Muutke küpsiste eelistusi

CCNA Security (640-554) Portable Command Guide [Pehme köide]

4.45/5 (33 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 368 pages, kõrgus x laius x paksus: 229x153x20 mm, kaal: 490 g
  • Ilmumisaeg: 31-May-2012
  • Kirjastus: Cisco Press
  • ISBN-10: 1587204487
  • ISBN-13: 9781587204487
Teised raamatud teemal:
  • Pehme köide
  • Hind: 35,64 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
CCNA Security (640-554) Portable Command GuideSuurem pilt
  • Formaat: Paperback / softback, 368 pages, kõrgus x laius x paksus: 229x153x20 mm, kaal: 490 g
  • Ilmumisaeg: 31-May-2012
  • Kirjastus: Cisco Press
  • ISBN-10: 1587204487
  • ISBN-13: 9781587204487
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781587204487.html
Märksõnad:

All the CCNA Security 640-554 commands in one compact, portable resource

Preparing for the latest CCNA® Security exam? Here are all the CCNA Security commands you need in one condensed, portable resource. Filled with valuable, easy-to-access information, the CCNA Security Portable Command Guide is portable enough for you to use whether you’re in the server room or the equipment closet.

Completely updated to reflect the new CCNA Security 640-554 exam, this quick reference summarizes relevant Cisco IOS® Software commands, keywords, command arguments, and associated prompts, and offers tips and examples for applying these commands to real-world security challenges. Throughout, configuration examples provide an even deeper understanding of how to use IOS to protect networks.

Topics covered include

• Networking security fundamentals: concepts, policies, strategies, and more

• Securing network infrastructure: network foundations, CCP, management plane and access, and data planes (IPv6/IPv4)

• Secure connectivity: VPNs, cryptography, IPsec, and more

• Threat control and containment: strategies, ACL threat mitigation, zone-based firewalls, and Cisco IOS IPS

• Securing networks with ASA: ASDM, basic and advanced settings, and ASA SSL VPNs

Bob Vachon is a professor at Cambrian College. He has held CCNP certification since 2002 and has collaborated on many Cisco Networking Academy courses. He was the lead author for the Academy’s CCNA Security v1.1 curriculum that aligns to the Cisco IOS Network Security (IINS) certification exam (640-554).

· Access all CCNA Security commands: use as a quick, offline resource for research and solutions

· Logical how-to topic groupings provide one-stop research

· Great for review before CCNA Security certification exams

· Compact size makes it easy to carry with you, wherever you go

· “Create Your Own Journal” section with blank, lined pages allows you to personalize the book for your needs

· “What Do You Want to Do?” chart inside front cover helps you to quickly reference specific tasks

This book is part of the Cisco Press® Certification Self-Study Product Family, which offers readers a self-paced study routine for Cisco® certification exams. Titles in the Cisco Press Certification Self-Study Product Family are part of a recommended learning program from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press.

Introduction xvii
PART I Networking Security Fundamentals
Chapter 1 Networking Security Concepts
1(12)
Basic Security Concepts
2(1)
Assets, Vulnerabilities, Threats, and Countermeasures
2(1)
Confidentiality, Integrity, and Availability
2(1)
Data Classification Criteria
2(1)
Data Classification Levels
2(1)
Classification Roles
3(1)
Threat Classification
3(1)
Preventive, Detective, and Corrective Controls
3(1)
Risk Avoidance, Transfer, and Retention
4(1)
Drivers for Network Security
4(1)
Evolution of Threats
4(1)
Tracking Threats
5(1)
Malicious Code: Viruses, Worms, and Trojan Horses
5(2)
Anatomy of a Worm
6(1)
Mitigating Malware and Worms
6(1)
Threats in Borderless Networks
7(4)
Hacker Titles
7(1)
Thinking Like a Hacker
8(1)
Reconnaissance Attacks
8(1)
Access Attacks
9(1)
Password Cracking
10(1)
Denial-of-Service Attacks
10(1)
Principles of Secure Network Design
11(2)
Defense in Depth
11(2)
Chapter 2 Implementing Security Policies Using a Lifecycle Approach
13(12)
Risk Analysis
13(4)
Quantitative Risk Analysis Formula
14(1)
Quantitative Risk Analysis Example
15(1)
Regulatory Compliance
15(2)
Security Policy
17(2)
Standards, Guidelines, and Procedures
18(1)
Security Policy Audience Responsibilities
19(1)
Security Awareness
19(1)
Secure Network Lifecycle Management
19(3)
Models and Frameworks
21(1)
Assessing and Monitoring the Network Security Posture
21(1)
Testing the Security Architecture
22(1)
Incident Response
22(1)
Incident Response Phases
22(1)
Computer Crime Investigation
23(1)
Collection of Evidence and Forensics
23(1)
Law Enforcement and Liability
23(1)
Ethics
23(1)
Disaster-Recovery and Business-Continuity Planning
23(2)
Chapter 3 Building a Security Strategy for Borderless Networks
25(8)
Cisco Borderless Network Architecture
25(1)
Borderless Security Products
26(1)
Cisco SecureX Architecture and Context-Aware Security
26(3)
Cisco TrustSec
28(1)
TrustSec Confidentiality
28(1)
Cisco AnyConnect
29(1)
Cisco Security Intelligence Operations
29(1)
Threat Control and Containment
29(1)
Cloud Security and Data-Loss Prevention
30(1)
Secure Connectivity Through VPNs
31(1)
Security Management
31(2)
PART II Protecting the Network Infrastructure
Chapter 4 Network Foundation Protection
33(6)
Threats Against the Network Infrastructure
33(1)
Cisco Network Foundation Protection Framework
34(1)
Control Plane Security
35(1)
Control Plane Policing
36(1)
Management Plane Security
36(1)
Role-Based Access Control
37(1)
Secure Management and Reporting
37(1)
Data Plane Security
37(2)
ACLs
37(1)
Antispoofing
38(1)
Layer 2 Data Plane Protection
38(1)
Chapter 5 Protecting the Network Infrastructure Using CCP
39(14)
Cisco Configuration Professional
39(1)
Cisco Configuration Professional Express
40(4)
Connecting to Cisco CP Express Using the GUI
41(3)
Cisco Configuration Professional
44(3)
Configuring an ISR for CCP Support
44(1)
Installing CCP on a Windows PC
45(1)
Connecting to an ISR Using CCP
45(2)
CCP Features and User Interface
47(2)
Application Menu Options
48(1)
Toolbar Menu Options
48(1)
Toolbar Configure Options
49(1)
Toolbar Monitor Options
49(1)
Using CCP to Configure IOS Device-Hardening Features
49(2)
CCP Security Audit
49(1)
CCP One-Step Lockdown
50(1)
Using the Cisco IOS AutoSecure CLI Feature
51(2)
Configuring AutoSecure via the CLI
51(2)
Chapter 6 Securing the Management Plane
53(24)
Planning a Secure Management and Reporting Strategy
54(1)
Securing the Management Plane
54(8)
Securing Passwords
55(1)
Securing the Console Line and Disabling the Auxiliary Line
55(1)
Securing VTY Access with SSH
56(1)
Securing VTY Access with SSH Example
57(1)
Securing VTY Access with SSH Using CCP Example
58(2)
Securing Configuration and IOS Files
60(1)
Restoring Bootset Files
61(1)
