscretionary), 150–152

security labels, 149

ACK bit (TCP header), 104–105, 107, 192, 214

SYN attack, 111–112

Address Resolution Protocol (ARP), 74, 82–84

Administrative countermeasures, 42–45, 49, See also Access control; Passwords

Advanced Encryption Standard (AES), 130

Alerts, 35–36, 264–266

Alias, 141

Annualized loss expectancy (ALE), 27–28, 32

Annualized rate of occurrence (ARO), 26–27, 31–32

Anomaly detection systems (ADSs), 259

Apple Talk, 72

Application layer, 72

filtering, 199, 226

proxy, 196

Application security, 137–146

patches, 137–138, 244

Asymmetric encryption algorithms, 130–134

Asymmetric keys, 121–122

ATM, 64, 72, 281–282

packet prioritization, 337

Attributes standard (PKCS), 182

Auditing

penetration testing, See Network penetration testing

router/firewall configuration, 221–222

Authentication, 147–148, See also Passwords

biometric identification, 32, 160–163

certificates and certification authorities, 123, 167–168, See also Public key infrastructure

Internet Key Exchange, 321

IPSec ESP options, 315

public key infrastructure function, 184, 185

trust models, 172–177

Web servers, 183

Authentication header (AH), 306, 307, 310–313

NAT interoperability, 327–328

security parameters index, 311–312

Authorization

discretionary access control (DAC), 148–149

mandatory access control (MAC), 149–150

nondiscretionary access control, 150–152

privileges, 150

security labels, 149

Autonomous system, 96–99