Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
0Activity

Table Of Contents

Part III: Augmenting Depth of Defense
Part IV: Security Inside the Perimeter
Part V: Practice Exams and Answers
Introduction
Organization and Elements of This Book
Contacting the Author
Self Assessment
Who Is a CCNA Security?
The Ideal CCNA Security Candidate
Put Yourself to the Test
Exam Topics for 640-553 IINS (Implementing Cisco IOS Network Security)
Strategy for Using This Exam Cram
Network Insecurity
Exploring Network Security Basics and the Need for Network Security
The Threats
Other Reasons for Network Insecurity
The CIA Triad
Data Classification
Security Controls
.Incident response
Incident Response
Laws and Ethics
Exploring the Taxonomy of Network Attacks
Adversaries
How Do Hackers Think?
Concepts of Defense in Depth
IP Spoofing Attacks
Attacks Against Confidentiality
Attacks Against Integrity
Attacks Against Availability
Operations Security Principles
Network Security Testing
Disaster Recovery and Business Continuity Planning
Establishing a Comprehensive Network Security Policy
Defining Assets
The Need for a Security Policy
Policies
Standards, Guidelines, and Procedures
Who Is Responsible for the Security Policy?
Risk Management
Principles of Secure Network Design
Examining Cisco’s Model of the Self- Defending Network
Where Is the Network Perimeter?
Building a Cisco Self-Defending Network
Components of the Cisco Self-Defending Network
Cisco Integrated Security Portfolio
Security at the Network Perimeter
Cisco IOS Security Features
Where Do You Deploy an IOS Router?
Cisco ISR Family and Features
Securing Administrative Access to Cisco Routers
Review Line Interfaces
Password Best Practices
Configuring Passwords
Setting Multiple Privilege Levels
Configuring Role-Based Access to the CLI
Configuring the Cisco IOS Resilient Configuration Feature
Protecting Virtual Logins from Attack
Configuring Banner Messages
Introducing Cisco SDM
Files Required to Run Cisco SDM from the Router
Using Cisco SDM Express
Launching Cisco SDM
Cisco SDM Smart Wizards
Advanced Configuration with SDM
Cisco SDM Monitor Mode
Configuring Local Database AAA on a Cisco Router
Authentication, Authorization, and Accounting (AAA)
Two Reasons for Implementing AAA on Cisco Routers
Cisco’s Implementation of AAA for Cisco Routers
Tasks to Configure Local Database AAA on a Cisco Router
Additional Local Database AAA CLI Commands
Configuring External AAA on a Cisco Router Using Cisco Secure ACS
Why Use Cisco Secure ACS?
Cisco Secure ACS Features
Cisco Secure ACS for Windows Installation Requirements
TACACS+ or RADIUS?
Prerequisites for Cisco Secure ACS
Three Main Tasks for Setting Up External AAA
AAA Configuration Snapshot
Exam Prep Questions
Implementing Secure Management and Hardening the Router
Planning for Secure Management and Reporting
What to Log
How to Log
Secure Management and Reporting Guidelines
Logging with Syslog
Cisco Security MARS
Where to Send Log Messages
Log Message Levels
Log Message Format
Enabling Syslog Logging in SDM
Using SNMP
Configuring the SSH Daemon
Configuring Time Features
Using Cisco SDM and CLI Tools to Lock Down the Router
Router Services and Interface Vulnerabilities
Performing a Security Audit
Using Cisco IOS Firewalls to Implement a Network Security Policy
Examining and Defining Firewall Technologies
What Is a Firewall?
Characteristics of a Firewall
Firewall Advantages
Firewall Disadvantages
Role of Firewalls in a Layered Defense Strategy
Types of Firewalls
Cisco Family of Firewalls
Firewall Implementation Best Practices
Creating Static Packet Filters with ACLs
Threat Mitigation with ACLs
Inbound Versus Outbound
Identifying ACLs
ACL Examples Using the CLI
ACL Guidelines
Item Guideline
Using the Cisco SDM to Configure ACLs
Using ACLs to Filter Network Services
Using ACLs to Mitigate IP Address Spoofing Attacks
Using ACLs to Filter Other Common Services
