ISBN-13: 9781119409939 / Angielski / Miękka / 2018 / 384 str.
ISBN-13: 9781119409939 / Angielski / Miękka / 2018 / 384 str.
CCNA Security Study Guide provides thorough coverage of Exam 210-260, Implementing Cisco Network Security (IINS). Major topics include:
Secure network infrastructure
Understanding core security concepts
Managing secure access
VPN encryption
Firewalls
Intrusion prevention
Web and email content security
Endpoint security
The book will help readers gain insights into the installation, troubleshooting, and monitoring of a secure network to maintain integrity, confidentiality, and availability of data and devices. They will also develop competency in the technologies that Cisco uses in its security infrastructure.
Readers will also have access to Sybex's superior online interactive learning environment and test bank, including chapter tests, practice exams, a glossary of key terms, and electronic flashcards.
Introduction xxi
Assessment Test xxxi
Chapter 1 Understanding Security Fundamentals 1
Goals of Security 2
Confidentiality 2
Integrity 3
Availability 3
Guiding Principles 3
Common Security Terms 6
Risk Management Process 7
Network Topologies 15
CAN 15
WAN 16
Data Center 16
SOHO 17
Virtual 17
Common Network Security Zones 17
DMZ 17
Intranet and Extranet 18
Public and Private 18
VLAN 18
Summary 19
Exam Essentials 19
Review Questions 20
Chapter 2 Understanding Security Threats 25
Common Network Attacks 26
Motivations 26
Classifying Attack Vectors 27
Spoofing 28
Password Attacks 29
Reconnaissance Attacks 30
Buffer Overflow 34
DoS 34
DDoS 36
Man–in–the–Middle Attack 37
ARP Poisoning 37
Social Engineering 38
Phishing/Pharming 38
Prevention 38
Malware 39
Data Loss and Exfiltration 39
Summary 40
Exam Essentials 40
Review Questions 42
Chapter 3 Understanding Cryptography 45
Symmetric and Asymmetric Encryption 46
Ciphers 46
Algorithms 48
Hashing Algorithms 53
MD5 54
SHA–1 54
SHA–2 54
HMAC 55
Digital Signatures 55
Key Exchange 57
Application: SSH 57
Public Key Infrastructure 57
Public and Private Keys 58
Certificates 60
Certificate Authorities 61
PKI Standards 63
PKI Topologies 64
Certificates in the ASA 65
Cryptanalysis 67
Summary 68
Exam Essentials 68
Review Questions 69
Chapter 4 Securing the Routing Process 73
Securing Router Access 74
Configuring SSH Access 74
Configuring Privilege Levels in IOS 76
Configuring IOS Role–Based CLI 77
Implementing Cisco IOS Resilient Configuration 79
Implementing OSPF Routing Update Authentication 80
Implementing OSPF Routing Update Authentication 80
Implementing EIGRP Routing Update Authentication 82
Securing the Control Plane 82
Control Plane Policing 83
Summary 84
Exam Essentials 85
Review Questions 86
Chapter 5 Understanding Layer 2 Attacks 91
Understanding STP Attacks 92
Understanding ARP Attacks 93
Understanding MAC Attacks 95
Understanding CAM Overflows 96
Understanding CDP/LLDP Reconnaissance 97
Understanding VLAN Hopping 98
Switch Spoofing 98
Double Tagging 99
Understanding DHCP Spoofing 99
Summary 101
Exam Essentials 101
Review Questions 102
Chapter 6 Preventing Layer 2 Attacks 107
Configuring DHCP Snooping 108
Configuring Dynamic ARP Inspection 110
Configuring Port Security 112
Configuring STP Security Features 114
BPDU Guard 114
Root Guard 115
Loop Guard 115
Disabling DTP 116
Verifying Mitigations 116
DHCP Snooping 116
DAI 117
Port Security 118
STP Features 118
DTP 120
Summary 120
Exam Essentials 121
Review Questions 122
Chapter 7 VLAN Security 127
Native VLANs 128
Mitigation 128
PVLANs 128
PVLAN Edge 131
PVLAN Proxy Attack 132
ACLs on Switches 133
Port ACLs 133
VLAN ACLs 133
Summary 134
Exam Essentials 134
Review Questions 136
