Für diesen Artikel ist leider kein Bild verfügbar.

CCNA Security (210-260) Portable Command Guide

(Autor)

Buch | Softcover
352 Seiten
2016 | 2nd edition
Cisco Press (Verlag)
978-1-58720-575-0 (ISBN)
43,75 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
Preparing for the latest CCNA Security exam? Here are all  the CCNA Security (210-260) commands you need in one condensed, portable resource. Filled with valuable, easy-to-access information, the CCNA Security Portable Command Guide, is portable enough for you to use whether you’re in the server room or the equipment closet.




Completely updated to reflect the new CCNA Security 210-260 exam, this quick reference summarizes relevant Cisco IOS® Software commands, keywords, command arguments, and associated prompts, and offers tips and examples for applying these commands to real-world security challenges. Configuration examples, throughout, provide an even deeper understanding of how to use IOS to protect networks.




Topics covered include






Networking security fundamentals: concepts, policies, strategy
 Protecting network infrastructure: network foundations, security management planes/access; data planes (Catalyst switches and IPv6)
 Threat control/containment: protecting endpoints and content; configuring ACLs, zone-based firewalls, and Cisco IOS IPS
 Secure connectivity: VPNs, cryptology, asymmetric encryption, PKI, IPsec VPNs, and site-to-site VPN configuration
 ASA network security: ASA/ASDM concepts; configuring ASA basic settings, advanced settings, and VPNs

 Access all CCNA Security commands: use as a quick, offline resource for research and solutions






Logical how-to topic groupings provide one-stop research
Great for review before CCNA Security certification exams
Compact size makes it easy to carry with you, wherever you go
 “Create Your Own Journal” section with blank, lined pages allows you to personalize the book for your needs
 “What Do You Want to Do?” chart inside the front cover helps you to quickly reference specific tasks

Bob Vachon is a professor in the Computer Systems Technology program at Cambrian College in Sudbury, Ontario, Canada, where he teaches networking infrastructure courses. He has worked and taught in the computer networking and information technology field since 1984. He has collaborated on various CCNA, CCNA Security, and CCNP projects for the Cisco Networking Academy as team lead, lead author, and subject matter expert. He enjoys playing the guitar and being outdoors.

