CCNA Security (210-260) Portable Command Guide
Cisco Press (Verlag)
978-1-58720-575-0 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
Completely updated to reflect the new CCNA Security 210-260 exam, this quick reference summarizes relevant Cisco IOS® Software commands, keywords, command arguments, and associated prompts, and offers tips and examples for applying these commands to real-world security challenges. Configuration examples, throughout, provide an even deeper understanding of how to use IOS to protect networks.
Topics covered include
Networking security fundamentals: concepts, policies, strategy
Protecting network infrastructure: network foundations, security management planes/access; data planes (Catalyst switches and IPv6)
Threat control/containment: protecting endpoints and content; configuring ACLs, zone-based firewalls, and Cisco IOS IPS
Secure connectivity: VPNs, cryptology, asymmetric encryption, PKI, IPsec VPNs, and site-to-site VPN configuration
ASA network security: ASA/ASDM concepts; configuring ASA basic settings, advanced settings, and VPNs
Access all CCNA Security commands: use as a quick, offline resource for research and solutions
Logical how-to topic groupings provide one-stop research
Great for review before CCNA Security certification exams
Compact size makes it easy to carry with you, wherever you go
“Create Your Own Journal” section with blank, lined pages allows you to personalize the book for your needs
“What Do You Want to Do?” chart inside the front cover helps you to quickly reference specific tasks
Bob Vachon is a professor in the Computer Systems Technology program at Cambrian College in Sudbury, Ontario, Canada, where he teaches networking infrastructure courses. He has worked and taught in the computer networking and information technology field since 1984. He has collaborated on various CCNA, CCNA Security, and CCNP projects for the Cisco Networking Academy as team lead, lead author, and subject matter expert. He enjoys playing the guitar and being outdoors.
Introduction xxi
Part I: Networking Security Fundamentals
Chapter 1 Networking Security Concepts 1
Basic Security Concepts 2
Security Terminology 2
Confidentiality, Integrity, and Availability (CIA) 2
Data Classification Criteria 2
Data Classification Levels 3
Classification Roles 3
Threat Classification 3
Trends in Information Security Threats 4
Preventive, Detective, and Corrective Controls 4
Risk Avoidance, Transfer, and Retention 4
Drivers for Network Security 5
Evolution of Threats 5
Data Loss and Exfiltration 5
Tracking Threats 6
Malware 6
Anatomy of a Worm 7
Mitigating Malware and Worms 7
Threats in Borderless Networks 8
Hacker Titles 8
Thinking Like a Hacker 9
Reconnaissance Attacks 9
Access Attacks 10
Password Cracking 11
Denial-of-Service Attacks 11
Distributed Denial-of-Service Attacks 12
Tools Used by Attackers 13
Principles of Secure Network Design 13
Defense in Depth 14
Chapter 2 Implementing Security Policies 15
Managing Risk 15
Quantitative Risk Analysis Formula 16
Quantitative Risk Analysis Example 17
Regulatory Compliance 17
Security Policy 19
Standards, Guidelines, and Procedures 20
Security Policy Audience Responsibilities 21
Security Awareness 21
Secure Network Lifecycle Management 22
Models and Frameworks 23
Assessing and Monitoring the Network Security Posture 23
Testing the Security Architecture 24
Incident Response 24
Incident Response Phases 24
Computer Crime Investigation 25
Collection of Evidence and Forensics 25
Law Enforcement and Liability 25
Ethics 25
Disaster-Recovery and Business-Continuity Planning 26
Chapter 3 Building a Security Strategy 27
Cisco Borderless Network Architecture 27
Borderless Security Products 28
Cisco SecureX Architecture and Context-Aware Security 28
Cisco TrustSec 30
