CCIE Security Exam Certification Guide (CCIE Self-Study)
Official self-study test preparation guide for the CCIE Security written examReview all CCIE Security written exam topics, including: Switching concepts, routing protocols, and WAN protocols, including PPP, ISDN, and Frame Relay DNS, TFTP, Secure Shell, Secure Socket Layer Protocol, NTP, and SNMP Cisco IOS(r) Software specifics, including password security, password recovery, and standard and extended access lists Encryption technologies and security protocols, including TACACS+, RADIUS, and Kerberos Windows and UNIX operating system security issues Cisco security applications, including Cisco PIX(r) Firewall, VPN, IDS, and Cisco Policy Manager Basic security methods and the evolution of new secure networks including packet filtering, proxies, and NAT/PAT Network security policies, vulnerabilities, and protection techniquesWith increased reliance on networking resources to provide productivity gains and corporate revenue contributions, the need for network security has never been higher. Rising concerns over corporate espionage, cyber-terrorism, financial fraud, and theft of proprietary information have radically increased the demand for highly skilled networking security professionals. One of the most sought-after and highly valued networking certifications, the Cisco Systems CCIE Security certification is answering the need for technical expertise in this critical market by distinguishing the top echelon of internetworking experts. CCIE Security Exam Certification Guide is a comprehensive study tool for the Security written exam. Written and reviewed by members of the CCIE Security team at Cisco, this book helps you understand and master the material you will need to know to pass the written exam. Designed to optimize your study time, this book helps you assess your knowledge of the material at the beginning of each chapter with customized quizzes for each topic. Increase retention of key concepts by reviewing summaries of crucial concepts. Test your comprehension with chapter-ending review questions. Determine your assimilation of knowledge and get a taste for the CCIE Security lab exam with two complete practice lab scenarios focused on security and routing and switching topics. Take timed practice exams that mimic the real testing environment with the CD-ROM test engine or customize the test bank to focus on the topics for which you need the most help. Along with an electronic version of the text, a complete copy of Henry Benjamin's previously published CCIE Routing and Switching Exam Cram is also presented on the CD-ROM as an additional bonus. CCIE Security Exam Certification Guide is part of a recommended study program from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining."This book will be a valuable asset for potential CCIE Security candidates. I am positive individuals will inevitably gain extensive security network knowledge during their preparation by using this book."-Gert De Laet, Product Manager, CCIE Security, Cisco Systems, Inc.Companion CD-ROMCD contains a test engine with over 300 questions, lab equipment suggestions, sample configurations, and a bonus electronic copy of the complete CCIE Routing and Switching Exam Cram text.
- Mixed media product | 648 pages
- 191.5 x 241.8 x 45.2mm | 1,288.21g
- 04 Apr 2003
- Pearson Education (US)
- Cisco Press
- Indianapolis, United States
Table of contents
1. Using This Book to Prepare for the CCIE Security Written Exam. CCIE Security Certification. CCIE Security Written Exam Blueprint. How to Prepare for the CCIE Security Written Exam Using This Book.2. General Networking Topics. "Do I Know This Already?" Quiz. Foundation Topics. Networking Basics-The OSI Reference Model. Layer 1: The Physical Layer. Layer 2: The Data Link Layer. Layer 3: The Network Layer. Layer 4: The Transport Layer. Layer 5: The Session Layer. Layer 6: The Presentation Layer. Layer 7: The Application Layer. TCP/IP and OSI Model Comparison. Example of Peer-to-Peer Communication. Ethernet Overview. Switching and Bridging. Bridge Port States. FastEther Channel. Internet Protocol. Variable-Length Subnet Masks. Classless Interdomain Routing. Transmission Control Protocol. TCP Mechanisms. TCP Services. Address Resolution Protocol (ARP). Reverse ARP. Dynamic Host Configuration Protocol. Hot Standby Router Protocol. Internet Control Message Protocol. Telnet. File Transfer Protocol and Trivial File Transfer Protocol. Routing Protocols. Routing Information Protocol. EIGRP. OSPF. Border Gateway Protocol. ISDN. Basic Rate and Primary Rate Interfaces. ISDN Framing and Frame Format. ISDN Layer 2 Protocols. Cisco IOS ISDN Commands. IP Multicast. Asynchronous Communications and Access Devices. Foundation Summary. Requirements for FastEther Channel. Q & A. Scenario. Scenario 2-1: Routing IP on Cisco Routers. Scenario Answers. Scenario 2-1 Answers: Routing IP on Cisco Routers.3. Application Protocols. "Do I Know This Already?" Quiz. Foundation Topics. Domain Name System. Trivial File Transfer Protocol. File Transfer Protocol. Active FTP. Passive FTP. Hypertext Transfer Protocol. Secure Socket Layer. Simple Network Management Protocol. SNMP Notifications. SNMP Examples. Simple Mail Transfer Protocol. Network Time Protocol. Secure Shell. Foundation Summary. Q & A. Scenario. Scenario 3-1: Configuring DNS, TFTP, NTP, and SNMP. Scenario Answers. Scenario 3-1 Solutions.4. Cisco IOS Specifics and Security. "Do I Know This Already?" Quiz. Foundation Topics. Cisco Hardware. Random-Access Memory (RAM). Nonvolatile RAM (NVRAM). System Flash. Central Processing Unit. Read-Only Memory. Configuration Registers. Cisco Interfaces. Saving and Loading Files. show and debug Commands. Router CLI. show Commands. Debugging Cisco Routers. Password Recovery. Basic Security on Cisco Routers. IP Access Lists. Access Lists on Cisco Routers. Extended Access Lists. Foundation Summary. Q & A. Scenario. Scenario 4-1: Configuring Cisco Routers for Passwords and Access Lists. Scenario Answers.5. Security Protocols. "Do I Know This Already?" Quiz. Foundation Topics. Authentication, Authorization, and Accounting (AAA). Authentication. Authorization. Accounting. Remote Authentication Dial-In User Service (RADIUS). RADIUS Configuration Task List. Terminal Access Controller Access Control System Plus (TACACS+). TACACS+ Configuration Task List. TACACS+ Versus RADIUS. Kerberos. Kerberos Configuration Task List. Virtual Private Dial-Up Networks (VPDN). VPDN Configuration Task List. Encryption Technology Overview. Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES). Digital Signature Standard (DSS). Message Digest 5 (MD5) and Secure Hash Algorithm (SHA). Diffie-Hellman. IP Security IPSec. Internet Key Exchange (IKE). IKE Phase I Messages Types 1-6. IKE Phase II Message Types 1-3. Cisco IOS IPSec Configuration. Certificate Enrollment Protocol (CEP). Foundation Summary. Q & A. Scenario. Scenario 5-1: Configuring Cisco Routers for IPSec. Scenario Answers. Scenario 5-1 Solutions.6. Operating Systems and Cisco Security Applications. "Do I Know This Already?" Quiz. Foundation Topics. UNIX. UNIX Command Structure. UNIX Permissions. UNIX File Systems. Microsoft NT Systems. Browsing and Windows Names Resolution. Scaling Issues in Windows NT. Login and Permissions. Windows NT Users and Groups. Windows NT Domain Trust. Common Windows DOS Commands. Cisco Secure for Windows and UNIX. Cisco Secure Policy Manager. Cisco Secure Intrusion Detection System and Cisco Secure Scanner. NetRanger (Cisco Secure Intrusion Detection System). NetSonar (Cisco Secure Scanner). Cisco Security Wheel. Foundation Summary. Q & A. Scenarios. Scenario 6-1: NT File Permissions. Scenario 6-2: UNIX File Permissions. Scenario Answers. Scenario 6-1 Solution. Scenario 6-2 Solution.7. Security Technologies. "Do I Know This Already?" Quiz. Foundation Topics. Advanced Security Concepts. Network Address Translation and Port Address Translation. NAT Operation on Cisco Routers. Cisco Private Internet Exchange (PIX). Configuring a PIX. Cisco PIX Firewall Software Features. Cisco IOS Firewall Security Feature Set. CBAC Configuration Task List. Public Key Infrastructure. Virtual Private Networks. Foundation Summary. Q & A. Scenario. Scenario 7-1: Configuring a Cisco PIX for NAT. Scenario Answer. Scenario 7-1 Solution.8. Network Security Policies, Vulnerabilities, and Protection. "Do I Know This Already?" Quiz. Foundation Topics. Network Security Policies. Standards Bodies and Incident Response Teams. Incident Response Teams. Internet Newsgroups. Vulnerabilities, Attacks, and Common Exploits. Intrusion Detection System. Protecting Cisco IOS from Intrusion. Foundation Summary. Q & A. Scenario. Scenario 8-1: Defining IOS Commands to View DoS Attacks in Real Time. Scenario Answer. Scenario 8-1 Solution.9. CCIE Security Self-Study Lab. How to Use This Chapter. Goal of This Lab. CCIE Security Self-Study Lab Part I Goals. CCIE Security Self-Study Lab Part II Goals. General Lab Guidelines and Setup. Communications Server. CCIE Security Self-Study Lab Part I: Basic Network Connectivity (4 Hours). Basic Frame Relay Setup. Physical Connectivity. Catalyst Ethernet Switch Setup I. Catalyst Ethernet Switch Setup II. IP Host Lookup and Disable DNS. PIX Configuration. IGP Routing. Basic ISDN Configuration. DHCP Configuration. BGP Routing Configuration. CCIE Security Self-Study Lab Part II: Advanced Security Design (4 Hours). IP Access List. Prevent Denial-of-Service Attacks. Time-Based Access List. Dynamic Access List/Lock and Key Feature. IOS Firewall Configuration on R5. IPSec Configuration. Advanced PIX Configuration. ACS Configuration. Final Configurations. Conclusion.Appendix A. Answers to Quiz Questions. Appendix B. Study Tips for CCIE Security Examinations. Appendix C. Sample CCIE Routing and Switching Lab.
About Henry Benjamin
Henry Benjamin, CCIE No. 4695, has more than ten years experience with Cisco networks. Henry recently worked for Cisco in the internal IT department helping to design and implement networks throughout Australia and Asia. Henry was a key member of the CCIE global team, where he was responsible for writing new laboratory examinations and questions for the coveted CCIE R/S, CCIE Security, and CCIE C/S examinations.