    Introduction xxi




Part I: Networking Security Fundamentals




Chapter 1 Networking Security Concepts 1




    Basic Security Concepts 2




        Security Terminology 2




        Confidentiality, Integrity, and Availability (CIA) 2




        Data Classification Criteria 2




        Data Classification Levels 3




        Classification Roles 3




    Threat Classification 3




        Trends in Information Security Threats 4




        Preventive, Detective, and Corrective Controls 4




        Risk Avoidance, Transfer, and Retention 4




    Drivers for Network Security 5




        Evolution of Threats 5




        Data Loss and Exfiltration 5




        Tracking Threats 6




    Malware 6




        Anatomy of a Worm 7




        Mitigating Malware and Worms 7




    Threats in Borderless Networks 8




        Hacker Titles 8




        Thinking Like a Hacker 9




        Reconnaissance Attacks 9




        Access Attacks 10




        Password Cracking 11




        Denial-of-Service Attacks 11




        Distributed Denial-of-Service Attacks 12




        Tools Used by Attackers 13




    Principles of Secure Network Design 13




        Defense in Depth 14




Chapter 2 Implementing Security Policies 15




    Managing Risk 15




        Quantitative Risk Analysis Formula 16




        Quantitative Risk Analysis Example 17




        Regulatory Compliance 17




    Security Policy 19




        Standards, Guidelines, and Procedures 20




        Security Policy Audience Responsibilities 21




        Security Awareness 21




    Secure Network Lifecycle Management 22




        Models and Frameworks 23




        Assessing and Monitoring the Network Security Posture 23




        Testing the Security Architecture 24




    Incident Response 24




        Incident Response Phases 24




        Computer Crime Investigation 25




        Collection of Evidence and Forensics 25




        Law Enforcement and Liability 25




        Ethics 25




    Disaster-Recovery and Business-Continuity Planning 26




Chapter 3 Building a Security Strategy 27




    Cisco Borderless Network Architecture 27




        Borderless Security Products 28




    Cisco SecureX Architecture and Context-Aware Security 28




        Cisco TrustSec 30




        TrustSec Confidentiality 30




        Cisco AnyConnect 31




        Cisco Talos 31




    Threat Control and Containment 31




    Cloud Security and Data-Loss Prevention 32




    Secure Connectivity Through VPNs 32




    Security Management 33




Part II: Protecting the Network Infrastructure




Chapter 4 Network Foundation Protection 35




    Threats Against the Network Infrastructure 35




    Cisco Network Foundation Protection Framework 36




    Control Plane Security 37




        Control Plane Policing 37




    Management Plane Security 38




        Role-Based Access Control 39




        Secure Management and Reporting 39




        Data Plane Security 39




        ACLs 40




        Antispoofing 40




        Layer 2 Data Plane Protection 40




Chapter 5 Securing the Management Plane 41




    Planning a Secure Management and Reporting Strategy 42




    Securing the Management Plane 42




        Securing Passwords 43




        Securing the Console Line and Disabling the Auxiliary Line 43




        Securing VTY Access with SSH 44




        Securing VTY Access with SSH Example 45




        Securing Configuration and IOS Files 46




        Restoring Bootset Files 47




    Implementing Role-Based Access Control on Cisco Routers 47




        Configuring Privilege Levels 47




        Configuring Privilege Levels Example 47




        Configuring RBAC 48




        Configuring RBAC via the CLI Example 49




        Configuring Superviews 49




        Configuring a Superview Example 50




    Network Monitoring 51




        Configuring a Network Time Protocol Master Clock 51




        Configuring an NTP Client 52




        Configuring an NTP Master and Client Example 52




        Configuring Syslog 53




        Configuring Syslog Example 54




        Configuring SNMPv3 54




        Configuring SNMPv3 Example 55




Chapter 6 Securing Management Access with AAA 57




    Authenticating Administrative Access 57




        Local Authentication 57




        Server-Based Authentication 58




        Authentication, Authorization, and Accounting Framework 58




    Local AAA Authentication 58




        Configuring Local AAA Authentication Example 60




    Server-Based AAA Authentication 61




        TACACS+ Versus RADIUS 61




        Configuring Server-Based AAA Authentication 62




        Configuring Server-Based AAA Authentication Example 63




    AAA Authorization 64




        Configuring AAA Authorization Example 64




    AAA Accounting 65




        Configuring AAA Accounting Example 65




    802.1X Port-Based Authentication 65




        Configuring 802.1X Port-Based Authentication 66




        Configuring 802.1X Port-Based Authentication Example 68




Chapter 7 Securing the Data Plane on Catalyst Switches 69




    Common Threats to the Switching Infrastructure 70




        Layer 2 Attacks 70




        Layer 2 Security Guidelines 71




    MAC Address Attacks 72




        Configuring Port Security 72




        Fine-Tuning Port Security 73




        Configuring Optional Port Security Settings 74




        Configuring Port Security Example 75




    VLAN Hopping Attacks 76




        Mitigating VLAN Attacks 76




        Mitigating VLAN Attacks Example 77