TrustSec Confidentiality 30
Cisco AnyConnect 31
Cisco Talos 31
Threat Control and Containment 31
Cloud Security and Data-Loss Prevention 32
Secure Connectivity Through VPNs 32
Security Management 33
Part II: Protecting the Network Infrastructure
Chapter 4 Network Foundation Protection 35
Threats Against the Network Infrastructure 35
Cisco Network Foundation Protection Framework 36
Control Plane Security 37
Control Plane Policing 37
Management Plane Security 38
Role-Based Access Control 39
Secure Management and Reporting 39
Data Plane Security 39
ACLs 40
Antispoofing 40
Layer 2 Data Plane Protection 40
Chapter 5 Securing the Management Plane 41
Planning a Secure Management and Reporting Strategy 42
Securing the Management Plane 42
Securing Passwords 43
Securing the Console Line and Disabling the Auxiliary Line 43
Securing VTY Access with SSH 44
Securing VTY Access with SSH Example 45
Securing Configuration and IOS Files 46
Restoring Bootset Files 47
Implementing Role-Based Access Control on Cisco Routers 47
Configuring Privilege Levels 47
Configuring Privilege Levels Example 47
Configuring RBAC 48
Configuring RBAC via the CLI Example 49
Configuring Superviews 49
Configuring a Superview Example 50
Network Monitoring 51
Configuring a Network Time Protocol Master Clock 51
Configuring an NTP Client 52
Configuring an NTP Master and Client Example 52
Configuring Syslog 53
Configuring Syslog Example 54
Configuring SNMPv3 54
Configuring SNMPv3 Example 55
Chapter 6 Securing Management Access with AAA 57
Authenticating Administrative Access 57
Local Authentication 57
Server-Based Authentication 58
Authentication, Authorization, and Accounting Framework 58
Local AAA Authentication 58
Configuring Local AAA Authentication Example 60
Server-Based AAA Authentication 61
TACACS+ Versus RADIUS 61
Configuring Server-Based AAA Authentication 62
Configuring Server-Based AAA Authentication Example 63
AAA Authorization 64
Configuring AAA Authorization Example 64
AAA Accounting 65
Configuring AAA Accounting Example 65
802.1X Port-Based Authentication 65
Configuring 802.1X Port-Based Authentication 66
Configuring 802.1X Port-Based Authentication Example 68
Chapter 7 Securing the Data Plane on Catalyst Switches 69
Common Threats to the Switching Infrastructure 70
Layer 2 Attacks 70
Layer 2 Security Guidelines 71
MAC Address Attacks 72
Configuring Port Security 72
Fine-Tuning Port Security 73
Configuring Optional Port Security Settings 74
Configuring Port Security Example 75
VLAN Hopping Attacks 76
Mitigating VLAN Attacks 76
Mitigating VLAN Attacks Example 77
DHCP Attacks 78
Mitigating DHCP Attacks 78
Mitigating DHCP Attacks Example 80
ARP Attacks 80
Mitigating ARP Attacks 80
Mitigating ARP Attacks Example 82
Address Spoofing Attacks 83
Mitigating Address Spoofing Attacks 83
Mitigating Address Spoofing Attacks Example 83
Spanning Tree Protocol Attacks 84
STP Stability Mechanisms 84
Configuring STP Stability Mechanisms 85
Configuring STP Stability Mechanisms Example 86
LAN Storm Attacks 87
Configuring Storm Control 88
Configuring Storm Control Example 88
Advanced Layer 2 Security Features 88
ACLs and Private VLANs 89
Secure the Switch Management Plane 89
Chapter 8 Securing the Data Plane in IPv6 Environments 91
Overview of IPv6 91
Comparison Between IPv4 and IPv6 91
The IPv6 Header 92
ICMPv6 93
Stateless Autoconfiguration 94
IPv4-to-IPv6 Transition Solutions 94
IPv6 Routing Solutions 94
IPv6 Threats 95
IPv6 Vulnerabilities 96
IPv6 Security Strategy 96
Configuring Ingress Filtering 96
Secure Transition Mechanisms 97
Future Security Enhancements 97
Part III: Threat Control and Containment
Chapter 9 Endpoint and Content Protection 99
Protecting Endpoints 99
Endpoint Security 99
Data Loss Prevention 100
Endpoint Posture Assessment 100
Cisco Advanced Malware Protection (AMP) 101
