CCIE Security Exam Certification Guide (CCIE Self-Study)
Cisco Press
978-1-58720-135-6 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
Official self-study test preparation guide for the CCIE Security written exam 350-018
Updated content covers all the latest CCIE Security written exam 2.0 objectives, including:
AES, EAP, IOS SSH, RDEP, and intrusion prevention
DNS, TFTP, Secure Shell, Secure Socket Layer Protocol, NTP, and SNMP
Password security, password recovery, and standard and extended access lists
Encryption technologies and security protocols, including IPSec, AES, 3DES, TACACS+, and RADIUS
Cisco security applications, including Cisco Secure PIX® Firewall, VPN, IDS, IPS, and Cisco Policy Manager
Basic security methods and the evolution of new secure networks including packet filtering, proxies, and NAT/PAT
Cisco security applications such as the VPN 3000, client-side VPNs, and service modules
With increased reliance on networking resources to provide productivity gains and corporate revenue contributions, the need for network security has never been higher. Rising concerns over corporate espionage, cyber-terrorism, financial fraud, and theft of proprietary information have radically increased the demand for highly skilled networking security professionals. As one of the most sought-after and highly valued networking certifications, the Cisco Systems® CCIE Security certification is answering the need for technical expertise in this critical market by distinguishing the top echelon of internetworking experts.
CCIE Security Exam Certification Guide, Second Edition, is a comprehensive study tool for the CCIE Security written exam version 2.0. Fully updated and reviewed by present and former members of the CCIE Security team at Cisco®, this book helps you understand and master the material you need to know to pass the written exam. Covering all the topics in this challenging exam, this book is your ultimate exam preparation resource. Designed to optimize your study time, CCIE Security Exam Certification Guide helps you assess your knowledge of the material at the start of each chapter with customized quizzes for each topic. Increase retention of key concepts by reviewing succinct summaries of crucial concepts. Test your comprehension with chapter-ending review questions. Determine your assimilation of knowledge and get a taste of the CCIE Security lab exam with sample lab scenarios in the last chapter. Take timed practice exams that mimic the real testing environment with the CD-ROM test engine or customize the test bank to focus on the topics for which you need the most help.
CCIE Security Exam Certification Guide, Second Edition, is part of a recommended study program from Cisco Systems that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
“This book will be a valuable asset for potential CCIE Security candidates. I am positive individuals will inevitably gain extensive security network knowledge during their preparation for the CCIE Security written exam using this book.”
-Yusuf Hussain Bhaiji, CCIE Security Program Manager, Cisco Systems
Companion CD-ROM
CD-ROM contains a test engine with over 500 questions covering the full range of CCIE Security written exam topics, flash card format practice questions, and an electronic version of the text.
CD-ROM test engine powered by www.boson.com. Boson Software is a Cisco Learning Partner.
This volume is part of the Exam Certification Guide Series from Cisco Press®. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.
Henry Benjamin, CCIE No. 4695, is a triple CCIE. He has more than 15 years experience in Cisco networks including planning, designing, and implementing large IP networks running IGRP, EIGRP, BGP, OSPF, and voice over IP. Henry has been a key member of the CCIE global team and internal Cisco IT team based in Sydney, Australia, where his tasks included writing and proctoring new laboratory examinations and questions for the coveted CCIE R/S, CCIE Security, and CCIE Service Provider tracks.
