My Account
Log in Registration
All
Cart
Highlights
Fiction Books
Non-Fiction Books
Children's Books
Rare Books
Music
DVD & Blu-Ray
Video Games
Category
Wishlists
Cart
All
Free Shipping in the UK
Trustpilot
Proud to be B-Corp

CCNA Security Official Exam Certification Guide (Exam 640-553) Michael Watkins

CCNA Security Official Exam Certification Guide (Exam 640-553) By Michael Watkins

CCNA Security Official Exam Certification Guide (Exam 640-553) by Michael Watkins

Reviews:
£5.20
New RRP £31.36
Condition - Very Good
Only 4 left
Very Good

CCNA Security Official Exam Certification Guide (Exam 640-553) Summary

CCNA Security Official Exam Certification Guide (Exam 640-553) by Michael Watkins

CCNA Security

Official Exam Certification Guide

  • Master the IINS 640-553 exam with this official study guide
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with Exam Preparation Tasks
  • Practice with realistic exam questions on the CD-ROM

CCNA Security Official Exam Certification Guide is a best of breed Cisco (R) exam study guide that focuses specifically on the objectives for the CCNA (R) Security IINS exam. Senior security instructors Michael Watkins and Kevin Wallace share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNA Security Official Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. "Do I Know This Already?" quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks sections help drill you on key concepts you must know thoroughly.

The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a topic-by-topic basis, presenting question-by-question remediation to the text and laying out a complete study plan for review.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNA Security Official Exam Certification Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

Michael Watkins, CCNA/CCNP (R)/CCVP (R)/CCSP (R), is a full-time senior technical instructor with SkillSoft Corporation. With 13 years of network management, training, and consulting experience, Michael has worked with organizations such as Kraft Foods, Johnson and Johnson, Raytheon, and the United States Air Force to help them implement and learn the latest network technologies.

Kevin Wallace, CCIE (R) No. 7945, is a certified Cisco instructor working full time for SkillSoft, where he teaches courses in the Cisco CCSP, CCVP, and CCNP tracks. With 19 years of Cisco networking experience, Kevin has been a network design specialist for the Walt Disney World Resort and a network manager for Eastern Kentucky University. Kevin also is a CCVP, CCSP, CCNP, and CCDP with multiple Cisco security and IP communications specializations.

The official study guide helps you master all the topics on the IINS exam, including

  • Network security threats
  • Security policies
  • Network perimeter defense
  • AAA configuration
  • Router security
  • Switch security
  • Endpoint security
  • SAN security
  • VoIP security
  • IOS firewalls
  • Cisco IOS (R) IPS
  • Cryptography
  • Digital signatures
  • PKI and asymmetric encryption
  • IPsec VPNs

This volume is part of the Exam Certification Guide Series from Cisco Press (R). Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

Category: Cisco Press-Cisco Certification

Covers: IINS exam 640-553

About Michael Watkins

Michael Watkins, CCNA/CCNP/CCVP/CCSP, is a full-time senior technical instructor with SkillSoft Corporation. With 13 years of network management, training, and consulting experience, he has worked with organizations such as Kraft Foods, Johnson and Johnson, Raytheon, and the U.S. Air Force to help them implement and learn about the latest network technologies. In addition to holding more than 20 industry certifications in the areas of networking and programming technologies, he holds a bachelor of arts degree from Wabash College.

Kevin Wallace, CCIE No. 7945, is a certified Cisco instructor working full time for SkillSoft, where he teaches courses in the Cisco CCSP, CCVP, and CCNP tracks. With 19 years of Cisco networking experience, he has been a network design specialist for the Walt Disney World Resort and a network manager for Eastern Kentucky University. He holds a bachelor of science degree in electrical engineering from the University of Kentucky. He is also a CCVP, CCSP, CCNP, and CCDP, with multiple Cisco security and IP communications specializations.