Chapter 8 Securing Management Traffic 141
In–Band and Out–of–Band Management 142
AUX Port 142
VTY Ports 143
HTTPS Connection 144
SNMP 144
Console Port 145
Securing Network Management 146
SSH 146
HTTPS 146
ACLs 146
Banner Messages 147
Securing Access through SNMP v3 149
Securing NTP 150
Using SCP for File Transfer 151
Summary 151
Exam Essentials 152
Review Questions 153
Chapter 9 Understanding 802.1x and AAA 157
802.1x Components 158
RADIUS and TACACS+ Technologies 159
Configuring Administrative Access with TACACS+ 160
Local AAA Authentication and Accounting 160
SSH Using AAA 161
Understanding Authentication and Authorization
Using ACS and ISE 161
Understanding the Integration of Active Directory with AAA 162
TACACS+ on IOS 162
Verify Router Connectivity to TACACS+ 164
Summary 164
Exam Essentials 165
Review Questions 166
Chapter 10 Securing a BYOD Initiative 171
The BYOD Architecture Framework 172
Cisco ISE 172
Cisco TrustSec 174
The Function of Mobile Device Management 177
Integration with ISE Authorization Policies 177
Summary 178
Exam Essentials 179
Review Questions 180
Chapter 11 Understanding VPNs 185
Understanding IPsec 186
Security Services 186
Protocols 189
Delivery Modes 192
IPsec with IPV6 194
Understanding Advanced VPN Concepts 195
Hairpinning 195
Split Tunneling 196
Always–on VPN 197
NAT Traversal 198
Summary 199
Exam Essentials 199
Review Questions 200
Chapter 12 Configuring VPNs 203
Configuring Remote Access VPNs 204
Basic Clientless SSL VPN Using ASDM 204
Verify a Clientless Connection 207
Basic AnyConnect SSL VPN Using ASDM 207
Verify an AnyConnect Connection 209
Endpoint Posture Assessment 209
Configuring Site–to–Site VPNs 209
Implement an IPsec Site–to–Site VPN with Preshared Key Authentication 209
Verify an IPsec Site–to–Site VPN 212
Summary 212
Exam Essentials 213
Review Questions 214
Chapter 13 Understanding Firewalls 219
Understanding Firewall Technologies 220
Packet Filtering 220
Proxy Firewalls 220
Application Firewall 221
Personal Firewall 221
Stateful vs. Stateless Firewalls 222
Operations 222
State Table 223
Summary 224
Exam Essentials 224
Review Questions 225
Chapter 14 Configuring NAT and Zone–Based Firewalls 229
Implementing NAT on ASA 9.x 230
Static 231
Dynamic 232
PAT 233
Policy NAT 233
Verifying NAT Operations 235
Configuring Zone–Based Firewalls 236
Class Maps 237
Default Policies 237
Configuring Zone–to–Zone Access 239
Summary 240
Exam Essentials 240
Review Questions 241
Chapter 15 Configuring the Firewall on an ASA 245
Understanding Firewall Services 246
Understanding Modes of Deployment 247
Routed Firewall 247
Transparent Firewall 247
Understanding Methods of Implementing High Availability 247
Active/Standby Failover 248
Active/Active Failover 248
Clustering 249
Understanding Security Contexts 249
Configuring ASA Management Access 250
Initial Configuration 250
Configuring Cisco ASA Interface Security Levels 251
Security Levels 251
Configuring Security Access Policies 253
Interface Access Rules 253
Object Groups 254
Configuring Default Cisco Modular Policy Framework (MPF) 256
Summary 257
Exam Essentials 257
Review Questions 259
Chapter 16 Intrusion Prevention 263
IPS Terminology 264
Threat 264
Risk 264
Vulnerability 265
Exploit 265
Zero–Day Threat 265
Actions 265
Network–Based IPS vs. Host–Based IPS 266
Host–Based IPS 266
Network–Based IPS 266
Promiscuous Mode 266
Detection Methods 267
Evasion Techniques 267
Packet Fragmentation 267
Injection Attacks 270
Alternate String Expressions 271
Introducing Cisco FireSIGHT 271
Capabilities 271
Protections 272
Understanding Modes of Deployment 273
Inline 275
Positioning of the IPS within the Network 275
Outside 275
