CCIE Security v4.0 Quick Reference
Cisco Press (Hersteller)
978-0-13-385508-1 (ISBN)
- Keine Verlagsinformationen verfügbar
- Artikel merken
This book provides a comprehensive final review for candidates taking the CCIE Security v4.0 exam. It steps through exam objectives one-by-one, providing concise and accurate review for all topics. Using this book, you will be able to easily and effectively review test objectives without having to wade through numerous books and documents to find relevant content for final review.
Lancy Lobo, CCIE No. 4690 (Routing and Switching, Service Provider, Security), is a senior systems engineer in the Cisco Systems Sales organization that supports a large service provider. Previously, he was a network consulting engineer in the Cisco Systems Advanced Services organization, which supports Cisco strategic service provider and enterprise customers. He has more than 14 years of experience with data-communication technologies and protocols. He has supported several Cisco strategic service provider customers to design and implement large-scale routed networks. Lancy holds a Bachelor's degree in electronics and telecommunication engineering from Bombay University and a dual management degree from Jones International University. Umesh Lakshman is a systems engineer within the public sector organization and is currently supporting the higher education accounts in the Bay Area. Prior to taking on this role, he was the technical lead at the Customer Proof of Concept Labs (CPOC) team at Cisco, where he supported Cisco sales teams by demonstrating advanced technologies, such as Multiprotocol Label Switching (MPLS) and high-end routing with the Cisco CRS-1 and ASR 9000, to customers in a presales environment. Umesh has conducted several customer-training sessions for MPLS and service-provider architectural designs. He holds a Bachelor's degree in electrical and electronics engineering from Madras University and a Master's degree in electrical and computer engineering from Wichita State University.
Introduction xiii
Chapter 1 Infrastructure, Connectivity, Communications, and Network Security 1
Networking Basics 1
Ethernet in a Nutshell 3
Bridging and Switching 3
Bridge Port States 3
EtherChannel and Trunking 4
IP Overview 4
Subnetting, Variable-Length Subnet Masking, and Classless Interdomain Routing 6
IPv6 6
Transmission Control Protocol 7
Hot Standby Routing Protocol 9
Virtual Router Redundancy Protocol 10
Generic Routing Encapsulation 10
Next Hop Resolution Protocol 11
Routing Protocols 12
Configuring RIP 12
Interior Gateway Routing Protocol 13
Configuring IGRP 13
Open Shortest Path First Protocol 14
Enhanced Interior Gateway Routing Protocol 16
Configuring EIGRP 16
Border Gateway Protocol 17
Configuring BGP (Basics Only) 17
IP Multicast Overview 18
Wireless 18
Service Set Identifier 18
Authentication and Authorization 19
Client Authentication and Association Process 19
Rogue Access Points 22
Authentication and Authorization Technologies 23
Single Sign-On 26
One-Time Password 27
Lightweight Directory Access Protocol and Active Directory 27
Role-Based Access Control 28
Mobile IP Networks 28
Questions and Answers 30
Chapter 2 Security Protocols 33
RADIUS 33
Configuring RADIUS 34
TACACS+ 35
Configuring TACACS 35
Hash Algorithms 36
Need for Hashing Algorithms 36
Hash-Based Message Authentication Codes 37
Symmetric and Asymmetric Encryption 38
Symmetric Key Algorithms 39
Asymmetric Encryption Protocols 40
Diffie-Hellman Algorithm 41
IP Security 41
Data Integrity 42
Origin Authentication 42
Anti-Replay Protection 42
Confidentiality 42
ISAKMP (RFC 2408) 43
Authentication Header and Encapsulating Security Payload Protocols 44
Tunnel and Transport Modes 44
Secure Shell 45
Configuring SSH 45
Secure Sockets Layer 46
Group Domain of Interpretation 46
Lightweight Directory Access Protocol 47
Public Key Infrastructure 47
802.1x Authentication 48
IEEE 802.1x Extensible Authentication Protocol Security 50
WEP, WPA, and WPA2 50
WPA and WPA2 51
WPA-PSK 51
WPA-Enterprise 51
Web Cache Communication Protocol 51