Table of Contents

Foreword

Introduction

Part I Network Security Concepts

Chapter 1 Understanding Network Security Principles

"Do I Know This Already?" Quiz

Foundation Topics

Exploring Security Fundamentals

Why Network Security Is a Necessity

Types of Threats

Scope of the Challenge

Nonsecured Custom Applications

The Three Primary Goals of Network Security

Confidentiality

Integrity

Availability

Categorizing Data

Classification Models

Classification Roles

Controls in a Security Solution

Responding to a Security Incident

Legal and Ethical Ramifications

Legal Issues to Consider

Understanding the Methods of Network Attacks

Vulnerabilities

Potential Attackers

The Mind-set of a Hacker

Defense in Depth

Understanding IP Spoofing

Launching a Remote IP Spoofing Attack with IP Source Routing

Launching a Local IP Spoofing Attack Using a Man-in-the-Middle Attack

Protecting Against an IP Spoofing Attack

Understanding Confidentiality Attacks

Understanding Integrity Attacks

Understanding Availability Attacks

Best-Practice Recommendations

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Chapter 2 Developing a Secure Network

"Do I Know This Already?" Quiz

Foundation Topics

Increasing Operations Security

System Development Life Cycle 49

Initiation 49

Acquisition and Development 49

Implementation 50

Operations and Maintenance 50

Disposition 51

Operations Security Overview 51

Evaluating Network Security 52

Nmap 54

Disaster Recovery Considerations 55

Types of Disruptions 56

Types of Backup Sites 56

Constructing a Comprehensive Network Security Policy 57

Security Policy Fundamentals 57

Security Policy Components 58

Governing Policy 58

Technical Policies 58

End-User Policies 59

More-Detailed Documents 59

Security Policy Responsibilities 59

Risk Analysis, Management, and Avoidance 60

Quantitative Analysis 60

Qualitative Analysis 61

Risk Analysis Benefits 61

Risk Analysis Example: Threat Identification 61

Managing and Avoiding Risk 62

Factors Contributing to a Secure Network Design 62

Design Assumptions 63

Minimizing Privileges 63

Simplicity Versus Complexity 64

User Awareness and Training 64

Creating a Cisco Self-Defending Network 66

Evolving Security Threats 66

Constructing a Cisco Self-Defending Network 67

Cisco Security Management Suite 69

Cisco Integrated Security Products 70

Exam Preparation Tasks 74

Review All the Key Topics 74

Complete the Tables and Lists from Memory 75

Definition of Key Terms 75

Chapter 3 Defending the Perimeter 77

"Do I Know This Already?" Quiz 77

Foundation Topics 81

ISR Overview and Providing Secure Administrative Access 81

IOS Security Features 81

Cisco Integrated Services Routers 81

Cisco 800 Series 82

Cisco 1800 Series 83

Cisco 2800 Series 84

Cisco 3800 Series 84

ISR Enhanced Features 85

Password-Protecting a Router 86

Limiting the Number of Failed Login Attempts 92

Setting a Login Inactivity Timer 92

Configuring Privilege Levels 93

Creating Command-Line Interface Views 93

Protecting Router Files 95

Enabling Cisco IOS Login Enhancements for Virtual Connections 96

Creating a Banner Message 98

Cisco Security Device Manager Overview 99

Introducing SDM 99

Preparing to Launch Cisco SDM

Exploring the Cisco SDM Interface

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Command Reference to Check Your Memory

Chapter 4 Configuring AAA

"Do I Know This Already?" Quiz

Foundation Topics

Configuring AAA Using the Local User Database

Authentication, Authorization, and Accounting

AAA for Cisco Routers

Router Access Authentication

Using AAA to Configure Local User Database Authentication

Defining a Method List

Setting AAA Authentication for Login

Configuring AAA Authentication on Serial Interfaces Running PPP

Using the aaa authentication enable default Command

Implementing the aaa authorization Command

Working with the aaa accounting Command

Using the CLI to Troubleshoot AAA for Cisco Routers

Using Cisco SDM to Configure AAA

Configuring AAA Using Cisco Secure ACS

Overview of Cisco Secure ACS for Windows

Additional Features of Cisco Secure ACS 4.0 for Windows

Cisco Secure ACS 4.0 for Windows Installation

Overview of TACACS+ and RADIUS

TACACS+ Authentication

Command Authorization with TACACS+

TACACS+ Attributes

Authentication and Authorization with RADIUS

RADIUS Message Types

RADIUS Attributes

Features of RADIUS

Configuring TACACS+

Using the CLI to Configure AAA Login Authentication on Cisco Routers

Configuring Cisco Routers to Use TACACS+ Using the Cisco SDM

Defining the AAA Servers

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Command Reference to Check Your Memory

Chapter 5 Securing the Router

"Do I Know This Already?" Quiz

Foundation Topics

Locking Down the Router

Identifying Potentially Vulnerable Router Interfaces and Services

Locking Down a Cisco IOS Router

AutoSecure

Cisco SDM One-Step Lockdown

Using Secure Management and Reporting

Planning for Secure Management and Reporting

Secure Management and Reporting Architecture

Configuring Syslog Support

Securing Management Traffic with SNMPv3

Enabling Secure Shell on a Router

Using Cisco SDM to Configure Management Features

Configuring Syslog Logging with Cisco SDM

Configuring SNMP with Cisco SDM

Configuring NTP with Cisco SDM

Configuring SSH with Cisco SDM

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Command Reference to Check Your Memory

