CCNA Security (640-554) Portable Command Guide

CCNA Security (640-554) Portable Command Guide

4.3 (13 ratings by Goodreads)
By (author) 

List price: US$29.99

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks


All the CCNA Security 640-554 commands in one compact, portable resource Preparing for the latest CCNA (R) Security exam? Here are all the CCNA Security commands you need in one condensed, portable resource. Filled with valuable, easy-to-access information, the CCNA Security Portable Command Guide is portable enough for you to use whether you're in the server room or the equipment closet. Completely updated to reflect the new CCNA Security 640-554 exam, this quick reference summarizes relevant Cisco IOS (R) Software commands, keywords, command arguments, and associated prompts, and offers tips and examples for applying these commands to real-world security challenges. Throughout, configuration examples provide an even deeper understanding of how to use IOS to protect networks. Topics covered include* Networking security fundamentals: concepts, policies, strategies, and more* Securing network infrastructure: network foundations, CCP, management plane and access, and data planes (IPv6/IPv4)* Secure connectivity: VPNs, cryptography, IPsec, and more* Threat control and containment: strategies, ACL threat mitigation, zone-based firewalls, and Cisco IOS IPS* Securing networks with ASA: ASDM, basic and advanced settings, and ASA SSL VPNs Bob Vachon is a professor at Cambrian College. He has held CCNP certification since 2002 and has collaborated on many Cisco Networking Academy courses. He was the lead author for the Academy's CCNA Security v1.1 curriculum that aligns to the Cisco IOS Network Security (IINS) certification exam (640-554). * Access all CCNA Security commands: use as a quick, offline resource for research and solutions* Logical how-to topic groupings provide one-stop research* Great for review before CCNA Security certification exams* Compact size makes it easy to carry with you, wherever you go* "Create Your Own Journal" section with blank, lined pages allows you to personalize the book for your needs* "What Do You Want to Do?" chart inside front cover helps you to quickly reference specific tasks This book is part of the Cisco Press (R) Certification Self-Study Product Family, which offers readers a self-paced study routine for Cisco (R) certification exams. Titles in the Cisco Press Certification Self-Study Product Family are part of a recommended learning program from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco more

Product details

  • Paperback | 368 pages
  • 149.86 x 226.06 x 25.4mm | 430.91g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587204487
  • 9781587204487
  • 457,296

About Bob Vachon

Bob Vachon is a professor in the Computer Systems Technology program at Cambrian College in Sudbury, Ontario, Canada, where he teaches networking infrastructure courses. He has worked and taught in the computer networking and information technology field since 1984. He has collaborated on various CCNA, CCNA Security, and CCNP projects for the Cisco Networking Academy as team lead, lead author, and subject matter expert. He enjoys playing the guitar and being outdoors, either working in his gardens or whitewater canoe more