Security Group Tag eXchange Protocol 52
MACsec 52
DNSSEC 53
Questions and Answers 54
Chapter 3 Application and Infrastructure Security 57
HTTP 57
Configuring HTTP 57
HTTPS 58
Configuring HTTPS 58
Simple Mail Transfer Protocol 58
File Transfer Protocol 59
Domain Name System 60
Trivial File Transfer Protocol 61
Network Time Protocol 62
Syslog 62
Dynamic Host Configuration Protocol 63
Simple Network Management Protocol 64
Remote Desktop Protocol 65
PC over IP 66
Virtual Network Computing 66
Questions and Answers 67
Chapter 4 Threats, Vulnerability Analysis, and Mitigation 69
Recognize and Mitigate Common Attacks 69
ICMP Attacks and PING Floods 69
Man-in-the-Middle Attacks 69
Replay Attacks 70
Spoofing Attacks 71
Back-Door Attacks 71
Bots and Botnets 72
Wireless Attacks 72
Denial-of-Service Attacks 73
Snooping Attacks 73
Decryption Attacks 73
DoS and DDoS Attacks 73
Distributed Denial of Service (DDoS) 74
Identification of Attack Traffic 74
Solutions for Attack Traffic 74
Header Attacks 75
Tunneling Attacks 75
Software and OS Exploits 76
Security and Attack Tools 76
Packet Sniffer and Capture Tools 77
Network Service Mapping Tools 77
Vulnerability Assessment Tools 77
Packet Filtering 77
Content Filtering 77
ActiveX Filtering 78
Java Filtering 78
URL Filtering 78
Endpoint and Posture Assessment 79
QoS Marking Attacks 80
Questions and Answers 80
Chapter 5 Cisco Security Products, Features, and Management 83
Cisco Adaptive Security Appliance 83
Firewall Functionality 83
Firewall Modes (Routing and Multicast Capabilities) 84
Network Address Translation 86
Access Control Lists/Entries and Identity-Based Services 88
Modular Policy Framework 89
ASA Failover and Redundancy 90
Identity Services Engine 92
Virtual Security Gateway 93
Cisco Cloud Web Security (Formerly ScanSafe) 94
Cisco Catalyst 6500 ASA-Service Module 96
Cisco Prime Security Manager 97
Questions and Answers 98
Chapter 6 Cisco Security Technologies and Solutions 99
Cisco Hardware Overview 99
Cisco Router Operating Modes and Management 101
Basic Cisco Router Security 101
IP Access Lists 103
Network-Based Application Recognition 104
Control Plane Policing 104
Control Plane Protection 105
Control Plane Host Subinterface 105
Control Plane Transit Subinterface 105
Control Plane CEF-Exception Subinterface 106
Management Plane Protection 106
Modular QoS CLI 107
Unicast Reverse Path Forwarding 107
Cisco NetFlow 107
CAM Table Overflow and MAC Address Spoofing 108
VLAN Hopping 109
Spanning Tree Protocol Security 109
DHCP Starvation Attack 109
DNS Spoofing 109
Cisco Discovery Protocol 110
VLAN Trunking Protocol Security 110
Network Segregation 110
VLAN Extensible LAN 110
VPN Solutions 111
FlexVPN 111
Dynamic Multipoint VPN 112
Group Encrypted Transport VPN 114
Time-Based Anti-Replay 116
Cisco Easy VPN 116
Load Balancing and Failover 116
Load Balancing 117
Failover 117
Questions and Answers 118
Chapter 7 Security Policies and Procedures, Best Practices and Standards 119
The Need for Network Security Policy 119
Standards Bodies 119
Newsgroups 120
Information Security Standards 121
ISO 17799/BS7799/ISO 27002 121
Attacks, Vulnerabilities, and Common Exploits 121
Ping of Death 122
TCP SYN Flood Attack and Land.C Attack 122
Email Attack 122
CPU-Intensive Attack 122
Teardrop Attack, DNS Poisoning, and UDP Bomb 122
Distributed DoS Attack 123
Chargen Attack 123
Spoof Attack 123
Smurf Attack 123
Man-in-the-Middle Attack 123
Birthday Attack 123
BCP 38 123
Intrusion Detection Systems and Configuring Cisco IOS Software for Security Against Intrusion 124
Security Audit and Validation 125
Risk Assessment/Analysis 125
Change Management Process 126
Incident Response Teams and Framework 126
Computer Security Forensics 127
Common RFCs 127
Questions and Answers 127
Answers Appendix 129
9780133855081 TOC 8/5/2014
Verlagsort | Indianapolis |
---|---|
Sprache | englisch |
Gewicht | 1 g |
Themenwelt | Informatik ► Weitere Themen ► Zertifizierung |
ISBN-10 | 0-13-385508-2 / 0133855082 |
ISBN-13 | 978-0-13-385508-1 / 9780133855081 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |