Network security by CISCO

8/13/2019 Network security by CISCO

1/88

1 2003, Cisco Systems, Inc. All rights reserved.SEC-10008020_05_2003_c2

Introduction toNetwork Security


2/88


Agenda

Security Year in ReviewSlammer, et. al.

Security PolicySetting a Good Foundation

Extended Perimeter SecurityDefine the Perimeter, Firewalls, ACLs

Identity ServicesPasswords, Tokens, PKI, Biometrics

Secure Connectivity

Work Happens Everywhere, Virtual Private Networks Intrusion Protection

Network, Host

Security ManagementWrapping it All Together


3/88


Agenda





Secure Connectivity


Network, Host



4/88


Security Year in Review

Are incidents decreasing?

SQL slammer

Other security headlines


5/88


Are Incidents Decreasing?

Source: FBI 2002 Report on Computer Crime

Compare This to the Cost of Implementing a Comprehensive Security Solution!

$456M$378MTotal

$13.0$19.0System Penetration by Outsiders

$18.4$4.3Denial of Service

$11.7$8.8Laptop Theft

$4.5

$15.1$49.9

$115.7

$170.8

2002

$6.1Unauthorized Access by Insiders

$5.2Sabotage$45.3Insider Net Abuse

$92.9Financial Fraud

$151.2Theft of Proprietary Information

2001Type of Crime


6/88


Number of IncidentsAlways on the Rise

.

(*) An Incident May Involve One Site or Hundreds (or Even Thousands) of Sites;Also, Some Incidents May Involve Ongoing Activity for Long Periods of Time

0

10000

20000

30000

40000

50000

60000

70000

80000

90000

1988 1990 1992 1994 1996 1998 2000 2002

CERTNumber of Incidents Reported (*)http://www.cert.org/stats/cert_stats.html#incidents


7/88


Two of the Most Serious Intruder ActivitiesReported to the CERT/CC in 2002

Exploitation of vulnerabilities in Microsoft SQL Server

Intruders compromised systems through the automated exploitation of nullor weak default SA passwords in Microsoft SQL Server and Microsoft DataEngine; the CERT/CC published advice on protecting systems that runMicrosoft SQL Server in CA-2002-04 (February 25, 2002)

In July 2002, intruders continued to compromise systems and obtainsensitive information by exploiting several serious vulnerabilities in theMicrosoft SQL Server; the CERT/CC published additional advice in CA-2002-22 (July 29, 2002)

Apache/mod_ssl Worm

Intruders used a piece of self-propagating malicious code (referred to hereas Apache/mod_ssl) to exploit a vulnerability in OpenSSL, an open-sourceimplementation of the Secure Sockets Layer (SSL) protocol

The CERT/CC initially published CA-2002-23 (July 30, 2002), describing fourvulnerabilities in OpenSSL that could be used to create denial of service;when these and other vulnerabilities finally manifested themselves in theform of the Apache/mod_ssl Worm, the CERT/CC published advice in CA-2002-27 (September 14, 2002)


8/88


The SQL Slammer Worm:What Happened?

Released at 5:30 GMT,January 25, 2003

Saturation point

reached within2 hours of startof infection

250,000300,000

hosts infected Internet connectivity

affected worldwide


9/88


The SQL Slammer Worm:30 Minutes after Release

Infections doubled every 8.5 seconds

Spread 100x faster than Code Red

At peak, scanned 55 million hosts per second


10/88


Network Effects of the SQLSlammer Worm

Several service providers noted significantbandwidth consumption at peering points

Average packet loss at the height of

infections was 20%

Country of South Korea lost almost allInternet service for period of time

Financial ATMs were affected

SQL Slammer overwhelmed some airlineticketing systems


11/88


Agenda





Secure Connectivity


Network, Host



12/88


Security Policy

Setting a good foundation

What is a security policy

Why create a security policy

What should it contain


13/88


Start with a Security Policy

Security policy defines and sets a goodfoundation by:

DefinitionDefine data and assets to be covered bythe security policy

IdentityHow do you identify the hosts andapplications affected by this policy?

TrustUnder what conditions is communicationallowed between networked hosts?

EnforceabilityHow will the policies implementation

be verified?Risk AssessmentWhat is the impact of a policyviolation? How are violations detected?

Incident ResponseWhat actions are required upona violation of a security policy?


14/88


What Is a Security Policy?

A security policy is a formalstatement of the rules by

which people who are givenaccess to an organizationstechnology and informationassets must abide.

RFC 2196, Site Security Handbook


15/88


Why Create a Security Policy?

To create a baseline of your currentsecurity posture

To set the framework for security implementation

To define allowed and not allowed behaviors

To help determine necessary toolsand procedures

To communicate consensus and define roles

To define how to handle security incidents


16/88


What Should theSecurity Policy Contain?

Statement of authority and scope

Acceptable use policy

Identification andauthentication policy

Internet use policy

Campus access policy

Remote access policy

Incident handling procedure


17/88


Security Policy Elements

On the left are the network design factors upon whichsecurity policy is based

On the right are basic Internet threat vectors towardwhich security policies are written to mitigate

VulnerabilitiesVulnerabilities

Denial of ServiceDenial of Service

ReconnaissanceReconnaissance

MisuseMisuse

Topology/Trust ModelTopology/Trust Model

Usage GuidelinesUsage Guidelines

Application DefinitionApplication Definition

Host AddressingHost Addressing

Data AssessmentData Assessment

POLICY


18/88


Enforcement

SecureIdentity and authentication

Filtering and stateful inspection

Encryption and VPNs

Monitor

Intrusion detection and responseContent-based detection and response

Employee monitoring

AuditSecurity posture assessment

Vulnerability scanning

Patch verification/application auditing

ManageSecure device management

Event/data analysis and reporting

Network security intelligence

Secure

Monitor

Audit

Manage

Security Wheel

PolicyPolicy


19/88

191919 2003, Cisco Systems, Inc. All rights reserved.

SEC-1000

8020_05_2003_c2

Risk Assessment

Some elements of network security areabsolute, others must be weighed relativeto the potential risk

When you connect to the Internet, the Internet connects

back to you

Sound operational procedures and managementare easier to implement than technical solutions

You cant secure a bad idea

The cost of secure solutions must be factoredinto the overall Return on Investment (ROI)

Security must be included in planning and design

Effective security requires managerial commitment


20/88


SEC-1000

8020_05_2003_c2

What Is Trust?

Trust is the inherent ability for hosts tocommunicate within a network design

Trust and risk are opposites; security isbased on enforcing and limiting trust

Within subnets, trust is based on Layer 2forwarding mechanisms

Between subnets, trust is based onLayer 3+ mechanisms


21/88


SEC-1000

8020_05_2003_c2

Incident Response

Attacks are intentional, there are noaccidental or stray IP packets

Four levels of incident response:

Network misuse

Reconnaissance

Attack

Compromise

Without incident response plans, onlypassive defenses have value


22/88


SEC-1000

8020_05_2003_c2

Agenda





Secure Connectivity


Network, Host



23/88


SEC-1000

8020_05_2003_c2

Extended Perimeter Security

Can you define the perimeter?

Dissimilar policy boundaries

Access control

Firewallsfirst line of defense


24/88


SEC-1000

8020_05_2003_c2

Can You Define the Perimeter?

EnterpriseMobility

EnterpriseMobility

IP TelephonyIP Telephony

Security/VPNSecurity/VPN

VideoConferencing

VideoConferencing

StorageStorageContent

NetworkingContent

Networking

Multi-Gigabit

Ethernet

Multi-Gigabit

Ethernet

Mobile UsersMobile Users

TelecommutersTelecommuters

SuppliersSuppliers

InternationalSales Offices

InternationalSales Offices

MultiserviceWAN (Sonet, IP,ATM, Frame

Relay)

MultiserviceWAN (Sonet, IP,

ATM, FrameRelay)

ISDNISDN

PSTNPSTN

Campus/WANBackbone

Campus/WANBackbone

MainframeMainframe

Campus LANCampus LAN


25/88


SEC-1000

8020_05_2003_c2

Filtering Network Traffic

Examining the flow of dataacross a network

Types of flows:

Packets

Connections

State


26/88


SEC-1000

8020_05_2003_c2

Simple ACLs look at information in IP packet headers

Many filters are based on the packets Source andDestination IP address

Extended ACLs look further into the packet or at the TCPor UDP port number in use for the TCP/IP connectionbetween hosts

Access Control Lists (ACLs)

0 15 16 31 bit

20

bytes

IP Packet Header

Destination IP Address

Source IP Address


27/88


SEC-1000

8020_05_2003_c2

The Evolution of ACLs

Dynamic ACLs

Lock-and-key filtering (Dynamic ACLs) allowsan authenticated user to pass traffic that wouldnormally be blocked at the router

Reflexive ACLs

Creates a temporary ACL to allows specified IP

packets to be filtered based on TCP or UDPsession information; the ACL expires shortlyafter the session ends (no sequence #)


28/88


SEC-1000

8020_05_2003_c2

Firewalls

Four types of firewalls

Proxies (application-layer firewalls)

Stateful

Hybrid

Personal

Implementation methods

Software

Appliance


29/88


SEC-1000

8020_05_2003_c2

Proxy Firewalls

Proxy firewalls permit no traffic to passdirectly between networks

Provide intermediary style connectionsbetween the client on one network and theserver on the other

Also provide significant logging andauditing capabilities

For HTTP (application specific) proxies allweb browsers must be configured to pointat proxy server

Example Microsoft ISA Server


30/88


SEC-1000

8020_05_2003_c2

Stateful Firewalls

Access Control Lists plus

Maintaining state

Stateful firewalls inspect and maintain a record (a state

table) of the state of each connection that passesthrough the firewall

To adequately maintain the state of a connection thefirewall needs to inspect every packet

But short cuts can be made once a packet is identifiedas being part of an established connection

Different vendors record slightly different informationabout the state of a connection


31/88


SEC-1000

8020_05_2003_c2

Hybrid Firewalls

Hybrid firewalls combine features of otherfirewall approaches such as

Access Control Lists

Application specific proxies

State tables

Plus features of other devices

Web (HTTP) cache

Specialized servers SSH, SOCKS, NTP

May include VPN, IDS


32/88


SEC-1000

8020_05_2003_c2

Personal Firewalls

Personal firewalls

Protecting remote users/home users

Watching inbound/outbound traffic

Creating basic rules

ExampleZoneAlarm


33/88


SEC-1000

8020_05_2003_c2

Agenda





Secure Connectivity


Network, Host



34/88


SEC-1000

8020_05_2003_c2

Identity Services

User identity

Passwords Tokens

PKI

Biometrics


35/88


SEC-1000

8020_05_2003_c2

User Identity

Mechanisms for proving who you are

Both people and devices can be authenticated

Three authentication attributes:

Something you know

Something you have

Something you are

Common approaches to Identity:

Passwords

Tokens

Certificates


36/88


SEC-1000

8020_05_2003_c2

Validating Identity

Identity within the network is basedoverwhelmingly on IP Layer 3 and 4 informationcarried within the IP packets themselves

Application-level user authentication exists, but is most

commonly applied on endpoints

Therefore, identity validation is often based ontwo mechanisms:

Rule matching

Matching existing session state

Address and/or session spoofing is a majoridentity concern


37/88


SEC-1000

8020_05_2003_c2

Passwords

Correlates anauthorized user

with networkresources

PIXFirewall

Username and Password RequiredUsername and Password Required

Enter username for CCO at www.com

User Name:

Password:

OK Cancel

student

123@456


38/88


SEC-1000

8020_05_2003_c2

Passwords

Passwords have long been, and will continue tobe a problem

People will do what is easiest

Create and enforce good password procedures

Non-dictionary passwords

Changed often (90120 days)

Passwords are like underwearthey should bechanged often and neither hung from yourmonitor or hidden under your keyboard


39/88


SEC-1000

8020_05_2003_c2

Tokens

Strong (2-factor) Authentication basedon something you know and somethingyou have

Ace Server

PIX Firewall

Username and Password RequiredUsername and Password Required

Enter username for server at www.com

User Name:

Password:

OK Cancel

jdoe

234836

Access Is

Granted orDenied

Access Is

Granted orDenied


40/88


SEC-1000

8020_05_2003_c2

Public Key Infrastructure (PKI)

Relies on a two-key system

J Doe signs a document with his private key

Person who receives that document uses JDoespublic key to:

Verify authenticity and decrypt

Certificate Authority

I amjdoe!

Internet

CertificatesSigned by

us.org

jd oeThis Isjd oe

Signed byus.org Certificate

Authenticate

and Decrypt

Authenticate

and Decrypt


41/88


SEC-1000

8020_05_2003_c2

Biometrics

Authentication based on physiological orbehavioral characteristics

Features can be based on:

Face

Fingerprint

Eye

Hand geometry

Handwriting

Voice

Becoming more accepted and widely used

Already used in government, military, retail, lawenforcement, health and social services, etc.


42/88


SEC-1000

8020_05_2003_c2

Agenda





Secure Connectivity


Network, Host

Security ManagementWrapping It All Together


43/88


SEC-1000

8020_05_2003_c2

Secure Connectivity

Work happens everywhere!

Virtual Private Networks


44/88


SEC-1000

8020_05_2003_c2

Work Happens EverywhereIncreasing Need for Transparent Corporate Connectivity

On the road (hotels, airports,convention centers)

280 million business trips a year

Productivity decline away from office >6065%

At home (teleworking)137 million telecommuters by 2003

40% of U.S. telecommuters from large ormid-size firms

At work (branch offices, business partners)

E-business requires agile networks

Branch offices should go where the talent is

Source: On the Road (TIA Travel Poll, 11/99); At Home (Gartner 2001,Cahners Instat 5/01); At Work (Wharton Center for Applied Research)


45/88


SEC-1000

8020_05_2003_c2

Central/HQ

Regional Sites

Branches

SoHo

TelecommutersMobile Users

Virtual PrivateNetwork

Partners Customers

What Are VPNs?

A network built on a less expensive sharedinfrastructure with the same policies andperformance as a private network


46/88


47/88


SEC-1000

8020_05_2003_c2

Encryption

Symmetric Cryptography

Uses a shared secret keyto encrypt and decrypt

transmitted dataData flow is bidirectional

Provides data confidentiality only

Does not provide data integrity ornon-repudiation

Examples: DES, 3DES, AES


48/88


SEC-1000

8020_05_2003_c2

Symmetric Cryptography

CleartextCleartext CleartextCleartext

CiphertextCiphertext CiphertextCiphertext

Secret

Key(One)

Encrypt

(Lock)

DataConfidentiality

Decrypt

(Unlock)


49/88


SEC-1000

8020_05_2003_c2

Encryption

Asymmetric cryptography

Also known as Public Key Cryptography

Utilizes two keys: private and public keys

Two keys are mathematically related butdifferent values

Computationally intensive

Provides data confidentiality

Can provide for data integrity as wellas non-repudiation

Examples: RSA Signatures


50/88


SEC-1000

8020_05_2003_c2

Asymmetric Cryptography

CleartextCleartext CleartextCleartext

CiphertextCiphertext CiphertextCiphertext

Encrypt

(Lock)

KeyConfidentiality

Decrypt

(Unlock)

PublicKey

PrivateKey


51/88


SEC-1000

8020_05_2003_c2

Digital Signatures

Pri

Message

0FB6CD3451DA0FB6CD3451DA EncryptionEncryption SignatureSignature

One-Way HashFunction

(MD5, SHA1)

Hash of Message

Hash Is Encrypted withthe Sender's Private Key

Digital Signature Is theEncrypted Hash


52/88


SEC-1000

8020_05_2003_c2

Security Association

A Security Association (SA) is an agreement betweentwo peers on a common security policy, including:

If and how data will be encrypted

How entities will authenticate

Shared session keys

How long the association will last (lifetime)

Types of security associations

Uni-directional (IPSec SAS)

Bi-directional (IKE SAS)

IKE SAMain Mode

IPSec SAsQuick ModePeerPeer


53/88


SEC-1000

8020_05_2003_c2

*RFC 24012412

IPIP DataDataTCPTCP

DataDataTCPTCP

Encapsulating Security Payload (ESP)

IPIP ESPTrailer ESPAuthESPHeader

Authenticated

Encrypted

AHAH DataDataTCPTCP

Authentication Header (AH)

IPIP

Authenticated

IP Data Packet

What Is IPSec?

IPSec: An IETFstandard* framework

for the establishmentand management ofdata privacy betweennetwork entities

IPSec is an evolvingstandard


54/88


SEC-1000

8020_05_2003_c2

Key Management

IKE = Internet KeyExchange protocols

Public key cryptosystemsenable secure exchange ofprivate crypto keys acrossopen networks

Re-keying atappropriate intervals


55/88


SEC-1000

8020_05_2003_c2

An IPSec VPN Is

IPSec provides the framework that lets younegotiate exactly which options to use

IPSec provides flexibility to address differentnetworking requirements

A VPN which uses IPSec to insure dataauthenticity and confidentiality

AH provides authenticity

ESP provides authenticity and confidentiality

The IPSec framework is open and canaccommodate new encryption andauthentication techniques


56/88


SEC-1000

8020_05_2003_c2

Agenda





Secure Connectivity


Network, Host



57/88


SEC-1000

8020_05_2003_c2

Intrusion Protection

Monitoring the network and hosts

Network scanning

Packet sniffing

Intrusion detection

primer


58/88


SEC-1000

8020_05_2003_c2

Monitoring

Where DidThis Car

Comefrom?

Where IsThis VanGoing?


59/88


SEC-1000

8020_05_2003_c2

Network Scanning

Active tool

Identifies devices on the network

Useful in network auditing

Fingerprinting

How a scanner figures out what OSand version is installed

Examples: Nmap, Nessus


60/88


SEC-1000

8020_05_2003_c2

Packet Sniffing

Diagnostic tools

Used capture packets

Used to examine packet data (filters)Can reconstruct sessions and streams

Sniffers can be promiscuous

Passive, listening

Examples: Sniffer, Ethereal


61/88


SEC-1000

8020_05_2003_c2

Create a system of distributedpromiscuous Sniffer-like devices

Watching activity on a network andspecific hosts

Different approaches

Protocol anomaly/signaturedetection

Host-based/network-based

Different IDS technologies can becombined to create a better solution

Intrusion Detection


62/88


SEC-1000

8020_05_2003_c2

Terminology

False positives: Systemmistakenly reports certainbenign activity as malicious

False negatives: Systemdoes not detect and report

actual malicious activity


63/88


SEC-1000

8020_05_2003_c2

Misuse/Signature vs.Anomaly Detection

Network vs. Host-Based

Misuse/Signature vs.Anomaly Detection

Network vs. Host-Based

Intrusion Detection Approaches


64/88


SEC-1000

8020_05_2003_c2

Anomaly vs. Signature Detection

Anomaly detection: Definenormal, authorized activity, andconsider everything else to be

potentially malicious

Misuse/signature detection:Explicitly define what activity

should be considered maliciousMost commercial IDS productsare signature-based


65/88


SEC-1000

8020_05_2003_c2

Host vs. Network-Based

Host-based agent software monitorsactivity on the computer on which it isinstalled

Cisco HIDS (Okena)System activity

TripWireFile system activity

Network-based appliance collects andanalyzes activity on a connected network

Integrated IDS

Network-based IDS functionality as deployedin routers, firewalls, and other network devices


66/88


SEC-1000

8020_05_2003_c2

ConsPros

Can verify success or failureof attack

Generally not impacted bybandwidth or encryption

Understands host context andmay be able to stop attack

Impacts host resources

Operating system dependent

Scalabilityrequires one

agent per host

Protects all hosts onmonitored network

No host impact

Can detect network probesand denial of service attacks

Switched environments posechallenges

Monitoring multi-gig is

currently challenging

Generally cant proactivelystop attacks

Should View as Complementary!

Some General Pros and Cons

Host-

Based

Network-Based


67/88


SEC-1000

8020_05_2003_c2

Data Flow

Data Capture

Monitoring the Network

Network Link to theManagement Console

IP Address

Passive InterfaceNo IP Address

Network IDS Sensor


68/88


SEC-1000

8020_05_2003_c2

Host IDS Sensor

Syslog monitoring

Detection

Wider platform support

Attack interception

Prevention

Focused protection

Syslog

Passive Agent(OS Sensor)

Active Agent(Server Sensor)


69/88


SEC-1000

8020_05_2003_c2

Production

Network Segment

IDS Sensor

ManagementConsole

ComponentCommunications

Typical IDS Architecture

Management console

Real-time event display

Event database

Sensor configuration

SensorPacket signature analysis

Generate alarms

Response/countermeasures

Host-based

Generate alarms

Response/countermeasures

Host-BasedIDS


70/88


SEC-1000

8020_05_2003_c2

Too Many Choices?

Generally, most efficient approach is to implementnetwork-based IDS first

Easier to scale and provides broad coverage

Less organizational coordination required

No host/network impact

May want to start with host-based IDS if you onlyneed to monitor a couple of servers

Vast majority of commercial IDS is signature-based

Keep in mind that IDS is not the security panacea


71/88


SEC-1000

8020_05_2003_c2

Agenda





Secure Connectivity


Network, Host



72/88


SEC-1000

8020_05_2003_c2

Security Management

Wrapping it all together

Security management

Scalable and manageable

Syslog and log analysis


73/88


SEC-1000

8020_05_2003_c2

Wrapping It All Together

In the previous sections we discussed:

Security policy

Perimeter security and filtering

Identity services

Virtual Private Networks

Intrusion detection and prevention systems

No one system can defend your networksand hosts

With all this technology, how do we survive?


74/88


SEC-1000

8020_05_2003_c2

Integrated Network Security

SecurityFunctionsSecurityFunctions

End-to-EndCoverage

End-to-EndCoverage

Network and End Point Security

FlexibleDeployment

FlexibleDeployment

SecurityAppliances

SecurityAppliances

SwitchModules

SwitchModules

RouterModules

RouterModules

SecuritySoftware

SecuritySoftware

Analysis Distributed InvestigationDistributed Investigation

Security ManagementDevice Manageability, Embedded Management Tools, Security Policy,

Monitoring and Analysis, Network and Service Management

VPNVPN FirewallFirewall IntrusionIntrusionProtectionProtection IdentityIdentitySvcsSvcs

NetworkServices

NetworkServices

Seamless Collaboration ofSecurity and Networking Services

Management


75/88


SEC-1000

8020_05_2003_c2

Security Management

How to manage the network securely

In-band versus out-of-band management

In-band managementmanagement information travelsthe same network path as the data

Out-of-band managementa second path exists tomanage devices; does not necessarily depend on theLAN/WAN

If you must use in-band, be sure to use

Encryption

SSH instead of telnet

Making sure that policies are in place and thatthey are working


76/88


SEC-1000

8020_05_2003_c2

Syslog

A protocol that supports the transportof event notification messages

Originally developed as part of BSD Unix

Syslog is supported on mostinternetworking devices

BSD SyslogIETF RFC 3164

The RFC documents BSD Syslogobserved behavior

Work continues on reliable andauthenticated Syslog

http://www.employees.org/~lonvick/index.shtml


77/88


SEC-1000

8020_05_2003_c2

Log Analysis

Log analysis is the process of examiningSyslog and other log data

Building a baseline of what should be considerednormal behavior

This is post event analysis because it is nothappening in real-time

Log analysis is looking for

Signs of trouble

Evidence that can be used to prosecute

If you log it, read and use it!

Resources

http://www.counterpane.com/log-analysis.html


78/88


SEC-1000

8020_05_2003_c2

Security = Tools Implementing Policy

Now more than ever

Identity tools

Filtering tools

Connectivity tools

Monitoring tools

Management tools


79/88


SEC-1000

8020_05_2003_c2

The Threat Forecast

New vulnerabilities and exploits areuncovered everyday

Subscribe to bugtraq to watch the fun!

Crystal ball

Attacks will continue

Greater complexity

Still see unpatched vulnerabilities takenadvantage of


80/88


SEC-1000

8020_05_2003_c2

Conclusions

Things sound dire!!!

The sky really is not falling!!! Take care of those security issues that

you have control over

Security is a process, not a box!


81/88


SEC-1000

8020_05_2003_c2

Security Resources at Cisco

Cisco Connection Online

http://www.cisco.com/go/security

Cisco Product Specific IncidentResponse Team (PSIRT)

http://www.cisco.com/go/psirt


82/88


SEC-1000

8020_05_2003_c2

Security Resources on the Internet

Cisco Connection Onlinehttp://www.cisco.com

SecurityFocus.comhttp://www.securityfocus.com

SANShttp://www.sans.org CERThttp://www.cert.org

CIAChttp://www.ciac.org/ciac

CVEhttp://cve.mitre.org

Computer Security Institutehttp://www.gocsi.com

Center for Internet Securityhttp://www.cisecurity.org


83/88


SEC-1000

8020_05_2003_c2

Thank You


84/88


SEC-1000

8020_05_2003_c2

Questions


85/88


86/88


SEC-1000

8020_05_2003_c2

Recommended Reading

Network Security Principlesand PracticesISBN: 1587050250

Cisco Secure InternetSecurity SolutionsISBN: 1587050161

Cisco Secure IntrusionDetection SystemISBN: 158705034X


87/88


SEC-1000

8020_05_2003_c2

Recommended Reading

CCSP Cisco Secure PIXFirewall Advanced ExamCertification GuideISBN: 1587200678

CCSP Cisco Secure VPNExam Certification GuideISBN: 1587200708


88/88

Documents

Network security by CISCO