Cisco AMP Elements 101
Cisco AMP for Endpoint 102
Cisco AMP for Endpoint Products 102
Content Security 103
Email Threats 103
Cisco Email Security Appliance (ESA) 103
Cisco Email Security Virtual Appliance (ESAV) 104
Cisco Web Security Appliance (WSA) 104
Cisco Web Security Virtual Appliance (WSAV) 105
Cisco Cloud Web Security (CWS) 105
Chapter 10 Configuring ACLs for Threat Mitigation 107
Access Control List 108
Mitigating Threats Using ACLs 108
ACL Design Guidelines 108
ACL Operation 108
Configuring ACLs 110
ACL Configuration Guidelines 110
Filtering with Numbered Extended ACLs 110
Configuring a Numbered Extended ACL Example 111
Filtering with Named Extended ACLs 111
Configuring a Named Extended ACL Example 112
Mitigating Attacks with ACLs 112
Antispoofing ACLs Example 112
Permitting Necessary Traffic through a Firewall Example 114
Mitigating ICMP Abuse Example 115
Enhancing ACL Protection with Object Groups 117
Network Object Groups 117
Service Object Groups 118
Using Object Groups in Extended ACLs 119
Configuring Object Groups in ACLs Example 119
ACLs in IPv6 121
Mitigating IPv6 Attacks Using ACLs 121
IPv6 ACLs Implicit Entries 122
Filtering with IPv6 ACLs 122
Configuring an IPv6 ACL Example 123
Chapter 11 Configuring Zone-Based Firewalls 125
Firewall Fundamentals 125
Types of Firewalls 125
Firewall Design 126
Security Architectures 127
Firewall Policies 127
Firewall Rule Design Guidelines 128
Cisco IOS Firewall Evolution 128
Cisco IOS Zone-Based Policy Firewall 129
Cisco Common Classification Policy Language 129
ZPF Design Considerations 129
Default Policies, Traffic Flows, and Zone Interaction 130
Configuring an IOS ZPF 131
Configuring an IOS ZPF Example 132
Chapter 12 Configuring Cisco IOS IPS 135
IDS and IPS Fundamentals 135
Types of IPS Sensors 136
Types of Signatures 136
Types of Alarms 136
Intrusion Prevention Technologies 137
IPS Attack Responses 137
IPS Anti-Evasion Techniques 138
Managing Signatures 140
Cisco IOS IPS Signature Files 140
Implementing Alarms in Signatures 140
IOS IPS Severity Levels 141
Event Monitoring and Management 141
IPS Recommended Practices 142
Configuring IOS IPS 142
Creating an IOS IPS Rule and Specifying the IPS Signature File Location 143
Tuning Signatures per Category 144
Configuring IOS IPS Example 147
Part IV: Secure Connectivity
Chapter 13 VPNs and Cryptology 149
Virtual Private Networks 149
VPN Deployment Modes 150
Cryptology = Cryptography + Cryptanalysis 151
Historical Cryptographic Ciphers 151
Modern Substitution Ciphers 152
Encryption Algorithms 152
Cryptanalysis 153
Cryptographic Processes in VPNs 154
Classes of Encryption Algorithms 155
Symmetric Encryption Algorithms 155
Asymmetric Encryption Algorithm 156
Choosing an Encryption Algorithm 157
Choosing an Adequate Keyspace 157
Cryptographic Hashes 157
Well-Known Hashing Algorithms 158
Hash-Based Message Authentication Codes 158
Digital Signatures 159
Chapter 14 Asymmetric Encryption and PKI 161
Asymmetric Encryption 161
Public Key Confidentiality and Authentication 161
RSA Functions 162
Public Key Infrastructure 162
PKI Terminology 163
PKI Standards 163
PKI Topologies 164
PKI Characteristics 165
Chapter 15 IPsec VPNs 167
IPsec Protocol 167
IPsec Protocol Framework 168
Encapsulating IPsec Packets 169
Transport Versus Tunnel Mode 169
Confidentiality Using Encryption Algorithms 170
Data Integrity Using Hashing Algorithms 170
Peer Authentication Methods 171
Key Exchange Algorithms 172
NSA Suite B Standard 172
Internet Key Exchange 172
IKE Negotiation Phases 173
IKEv1 Phase 1 (Main Mode and Aggressive Mode) 173
IKEv1 Phase 2 (Quick Mode) 174
IKEv2 Phase 1 and 2 174
IKEv1 Versus IKEv2 175
IPv6 VPNs 175
Chapter 16 Configuring Site-to-Site VPNs 177
Site-to-Site IPsec VPNs 177
IPsec VPN Negotiation Steps 177
Planning an IPsec VPN 178