Part II Constructing a Secure Infrastructure

Chapter 6 Securing Layer 2 Devices

"Do I Know This Already?" Quiz

Foundation Topics

Defending Against Layer 2 Attacks

Review of Layer 2 Switch Operation

Basic Approaches to Protecting Layer 2 Switches

Preventing VLAN Hopping

Switch Spoofing

Double Tagging

Protecting Against an STP Attack

Combating DHCP Server Spoofing

Using Dynamic ARP Inspection

Mitigating CAM Table Overflow Attacks

Spoofing MAC Addresses

Additional Cisco Catalyst Switch Security Features

Using the SPAN Feature with IDS

Enforcing Security Policies with VACLs

Isolating Traffic Within a VLAN Using Private VLANs

Traffic Policing

Notifying Network Managers of CAM Table Updates

Port Security Configuration

Configuration Recommendations

Cisco Identity-Based Networking Services

Introduction to Cisco IBNS

Overview of IEEE 802.1x

Extensible Authentication Protocols

EAP-MD5

EAP-TLS

PEAP (MS-CHAPv2)

EAP-FAST

Combining IEEE 802.1x with Port Security Features

Using IEEE 802.1x for VLAN Assignment

Configuring and Monitoring IEEE 802.1x

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Command Reference to Check Your Memory

Chapter 7 Implementing Endpoint Security

"Do I Know This Already?" Quiz

Foundation Topics

Examining Endpoint Security

Defining Endpoint Security

Examining Operating System Vulnerabilities

Examining Application Vulnerabilities

Understanding the Threat of Buffer Overflows

Buffer Overflow Defined

The Anatomy of a Buffer Overflow Exploit

Understanding the Types of Buffer Overflows

Additional Forms of Attack

Securing Endpoints with Cisco Technologies

Understanding IronPort

The Architecture Behind IronPort

Examining the Cisco NAC Appliance

Working with the Cisco Security Agent

Understanding Cisco Security Agent Interceptors

Examining Attack Response with the Cisco Security Agent

Best Practices for Securing Endpoints

Application Guidelines

Apply Application Protection Methods

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Chapter 8 Providing SAN Security

"Do I Know This Already?" Quiz

Foundation Topics

Overview of SAN Operations

Fundamentals of SANs

Organizational Benefits of SAN Usage

Understanding SAN Basics

Fundamentals of SAN Security

Classes of SAN Attacks

Implementing SAN Security Techniques

Using LUN Masking to Defend Against Attacks

Examining SAN Zoning Strategies

Examining Soft and Hard Zoning

Understanding World Wide Names

Defining Virtual SANs

Combining VSANs and Zones

Identifying Port Authentication Protocols

Understanding DHCHAP

CHAP in Securing SAN Devices

Working with Fibre Channel Authentication Protocol

Understanding Fibre Channel Password Authentication Protocol

Assuring Data Confidentiality in SANs

Incorporating Encapsulating Security Payload (ESP)

Providing Security with Fibre Channel Security Protocol

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Chapter 9 Exploring Secure Voice Solutions

"Do I Know This Already?" Quiz

Foundation Topics

Defining Voice Fundamentals

Defining VoIP

The Need for VoIP

VoIP Network Components

VoIP Protocols

Identifying Common Voice Vulnerabilities

Attacks Targeting Endpoints

VoIP Spam

Vishing and Toll Fraud

SIP Attack Targets

Securing a VoIP Network

Protecting a VoIP Network with Auxiliary VLANs

Protecting a VoIP Network with Security Appliances

Hardening Voice Endpoints and Application Servers

Summary of Voice Attack Mitigation Techniques

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Chapter 10 Using Cisco IOS Firewalls to Defend the Network

