Enhanced descriptions from Syndetics:

A Cisco troubleshooting methodology. It includes coverage of: how to create, operate and use Cisco Access lists; how to secure a network when access occurs via a Cisco Router; and the TCP/IP Protocol and its use with Cisco routers. There are a number of security discussions too, and these include: public network and private network security threats and how to prevent them; how firewalls and proxy servers can be used as a first line of defence; how to configure Cisco Routers to accept only specific recognized incoming packets; using the Cisco PIX Firewall and the Centri firewall; and how to use the special security features built into Cisco routers.

Table of contents provided by Syndetics

• Preface (p. xv)
• Acknowledgments (p. xvii)
• Chapter 1 Introduction (p. 1)
• The Need for Security (p. 2)
• Public Network Threats (p. 2)
• Private Network Threats (p. 4)
• The Role of Routers (p. 5)
• Other Security Devices (p. 6)
• Firewall Features (p. 6)
• Packet Filtering (p. 6)
• Network Address Translation (p. 7)
• Authentication Services (p. 7)
• Encryption (p. 7)
• Alarm Generation (p. 8)
• Proxy Services (p. 8)
• Book Preview (p. 8)
• The TCP/IP Protocol Suite (p. 8)
• The Internet Protocol (p. 9)
• TCP and UDP (p. 9)
• NetWare (p. 9)
• Router Hardware and Software (p. 9)
• Working with Access Lists (p. 10)
• The PIX Firewall (p. 10)
• Chapter 2 The TCP/IP Protocol Suite (p. 11)
• The ISO Open Systems Interconnection Reference Model (p. 12)
• Layers of the OSI Reference Model (p. 12)
• Layer 1 The Physical Layer (p. 13)
• Layer 2 The Data Link Layer (p. 13)
• Layer 3 The Network Layer (p. 14)
• Layer 4 The Transport Layer (p. 14)
• Layer 5 The Session Layer (p. 15)
• Layer 6 The Presentation Layer (p. 15)
• Layer 7 The Application Layer (p. 15)
• Data Flow (p. 16)
• Layer Subdivision (p. 17)
• The TCP/IP Protocol Suite (p. 18)
• Comparison to the ISO Reference Model (p. 18)
• Internet Protocol (IP) (p. 19)
• Internet Control Message Protocol (ICMP) (p. 20)
• TCP and User Datagram Protcol (UDP) (p. 20)
• Data Delivery (p. 20)
• Chapter 3 The Internet Protocol (p. 23)
• The IP Header (p. 24)
• Vers Field (p. 24)
• Hlen and Total Length Fields (p. 24)
• Service Type Field (p. 24)
• Identification and Fragment Offset Fields (p. 25)
• Time to Live Field (p. 25)
• Flags Field (p. 25)
• Protocol Field (p. 26)
• Source and Destination Address Fields (p. 30)
• Overview (p. 31)
• IPv4 (p. 32)
• The Basic Addressing Scheme (p. 33)
• Address Classes (p. 33)
• Class A (p. 34)
• Class B (p. 34)
• Class C (p. 35)
• Class D (p. 36)
• Class E (p. 36)
• Dotted-Decimal Notation (p. 37)
• Reserved Addresses (p. 38)
• Networking Basics (p. 39)
• Subnetting (p. 40)
• Host Addresses on Subnets (p. 44)
• The Subnet Mask (p. 45)
• Configuration Examples (p. 47)
• Classless Networking (p. 50)
• IPv6 (p. 51)
• Address Architecture (p. 51)
• Address Types (p. 51)
• Address Notation (p. 52)
• Address Allocation (p. 52)
• Provider-Based Addresses (p. 54)
• Special Addresses (p. 54)
• Address Resolution (p. 55)
• Operation (p. 56)
• ICMP (p. 59)
• Chapter 4 TCP and UDP (p. 65)
• The TCP Header (p. 66)
• Source and Destination Port Fields (p. 67)
• Port Numbers (p. 67)
• Sequence and Acknowledgment Number Fields (p. 70)
• Hlen Field (p. 71)
• Code Bits Field (p. 71)
• Window Field (p. 72)
• Checksum Field (p. 72)