Table of contents

Introduction xviiPart I: Networking Security FundamentalsCHAPTER 1 Networking Security Concepts 1 Basic Security Concepts 2 Assets, Vulnerabilities, Threats, and Countermeasures 2 Confidentiality, Integrity, and Availability 2 Data Classification Criteria 2 Data Classification Levels 2 Classification Roles 3 Threat Classification 3 Preventive, Detective, and Corrective Controls 3 Risk Avoidance, Transfer, and Retention 4 Drivers for Network Security 4 Evolution of Threats 4 Tracking Threats 5 Malicious Code: Viruses, Worms, and Trojan Horses 5 Anatomy of a Worm 6 Mitigating Malware and Worms 6 Threats in Borderless Networks 7 Hacker Titles 7 Thinking Like a Hacker 8 Reconnaissance Attacks 8 Access Attacks 9 Password Cracking 10 Denial-of-Service Attacks 10 Principles of Secure Network Design 11 Defense in Depth 11CHAPTER 2 Implementing Security Policies Using a Lifecycle Approach 13 Risk Analysis 13 Quantitative Risk Analysis Formula 14 Quantitative Risk Analysis Example 15 Regulatory Compliance 15 Security Policy 17 Standards, Guidelines, and Procedures 18 Security Policy Audience Responsibilities 19 Security Awareness 19 Secure Network Lifecycle Management 19 Models and Frameworks 21 Assessing and Monitoring the Network Security Posture 21 Testing the Security Architecture 22 Incident Response 22 Incident Response Phases 22 Computer Crime Investigation 23 Collection of Evidence and Forensics 23 Law Enforcement and Liability 23 Ethics 23 Disaster-Recovery and Business-Continuity Planning 23CHAPTER 3 Building a Security Strategy for Borderless Networks 25 Cisco Borderless Network Architecture 25 Borderless Security Products 26 Cisco SecureX Architecture and Context-Aware Security 26 Cisco TrustSec 28 TrustSec Confidentiality 28 Cisco AnyConnect 29 Cisco Security Intelligence Operations 29 Threat Control and Containment 29 Cloud Security and Data-Loss Prevention 30 Secure Connectivity Through VPNs 31 Security Management 31Part II: Protecting the Network InfrastructureCHAPTER 4 Network Foundation Protection 33 Threats Against the Network Infrastructure 33 Cisco Network Foundation Protection Framework 34 Control Plane Security 35 Control Plane Policing 36 Management Plane Security 36 Role-Based Access Control 37 Secure Management and Reporting 37 Data Plane Security 37 ACLs 37 Antispoofing 38 Layer 2 Data Plane Protection 38CHAPTER 5 Protecting the Network Infrastructure Using CCP 39 Cisco Configuration Professional 39 Cisco Configuration Professional Express 40 Connecting to Cisco CP Express Using the GUI 41 Cisco Configuration Professional 44 Configuring an ISR for CCP Support 44 Installing CCP on a Windows PC 45 Connecting to an ISR Using CCP 45 CCP Features and User Interface 47 Application Menu Options 48 Toolbar Menu Options 48 Toolbar Configure Options 49 Toolbar Monitor Options 49 Using CCP to Configure IOS Device-Hardening Features 49 CCP Security Audit 49 CCP One-Step Lockdown 50 Using the Cisco IOS AutoSecure CLI Feature 51 Configuring AutoSecure via the CLI 51CHAPTER 6 Securing the Management Plane 53 Planning a Secure Management and Reporting Strategy 54 Securing the Management Plane 54 Securing Passwords 55 Securing the Console Line and Disabling the Auxiliary Line 55 Securing VTY Access with SSH 56 Securing VTY Access with SSH Example 57 Securing VTY Access with SSH Using CCP Example 58 Securing Configuration and IOS Files 60 Restoring Bootset Files 61 Implementing Role-Based Access Control on Cisco Routers 62 Configuring Privilege Levels 62 Configuring Privilege Levels Example 62 Configuring RBAC via the CLI 62 Configuring RBAC via the CLI Example 63 Configuring Superviews 63 Configuring a Superview Example 64 Configuring RBAC Using CCP Example 64 Network Monitoring 67 Configuring a Network Time Protocol Master Clock 67 Configuring an NTP Client 67 Configuring an NTP Master and Client Example 67 Configuring an NTP Client Using CCP Example 68 Configuring Syslog 69 Configuring Syslog Example 71 Configuring Syslog Using CCP Example 71 Configuring SNMP 74 Configuring SNMP Using CCP 74CHAPTER 7 Securing Management Access with AAA 77 Authenticating Administrative Access 78 Local Authentication 78 Server-Based Authentication 78 Authentication, Authorization, and Accounting Framework 79 Local AAA Authentication 79 Configuring Local AAA Authentication Example 80 Configuring Local AAA Authentication Using CCP Example 81 Server-Based AAA Authentication 86 TACACS+ Versus RADIUS 86 Configuring Server-Based AAA Authentication 87 Configuring Server-Based AAA Authentication Example 88 Configuring Server-Based AAA Authentication Using CCP Example 89 AAA Authorization 94 Configuring AAA Authorization Example 94 Configuring AAA Authorization Using CCP 94 AAA Accounting 98 Configuring AAA Accounting Example 98 Cisco Secure ACS 98 Adding a Router as a AAA Client 99 Configuring Identity Groups and an Identity Store 99 Configuring Access Service to Process Requests 100 Creating Identity and Authorization Policies 101CHAPTER 8 Securing the Data Plane on Catalyst Switches 103 Common Threats to the Switching Infrastructure 104 Layer 2 Attacks 104 Layer 2 Security Guidelines 104 MAC Address Attacks 105 Configuring Port Security 105 Fine-Tuning Port Security 106 Configuring Optional Port Security Settings 107 Configuring Port Security Example 108 Spanning Tree Protocol Attacks 109 STP Enhancement Features 109 Configuring STP Enhancement Features 110 Configuring STP Enhancements Example 111 LAN Storm Attacks 112 Configuring Storm Control 112 Configuring Storm Control Example 113 VLAN Hopping Attacks 113 Mitigating VLAN Attacks 114 Mitigating VLAN Attacks Example 114 Advanced Layer 2 Security Features 115 ACLs and Private VLANs 116 Cisco Integrated Security Features 116 Secure the Switch Management Plane 117CHAPTER 9 Securing the Data Plane in IPv6 Environments 119 Overview of IPv6 119 Comparison Between IPv4 and IPv6 119 The IPv6 Header 120 ICMPv6 121 Stateless Autoconfiguration 122 IPv4-to-IPv6 Transition Solutions 122 IPv6 Routing Solutions 122 IPv6 Threats 123 IPv6 Vulnerabilities 124 IPv6 Security Strategy 124 Configuring Ingress Filtering 124 Secure Transition Mechanisms 125 Future Security Enhancements 125Part III: Threat Control and ContainmentCHAPTER 10 Planning a Threat Control Strategy 127 Threats 127 Trends in Information Security Threats 127 Threat Control Guidelines 128 Threat Control Design Guidelines 128 Integrated Threat Control Strategy 129 Cisco Security Intelligence Operations 130CHAPTER 11 Confi guring ACLs for Threat Mitigation 131 Access Control List 131 Mitigating Threats Using ACLs 132 ACL Design Guidelines 132 ACL Operation 132 Configuring ACLs 134 ACL Configuration Guidelines 134 Filtering with Numbered Extended ACLs 134 Configuring a Numbered Extended ACL Example 135 Filtering with Named Extended ACLs 135 Configuring a Named Extended ACL Example 136 Configuring an Extended ACL Using CCP Example 136 Enhancing ACL Protection with Object Groups 140 Network Object Groups 140 Service Object Groups 140 Using Object Groups in Extended ACLs 141 Configuring Object Groups in ACLs Example 142 Configuring Object Groups in ACLs Using CCP Example 144 ACLs in IPv6 149 Mitigating IPv6 Attacks Using ACLs 149 IPv6 ACLs Implicit Entries 149 Filtering with IPv6 ACLs 149 Configuring an IPv6 ACL Example 151CHAPTER 12 Confi guring Zone-Based Firewalls 153 Firewall Fundamentals 153 Types of Firewalls 154 Firewall Design 154 Firewall Policies 154 Firewall Rule Design Guidelines 155 Cisco IOS Firewall Evolution 155 Cisco IOS Zone-Based Policy Firewall 156 Cisco Common Classification Policy Language 156 ZFW Design Considerations 156 Default Policies, Traffic Flows, and Zone Interaction 157 Configuring an IOS ZFW 157 Configuring an IOS ZFW Using the CLI Example 160 Configuring an IOS ZFW Using CCP Example 161 Configuring NAT Services for ZFWs Using CCP Example 167CHAPTER 13 Confi guring Cisco IOS IPS 171 IDS and IPS Fundamentals 171 Types of IPS Sensors 172 Types of Signatures 172 Types of Alarms 172 Intrusion Prevention Technologies 173 IPS Attack Responses 174 IPS Anti-Evasion Techniques 175 Managing Signatures 175 Cisco IOS IPS Signature Files 176 Implementing Alarms in Signatures 176 IOS IPS Severity Levels 177 Event Monitoring and Management 177 IPS Recommended