Implementing Role-Based Access Control on Cisco Routers
62(5)
Configuring Privilege Levels
62(1)
Configuring Privilege Levels Example
62(1)
Configuring RBAC via the CLI
62(1)
Configuring RBAC via the CLI Example
63(1)
Configuring Superviews
63(1)
Configuring a Superview Example
64(1)
Configuring RBAC Using CCP Example
64(3)
Network Monitoring
67(10)
Configuring a Network Time Protocol Master Clock
67(1)
Configuring an NTP Client
67(1)
Configuring an NTP Master and Client Example
67(1)
Configuring an NTP Client Using CCP Example
68(1)
Configuring Syslog
69(2)
Configuring Syslog Example
71(1)
Configuring Syslog Using CCP Example
71(3)
Configuring SNMP
74(1)
Configuring SNMP Using CCP
74(3)
Chapter 7 Securing Management Access with AAA
77(26)
Authenticating Administrative Access
78(1)
Local Authentication
78(1)
Server-Based Authentication
78(1)
Authentication, Authorization, and Accounting Framework
79(1)
Local AAA Authentication
79(7)
Configuring Local AAA Authentication Example
80(1)
Configuring Local AAA Authentication Using CCP Example
81(5)
Server-Based AAA Authentication
86(8)
TACACS+ Versus RADIUS
86(1)
Configuring Server-Based AAA Authentication
87(1)
Configuring Server-Based AAA Authentication Example
88(1)
Configuring Server-Based AAA Authentication Using CCP Example
89(5)
AAA Authorization
94(4)
Configuring AAA Authorization Example
94(1)
Configuring AAA Authorization Using CCP
94(4)
AAA Accounting
98(1)
Configuring AAA Accounting Example
98(1)
Cisco Secure ACS
98(5)
Adding a Router as a AAA Client
99(1)
Configuring Identity Groups and an Identity Store
99(1)
Configuring Access Service to Process Requests
100(1)
Creating Identity and Authorization Policies
101(2)
Chapter 8 Securing the Data Plane on Catalyst Switches
103(16)
Common Threats to the Switching Infrastructure
104(1)
Layer 2 Attacks
104(1)
Layer 2 Security Guidelines
104(1)
MAC Address Attacks
105(4)
Configuring Port Security
105(1)
Fine-Tuning Port Security
106(1)
Configuring Optional Port Security Settings
107(1)
Configuring Port Security Example
108(1)
Spanning Tree Protocol Attacks
109(3)
STP Enhancement Features
109(1)
Configuring STP Enhancement Features
110(1)
Configuring STP Enhancements Example
111(1)
LAN Storm Attacks
112(1)
Configuring Storm Control
112(1)
Configuring Storm Control Example
113(1)
VLAN Hopping Attacks
113(2)
Mitigating VLAN Attacks
114(1)
Mitigating VLAN Attacks Example
114(1)
Advanced Layer 2 Security Features
115(4)
ACLs and Private VLANs
116(1)
Cisco Integrated Security Features
116(1)
Secure the Switch Management Plane
117(2)
Chapter 9 Securing the Data Plane in IPv6 Environments
119(8)
Overview of IPv6
119(4)
Comparison Between IPv4 and IPv6
119(1)
The IPv6 Header
120(1)
ICMPv6
121(1)
Stateless Autoconfiguration
122(1)
IPv4-to-IPv6 Transition Solutions
122(1)
IPv6 Routing Solutions
122(1)
IPv6 Threats
123(1)
IPv6 Vulnerabilities
124(1)
IPv6 Security Strategy
124(3)
Configuring Ingress Filtering
124(1)
Secure Transition Mechanisms
125(1)
Future Security Enhancements
125(2)
PART III Threat Control and Containment
Chapter 10 Planning a Threat Control Strategy
127(4)
Threats
127(1)
Trends in Information Security Threats
127(1)
Threat Control Guidelines
128(1)
Threat Control Design Guidelines
128(1)
Integrated Threat Control Strategy
129(2)
Cisco Security Intelligence Operations
130(1)
Chapter 11 Configuring ACLs for Threat Mitigation
131(22)
Access Control List
131(3)
Mitigating Threats Using ACLs
132(1)
ACL Design Guidelines
132(1)
ACL Operation
132(2)
Configuring ACLs
134(6)
ACL Configuration Guidelines
134(1)
Filtering with Numbered Extended ACLs
134(1)
Configuring a Numbered Extended ACL Example
135(1)
Filtering with Named Extended ACLs
135(1)
Configuring a Named Extended ACL Example
136(1)
Configuring an Extended ACL Using CCP Example
136(4)
Enhancing ACL Protection with Object Groups
140(9)
Network Object Groups
140(1)
Service Object Groups
140(1)
Using Object Groups in Extended ACLs
141(1)
Configuring Object Groups in ACLs Example
142(2)
Configuring Object Groups in ACLs Using CCP Example
144(5)
ACLs in IPv6
149(4)
Mitigating IPv6 Attacks Using ACLs
149(1)
IPv6 ACLs Implicit Entries
149(1)
Filtering with IPv6 ACLs
149(2)
Configuring an IPv6 ACL Example
151(2)
Chapter 12 Configuring Zone-Based Firewalls
153(18)
Firewall Fundamentals
153(1)
Types of Firewalls
154(1)
Firewall Design
154(2)
Firewall Policies
154(1)
Firewall Rule Design Guidelines
155(1)
Cisco IOS Firewall Evolution
155(1)
Cisco IOS Zone-Based Policy Firewall
156(15)
Cisco Common Classification Policy Language
156(1)
ZFW Design Considerations
156(1)
Default Policies, Traffic Flows, and Zone Interaction
157(1)
Configuring an IOS ZFW
157(3)
Configuring an IOS ZFW Using the CLI Example
160(1)
Configuring an IOS ZFW Using CCP Example
161(6)
Configuring NAT Services for ZFWs Using CCP Example
167(4)
Chapter 13 Configuring Cisco IOS IPS
171(24)
IDS and IPS Fundamentals
171(2)
Types of IPS Sensors
172(1)
Types of Signatures
172(1)
Types of Alarms
172(1)
Intrusion Prevention Technologies
173(5)
IPS Attack Responses
174(1)
IPS Anti-Evasion Techniques
175(1)
Managing Signatures
175(1)
Cisco IOS IPS Signature Files
176(1)
Implementing Alarms in Signatures
176(1)
IOS IPS Severity Levels
177(1)
Event Monitoring and Management
177(1)
IPS Recommended Practices
178(1)
Configuring IOS IPS
178(17)
Creating an IOS IPS Rule and Specifying the IPS Signature File Location
179(1)
Tuning Signatures per Category
180(3)
Configuring IOS IPS Example
183(2)
Configuring IOS IPS Using CCP Example
185(8)
Signature Tuning Using CCP
193(2)
PART IV Secure Connectivity
Chapter 14 VPNs and Cryptology
195(12)
Virtual Private Networks
195(2)
VPN Deployment Modes
196(1)
Cryptology = Cryptography + Cryptanalysis
197(3)
Historical Cryptographic Ciphers
197(1)
Modern Substitution Ciphers
198(1)
Encryption Algorithms
198(1)
Cryptanalysis
199(1)
Cryptographic Processes in VPNs
200(3)
Classes of Encryption Algorithms
201(1)
Symmetric Encryption Algorithms
201(1)
Asymmetric Encryption Algorithm
202(1)
Choosing an Encryption Algorithm
202(1)
Choosing an Adequate Keyspace
202(1)
Cryptographic Hashes
203(1)
Well-Known Hashing Algorithms
203(1)
Hash-Based Message Authentication Codes
203(1)
Digital Signatures
204(3)
Chapter 15 Asymmetric Encryption and PKI
207(6)
Asymmetric Encryption
207(1)
Public Key Confidentiality and Authentication
207(1)
RSA Functions
208(1)
Public Key Infrastructure
208(5)
PKI Terminology
209(1)
PKI Standards
209(1)
PKI Topologies
210(1)
PKI Characteristics
211(2)
Chapter 16 IPsec VPNs
213(10)
IPsec Protocol
213(5)
IPsec Protocol Framework
214(1)
Encapsulating IPsec Packets
215(1)
Transport Versus Tunnel Mode
215(1)
Confidentiality Using Encryption Algorithms
216(1)
Data Integrity Using Hashing Algorithms
216(1)
Peer Authentication Methods
217(1)
Key Exchange Algorithms
217(1)
NSA Suite B Standard
218(1)
Internet Key Exchange
218(3)
IKE Negotiation Phases
219(1)
IKEv1 Phase 1 (Main Mode and Aggressive Mode)
219(1)
IKEv1 Phase 2 (Quick Mode)
220(1)
IKEv2 Phase 1 and 2
220(1)
IKEv1 Versus IKEv2
221(1)
IPv6 VPNs
221(2)
Chapter 17 Configuring Site-to-Site VPNs
223(24)
Site-to-Site IPsec VPNs
223(2)
IPsec VPN Negotiation Steps
223(1)
Planning an IPsec VPN
224(1)
Cipher Suite Options
225(1)
Configuring IOS Site-to-Site VPNs
225(22)
Verifying the VPN Tunnel
229(1)
Configuring a Site-to-Site IPsec VPN Using IOS Example
230(2)
Configuring a Site-to-Site IPsec VPN Using CCP Example
232(9)
Generating a Mirror Configuration Using CCP
241(1)
Testing and Monitoring IPsec VPNs
242(2)
Monitoring Established IPsec VPN Connections Using CCP
244(3)
PART V Securing the Network Using the ASA
Chapter 18 Introduction to the ASA
247(10)
Adaptive Security Appliance
247(4)
ASA Models
248(1)
Routed and Transparent Firewall Modes
249(1)
ASA Licensing
249(2)
Basic ASA Configuration
251(6)
ASA 5505 Front and Back Panel
251(1)
ASA 5510 Front and Back Panel
252(1)
ASA Security Levels
253(2)
ASA 5505 Port Configuration
255(1)
ASA 5505 Deployment Scenarios
255(1)
ASA 5505 Configuration Options
255(2)
Chapter 19 Introduction to ASDM
257(10)
Adaptive Security Device Manager
257(3)
Accessing ASDM
258(1)
Factory Default Settings
258(1)
Resetting the ASA 5505 to Factory Default Settings
259(1)
Erasing the Factory Default Settings
259(1)
Setup Initialization Wizard
259(1)
Installing and Running ASDM
260(4)
Running ASDM
262(2)
ASDM Wizards
264(3)
The Startup Wizard
264(1)
VPN Wizards
265(1)
Advanced Wizards
266(1)
Chapter 20 Configuring Cisco ASA Basic Settings
267(16)
ASA Command-Line Interface
267(1)
Differences Between IOS and ASA OS
268(1)
Configuring Basic Settings
268(2)
Configuring Basic Management Settings
269(1)
Enabling the Master Passphrase
269(1)
Configuring Interfaces
270(2)
Configuring the Inside and Outside SVIs
270(1)
Assigning Layer 2 Ports to VLANs
271(1)
Configuring a Third SVI
272(1)
Configuring the Management Plane
272(2)
Enabling Telnet, SSH, and HTTPS Access
272(2)
Configuring Time Services
274(1)
Configuring the Control Plane
274(1)
Configuring a Default Route
274(1)
Basic Settings Example
274(9)
Configuring Basic Settings Example Using the CLI
275(2)
Configuring Basic Settings Example Using ASDM
277(6)
Chapter 21 Configuring Cisco ASA Advanced Settings
283(36)
ASA DHCP Services
284(5)
DHCP Client
284(1)
DHCP Server Services
284(1)
Configuring DHCP Server Example Using the CLI
285(2)
Configuring DHCP Server Example Using ASDM
287(2)
ASA Objects and Object Groups
289(6)
Network and Service Objects
289(2)
Network, Protocol, ICMP, and Service Object Groups
291(2)
Configuring Objects and Object Groups Example Using ASDM
293(2)
ASA ACLs
295(6)
ACL Syntax
296(1)
Configuring ACLs Example Using the CLI
297(2)
Configuring ACLs with Object Groups Example Using the CLI
299(1)
Configuring ACLs with Object Groups Example Using ASDM
300(1)
ASA NAT Services
301(7)
Auto-NAT
302(1)
Dynamic NAT, Dynamic PAT, and Static NAT
302(2)
Configuring Dynamic and Static NAT Example Using the CLI
304(2)
Configuring Dynamic NAT Example Using ASDM
306(2)
AAA Access Control
308(5)
Local AAA Authentication
308(1)
Server-Based AAA Authentication
309(1)
Configuring AAA Server-Based Authentication Example Using the CLI
309(1)
Configuring AAA Server-Based Authentication Example Using ASDM
310(3)
Modular Policy Framework Service Policies
313(6)
Class Maps, Policy Maps, and Service Policies
314(3)
Default Global Policies
317(1)
Configure Service Policy Example Using ASDM
318(1)
Chapter 22 Configuring Cisco ASA SSL VPNs
319(16)
Remote-Access VPNs
319(1)
Types of Remote-Access VPNs
319(1)
ASA SSL VPN
320(15)
Client-Based SSL VPN Example Using ASDM
321(7)
Clientless SSL VPN Example Using ASDM
328(7)
Appendix Create Your Own Journal Here 335
Bob Vachon is a professor in the Computer Systems Technology program at Cambrian College in Sudbury, Ontario, Canada, where he teaches networking infrastructure courses. He has worked and taught in the computer networking and information technology field since 1984. He has collaborated on various CCNA, CCNA Security, and CCNP projects for the Cisco Networking Academy as team lead, lead author, and subject matter expert. He enjoys playing the guitar and being outdoors, either working in his gardens or whitewater canoe tripping.