• Options and Padding Fields (p. 73)
• The UDP Header (p. 74)
• The Source and Destination Port Fields (p. 75)
• Length Field (p. 75)
• Checksum Field (p. 76)
• Firewall and Router Access
• List Considerations (p. 76)
• Chapter 5 NetWare (p. 77)
• Overview (p. 78)
• General Structure (p. 78)
• Network Layer Operation (p. 78)
• Transport Layer Operation (p. 79)
• SAPs, RIPs, and the NCP (p. 79)
• NetWare Addressing (p. 80)
• Network Address (p. 80)
• Node Address (p. 80)
• Socket Number (p. 81)
• IPX (p. 81)
• Packet Structure (p. 82)
• Checksum Field (p. 82)
• Length Field (p. 83)
• Transport Control Field (p. 83)
• Packet Type Field (p. 83)
• Destination Network Address Field (p. 84)
• Destination Node Address Field (p. 84)
• Destination Socket Field (p. 84)
• Source Network Field (p. 85)
• Source Node Field (p. 85)
• Source Socket Field (p. 85)
• SPX (p. 85)
• Packet Structure (p. 86)
• Comparison to IPX (p. 87)
• Connection Control Field (p. 87)
• Datastream Type Field (p. 88)
• Source Connection ID Field (p. 88)
• Destination Connection ID Field (p. 88)
• Sequence Number Field (p. 89)
• Acknowledgment Number Field (p. 89)
• Allocation Number Field (p. 89)
• SAP, RIP, and NCP (p. 89)
• Chapter 6 Router Hardware and Software Overview (p. 91)
• Basic Hardware Components (p. 92)
• Central Processing Unit (CPU) (p. 93)
• Flash Memory (p. 93)
• ROM (p. 93)
• RAM (p. 93)
• Nonvolatile RAM (p. 94)
• I/O Ports and Media-Specific Converters (p. 94)
• The Router Initialization Process (p. 96)
• Basic Software Components (p. 99)
• Operating System Image (p. 99)
• Configuration File (p. 100)
• Data Flow (p. 100)
• The Router Configuration Process (p. 102)
• Cabling Considerations (p. 102)
• Console Access (p. 103)
• Setup Considerations (p. 104)
• The Command Interpreter (p. 107)
• User Mode Operations (p. 107)
• Privileged Mode of Operation (p. 109)
• Configuration Command Categories (p. 111)
• Global Configuration Commands (p. 112)
• Interface Commands (p. 113)
• Line Commands (p. 113)
• Router Commands (p. 114)
• Abbreviating Commands (p. 115)
• Security Management Considerations (p. 116)
• Password Management (p. 116)
• Access Lists (p. 117)
• Chapter 7 Cisco Router Access Lists (p. 119)
• Cisco Access List Technology (p. 120)
• Access Lists Defined (p. 121)
• Creating Access Lists (p. 122)
• Access List Details (p. 125)
• Applying Access Lists (p. 127)
• Named Access Lists (p. 131)
• Editing Access Lists (p. 133)
• Access List Processing Revisited (p. 135)
• Placement of Entries in an Access List (p. 136)
• Representing Address Ranges -- Using Wildcard Masks (p. 137)
• Wildcard Mask Examples (p. 140)
• Additional Wildcard Mask Example (p. 144)
• Wildcard Mask Shortcuts (p. 145)
• Wildcard Masks Concluded (p. 145)
• Packet Filtering Technology (p. 146)
• The Role of Packet Filters (p. 146)
• Packet Filters Defined (p. 147)
• Stateless and Stateful Packet Filtering (p. 148)
• Packet Filter Limitations (p. 149)
• IP Address Spoofing (p. 150)
• Stateless Packet Inspection (p. 151)
• Limited Information (p. 151)
• Human Error (p. 151)
• Configuration Principles (p. 152)
• Traditional IP Access Lists (p. 153)
• Standard Access Lists (p. 153)
• Extended IP Access Lists (p. 158)
• Filtering the TCP Protocol (p. 161)
• HTTP Services (p. 162)
• Inbound Traffic (p. 162)
• FTP Services (p. 163)
• Filtering the UDP Protocol (p. 165)
