Implementing Cisco IOS network security (IINS): (CCNA Security Exam 640-553) (Authorized self-study guide)

✍ Scribed by Chapman, David W.; Whitaker, Andrew; Paquet, Catherine

Publisher: Cisco Press
Year: 2009
Tongue: English
Leaves: 623
Series: IT Pro;Authorized Self-Study Guide
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

"Implementing Cisco IOS Network Security (IINS)" is a Cisco-authorized, self-paced learning tool for CCNA(R) Security foundation learning. This book provides you with the knowledge needed to secure Cisco(R) routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure. This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS(R) security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances. Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book. "Implementing Cisco IOS Network Security (IINS)" is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visitwww.cisco.com/go/authorizedtraining.
Develop a comprehensive network security policy to counter threats against information security
Configure routers on the network perimeter with Cisco IOS Software security features
Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network
Configure site-to-site VPNs using Cisco IOS features
Configure IPS on Cisco network routers
Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic
This volume is in the Certification Self-Study Series offered by Cisco Press(R). Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.

✦ Table of Contents

Cover......Page 1
Contents......Page 9
The Need for Network Security......Page 22
Network Security Objectives......Page 27
Data Classification......Page 30
Security Controls......Page 33
Response to a Security Breach......Page 37
Laws and Ethics......Page 38
Adversaries, Motivations, and Classes of Attack......Page 43
Classes of Attack and Methodology......Page 47
The Principles of Defense in Depth......Page 49
IP Spoofing Attacks......Page 53
Confidentiality Attacks......Page 59
Integrity Attacks......Page 64
Availability Attacks......Page 68
Best Practices to Defeat Network Attacks......Page 75
Secure Network Life Cycle Management......Page 76
Principles of Operations Security......Page 79
Network Security Testing......Page 82
Disaster Recovery and Business Continuity Planning......Page 85
Security Policy Overview......Page 88
Security Policy Components......Page 89
Standards, Guidelines, and Procedures......Page 93
Security Policy Roles and Responsibilities......Page 94
Risk Analysis and Management......Page 95
Principles of Secure Network Design......Page 101
Security Awareness......Page 106
Changing Threats and Challenges......Page 110
Building a Cisco Self-Defending Network......Page 112
Cisco Integrated Security Portfolio......Page 118
References......Page 120
Review Questions......Page 122
General Router Security Guidelines......Page 130
Introduction to the Cisco Integrated Services Router Family......Page 132
Configuring Secure Administration Access......Page 135
Configuring Multiple Privilege Levels......Page 143
Configuring Role-Based Command-Line Interface Access......Page 145
Securing the Cisco IOS Image and Configuration Files......Page 148
Login Shutdown if DoS Attacks Are Suspected......Page 150
Generation of System Logging Messages for Login Detection......Page 151
Configuring Banner Messages......Page 153
Supporting Cisco SDM and Cisco SDM Express......Page 155
Launching Cisco SDM Express......Page 157
Navigating the Cisco SDM Interface......Page 158
Cisco SDM Wizards in Configure Mode......Page 160
Authentication, Authorization, and Accounting......Page 163
Introduction to AAA for Cisco Routers......Page 164
Using Local Services to Authenticate Router Access......Page 165
Configuring AAA on a Cisco Router to Use Cisco Secure ACS......Page 172
Cisco Secure ACS Overview......Page 173
TACACS+ and RADIUS Protocols......Page 178
Configuring the Server......Page 181
Configuring TACACS+ Support on a Cisco Router......Page 191
Troubleshooting TACACS+......Page 201
Planning Considerations for Secure Management and Reporting......Page 204
Secure Management and Reporting Architecture......Page 205
Using Syslog Logging for Network Security......Page 209
Using SNMP to Manage Network Devices......Page 214
Configuring an SSH Daemon for Secure Management and Reporting......Page 219
Enabling Time Features......Page 223
Vulnerable Router Services and Interfaces......Page 228
Performing a Security Audit......Page 231
Cisco AutoSecure......Page 237
References......Page 239
Review Questions......Page 241
Firewall Fundamentals......Page 246
Firewalls in a Layered Defense Strategy......Page 248
Static Packet-Filtering Firewalls......Page 250
Application Layer Gateways......Page 253
Dynamic or Stateful Packet-Filtering Firewalls......Page 256