    DHCP Attacks 78




        Mitigating DHCP Attacks 78




        Mitigating DHCP Attacks Example 80




    ARP Attacks 80




        Mitigating ARP Attacks 80




        Mitigating ARP Attacks Example 82




    Address Spoofing Attacks 83




        Mitigating Address Spoofing Attacks 83




        Mitigating Address Spoofing Attacks Example 83




    Spanning Tree Protocol Attacks 84




        STP Stability Mechanisms 84




        Configuring STP Stability Mechanisms 85




        Configuring STP Stability Mechanisms Example 86




    LAN Storm Attacks 87




        Configuring Storm Control 88




        Configuring Storm Control Example 88




    Advanced Layer 2 Security Features 88




        ACLs and Private VLANs 89




        Secure the Switch Management Plane 89




Chapter 8 Securing the Data Plane in IPv6 Environments 91




    Overview of IPv6 91




        Comparison Between IPv4 and IPv6 91




        The IPv6 Header 92




        ICMPv6 93




        Stateless Autoconfiguration 94




        IPv4-to-IPv6 Transition Solutions 94




        IPv6 Routing Solutions 94




    IPv6 Threats 95




        IPv6 Vulnerabilities 96




    IPv6 Security Strategy 96




        Configuring Ingress Filtering 96




        Secure Transition Mechanisms 97




        Future Security Enhancements 97




Part III: Threat Control and Containment




Chapter 9 Endpoint and Content Protection 99




    Protecting Endpoints 99




        Endpoint Security 99




        Data Loss Prevention 100




        Endpoint Posture Assessment 100




    Cisco Advanced Malware Protection (AMP) 101




        Cisco AMP Elements 101




        Cisco AMP for Endpoint 102




        Cisco AMP for Endpoint Products 102




    Content Security 103




        Email Threats 103




        Cisco Email Security Appliance (ESA) 103




        Cisco Email Security Virtual Appliance (ESAV) 104




    Cisco Web Security Appliance (WSA) 104




    Cisco Web Security Virtual Appliance (WSAV) 105




    Cisco Cloud Web Security (CWS) 105




Chapter 10 Configuring ACLs for Threat Mitigation 107




    Access Control List 108




        Mitigating Threats Using ACLs 108




        ACL Design Guidelines 108




        ACL Operation 108




    Configuring ACLs 110




        ACL Configuration Guidelines 110




        Filtering with Numbered Extended ACLs 110




        Configuring a Numbered Extended ACL Example 111




        Filtering with Named Extended ACLs 111




        Configuring a Named Extended ACL Example 112




    Mitigating Attacks with ACLs 112




        Antispoofing ACLs Example 112




        Permitting Necessary Traffic through a Firewall Example 114




        Mitigating ICMP Abuse Example 115




    Enhancing ACL Protection with Object Groups 117




        Network Object Groups 117




        Service Object Groups 118




        Using Object Groups in Extended ACLs 119




        Configuring Object Groups in ACLs Example 119




    ACLs in IPv6 121




        Mitigating IPv6 Attacks Using ACLs 121




        IPv6 ACLs Implicit Entries 122




        Filtering with IPv6 ACLs 122




        Configuring an IPv6 ACL Example 123




Chapter 11 Configuring Zone-Based Firewalls 125




    Firewall Fundamentals 125




        Types of Firewalls 125




    Firewall Design 126




        Security Architectures 127




        Firewall Policies 127




        Firewall Rule Design Guidelines 128




        Cisco IOS Firewall Evolution 128




    Cisco IOS Zone-Based Policy Firewall 129




        Cisco Common Classification Policy Language 129




        ZPF Design Considerations 129




        Default Policies, Traffic Flows, and Zone Interaction 130




        Configuring an IOS ZPF 131




        Configuring an IOS ZPF Example 132




Chapter 12 Configuring Cisco IOS IPS 135




    IDS and IPS Fundamentals 135




        Types of IPS Sensors 136




        Types of Signatures 136




        Types of Alarms 136




    Intrusion Prevention Technologies 137




        IPS Attack Responses 137




        IPS Anti-Evasion Techniques 138




        Managing Signatures 140




        Cisco IOS IPS Signature Files 140




        Implementing Alarms in Signatures 140




        IOS IPS Severity Levels 141




        Event Monitoring and Management 141




        IPS Recommended Practices 142




    Configuring IOS IPS 142




        Creating an IOS IPS Rule and Specifying the IPS Signature File Location 143




        Tuning Signatures per Category 144




        Configuring IOS IPS Example 147




Part IV: Secure Connectivity




Chapter 13 VPNs and Cryptology 149




    Virtual Private Networks 149




        VPN Deployment Modes 150




    Cryptology = Cryptography + Cryptanalysis 151




        Historical Cryptographic Ciphers 151




        Modern Substitution Ciphers 152




        Encryption Algorithms 152




        Cryptanalysis 153




    Cryptographic Processes in VPNs 154




        Classes of Encryption Algorithms 155




        Symmetric Encryption Algorithms 155




        Asymmetric Encryption Algorithm 156




        Choosing an Encryption Algorithm 157




        Choosing an Adequate Keyspace 157




    Cryptographic Hashes 157




        Well-Known Hashing Algorithms 158




        Hash-Based Message Authentication Codes 158




    Digital Signatures 159




Chapter 14 Asymmetric Encryption and PKI 161




    Asymmetric Encryption 161




        Public Key Confidentiality and Authentication 161




        RSA Functions 162




    Public Key Infrastructure 162




        PKI Terminology 163