• Filtering the ICMP Protocol (p. 166)
• Filtering IP Packets (p. 168)
• Other Protocols (p. 171)
• Discovering Protocols (p. 171)
• Chapter 8 Advanced Cisco Router Security Features (p. 173)
• Next Generation Access Lists (p. 174)
• Dynamic Access Lists (p. 174)
• Limitations (p. 177)
• Time-Based Access Lists (p. 178)
• Limitations (p. 179)
• Reflexive Access Lists (p. 180)
• Limitations (p. 181)
• Examples (p. 182)
• Context Based Access Control (CBAC) (p. 186)
• Overview (p. 186)
• The Process (p. 187)
• Caveats (p. 188)
• Configuration (p. 188)
• Choose an Interface (p. 189)
• Configure Access Lists (p. 190)
• Configure Timeouts and Thresholds (p. 191)
• Define Inspection Rules (p. 191)
• Apply the Inspection Rules (p. 193)
• Additional Details (p. 193)
• Example Configuration (p. 194)
• Other IP Security Features (p. 199)
• Hardening the Router (p. 199)
• Secure Router Access (p. 200)
• Disable Unnecessary Services (p. 201)
• Commands (p. 201)
• TCP Intercept -- Preventing SYN Flooding (p. 202)
• Enabling TCP Intercept (p. 203)
• Setting the Mode (p. 203)
• Aggressive Thresholds (p. 204)
• Sample Configuration (p. 204)
• Network Address Translation (p. 204)
• Caveats (p. 205)
• NAT Terms (p. 205)
• Sample Configurations (p. 206)
• Translating Source Addresses (p. 206)
• Translating Source and Destination Addresses (p. 209)
• TCP Load Distribution (p. 210)
• Useful Commands (p. 211)
• Chapter 9 Non-IP Access Lists (p. 213)
• IPX Access Lists (p. 214)
• Filtering IPX Data Packets (p. 215)
• Filtering IPX SAP Updates (p. 218)
• Filtering IPX RIP Updates (p. 219)
• Layer 2 Access Lists (p. 220)
• Filtering by Layer 2 Address (p. 220)
• Filtering by LSAP or Type (p. 222)
• Filtering by Byte Offset (p. 223)
• Using Access Expressions (p. 224)
• Chapter 10 The Cisco PIX (p. 225)
• Cisco PIX Basics (p. 226)
• Models and Specifications (p. 229)
• Special Features of the PIX (p. 231)
• Limitations of the PIX (p. 234)
• Closed Implementation (p. 234)
• Limited Routing Support (p. 235)
• Limited VPN Support (p. 235)
• Limited Client Authentication (p. 235)
• Configuring the Cisco PIX (p. 236)
• Default Configuration (p. 236)
• Naming Interfaces (p. 236)
• Interface Settings (p. 240)
• Passwords (p. 240)
• Hostname (p. 241)
• Fixup Commands (p. 241)
• Names (p. 242)
• Failover (p. 243)
• Pager Lines (p. 243)
• Logging (p. 243)
• IP Addressing (p. 243)
• ARP (p. 244)
• Routing Commands (p. 244)
• Translation Timeouts (p. 245)
• SNMP Commands (p. 246)
• Maximum Transmission Unit (MTU) Commands (p. 246)
• Floodguard (p. 246)
• Getting the PIX Up and Running (p. 247)
• Defining NAT and Global Pools (p. 248)
• Using Static NAT and Conduits (p. 254)
• Dual NAT -- Using the Alias Command (p. 258)
• PIX Access Lists (p. 260)
• Handling Multi-Channel Protocols (p. 263)
• Setting Passwords (p. 266)
• Managing the PIX (p. 266)
• Advanced Configuration Topics (p. 268)
• User Authentication (p. 268)
• Virtual Private Networks (p. 270)
• Redundant PIX Design (p. 271)
• Filtering Web Traffic (p. 273)
• The PIX Manager (p. 274)
• Appendix A Determining Wildcard Mask Ranges (p. 279)
• Appendix B Creating Access Lists (p. 291)
• Appendix C Standard Access Lists (p. 295)
• Appendix D Extended IP Access Lists (p. 297)
• Appendix E Glossary (p. 299)
• Appendix F Acronyms and Abbreviations (p. 309)
• Index (p. 315)

Author notes provided by Syndetics