Other Types of Firewalls......Page 259
Cisco Family of Firewalls......Page 260
Developing an Effective Firewall Policy......Page 265
ACL Fundamentals......Page 266
ACL Wildcard Masking......Page 273
Using ACLs to Control Traffic......Page 276
ACL Considerations......Page 283
Configuring ACLs Using SDM......Page 285
Using ACLs to Permit and Deny Network Services......Page 291
Zone-Based Policy Firewall Overview......Page 297
Configuring Zone-Based Policy Firewalls Using the Basic Firewall Wizard......Page 303
Manually Configuring Zone-Based Policy Firewalls Using Cisco SDM......Page 309
Monitoring a Zone-Based-Firewall......Page 316
References......Page 318
Review Questions......Page 319
Cryptology Overview......Page 324
Symmetric and Asymmetric Encryption Algorithms......Page 336
Block and Stream Ciphers......Page 339
Encryption Algorithm Selection......Page 340
Cryptographic Hashes......Page 341
Key Management......Page 342
Introducing SSL VPNs......Page 345
Symmetric Encryption Overview......Page 346
DES: Features and Functions......Page 348
3DES: Features and Functions......Page 351
AES: Features and Functions......Page 352
SEAL: Features and Functions......Page 353
Overview of Hash Algorithms......Page 354
Overview of Hashed Message Authentication Codes......Page 356
SHA-1: Features and Functions......Page 359
Overview of Digital Signatures......Page 360
DSS: Features and Functions......Page 364
Asymmetric Encryption Overview......Page 365
RSA: Features and Functions......Page 367
DH: Features and Functions......Page 370
PKI Definitions and Algorithms......Page 371
PKI Standards......Page 377
Certificate Authorities......Page 379
References......Page 385
Review Questions......Page 386
VPN Overview......Page 390
VPN Types......Page 392
Cisco VPN Product Family......Page 395
Introducing IPsec......Page 401
Diffie-Hellman Exchange......Page 403
Authentication......Page 404
IPsec Advantages......Page 405
IPsec Protocol Framework......Page 406
Authentication Header......Page 407
Tunnel Mode Versus Transport Mode......Page 409
IPsec Framework......Page 411
IKE Protocol......Page 413
IKE Phase 1......Page 414
IKE Phase 1: Example......Page 415
IKE Phase 2......Page 417
Site-to-Site IPsec VPN Operations......Page 419
Configuring IPsec......Page 420
Verifying the IPsec Configuration......Page 433
Site-to-Site VPN Components......Page 437
Using the Cisco SDM Wizards to Configure Site-to-Site VPNs......Page 439
Completing the Configuration......Page 447
References......Page 451
Review Questions......Page 452
Introducing IDS and IPS......Page 456
Types of IDS and IPS Systems......Page 461
IPS Actions......Page 464
Event Monitoring and Management......Page 465
Cisco Security Monitoring, Analysis, and Response System......Page 467
Cisco Security Manager......Page 468
Cisco IPS Device Manager......Page 469
Host-Based IPS......Page 470
Network-Based IPS......Page 472
Comparing HIPS and Network IPS......Page 474
Cisco IPS 4200 Series Sensors......Page 476
Cisco ASA AIP SSM......Page 477
Cisco Catalyst 6500 Series IDSM-2......Page 478
Cisco IPS AIM......Page 479
Examining Signature Micro-Engines......Page 481
Signature Alarms......Page 483
IPS Best Practices......Page 485
Cisco IOS IPS Features......Page 487
Configuring Cisco IOS IPS Using Cisco SDM......Page 489
Configuring Cisco IOS IPS Using CLI......Page 495
Configuring IPS Signatures......Page 496
Monitoring IOS IPS......Page 500
Verifying IPS Operation......Page 502
References......Page 506
Review Questions......Page 508
Examining Endpoint Security......Page 512
Operating System Vulnerabilities......Page 513
Buffer Overflows......Page 515
IronPort......Page 522
Cisco NAC Products......Page 526
Cisco Security Agent......Page 529
Endpoint Security Best Practices......Page 534
Defining SANs......Page 535
SAN Fundamentals......Page 536
SAN Security Scope......Page 540
VoIP Fundamentals......Page 542
Voice Security Threats......Page 547
Defending Against VoIP Hacking......Page 549
Basic Switch Operation......Page 553
Mitigating VLAN Attacks......Page 554
Preventing Spanning Tree Protocol Manipulation......Page 557
CAM Table Overflow Attacks......Page 564
MAC Address Spoofing Attacks......Page 566
Using Port Security......Page 567
Additional Switch Security Features......Page 574
Layer 2 Best Practices......Page 580
References......Page 581
Review Questions......Page 583
Appendix: Answers to Chapter Review Questions......Page 588
A......Page 593
B......Page 595
C......Page 596
D......Page 602
E......Page 603
F......Page 604
H......Page 605
I......Page 606
L......Page 608
M......Page 609
O......Page 610
P......Page 611
R......Page 612
S......Page 613
U......Page 617
V......Page 618
X-Y-Z......Page 619

