¶ó¿ìÅÍ, ½ºÀ§Ä¡ ¿î¿ë, ³×Æ®¿öÅ© ±¸Ãà, ¼³°è, À¯Áöº¸¼ö µî ³×Æ®¿öÅ© ¿î¿ë ±â¼úÀ» ¼÷ÁöÇÑ ÈÄ ³×ºê¿öÅ© º¸¾È ±â¼ú¿¡ ´ëÇÑ NCS ÀÔ¹® ±³Àç·Î ´Ù¾çÇÑ ±â¼ú ³»¿ë°ú ¹æȺ® UTM Àåºñ ½Ç½À(½Ã½ºÄÚ ASA 5500, SECUI MF2) ¿¹¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù.
ÀÌ Ã¥Àº Á¤º¸Åë½Å°ú ¹× IT °è¿À» Àü°øÇÏ´Â Çлýµé¿¡°Ô ³×Æ®¿öÅ© ±âÃÊ, ±¸Ãࡤ¿î¿ë, À¯Áöº¸¼ö ¹× °ü¸® µî ³×Æ®¿öÅ© °ü·Ã °ú¸ñÀ» À̼öÇÑ ÈÄ ¸¶Áö¸· ´Ü°è¿¡ À̼öÇÏ´Â °ú¸ñÀ¸·Î NCS ³×Æ®¿öÅ© ±¸Ãà, ¿î¿ë Á÷¹«ÀÇ ³×Æ®¿öÅ© º¸¾È ±â¼ú ³»¿ëÀ» ´Ù·é´Ù.
¸ÕÀú 1Àå¿¡¼ ³×Æ®¿öÅ© º¸¾È °³¿ä¸¦ ±â¼úÇÑ´Ù. ±¸Ã¼ÀûÀ¸·Î Á¤º¸ º¸È£, º¸¾È »ç°í, Á¤º¸ º¸¾È ±¸¼º ¿ä¼Ò ¹× º¸¾È ¿ë¾î¸¦ Á¤ÀÇÇÑ´Ù. 2ÀåÀº L2 ½ºÀ§Ä¡ Àåºñ º¸¾ÈÀ¸·Î, Æ÷Æ® º¸¾È, VLAN ºí·ÏÅ·, SPAN(Switch Port Analyzer), STP, DHCP snooping, smurf °ø°Ý µî¿¡ ´ëÇÑ ´ëó, °ø°Ý ¿ÏÈ, ½ºÀ§Ä¡ º¸¾È ½Ç¹« ¿øÄ¢ µîÀ» ±â¼úÇÑ´Ù. 3ÀåÀº ¶ó¿ìÅÍ º¸¾È¿¡ ´ëÇÑ ³»¿ëÀ» ±â¼úÇÑ´Ù. ¾×¼¼½º ¸®½ºÆ® ¼³Á¤À¸·Î ¿©·¯ ´Ù¾çÇÑ ¼ºê³Ý, ´Ù¾çÇÑ ÀÀ¿ëÀ» ¸ñÀûÁö¿Í ¹ß½ÅÁö¸¦ ±Ù°Å·Î Â÷´Ü ¶Ç´Â Çã¿ëÇÏ°í, ¿©·¯ ¼ºñ½º (password, TCP/UDP, TFTP, NTP, Finger, SNMP, source routing µî)¿¡ ¼ºñ½º »ç¿ë ¶Ç´Â ÁßÁö¸¦ °áÁ¤Çϸç, ¿©·¯ º¸¾È °ø°Ý(IP sppofing, MITM, DoS/DDos °ø°Ý, SYN flood, Æнº¿öµå °ø°Ý) µî¿¡ ´ëÇÑ ´ëÃ¥°ú °ø°Ý ¿ÏÈ ¹æ½ÄÀ» ±â¼úÇÑ´Ù. 4ÀåÀº ¹æȺ®¿¡ ´ëÇÑ °³¿ä¿Í ´õºÒ¾î ACL, NAT µîÀÇ °³³äÀ» ±â¼úÇÏ°í, ½ÇÁ¦ ¹æȺ® µ¿ÀÛ(½Ã½ºÄÚ ASA 5517, SECUI MF2)À» ¼³¸íÇÏ°í ½Ç½À ´Ù¾çÇÑ ¿¹(DoS, URL filtering, ACL, SPAN, anti-spam & virus, IPS)¸¦ ±â¼úÇÑ´Ù. 5ÀåÀº VPN¿¡ ´ëÇÑ ³»¿ëÀ¸·Î IPsec VPN, SSH, ESP, ÅͳΠÇÁ·ÎÅäÄÝ µî¿¡ ´ëÇÏ¿© ±â¼úÇÑ´Ù. 6ÀåÀº °ü¸® Á¢¼Ó º¸¾È¿¡ ´ëÇÏ¿© ±â¼úÇÑ´Ù. ±¸Ã¼ÀûÀ¸·Î AAA, RADIUS, TACACS+ ÇÁ·ÎÅäÄÝ°ú ÀÎÁõ °úÁ¤À» ±â¼úÇÑ´Ù. 7ÀåÀº ¾ÏÈ£È ¾Ë°í¸®Áò¿¡ ´ëÇÑ ±â¼úÀ» ¼³¸íÇÑ´Ù. ´ëĪ, ºñ´ëĪ, Çؽ¬ ÇÔ¼ö¸¦ Æ÷ÇÔÇÑ ´Ù¾çÇÑ ¾ÏÈ£È ¹æ½ÄÀ» ´Ù·é´Ù.
Chapter 01 ³×Æ®¿öÅ© º¸¾È °³¿ä
1.1 º¸¾È Á¤Ã¥(security policy)
1.2 ÀϹÝÀûÀÎ º¸¾È À§Çù
1.2.1 Ãë¾à¼º(Vulnerabilities)
1.2.2 ¹°¸®Àû ÀÎÇÁ¶ó¿¡ ´ëÇÑ À§Çù(Threats)
1.2.3 ³×Æ®¿öÅ©¿¡ ´ëÇÑ À§Çù
1.2.4 ³×Æ®¿öÅ© °ø°Ý À¯Çü
Chapter 02 ½ºÀ§Ä¡ º¸¾È
2.1 °³¿ä
2.2 MAC Å×À̺í(¶Ç´Â CAM: Contents Address Memory) ¿À¹öÇÃ·Î¿ì °ø°Ý
2.3 MAC ½ºÇªÇÎ(spoofing) °ø°Ý
2.4 ½ºÅè Á¦¾î(storm control)
2.5 ½ºÀ§Ä¡ Æ÷Æ® SPAN ±â´É
2.6 VLAN È£ÇÎ ¹æÁö
2.6.1 ½ºÀ§Ä¡ ½ºÇªÇÎ
2.6.2 ÀÌÁß Å±ë(double tagging)
2.7 DHCP ¼¹ö ½ºÇªÇÎ
2.8 µ¿Àû ARP °Ë»ç(DAI : Dynamic ARP Inspection)
2.9 ·¹º§ 2 º¸¾È Áöħ
Chapter 03 ¶ó¿ìÅÍ(L3 ½ºÀ§Ä¡) º¸¾È
3.1 ¶ó¿ìÅÍ º¸¾È
3.2 3 °èÃþ º¸¾È ´ëÃ¥
3.2.1 Smurf °ø°Ý(ICMP Ç÷¯µù)
3.2.2 SYN °ø°Ý ´ëÃ¥
3.2.3 IP ¹ß½ÅÁö ÃßÀû
3.2.4 IP ½ºÇªÇÎ °ø°Ý ¹æÁö
3.2.5 CAR(Committed Access Rate) ¼³Á¤
3.3 ¶ó¿ìÅÍ ¼ºñ½º º¸¾È
3.4 º¸¾È °ü¸®
3.4.1 ½Ã½º·Î±× Áö¿ø(syslog support)
3.4.2 SNMP(Simple Network Management Protocol)
3.4.3 ¶ó¿ìÅÍ(½ºÀ§Ä¡)¿¡¼ SSH ¼³Á¤
3.5 NAT(Network Address Translation)
Chapter 04 ¹æȺ® ÀϹÝ
4.1 °³¿ä