Foreword
Introduction
Chapter 1 General Networking Topics
“Do I Know This Already?” Quiz
Foundation Topics
Networking Basics–The OSI Reference Model
Layer 1: The Physical Layer
Layer 2: The Data Link Layer
Layer 3: The Network Layer
Layer 4: The Transport Layer
Layer 5: The Session Layer
Layer 6: The Presentation Layer
Layer 7: The Application Layer
TCP/IP and OSI Model Comparison
Example of Peer-to-Peer Communication
Ethernet Overview
Switching and Bridging
Bridge Port States
Fast EtherChannel
Internet Protocol
Variable-Length Subnet Masks
Classless Interdomain Routing
Transmission Control Protocol
TCP Mechanisms
TCP/IP Services
Address Resolution Protocol
Reverse ARP
Dynamic Host Configuration Protocol
Hot Standby Router Protocol
Internet Control Message Protocol
Telnet
File Transfer Protocol and Trivial File Transfer Protocol
Routing Protocols
Routing Information Protocol
Enhanced Interior Gateway Routing Protocol
Open Shortest Path First
Border Gateway Protocol
Integrated Services Digital Network
Basic Rate and Primary Rate Interfaces
ISDN Framing and Frame Format
ISDN Layer 2 Protocols
Cisco IOS ISDN Commands
IP Multicast
Asynchronous Communications and Access Devices
Telephony Best Practices
Wireless Best Practices
Foundation Summary
Wireless Best Practices
Q & A
Scenario: Routing IP on Cisco Routers
Scenario Answers
Chapter 2 Application Protocols
“Do I Know This Already?” Quiz
Foundation Topics
Domain Name System
Trivial File Transfer Protocol
File Transfer Protocol
Active FTP
Passive FTP
Hypertext Transfer Protocol
Secure Sockets Layer
Simple Network Management Protocol
SNMP Notifications
SNMP Examples
Simple Mail Transfer Protocol
Network Time Protocol
Secure Shell and Cisco IOS SSH
Cisco IOS SSH
Remote Data Exchange Protocol
Foundation Summary
Q & A
Scenario: Configuring DNS, TFTP, NTP, and SNMP
Scenario Answers
Chapter 3 Cisco IOS Specifics and Security
“Do I Know This Already?” Quiz
Foundation Topics
Cisco Hardware
Random-Access Memory
Nonvolatile RAM
System Flash
Central Processing Unit
Read-Only Memory
Configuration Registers
Cisco Interfaces
Saving and Loading Files
show and debug Commands
Router CLI
show Commands
Debugging Cisco Routers
Password Recovery
Basic Security on Cisco Routers
IP Access Lists
Access Lists on Cisco Routers
Extended Access Lists
Layer 2 Switching Security
CAM Table Overflow
VLAN Hopping
Spanning Tree Protocol Manipulation
MAC Spoofing Attack
DHCP Starvation Attacks
Security Policy Best Practices–A Cisco View
Foundation Summary
Q & A
Scenario: Configuring Cisco Routers for Passwords and
Access Lists
Scenario Answers
Chapter 4 Security Protocols
“Do I Know This Already?” Quiz
Foundation Topics
Authentication, Authorization, and Accounting
Authentication
Authorization
Accounting
Remote Authentication Dial-In User Service
RADIUS Configuration Task List
Terminal Access Controller Access Control System Plus
TACACS+ Configuration Task List
TACACS+ Versus RADIUS
Encryption Technology Overview
DES and 3DES
Advanced Encryption Standard
Message Digest 5 and Secure Hash Algorithm
Diffie-Hellman
IP Security
Certificate Enrollment Protocol
Extensible Authentication Protocol, Protected EAP, and Temporal Key Integrity Protocol
Virtual Private Dial-Up Networks (VPDN)
VPDN Configuration Task List
Foundation Summary
Q & A
Scenario: Configuring Cisco Routers for IPSec
Scenario Answers
Chapter 5 Cisco Security Applications
“Do I Know This Already?” Quiz
Foundation Topics
Cisco Secure for Windows (NT) and Cisco Secure ACS
Cisco Secure ACS
IDS Fundamentals
Notification Alarms
Signature-Based IDS
Anomaly-Based IDS
