De som köpt den här boken har ofta också köpt Digital Minimalism av Cal Newport (häftad).
Köp båda 2 för 774 krGregg Schudel, CCIE No. 9591 is a Consulting System Engineer (CSE) supporting the Service Provider organization at Cisco. Gregg is a Cisco Certified Internet Expert (CCIE) in security, and holds an MS degree in engineering from George Washington University (1982), and a BS in engineering from Florida Institute of Technology (1980). David J. Smith, CCIE No. 1986, is a Consulting System Engineer (CSE) within the Service Provider organization at Cisco. David holds a B.S. in Computer Engineering from Lehigh University (1989) as well as a M.S. in Information Networking from Carnegie Mellon University (1991). He is also CCIE No. 1986 for Routing/Switching.
Foreword xix
Introduction xx
Part I
IP Network and Traffic Plane Security Fundamentals 3
Chapter 1
Internet Protocol Operations Fundamentals 5
IP Network Concepts 5
Enterprise Networks 7
Service Provider Networks 9
IP Protocol Operations 11
IP Traffic Concepts 19
Transit IP Packets 20
Receive-Adjacency IP Packets 21
Exception IP and Non-IP Packets 22
Exception IP Packets 22
Non-IP Packets 23
IP Traffic Planes 24
Data Plane 25
Control Plane 27
Management Plane 29
Services Plane 30
IP Router Packet Processing Concepts 32
Process Switching 36
Fast Switching 39
Cisco Express Forwarding 44
Forwarding Information Base 44
Adjacency Table 45
CEF Operation 46
General IP Router Architecture Types 50
Centralized CPU-Based Architectures 50
Centralized ASIC-Based Architectures 52
Distributed CPU-Based Architectures 54
Distributed ASIC-Based Architectures 56
Summary 62
Review Questions 62
Further Reading 63
Chapter 2
Threat Models for IP Networks 65
Threats Against IP Network Infrastructures 65
Resource Exhaustion Attacks 66
Direct Attacks 67
Transit Attacks 70
Reflection Attacks 74
Spoofing Attacks 75
Transport Protocol Attacks 76
UDP Protocol Attacks 78
TCP Protocol Attacks 78
Routing Protocol Threats 81
Other IP Control Plane Threats 83
Unauthorized Access Attacks 85
Software Vulnerabilities 87
Malicious Network Reconnaissance 88
Threats Against Layer 2 Network Infrastructures 89
CAM Table Overflow Attacks 89
MAC Spoofing Attacks 90
VLAN Hopping Attacks 92
Private VLAN Attacks 93
STP Attacks 94
VTP Attacks 95
Threats Against IP VPN Network Infrastructures 96
MPLS VPN Threat Models 96
Threats Against the Customer Edge 98
Threats Against the Provider Edge 99
Threats Against the Provider Core 101
Threats Against the Inter-Provider Edge 103
Carrier Supporting Carrier Threats 103
Inter-AS VPN Threats 105
IPsec VPN Threat Models 108
Summary 111
Review Questions 112
Further Reading 113
Chapter 3
IP Network Traffic Plane Security Concepts 117
Principles of Defense in Depth and Breadth 117
Understanding Defense in Depth and Breadth Concepts 118
What Needs to Be Protected? 119
What Are Defensive Layers? 119
What Is the Operational Envelope of the Network? 122
What Is Your Organizations Operational Model? 123
IP Network Traffic Planes: Defense in Depth and Breadth 123
Data Plane 124