4.2 °Ë»ç ¹× ¿î¿ë
4.2.1 stateful °Ë»ç
4.2.2 ÀÀ¿ë °èÃþ °Ë»ç
4.2.3 ¹æȺ® ¾Ë°í¸®Áò µ¿ÀÛ
4.2.4 º¸¾È ÄÁÅؽºÆ®
4.2.5 °æ·Î ¼³Á¤
4.3 ½ÃÅ¥¾ÆÀÌ ¹æȺ®(SECUI MF2) ±â´É
4.3.1 °³¿ä
4.3.2 SECUI MF2 ÁÖ¿ä Ư¡
4.3.3 SECUI MF2 ½Ç½À(LAB) ½Ã³ª¸®¿À
4.3.4 SECUI MF2 ȯ°æ ¼³Á¤
4.3.5 MF2 ½Ã½ºÅÛ ¼³Á¤
4.4 MF2 ¹æȺ® ¼³Á¤
4.4.1 °´Ã¼ ¼³Á¤
4.4.2 Á¤Ã¥ ¼³Á¤(Policy configuration)
4.4.3 »ç¿ëÀÚ ÀÎÁõ ¼³Á¤(User authentication configuration)
4.4.4 »ç¿ëÀÚ Á¤ÀÇ ºí·¢¸®½ºÆ® ¼³Á¤
4.5 Cisco ASA (Adaptive Security Appliance)
4.5.1 Cisco ASA ¼Ò°³
4.5.2 Cisco ASA ½Ç½À(LAB) ½Ã³ª¸®¿À
4.5.3 Cisco ASA Ãʱ⠼³Á¤
4.5.4 ASA ±âº» ¼³Á¤
4.5.5 ASA ¾×¼¼½º Á¦¾î¿ë °´Ã¼
4.5.6 ¾×¼¼½º Á¦¾î ¸ñ·Ï(Access Control List)
4.5.7 LAB ±âÁØ
Chapter 05 VPN º¸¾È
5.1 IPsec VPN º¸¾È
5.1.1 IPsec ¸ðµå
5.1.2 IPsec ¾ÈƼ Àç»ý(anti replay) ¼ºñ½º
5.2 ISAKMP & IKE
5.2.1 IKE v1
5.2.2 IKE v2
5.3 VPN Á¾·ù
5.3.1 ÅͳΠÇÁ·ÎÅäÄÝ
5.3.2 IPsec VPN
5.3.3 SSL VPN(Secure Socket Layer)
5.3.4 MPLS VPN
5.4 SECUI MF2 VPN
5.4.1 IPSec VPN
5.4.2 SSL VPN
5.5 Cisco ASA VPN
5.5.1 IPSec VPN
Chapter 06 °ü¸® Á¢¼Ó º¸¾È
6.1 AAA °³¿ä
6.2 ÀÎÁõ ÇÁ·ÎÅäÄÝ
6.2.1 RADIUS ÀÎÁõ
6.2.2 TACACS+ ÀÎÁõ
6.3 AAA ±â´É ¼³Á¤
6.4 ¹«¼± LAN º¸¾È ¹× ÀÎÁõ
6.4.1 ¹«¼± LAN º¸¾È
6.4.2 ÀÎÁõ ÀåÄ¡¿¡¼ ÀÎÁõ ¼³Á¤
Chapter 07 °ü¸®¾ÏÈ£È Á¢¼Ó º¸¾È
7.1 ¾ÏÈ£È ¾Ë°í¸®Áò
7.1.1 ´ëĪŰ ¾ÏÈ£
7.1.2 ºñ´ëĪŰ ¾ÏÈ£
7.2 Çؽ¬(Hash)
7.3 °ø°³Å° ±â¹Ý(PKI) ±¸Á¶ ¹× ÀüÀÚ ¼¸í