"Do I Know This Already?" Quiz

Foundation Topics

Exploring Firewall Technology

The Role of Firewalls in Defending Networks

The Advance of Firewall Technology

Transparent Firewalls

Application Layer Firewalls

Benefits of Using Application Layer Firewalls

Working with Application Layer Firewalls

Application Firewall Limitations

Static Packet-Filtering Firewalls

Stateful Packet-Filtering Firewalls

Stateful Packet Filtering and the State Table

Disadvantages of Stateful Filtering

Uses of Stateful Packet-Filtering Firewalls

Application Inspection Firewalls

Application Inspection Firewall Operation

Effective Use of an Application Inspection Firewall

Overview of the Cisco ASA Adaptive Security Appliance

The Role of Firewalls in a Layered Defense Strategy

Creating an Effective Firewall Policy

Using ACLs to Construct Static Packet Filters

The Basics of ACLs

Cisco ACL Configuration

Working with Turbo ACLs

Developing ACLs

Using the CLI to Apply ACLs to the Router Interface

Considerations When Creating ACLs

Filtering Traffic with ACLs

Preventing IP Spoofing with ACLs

Restricting ICMP Traffic with ACLs

Configuring ACLs to Filter Router Service Traffic

vty Filtering

SNMP Service Filtering

RIPv2 Route Filtering

Grouping ACL Functions

Implementing a Cisco IOS Zone-Based Firewall

Understanding Cisco IOS Firewalls

Traffic Filtering

Traffic Inspection

The Role of Alerts and Audit Trails

Classic Firewall Process

SPI and CBAC

Examining the Principles Behind Zone-Based Firewalls

Changes to Firewall Configuration

Zone Membership Rules

Understanding Security Zones

Zones and Inspection

Security Zone Restrictions

Working with Zone Pairs

Security Zone Firewall Policies

Class Maps

Verifying Zone-Based Firewall Configuration

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Command Reference to Check Your Memory

Chapter 11 Using Cisco IOS IPS to Secure the Network

"Do I Know This Already?" Quiz

Foundation Topics

Examining IPS Technologies

IDS Versus IPS

IDS and IPS Device Categories

Detection Methods

Network-Based Versus Host-Based IPS

Deploying Network-Based and Host-Based Solutions

IDS and IPS Appliances

Cisco IDS 4215 Sensor

Cisco IPS 4240 Sensor

Cisco IPS 4255 Sensor

Cisco IPS 4260 Sensor

Signatures

Exploit Signatures

Connection Signatures

String Signatures

Denial-of-Service Signatures

Signature Definition Files

Alarms

Using SDM to Configure Cisco IOS IPS

Launching the Intrusion Prevention Wizard

IPS Policies Wizard

Creating IPS Rules

Manipulating Global IPS Settings

Signature Configuration

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Part III Extending Security and Availability with Cryptography and VPNs

Chapter 12 Designing a Cryptographic Solution

"Do I Know This Already?" Quiz

Foundation Topics

Introducing Cryptographic Services

Understanding Cryptology

Cryptography Through the Ages

The Substitution Cipher

The Vigenere Cipher

Transposition Ciphers

Working with the One-Time Pad

The Encryption Process

Cryptanalysis

Understanding the Features of Encryption Algorithms

Symmetric and Asymmetric Encryption Algorithms

Encryption Algorithms and Keys

Symmetric Encryption Algorithms

Asymmetric Encryption Algorithms

The Difference Between Block and Stream Ciphers

Block Ciphers

Stream Ciphers

Exploring Symmetric Encryption

Functionality of Symmetric Encryption Algorithms

Key Lengths

Features and Functions of DES

Working with the DES Key

Modes of Operation for DES

Working with DES Stream Cipher Modes

Usage Guidelines for Working with DES

Understanding How 3DES Works

Encrypting with 3DES

AES

The Rijndael Cipher

Comparing AES and 3DES

Availability of AES in the Cisco Product Line

SEAL

SEAL Restrictions

The Rivest Ciphers

Understanding Security Algorithms

Selecting an Encryption Algorithm

Understanding Cryptographic Hashes

Working with Hashing

Designing Key Management

Components of Key Management

Understanding Keyspaces

Issues Related to Key Length

SSL VPNs

Establishing an SSL Tunnel

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Chapter 13 Implementing Digital Signatures

"Do I Know This Already?" Quiz

Foundation Topics

Examining Hash Algorithms

Exploring Hash Algorithms and HMACs

Anatomy of a Hash Function

Application of Hash Functions

Cryptographic Hash Functions

Application of Cryptographic Hashes

HMAC Explained

MD5 Features and Functionality

Origins of MD5

Vulnerabilities of MD5

Usage of MD5

SHA-1 Features and Functionality

Overview of SHA-1

Vulnerabilities of SHA-1

Usage of SHA-1

Using Digital Signatures

Understanding Digital Signatures

Digital Signature Scheme

Authentication and Integrity

Examining RSA Signatures

Exploring the History of RSA

Understanding How RSA Works

Encrypting and Decrypting Messages with RSA

Signing Messages with RSA

Vulnerabilities of RSA

Exploring the Digital Signature Standard

Using the DSA Algorithm

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Chapter 14 Exploring PKI and Asymmetric Encryption

"Do I Know This Already?" Quiz

Foundation Topics

Understanding Asymmetric Algorithms

Exploring Asymmetric Encryption Algorithms

Using Public-Key Encryption to Achieve Confidentiality

Providing Authentication with a Public Key

Understanding the Features of the RSA Algorithm

Working with RSA Digital Signatures

Guidelines for Working with RSA

Examining the Features of the Diffie-Hellman Key Exchange Algorithm

Steps of the Diffie-Hellman Key Exchange Algorithm

Working with a PKI

Examining the Principles Behind a PKI

Understanding PKI Terminology

Components of a PKI

Classes of Certificates

Examining the PKI Topology of a Single Root CA

Examining the PKI Topology of Hierarchical CAs

Examining the PKI Topology of Cross-Certified CAs

Understanding PKI Usage and Keys

Working with PKI Server Offload

Understanding PKI Standards

Understanding X.509v3

Understanding Public Key Cryptography Standards (PKCS)

Understanding Simple Certificate Enrollment Protocol (SCEP)

Exploring the Role of Certificate Authorities and Registration Authorities in a PKI

Examining Identity Management

Retrieving the CA Certificate

Understanding the Certificate Enrollment Process

Examining Authentication Using Certificates

Examining Features of Digital Certificates and CAs

Understanding the Caveats of Using a PKI

Understanding How Certificates Are Employed

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Chapter 15 Building a Site-to-Site IPsec VPN Solution

"Do I Know This Already?" Quiz

Foundation Topics

Exploring the Basics of IPsec

Introducing Site-to-Site VPNs

Overview of IPsec

IKE Modes and Phases

Authentication Header and Encapsulating Security Payload

Cisco VPN Product Offerings

Cisco VPN-Enabled Routers and Switches

Cisco VPN 3000 Series Concentrators

Cisco ASA 5500 Series Appliances

Cisco 500 Series PIX Security Appliances

Hardware Acceleration Modules

VPN Design Considerations and Recommendations

Best-Practice Recommendations for Identity and IPsec Access Control

Best-Practice Recommendations for IPsec

Best-Practice Recommendations for Network Address Translation

Best-Practice Recommendations for Selecting a Single-Purpose Versus

Multipurpose Device

Constructing an IPsec Site-to-Site VPN

The Five Steps in the Life of an IPsec Site-to-Site VPN

The Five Steps of Configuring an IPsec Site-to-Site VPN

Configuring an IKE Phase 1 Tunnel

Configuring an IKE Phase 2 Tunnel

Applying Crypto Maps

Using Cisco SDM to Configure IPsec on a Site-to-Site VPN

Introduction to the Cisco SDM VPN Wizard

Quick Setup

Step-by-Step Setup

Configuring Connection Settings

Selecting an IKE Proposal

Selecting a Transform Set

Selecting Traffic to Protect in the IPsec Tunnel

Applying the Generated Configuration

Monitoring the Configuration

Exam Preparation Tasks

Review All the Key Topics

Complete the Tables and Lists from Memory

Definition of Key Terms

Command Reference to Check Your Memory

Part IV Final Preparation

Chapter 16 Final Preparation

Exam Engine and Questions on the CD

Install the Software from the CD

Activate and Download the Practice Exam

Activating Other Exams

Study Plan

Recall the Facts

Use the Exam Engine

Choosing Study or Simulation Mode

Passing Scores for the IINS Exam

Part V Appendixes

Appendix A Answers to "Do I Know This Already?" Questions

Appendix B Glossary

Appendix C CCNA Security Exam Updates: Version 1.0

Appendix D Memory Tables (CD only)

Appendix E Memory Tables Answer Key (CD only)

1587202204 TOC 5/19/2008

Additional information

GOR004901674
9781587202209
1587202204
CCNA Security Official Exam Certification Guide (Exam 640-553) by Michael Watkins
Michael Watkins
Used - Very Good
Hardback
Pearson Education (US)
2008-06-24
672
N/A
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in very good condition, but if you are not entirely satisfied please get in touch with us

Customer Reviews - CCNA Security Official Exam Certification Guide (Exam 640-553)