Cisco Zone-Based Policy Firewall Fundamentals
Advantages of ZPF
Features of ZPF
ZPF Actions
Zone Behavior
Manually Configuring ZPF with the Cisco SDM
Monitoring ZPF
Introducing Cryptographic Services
Cryptology Overview
Cryptanalysis
Encryption Algorithm (Cipher) Desirable Features
TABLE 6.2Encryption Algorithm Desirable Features
Block Versus Stream Ciphers
Which Encryption Algorithm Do I Choose?
Cryptographic Hashing Algorithms
Principles of Key Management
Other Key Considerations
SSL VPNs
Exploring Symmetric Key Encryption
3DES
SEAL
Rivest Ciphers (RC)
HMACs
Message Digest 5 (MD5)
Secure Hashing Algorithm 1 (SHA-1)
Digital Signatures
Exploring Asymmetric Key Encryption and Public Key Infrastructure
Encryption with Asymmetric Keys
Authentication with Asymmetric Keys
Public Key Infrastructure Overview
PKI Topologies
PKI and Usage Keys
PKI Server Offload and Registration Authorities (RAs)
PKI Standards
Certificate Enrollment Process
Certificate-Based Authentication
Certificate Applications
Virtual Private Networks with IPsec
Overview of VPN Technology
Cisco VPN Products
VPN Benefits
Site-to-Site VPNs
Remote-Access VPNs
Cisco IOS SSL VPN
Cisco VPN Product Positioning
TABLE 7.2Cisco VPN Product Positioning
VPN Clients
Hardware-Accelerated Encryption
IPsec Compared to SSL
Conceptualizing a Site-to-Site IPsec VPN
IPsec Components
IPsec Strengths
Constructing a VPN: Putting it Together
Implementing IPsec on a Site-to-Site VPN Using the CLI
Step 2: Create ISAKMP (IKE Phase I) Policy Set(s)
Step 3: Configure IPsec Transform Set(s)
Implementing IPsec on a Site-to-Site VPN Using Cisco SDM
Site-to-Site VPN Wizard Using Quick Setup
Site-to-Site VPN Wizard Using Step-by-Step Setup
Network Security Using Cisco IOS IPS
Exploring IPS Technologies
IDS Versus IPS
IDS and IPS Categories
Network IPS
HIPS and Network IPS Comparison
Cisco IPS Appliances
IDS and IPS Signatures
Signature Alarms
Best Practices for IPS Configuration
Implementing Cisco IOS IPS
Cisco IOS IPS Feature Blend
Cisco IOS IPS Primary Benefits
Cisco IOS IPS Signature Integration
Configuring Cisco IOS IPS with the Cisco SDM
Cisco IOS IPS CLI Configuration
Configuring IPS Signatures
SDEE and Syslog Logging Protocol Support
Verifying IOS IPS Operation
Introduction to Endpoint, SAN, and Voice Security
Introducing Endpoint Security
Cisco’s Host Security Strategy
Securing Software
Endpoint Attacks
Endpoint Best Practices
Exploring SAN Security
SAN Advantages
SAN Technologies
SAN Address Vulnerabilities
Virtual SANs (VSANs)
SAN Security Strategies
Exploring Voice Security
VoIP Components
Threats to VoIP Endpoints
Fraud
SIP Vulnerabilities
Mitigating VoIP Hacking
Protecting Switch Infrastructure
VLAN Hopping Attacks
.VLAN hopping by rogue trunk
VLAN Hopping by Rogue Trunk
VLAN Hopping by Double-Tagging
STP Manipulation Attack
Storm Control
Switch Security Best Practices
Practice Exam 1
Answers to Practice Exam 1
Practice Exam 2
Answers to Practice Exam 2
What’s on the CD-ROM
Multiple Test Modes
Study Mode
Certification Mode
Custom Mode
Attention to Exam Objectives
Installing the CD
Technical Support
Need to Know More?
Network Security Policies
Network Security Practices
Cryptography
Index
0 of .
Results for:
No results containing your search query
P. 1
Ccna Sec Exam Cram

Ccna Sec Exam Cram

Ratings: (0)|Views: 14 |Likes:
Published by Ajay Tokhai

More info:

Published by: Ajay Tokhai on May 18, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/18/2012

pdf

text

original

You're Reading a Free Preview
Pages 12 to 60 are not shown in this preview.
You're Reading a Free Preview
Pages 72 to 238 are not shown in this preview.
You're Reading a Free Preview
Pages 250 to 360 are not shown in this preview.
You're Reading a Free Preview
Pages 372 to 442 are not shown in this preview.
You're Reading a Free Preview
Pages 454 to 559 are not shown in this preview.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->