        PKI Standards 163




        PKI Topologies 164




        PKI Characteristics 165




Chapter 15 IPsec VPNs 167




    IPsec Protocol 167




        IPsec Protocol Framework 168




        Encapsulating IPsec Packets 169




        Transport Versus Tunnel Mode 169




        Confidentiality Using Encryption Algorithms 170




        Data Integrity Using Hashing Algorithms 170




        Peer Authentication Methods 171




        Key Exchange Algorithms 172




        NSA Suite B Standard 172




    Internet Key Exchange 172




        IKE Negotiation Phases 173




        IKEv1 Phase 1 (Main Mode and Aggressive Mode) 173




        IKEv1 Phase 2 (Quick Mode) 174




        IKEv2 Phase 1 and 2 174




        IKEv1 Versus IKEv2 175




    IPv6 VPNs 175




Chapter 16 Configuring Site-to-Site VPNs 177




    Site-to-Site IPsec VPNs 177




        IPsec VPN Negotiation Steps 177




        Planning an IPsec VPN 178




        Cipher Suite Options 178




    Configuring IOS Site-to-Site VPNs 179




        Verifying the VPN Tunnel 183




        Configuring a Site-to-Site IPsec VPN 183




Part V: Securing the Network Using the ASA




Chapter 17 Introduction to the ASA 187




    Adaptive Security Appliance 187




        ASA Models 188




        Routed and Transparent Firewall Modes 189




        ASA Licensing 190




    Basic ASA Configuration 191




        ASA 5505 Front and Back Panel 191




        ASA Security Levels 193




        ASA 5505 Port Configuration 194




        ASA 5505 Deployment Scenarios 194




        ASA 5505 Configuration Options 194




Chapter 18 Introduction to ASDM 195




    Adaptive Security Device Manager 195




        Accessing ASDM 195




        Factory Default Settings 196




        Resetting the ASA 5505 to Factory Default Settings 197




        Erasing the Factory Default Settings 197




        Setup Initialization Wizard 197




    Installing and Running ASDM 198




        Running ASDM 200




    ASDM Wizards 202




        The Startup Wizard 202




        VPN Wizards 203




        Advanced Wizards 204




Chapter 19 Configuring Cisco ASA Basic Settings 205




    ASA Command-Line Interface 205




        Differences Between IOS and ASA OS 206




    Configuring Basic Settings 206




        Configuring Basic Management Settings 207




        Enabling the Master Passphrase 208




    Configuring Interfaces 208




        Configuring the Inside and Outside SVIs 208




        Assigning Layer 2 Ports to VLANs 209




        Configuring a Third SVI 209




    Configuring the Management Plane 210




        Enabling Telnet, SSH, and HTTPS Access 210




        Configuring Time Services 211




    Configuring the Control Plane 212




        Configuring a Default Route 212




    Basic Settings Example 212




        Configuring Basic Settings Example Using the CLI 213




        Configuring Basic Settings Example Using ASDM 215




        Configuring Interfaces Using ASDM 217




        Configuring the System Time Using ASDM 221




        Configuring Static Routing Using ASDM 223




        Configuring Device Management Access Using ASDM 226




Chapter 20 Configuring Cisco ASA Advanced Settings 229




    ASA DHCP Services 230




        DHCP Client 230




        DHCP Server Services 230




        Configuring DHCP Server Example Using the CLI 231




        Configuring DHCP Server Example Using ASDM 232




    ASA Objects and Object Groups 235




        Network and Service Objects 236




        Network, Protocol, ICMP, and Service Object Groups 237




        Configuring Objects and Object Groups Example Using ASDM 239




    ASA ACLs 243




        ACL Syntax 244




        Configuring ACLs Example Using the CLI 245




        Configuring ACLs with Object Groups Example Using the CLI 246




        Configuring ACLs with Object Groups Example Using ASDM 247




    ASA NAT Services 250




        Auto-NAT 251




        Dynamic NAT, Dynamic PAT, and Static NAT 251




        Configuring Dynamic and Static NAT Example Using the CLI 253




        Configuring Dynamic NAT Example Using ASDM 254




        Configuring Dynamic PAT Example Using ASDM 257




        Configuring Static NAT Example Using ASDM 258




    AAA Access Control 260




        Local AAA Authentication 260




        Server-Based AAA Authentication 261




        Configuring AAA Server-Based Authentication Example Using the CLI 261




        Configuring AAA Server-Based Authentication Example Using ASDM 262




    Modular Policy Framework Service Policies 266




        Class Maps, Policy Maps, and Service Policies 267




        Default Global Policies 269




        Configure Service Policy Example Using ASDM 271




Chapter 21 Configuring Cisco ASA VPNs 273




    Remote-Access VPNs 273




        Types of Remote-Access VPNs 273




    ASA SSL VPN 274




        Client-Based SSL VPN Example Using ASDM 275




        Clientless SSL VPN Example Using ASDM 286




    ASA Site-to-Site IPsec VPN 294




        ISR IPsec VPN Configuration 294




        ASA Initial Configuration 296




        ASA VPN Configuration Using ASDM 297




Appendix A    Create Your Own Journal Here 303




9781587205750, TOC, 3/11/2016

Erscheinungsdatum
Reihe/Serie Portable Command Guide
Verlagsort Indianapolis
Sprache englisch
Maße 156 x 228 mm
Gewicht 464 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Weitere Themen Zertifizierung
ISBN-10 1-58720-575-0 / 1587205750
ISBN-13 978-1-58720-575-0 / 9781587205750
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00