DMZ 276
Inside 277
Understanding False Positives, False Negatives, True Positives, and True Negatives 277
Summary 278
Exam Essentials 278
Review Questions 280
Chapter 17 Content and Endpoint Security 285
Mitigating Email Threats 286
Spam Filtering 286
Context–Based Filtering 287
Anti–malware Filtering 287
DLP 287
Blacklisting 288
Email Encryption 288
Cisco Email Security Appliance 288
Putting the Pieces Together 290
Mitigating Web–Based Threats 292
Understanding Web Proxies 292
Cisco Web Security Appliance 293
Mitigating Endpoint Threats 294
Cisco Identity Services Engine (ISE) 294
Antivirus/Anti–malware 294
Personal Firewall 294
Hardware/Software Encryption of Local Data 294
HIPS 295
Summary 295
Exam Essentials 295
Review Questions 296
Appendix Answers to Review Questions 301
Chapter 1: Understanding Security Fundamentals 302
Chapter 2: Understanding Security Threats 304
Chapter 3: Understanding Cryptography 305
Chapter 4: Securing the Routing Process 307
Chapter 5: Understanding Layer 2 Attacks 309
Chapter 6: Preventing Layer 2 Attacks 311
Chapter 7: VLAN Security 312
Chapter 8: Securing Management Traffic 314
Chapter 9: Understanding 802.1x and AAA 316
Chapter 10: Securing a BYOD Initiative 317
Chapter 11: Understanding VPNs 319
Chapter 12: Configuring VPNs 321
Chapter 13: Understanding Firewalls 322
Chapter 14: Configuring NAT and Zone–Based Firewalls 324
Chapter 15: Configuring the Firewall on an ASA 325
Chapter 16: Intrusion Prevention 327
Chapter 17: Content and Endpoint Security 328
Index 331
Troy McMillan, CCNA, CCNP, CISSP, CASP, Security+, writes practice tests, study guides, and online course material for Kaplan IT Cert Prep. As a trainer and consultant with over 30 industry certifications, he delivers training in both live and video formats.
Covers 100% of exam objectives, including secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention, web and email content security, endpoint security, and much more... Includes online interactive learning environment with:
+2 custom practice exams
+100 electronic flashcards
+Searchable key term glossary
Complete, practical, real–world preparation for the CCNA exam
The CCNA Security Study Guide offers comprehensive preparation for Exam 210–260, with expert coverage of all exam objectives and a robust tool kit of learning aids. Providing explanation and insight into the installation, troubleshooting, and monitoring of secure networks, this guide helps candidates develop the technological competency they need to maintain the integrity, confidentiality, and availability of data and devices. Practical examples give you a real–world understanding of critical security issues, and access to the Sybex online interactive learning environment provides chapter tests, electronic flashcards, practice exams, and more to help you maximize your study time while building skills and confidence.
Coverage of 100% of all exam objectives in this Study Guide means you′ll be ready for:
Interactive learning environment
Take your exam prep to the next level with Sybex′s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, type in your unique PIN, and instantly gain access to:
ABOUT THE CCNA PROGRAM
The CCNA Security certification program is for network professionals seeking roles as security technicians, administrators, and support engineers. This certification validates skills in Cisco network security testing, deployment, configuration, maintenance, and troubleshooting. Candidates must meet Cisco CCENT requirements and have one to three years of experience in the field. Visit www.cisco.com for more information.
1997-2024 DolnySlask.com Agencja Internetowa