Cipher Suite Options 178
Configuring IOS Site-to-Site VPNs 179
Verifying the VPN Tunnel 183
Configuring a Site-to-Site IPsec VPN 183
Part V: Securing the Network Using the ASA
Chapter 17 Introduction to the ASA 187
Adaptive Security Appliance 187
ASA Models 188
Routed and Transparent Firewall Modes 189
ASA Licensing 190
Basic ASA Configuration 191
ASA 5505 Front and Back Panel 191
ASA Security Levels 193
ASA 5505 Port Configuration 194
ASA 5505 Deployment Scenarios 194
ASA 5505 Configuration Options 194
Chapter 18 Introduction to ASDM 195
Adaptive Security Device Manager 195
Accessing ASDM 195
Factory Default Settings 196
Resetting the ASA 5505 to Factory Default Settings 197
Erasing the Factory Default Settings 197
Setup Initialization Wizard 197
Installing and Running ASDM 198
Running ASDM 200
ASDM Wizards 202
The Startup Wizard 202
VPN Wizards 203
Advanced Wizards 204
Chapter 19 Configuring Cisco ASA Basic Settings 205
ASA Command-Line Interface 205
Differences Between IOS and ASA OS 206
Configuring Basic Settings 206
Configuring Basic Management Settings 207
Enabling the Master Passphrase 208
Configuring Interfaces 208
Configuring the Inside and Outside SVIs 208
Assigning Layer 2 Ports to VLANs 209
Configuring a Third SVI 209
Configuring the Management Plane 210
Enabling Telnet, SSH, and HTTPS Access 210
Configuring Time Services 211
Configuring the Control Plane 212
Configuring a Default Route 212
Basic Settings Example 212
Configuring Basic Settings Example Using the CLI 213
Configuring Basic Settings Example Using ASDM 215
Configuring Interfaces Using ASDM 217
Configuring the System Time Using ASDM 221
Configuring Static Routing Using ASDM 223
Configuring Device Management Access Using ASDM 226
Chapter 20 Configuring Cisco ASA Advanced Settings 229
ASA DHCP Services 230
DHCP Client 230
DHCP Server Services 230
Configuring DHCP Server Example Using the CLI 231
Configuring DHCP Server Example Using ASDM 232
ASA Objects and Object Groups 235
Network and Service Objects 236
Network, Protocol, ICMP, and Service Object Groups 237
Configuring Objects and Object Groups Example Using ASDM 239
ASA ACLs 243
ACL Syntax 244
Configuring ACLs Example Using the CLI 245
Configuring ACLs with Object Groups Example Using the CLI 246
Configuring ACLs with Object Groups Example Using ASDM 247
ASA NAT Services 250
Auto-NAT 251
Dynamic NAT, Dynamic PAT, and Static NAT 251
Configuring Dynamic and Static NAT Example Using the CLI 253
Configuring Dynamic NAT Example Using ASDM 254
Configuring Dynamic PAT Example Using ASDM 257
Configuring Static NAT Example Using ASDM 258
AAA Access Control 260
Local AAA Authentication 260
Server-Based AAA Authentication 261
Configuring AAA Server-Based Authentication Example Using the CLI 261
Configuring AAA Server-Based Authentication Example Using ASDM 262
Modular Policy Framework Service Policies 266
Class Maps, Policy Maps, and Service Policies 267
Default Global Policies 269
Configure Service Policy Example Using ASDM 271
Chapter 21 Configuring Cisco ASA VPNs 273
Remote-Access VPNs 273
Types of Remote-Access VPNs 273
ASA SSL VPN 274
Client-Based SSL VPN Example Using ASDM 275
Clientless SSL VPN Example Using ASDM 286
ASA Site-to-Site IPsec VPN 294
ISR IPsec VPN Configuration 294
ASA Initial Configuration 296
ASA VPN Configuration Using ASDM 297
Appendix A Create Your Own Journal Here 303
9781587205750, TOC, 3/11/2016
| Erscheinungsdatum | 29.04.2016 |
|---|---|
| Reihe/Serie | Portable Command Guide |
| Verlagsort | Indianapolis |
| Sprache | englisch |
| Maße | 156 x 228 mm |
| Gewicht | 464 g |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Weitere Themen ► Zertifizierung | |
| ISBN-10 | 1-58720-575-0 / 1587205750 |
| ISBN-13 | 978-1-58720-575-0 / 9781587205750 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