Network-Based IDS Versus Host-Based IDS
IDS Placement
IDS Tuning
Cisco Secure Intrusion Detection System and Catalyst Services Modules
Cisco Secure IDS
Cisco Inline IDS (Intrusion Prevention System)
Catalyst Services Module
CiscoWorks VMS
Cisco VPN 3000 Concentrator
Cisco Secure VPN Client
Cisco Router and Security Device Manager
Security Information Monitoring System
Foundation Summary
Q & A
Scenario: Cisco Secure IDS Database Event
Scenario Answers
Chapter 6 Security Technologies
“Do I Know This Already?” Quiz
Foundation Topics
Advanced Security Concepts
Network Address Translation and Port Address Translation
NAT Operation on Cisco Routers
Cisco PIX Firewall
Configuring a PIX Firewall
Troubleshooting PIX Firewall Log Files
Cisco PIX Firewall Software Features
Cisco IOS Firewall Feature Set
CBAC Configuration Task List
Public Key Infrastructure
Virtual Private Networks
Network-Based Intrusion Detection Systems
Cisco Security Agent and Host-Based IDS
Cisco Threat Response
Cisco Threat Response IDS Requirements
Authorization Technologies (IOS Authentication 802.1X)
Foundation Summary
Q & A
Scenario: Configuring a Cisco PIX Firewall for NAT
Scenario Answer
Chapter 7 Network Security Policies, Vulnerabilities, and Protection
“Do I Know This Already?” Quiz
Foundation Topics
Network Security Policies
Standards Bodies and Incident Response Teams
Incident Response Teams
Internet Newsgroups
Vulnerabilities, Attacks, and Common Exploits
Intrusion Detection System
Protecting Cisco IOS from Intrusion
Foundation Summary
Q & A
Scenario: Defining Cisco IOS Commands to View DoS Attacks in Real Time
Scenario Answers
Chapter 8 CCIE Security Self-Study Lab
How to Use This Chapter
Preparing for this Lab
Goal of This Lab
CCIE Security Self-Study Lab Part I Goals
CCIE Security Self-Study Lab Part II Goals
General Lab Guidelines and Setup
Communications Server (0 Points)
CCIE Security Self-Study Lab Part I: Basic Network Connectivity (4 Hours)
Basic Frame Relay Setup (5 Points)
Physical Connectivity (0 Points)
Catalyst Ethernet Switch Setup I (5 Points)
Catalyst Ethernet Switch Setup II (6 Points)
IP Host Lookup and Disable DNS (1 Point)
PIX Configuration (6 Points)
IGP Routing (18 Points)
Basic ISDN Configuration (6 Points)
DHCP Configuration (3 Points)
BGP Routing Configuration (6 Points)
CCIE Security Self-Study Lab Part II: Advanced Security Design (4 Hours)
IP Access List (4 Points)
Prevent Denial-of-Service Attacks (4 Points)
Time-Based Access List (4 Points)
Dynamic Access List/Lock and Key Feature (5 Points)
Cisco IOS Firewall Configuration on R5 (6 Points)
IPSec Configuration (6 Points)
Advanced PIX Configuration (5 Points)
ACS Configuration (5 Points)
Cisco Intrusion Detection System (5 Points)
Final Configurations
Additional Advanced Lab Topics (No Solutions Provided)
Advanced Security Lab Topics (4 Points)
Content Filtering (2 Points)
FTP Issues (3 Points)
Routing Table Authenticity (4 Points)
Access Control on R2 Ethernet Interface (4 Points)
Conclusion
Appendix A Answers to Quiz Questions
Appendix B Study Tips for CCIE Security Examinations
Appendix C Sample CCIE Routing and Switching Lab I
Appendix D Sample CCIE Routing and Switching Lab II
Erscheint lt. Verlag | 2.6.2005 |
---|---|
Reihe/Serie | CCIE Self-Study |
Verlagsort | Indianapolis |
Sprache | englisch |
Gewicht | 1362 g |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Mathematik / Informatik ► Informatik ► Web / Internet | |
Informatik ► Weitere Themen ► Zertifizierung | |
ISBN-10 | 1-58720-135-6 / 1587201356 |
ISBN-13 | 978-1-58720-135-6 / 9781587201356 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich