Tim Bovles WILEY. Wiley Publishing, Inc.

Similar documents
Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

CISCO IOS NETWORK SECURITY (IINS)

Implementing Cisco IOS Network Security v2.0 (IINS)

Implementing Cisco IOS Network Security

CCNA Security v1.0 Scope and Sequence

IINS Implementing Cisco Network Security 3.0 (IINS)

Implementing Cisco IOS Network Security

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

CCNA Security v1.0 Scope and Sequence

Securing Cisco Network Devices (SND)

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

Cisco Certified Security Professional (CCSP)

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

CCNA Security 2.0 Scope and Sequence

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

(d-5273) CCIE Security v3.0 Written Exam Topics

TABLE OF CONTENTS NETWORK SECURITY 2...1

CCNP: Implementing Secure Converged Wide-area Networks

Cisco ASA. Administrators

Cisco CCNP Implementing Secure Converged Wide Area Networks (ISCW)

CCNA Cisco Associate- Level Certifications

Cisco Certified Network Expert (CCNE)

How To Pass A Credit Course At Florida State College At Jacksonville

TABLE OF CONTENTS NETWORK SECURITY 1...1

Chapter 1 The Principles of Auditing 1

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Voice over IP Security

Security. AAA Identity Management. Premdeep Banga, CCIE # Cisco Press. Vivek Santuka, CCIE # Brandon J. Carroll, CCIE #23837

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

CCNP Security SECURE

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Table of Contents. Introduction

Securing end devices

Latest IT Exam Questions & Answers

Securing Networks with Cisco Routers and Switches ( )

"Charting the Course...

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

How To Learn Cisco Cisco Ios And Cisco Vlan

Managing Enterprise Security with Cisco Security Manager

Securing Networks with PIX and ASA

CTS2134 Introduction to Networking. Module Network Security

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

PKI Uncovered. Cisco Press. Andre Karamanian Srinivas Tenneti Francois Dessart. 800 East 96th Street. Indianapolis, IN 46240

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

CCIE Security Written Exam ( ) version 4.0

Official Cert Guide. CCNP Security IPS Odunayo Adesina, CCIE No Keith Barker, CCIE No Cisco Press.

One-Step Lockdown with Cisco SDM

RuggedCom Solutions for

Cisco ASA, PIX, and FWSM Firewall Handbook

Implementing Core Cisco ASA Security (SASAC)

Description: Objective: Attending students will learn:

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Configuring Cisco Nexus 5000 Switches Course DCNX5K v2.1; 5 Days, Instructor-led

Recommended IP Telephony Architecture

CCNA DATA CENTER BOOT CAMP: DCICN + DCICT

Security + Certification (ITSY 1076) Syllabus

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080

Implementing Cisco Data Center Unified Fabric Course DCUFI v5.0; 5 Days, Instructor-led

Managing Enterprise Security with Cisco Security Manager

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Campus LAN at NKN Member Institutions

Interconnecting Cisco Networking Devices Part 2

Introduction to Security and PIX Firewall

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

ASM Educational Center (ASM) Est. 1992

DCUFI - Implementing Cisco Data Center Unified Fabric v5.0

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN

: Interconnecting Cisco Networking Devices Part 2 v1.1

SCP - Strategic Infrastructure Security

CCNA Security Portable Command Guide

McAfee Network Security Platform Administration Course

Eleventh Hour Security+

Case Study for Layer 3 Authentication and Encryption

Interconnecting Cisco Network Devices 1 Course, Class Outline

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Objectives. Background. Required Resources. CCNA Security

NX-OS and Cisco Nexus Switching

8 steps to protect your Cisco router

Cornerstones of Security

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Overview. SSL Cryptography Overview CHAPTER 1

Executive Summary and Purpose

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Lab Organizing CCENT Objectives by OSI Layer

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Network Security: A Practical Approach. Jan L. Harrington

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

General Network Security

Implementing Cisco Secure AccessSolutions Exam

Transcription:

Tim Bovles WILEY Wiley Publishing, Inc.

Contents Introduction xvii Assessment Test xxiv Chapter 1 Introduction to Network Security 1 Threats to Network Security 2 External Threats 3 Internal Threats 5 Application Security 6 Network Security Objectives 6 Classification of Data 8 Security Controls 11 Security Controls by Type 11 Security Controls by Purpose 12 Incident Response 13 Preparation 13 Identification 15 Containment 16 Eradication 17 Recovery 17 Lessons Learned 17 Law and Ethics 18 Legal Matters 18 Intellectual Property 19 Ethics 20 Review Questions 21 Answers to Review Questions 23 Chapter 2 Creating the Secure Network 25 Creating a Security Policy 26 Goals of a Security Policy 26 Policies and Procedures 27 Other Documents 28 Managing Risk 28 Secure Network Design 32 Creating Security Awareness 34 Maintaining Operational Security 35 Defining the Systems Development Life Cycle 35 Review of Operations Security 37 Evolution of Threats 38

viii Contents The Cisco Self-Defending Network 39 Characteristics of the Cisco Self-Defending Network 40 Components of the Cisco Self-Defending Network 42 Summary 42 Exam Essentials 42 Written Lab 43 Review Questions 44 Answers to Review Questions 48 Answers to Written Lab 50 Chapter 3 Securing Administrative Access 51 Securing Administrative Access 52 Methods of Accessing the Router 52 Modes of Interaction with the Router 52 Configuring Passwords 54 Configuring Privilege Levels 56 CLI Views 56 Securing Router Files 58 Login Features for Virtual Connections 58 Configuring a Banner Message 59 Cisco ISR Routers 61 Cisco Security Device Manager (SDM) 62 Prerequisites for Running SDM 62 Introduction to SDM 64 Summary 67 Exam Essentials 68 Written Lab 68 Hands-on Lab 69 Hands-on Lab 3.1: Configuring Passwords 69 Review Questions 70 Answers to Review Questions 74 Answers to Written Lab 75 Chapter 4 Configuring AAA Services 77 Defining AAA Services 78 Defining RADIUS and TACACS+ 79 RADIUS 80 TACACS+ 81 Configuring AAA Using Cisco Secure ACS 82 Introduction to Cisco Secure ACS for Windows 83 Preparation and Installation of Cisco Secure ACS for Windows 86

Contents ix Configuring Authentication 91 AAA Local User Authentication 92 Using Method Lists 93 Configuring Authorization 94 Configuring Accounting 95 Configuring TACACS+ 96 Configuring AAA Services from the Command Line 97 Configuring AAA Services with Cisco SDM 98 Troubleshooting AAA on Cisco Routers 104 Summary 106 Exam Essentials 106 Written Lab 107 Hands-on Labs 108 Hands-on Lab 4.1: Configuring AAA Authentication with a Local Database 108 Hands-on Lab 4.2: Configuring TACACS+ Authentication, Authorization, and Accounting 109 Review Questions 110 Answers to Review Questions 114 Answers to Written Lab 116 Chapter 5 Securing Your Router 117 Using the Command-Line Interface to Lock Down the Router 118 Locking Down the Management Plane 118 Locking Down the Forwarding Plane 121 Understanding One-Step Lockdown 128 Configuring One-Step Lockdown with SDM 128 Differences between One-Step Lockdown and AutoSecure 131 Securing Management and Logging 131 Configuring Syslog Support on a Cisco Router 131 Using SNMP v3 to Secure Management Traffic 134 Securing Administration Using SSH 136 Using SDM to Configure a Syslog Server, SSH, SNMP, and NTP 138 Summary 149 Exam Essentials 150 Written Lab 151 Hands-on Lab 151 Hands-on Lab 5.1: Configuring a Router for SSH Administrative Access 151 Review Questions 153 Answers to Review Questions 157 Answers to Written Lab 158

x Contents Chapter 6 Layer 2 Security 159 Basic Protection of Layer 2 Switches 160 How to Prevent VLAN Attacks 161 Double Tagging 161 Switch Spoofing 162 Mitigating STP Attacks 163 Mitigating DHCP Server Spoofing 165 Configuring DCHP Snooping 166 Dynamic ARP Inspection 166 Protecting against CAM Table Attacks 167 Preventing MAC Spoofing 168 Configuring Port Security 169 Configuring SPAN, RSPAN, and Storm Control 173 Configuring Switched Port Analyzer (SPAN) 173 Configuring Remote Switched Port Analyzer (RSPAN) 175 Configuring Storm Control 178 Summary 179 Exam Essentials 179 Written Lab 181 Hands-on Labs 181 Hands-on Lab 6.1: Configuring Protection against a Spanning Tree Attack 181 Hands-on Lab 6.2: Configuring SPAN on a Cisco Switch to Do Troubleshooting 182 Hands-on Lab 6.3: Configuring Port Security on a Cisco Switch 183 Review Questions 185 Answers to Review Questions 189 Answers to Written Lab 191 Chapter 7 Implementing Cisco IOS Firewall 193 Firewall Basics 194 Packet Filtering Firewall 196 Application-Layer Firewall 197 Stateful Firewall 197 Access Control Lists 198 Basic ACLs 198 Turbo ACLs 200 How to D evelop ACLs 201 Applying ACLs to Router Interfaces 201 Filtering Traffic with ACLs 202 Logical and Performance Considerations for ACLs 204

Contents xi The Cisco IOS Firewall 205 Authentication Proxy 206 Transparent Firewall 206 Stateful Packet Inspection 206 Configure Cisco IOS Firewall with SDM 211 Basic Firewall 212 Advanced Firewall 218 Verify Cisco IOS Firewall Configurations 226 Basic Firewall 227 Advanced Firewall 231 Implementing Zone-Based Firewall 235 Summary 236 Exam Essentials 237 Written Lab 237 Hands-on Lab 238 Hands-on Lab 7.1: Configuring an Access List 238 Review Questions 239 Answers to Review Questions 242 Answers to Written Lab 243 Chapter 8 Implementing Cisco IOS Intrusion Prevention 245 IDS and IPS 246 Introducing the Intrusion Detection System 246 Basic Functions of the Intrusion Prevention System 247 Using IDS and IPS Together 249 Benefits and Drawbacks of IPS/IDS Sensors 250 Types of IDS and IPS Sensors 250 IPS Signatures 254 Configuring IOS IPS 259 Summary 273 Exam Essentials 273 Written Lab 274 Hands-on Lab 274 Hands-on Lab 8.1: Configuring an IPS Policy Using Cisco SDM 274 Review Questions 275 Answers to Review Questions 278 Answers to Written Lab 280 Chapter 9 Understanding Cryptographic Solutions 281 Introduction to Cryptography 282 Caesar's Cipher 282 Vigenere Cipher 284

xii Contents One-Time Pads 285 Transposition Ciphers 285 Symmetric Encryption 285 Symmetric Encryption Keys 286 DES Encryption Algorithm 286 3DES Encryption Algorithm 287 Advanced Encryption Algorithm 288 SEAL 288 Rivest Ciphers 288 Encryption Algorithms 289 Choosing the Right Encryption Algorithm 290 Hashing Functions 290 Summary 291 Exam Essentials 291 Written Lab 292 Hands-on Lab 292 Hands-on Lab 9.1: Creating a Substitution Cipher 292 Review Questions 293 Answers to Review Questions 296 Answers to Written Lab 298 Chapter 10 Using Digital Signatures 299 Hashing Overview 300 Features of Hash Functions and Values 303 Fast and Efficient 304 Collision Resistant 304 Manipulation Resistant 305 One-Way Hashing 305 Fixed-Length Hashing Values 306 Hash Message Authentication Code 306 Hashing Algorithms 307 MD5 Algorithm 307 SHA-1 Algorithm 308 MD5 and SHA-1 Comparison Chart 309 Digital Signatures 309 Digital Signatures Overview 310 Digital Signature Process 310 Summary 313 Exam Essentials 314 Written Lab 314 Hands-on Lab 315 Hands-on Lab 10.1: Generate a Hash Value from a File 315 Review Questions 316 Answers to Review Questions 319 Answers to Written Lab 321

Contents xiii Chapter 11 Using Asymmetric Encryption and PKI 323 Asymmetric Encryption 324 Public Key Cryptography Process 325 Features 326 Drawbacks 327 Usage 327 Hybrid Encryption 328 Asymmetric Encryption Algorithms 329 RSA Algorithm 330 Diffie-Hellman Algorithm 334 Public Key Infrastructure 337 PKI Overview 338 Certificate Authorities 338 CA Structures 340 Digital Certificates 343 Certificate Enrollment 343 Digital Certificates Exposed 345 Certificate Usage 356 Certificate Limitations 359 PKI Standards 359 Public Key Cryptography Standards 359 X.509 Standard 363 SCEP Standard 365 Summary 367 Exam Essentials 367 Written Lab 368 Hands-on Lab 369 Hands-on Lab 11.1: View the Content of Root CA Certificates 369 Review Questions 370 Answers to Review Questions 374 Answers to Written Lab 376 Chapter 12 Implementing Site-to-Site IPsec VPN Solutions 377 Introduction to Virtual Private Networks and IPsec 378 VPN Operation 382 Cisco-Specific Operation 383 Configuring a Site-to-Site VPN 385 Verifying VPN 391 Troubleshooting VPN 392 Cisco Easy VPN 402 Configuring Cisco Easy VPN 403 Redundant Connections and Equipment 414

xiv Contents Summary 415 Exam Essentials 415 Written Lab 416 Hands-on Lab 416 Hands-on Lab 12.1: Configuring a Site-to-Site VPN 416 Review Questions 418 Answers to Review Questions 422 Answers to Written Lab 424 Appendix A Securing Voice Solutions 425 Voice over IP Essentials 426 What Is VoIP? 427 Components of VoIP 428 Common Protocols Used in Voice over IP 430 Threats to Voice over IP 430 Methods of Securing the Voice over IP Environment 433 Appendix B Introduction to SAN Security 441 Introduction to Storage Area Networks 442 Benefits of a SAN 443 SAN Transport Methods 443 Fibre Channel 444 iscsi 444 FCIP 444 FCOE 445 Elements of a SAN 445 Logical Unit Numbers (LUNs) and LUN Masking 446 Fibre Channel Zoning 446 World Wide Names 447 VSANs 448 Port Authentication Protocols 448 SAN Security Essentials 448 SAN Management Security Risks 449 Fabric and Target Access Security Risks 449 Secure SAN Protocols 449 Secure IP Storage Access 450 Secure Data 450 Cisco MDS 9000 Features 450

Contents xv Appendix C Exploring Endpoint Security 451 Introduction to Endpoint Security 452 Buffer Overflow Threats 453 Cisco Endpoint Security Products 454 IronPort for Email and Web Protection 454 Cisco Network Admission Control 455 Cisco Security Agent 456 Endpoint Security Best Practices 458 Operating System and Network Security 458 Application Security 459 Appendix D Capstone Exercise 461 Layer 2 Exercise 463 IOS Firewall Exercise 464 Secure Management Access Exercise 468 Cisco IOS IPS Exercise 474 AAA Exercise 479 Site-to-Site VPN Exercise 480 Appendix E About the Companion CD 483 What You'll Find on the CD 484 Sybex Test Engine 484 PDF of the Book 484 Adobe Reader 484 Electronic Flashcards 485 System Requirements 485 Using the CD 485 Troubleshooting 485 Customer Care 486 Glossary 487 Index 495

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information