✦ Subjects

Reference

📜 SIMILAR VOLUMES

Implementing Cisco IOS Network Security

📁 Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

✍ Catherine Paquet 📂 Library 📅 2009 🏛 Cisco Press 🌐 English

I have not taken the test yet, so whether or not this book achieves a passing goal for me remains to be seen. But, the section on IPSec could use some TLC. For example, page 392 refers to diagram 5-14 and the "4 ipsec squares" and the diagram promptly shows 5 squares. Are there 4 or are there 5?

CCNA Security Study Guide: Exam 640-553

📁 CCNA Security Study Guide: Exam 640-553

✍ Tim Boyles 📂 Library 📅 2010 🏛 Sybex 🌐 English

A complete study guide for the new CCNA Security certification examIn keeping with its status as the leading publisher of CCNA study guides, Sybex introduces the complete guide to the new CCNA security exam. The CCNA Security certification is the first step towards Cisco's new Cisco Certified Securi

CCNA Security Exam Cram (Exam IINS 640-

📁 CCNA Security Exam Cram (Exam IINS 640-553)

✍ Eric Stewart 📂 Library 📅 2008 🏛 Que 🌐 English

In this book you’ll learn how to: Build a secure network using security controls Secure network perimeters Implement secure management and harden routers Implement network security policies using Cisco IOS firewalls Understand cryptographic services Deploy IPsec virtual private networks (

Implementing Cisco IOS Network Security

📁 Implementing Cisco IOS Network Security (IINS)

✍ Catherine Paquet 📂 Library 📅 2009 🌐 English

Authorized Self-Study Guide Implementing Cisco IOS Network Security (IINS) Foundation learning for CCNA Security IINS 640-553 exam Catherine Paquet Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA® Security foundation learning. This

CCNA Security Official Exam Certificatio

📁 CCNA Security Official Exam Certification Guide (Exam 640-553)

✍ Watkins, Michael D;Wallace, Kevin 📂 Library 📅 2008 🏛 Cisco Press 🌐 English

"CCNA Security""Official Exam Certification Guide"Master the IINS 640-553 exam with this official study guideAssess your knowledge with chapter-opening quizzesReview key concepts with Exam Preparation TasksPractice with realistic exam questions on the CD-ROM"CCNA Security Official Exam Certification

CCNA Security Official Exam Certificatio

📁 CCNA Security Official Exam Certification Guide (Exam 640-553)

✍ Michael Watkins, Kevin Wallace 📂 Library 📅 2008 🏛 cisco-press 🌐 English

CCNA Security Official Exam Certification Guide <UL> <LI>Master the IINS 640-553 exam with this official study guide</LI> <LI>Assess your knowledge with chapter-opening quizzes</LI> <LI>Review key