Tài liệu miễn phí An ninh - Bảo mật
Download Tài liệu học tập miễn phí An ninh - Bảo mật
This chapter discusses how to develop a comprehensive network security policy to counter threats against information security. It also teaches you about possible threats and how to describe and implement the process of developing a security policy. It covers the identification of common vulnerabilities and threats, mitigation strategies, and the implementation of a security architecture using a lifecycle approach.
8/30/2018 5:02:54 AM +00:00
This chapterdiscusses the concept of borderless Networks. It discusses Cisco borderless Network architecture, including the components and underlying technologies. You will learn about the Cisco security portfolio products that address specifically issues of borderless Networks, and more precisely about Cisco SecureX. This chapter introduces Cisco threat control and containment products and VPN technologies that will be covered in greater detail in subsequent chapters.
8/30/2018 5:02:54 AM +00:00
This chapter deals with Cisco IOS Network Foundation Protection (NFP) as a framework for infrastructure protection, all its components, and commonly used countermeasures asfound in Cisco IOS devices. More precisely, this chapter differentiates the security measures to be implemented on the three conceptual planes of Cisco IOS devices: the control plane, the data plane, and the management plane. This chapter also discusses using Cisco Configuration Professional (CCP) to implement security controls on Cisco IOS routers.
8/30/2018 5:02:54 AM +00:00
This chapter describes how to securely implement the management and reporting features of Cisco IOS devices. It discusses technologies surrounding network management, such as syslog, Network Time Protocol, Secure Shell, and Simple Network Management Protocol.
8/30/2018 5:02:54 AM +00:00
Topics covered in this chapter include the following: An introduction to fundamental switching concepts, starting with the building blocks of VLANs and trunking; an introduction to other building blocks of switching technology, including Spanning Tree Protocol for high availability; a revisit and further explanation of security threats that exploit vulnerabilities in the switching infrastructure;...
8/30/2018 5:02:54 AM +00:00
This chapter explains the need for IPv6 and presents its fundamental features, as well as enhancements when compared to IPv4. It covers IPv6 addressing scheme, components, and design principles and how routing functions. The chapter then presents potential threats and develops a strategy for IPv6 security.
8/30/2018 5:02:54 AM +00:00
This chapter suggests design principles to plan a threat control and containment strategy using firewalls and intrusion prevention systems in Cisco IOS environments. This chapter provides a general evaluation of the current state of enterprise security in the presence of evolving threats. It presents the design considerations for a threat protection strategy as part of a risk management strategy with Cisco threat control and containment solutions.
8/30/2018 5:02:54 AM +00:00
Cisco provides basic traffic filtering capabilities with access control lists (ACL). This chapter covers the benefits of ACLs and describes their building blocks. The chapter describes summarizable address blocks in the context of CIDR and VLSM environments, demonstrating how ACL wildcard masks allow for threat mitigation in those environments.
8/30/2018 5:02:54 AM +00:00
This chapter explains the operations of the different types of firewall technologies and the role they play in network access control and security architectures. It also describes guidelines for firewall rule set creation. The chapter then describes the function and building blocks of Network Address Translation.
8/30/2018 5:02:54 AM +00:00
This chapter explains the two Cisco Firewall solutions: Cisco IOS Zone-Based Policy Firewalls and Cisco Adaptive Security Appliance. It describes in detail Cisco IOS Zone-Based Policy Firewall, and how the solution uses the Cisco Common Classification Policy Language (C3PL) for creating firewall policies. The chapter then presents the Cisco ASA firewall, identifying key supported features and the building blocks of its configuration using ASDM.
8/30/2018 5:02:54 AM +00:00
This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). It explains the underlying IDS and IPS technology embedded in the Cisco IOS IPS solutions. It describe the use of signatures, the need for IPS alarm monitoring, and the design considerations in deploying IPS.
8/30/2018 5:02:54 AM +00:00
This chapter introduces the concepts of cryptography and covers encryption, hashing, and digital signatures and how these techniques provide confidentiality, integrity, authenticity, and nonrepudiation. You will learn about algorithms, symmetric and asymmetric encryption, digital signatures, and Public Key Infrastructure (PKI).
8/30/2018 5:02:54 AM +00:00
This chapter covers the role and operational impact of IPsec’s main components and its modes of operation in various scenarios. It provides a detailed description of the phases of IPsec connectivity. It also provides an overview of IPv6 VPNs.
8/30/2018 5:02:54 AM +00:00
This chapter explains how to configure site-to-site virtual private networks (VPN) using Cisco IOS routers. You will learn how to use both CLI commands and Cisco Configuration Professional to configure, validate, and monitor the VPN configuration. You will also learn site-to-site VPN troubleshooting techniques.
8/30/2018 5:02:54 AM +00:00
This chapter describes the use cases and operational requirements of SSL VPNs and offers a detailed presentation on the operations of SSL. The chapter explains configurations, deployment options, and design considerations. It describes the steps to configure both Cisco VPN clientless mode and Cisco full-tunnel mode on Cisco ASA using the Cisco AnyConnect client.
8/30/2018 5:02:54 AM +00:00
Content in lecture Information systems security include: General security concepts, identifying potential risks, infrastructure and connectivity, monitoring activity and intrusion detection, implementing and maintaining a secure network, securing the network and environment, cryptography basics - methods and standards, security policies and procedures, security administration.
8/30/2018 5:02:51 AM +00:00
The content in chapter 1: Understanding information security, understanding the goals of information security, comprehending the security process, authentication issues to consider, distinguishing between security topologies.
8/30/2018 5:02:51 AM +00:00
After studying this chapter you should be able to differentiate among various systems’ security threats: Privilege escalation, virus, Worm, Trojan, Spyware, Spam, Adware, Rootkits, Botnets, Logic bomb,... For further information, inviting you to refer lecture.
8/30/2018 5:02:51 AM +00:00
Objectives in chapter 3: Explain how to harden operating systems, list ways to prevent attacks through a Web browser, define SQL injection and explain how to protect against it, explain how to protect systems from communications-based attacks, describe various software security applications.
8/30/2018 5:02:51 AM +00:00
After studying chapter 4 you should be able to: Describe the basic IEEE 802.11 wireless security protections; define the vulnerabilities of open system authentication, WEP, and device authentication; describe the WPA and WPA2 personal security models; explain how enterprises can implement wireless security.
8/30/2018 5:02:51 AM +00:00
Chapter 5 (part 1) include objectives: Explain general cryptography concepts, explain basic hashing concepts, basic encryption concepts, explain and implement protocols, explain core concepts of public key cryptography.
8/30/2018 5:02:51 AM +00:00
The content chapter 5 (part 1) include: Preparing for cryptographic attacks, cryptography standards and protocols, key management and key life cycle, introduction of PKI, trust models, PKI management.
8/30/2018 5:02:51 AM +00:00
The content chapter 5 include: Access control models, authentication models, logging procedures, conducting security audits, redundancy planning, disaster recovery procedures, organizational policies.
8/30/2018 5:02:51 AM +00:00
The contents are presented in chapter 7: Define authentication, authentication credentials, authentication models, authentication servers, extended authentication protocols, Virtual Private Network (VPN). Inviting you to refer.
8/30/2018 5:02:51 AM +00:00
After studying this chapter you should be able to: Define privilege audits, describe how usage audits can protect security, list the methodologies used for monitoring to detect security-related anomalies, describe the different monitoring tools.
8/30/2018 5:02:51 AM +00:00
After studying chapter 9 you should be able to: Define risk and risk management, describe the components of risk management, list and describe vulnerability scanning tools, define penetration testing.
8/30/2018 5:02:51 AM +00:00
Bài giảng Xây dựng hệ thống Firewall - Bài 1 trình bày các nguyên tắc bảo mật mạng. Mục tiêu của bài này giúp người học: Nhận biết được các nguy cơ bị tấn công của hệ thống mạng, giải thích được các bước để hack một hệ thống mạng, trình bày được các loại tấn công vào hệ thống mạng,... Mời các bạn tham khảo.
8/30/2018 5:02:51 AM +00:00
Bài giảng bài 2 đề cập đến việc bảo mật mạng sử dụng Cisco IOS Firewall. Bài học này giúp sinh viên hình dung được cách xây dựng hệ thống phòng thủ theo từng tầng, biết ứng dụng bài học vào thực tiễn xây dựng hệ thống Firewall với Cisco IOS Firewall bảo mật cho hệ thống mạng doanh nghiệp.
8/30/2018 5:02:51 AM +00:00
Bài 3 trang bị cho người học những hiểu biết về bảo mật mạng sử dụng Cisco IPS, giúp sinh viên hiểu về các tính năng của các hệ thống IPS/IDS, biết ứng dụng bài học vào thực tiễn xây dựng hệ thống phát hiện và ngăn chặn tấn công cho hệ thống mạng doanh nghiệp.
8/30/2018 5:02:51 AM +00:00
Bài 4 trình bày về bảo mật Layer 2. Nội dung chính của chương này gồm: Giới thiệu bảo mật ở lớp 2, tấn công giả mạo MAC Address, tấn công đánh tràn bảng MAC, thay đổi cây STP, LAN storm Attack, cấu hình Layer 2 Security. Mời các bạn cùng tham khảo.
8/30/2018 5:02:51 AM +00:00