Practices 178 Configuring IOS IPS 178 Creating an IOS IPS Rule and Specifying the IPS Signature File Location 179 Tuning Signatures per Category 180 Configuring IOS IPS Example 183 Configuring IOS IPS Using CCP Example 185 Signature Tuning Using CCP 193Part IV: Secure ConnectivityCHAPTER 14 VPNs and Cryptology 195 Virtual Private Networks 195 VPN Deployment Modes 196 Cryptology = Cryptography + Cryptanalysis 197 Historical Cryptographic Ciphers 197 Modern Substitution Ciphers 198 Encryption Algorithms 198 Cryptanalysis 199 Cryptographic Processes in VPNs 200 Classes of Encryption Algorithms 201 Symmetric Encryption Algorithms 201 Asymmetric Encryption Algorithm 202 Choosing an Encryption Algorithm 202 Choosing an Adequate Keyspace 202 Cryptographic Hashes 203 Well-Known Hashing Algorithms 203 Hash-Based Message Authentication Codes 203 Digital Signatures 204CHAPTER 15 Asymmetric Encryption and PKI 207 Asymmetric Encryption 207 Public Key Confidentiality and Authentication 207 RSA Functions 208 Public Key Infrastructure 208 PKI Terminology 209 PKI Standards 209 PKI Topologies 210 PKI Characteristics 211CHAPTER 16 IPsec VPNs 213 IPsec Protocol 213 IPsec Protocol Framework 214 Encapsulating IPsec Packets 215 Transport Versus Tunnel Mode 215 Confidentiality Using Encryption Algorithms 216 Data Integrity Using Hashing Algorithms 216 Peer Authentication Methods 217 Key Exchange Algorithms 217 NSA Suite B Standard 218 Internet Key Exchange 218 IKE Negotiation Phases 219 IKEv1 Phase 1 (Main Mode and Aggressive Mode) 219 IKEv1 Phase 2 (Quick Mode) 220 IKEv2 Phase 1 and 2 220 IKEv1 Versus IKEv2 221 IPv6 VPNs 221CHAPTER 17 Confi guring Site-to-Site VPNs 223 Site-to-Site IPsec VPNs 223 IPsec VPN Negotiation Steps 223 Planning an IPsec VPN 224 Cipher Suite Options 225 Configuring IOS Site-to-Site VPNs 225 Verifying the VPN Tunnel 229 Configuring a Site-to-Site IPsec VPN Using IOS Example 230 Configuring a Site-to-Site IPsec VPN Using CCP Example 232 Generating a Mirror Configuration Using CCP 241 Testing and Monitoring IPsec VPNs 242 Monitoring Established IPsec VPN Connections Using CCP 244Part V: Securing the Network Using the ASACHAPTER 18 Introduction to the ASA 247 Adaptive Security Appliance 247 ASA Models 248 Routed and Transparent Firewall Modes 249 ASA Licensing 249 Basic ASA Configuration 251 ASA 5505 Front and Back Panel 251 ASA 5510 Front and Back Panel 252 ASA Security Levels 253 ASA 5505 Port Configuration 255 ASA 5505 Deployment Scenarios 255 ASA 5505 Configuration Options 255CHAPTER 19 Introduction to ASDM 257 Adaptive Security Device Manager 257 Accessing ASDM 258 Factory Default Settings 258 Resetting the ASA 5505 to Factory Default Settings 259 Erasing the Factory Default Settings 259 Setup Initialization Wizard 259 Installing and Running ASDM 260 Running ASDM 262 ASDM Wizards 264 The Startup Wizard 264 VPN Wizards 265 Advanced Wizards 266CHAPTER 20 Confi guring Cisco ASA Basic Settings 267 ASA Command-Line Interface 267 Differences Between IOS and ASA OS 268 Configuring Basic Settings 268 Configuring Basic Management Settings 269 Enabling the Master Passphrase 269 Configuring Interfaces 270 Configuring the Inside and Outside SVIs 270 Assigning Layer 2 Ports to VLANs 271 Configuring a Third SVI 272 Configuring the Management Plane 272 Enabling Telnet, SSH, and HTTPS Access 272 Configuring Time Services 274 Configuring the Control Plane 274 Configuring a Default Route 274 Basic Settings Example 274 Configuring Basic Settings Example Using the CLI 275 Configuring Basic Settings Example Using ASDM 277CHAPTER 21 Confi guring Cisco ASA Advanced Settings 283 ASA DHCP Services 284 DHCP Client 284 DHCP Server Services 284 Configuring DHCP Server Example Using the CLI 285 Configuring DHCP Server Example Using ASDM 287 ASA Objects and Object Groups 289 Network and Service Objects 289 Network, Protocol, ICMP, and Service Object Groups 291 Configuring Objects and Object Groups Example Using ASDM 293 ASA ACLs 295 ACL Syntax 296 Configuring ACLs Example Using the CLI 297 Configuring ACLs with Object Groups Example Using the CLI 299 Configuring ACLs with Object Groups Example Using ASDM 300 ASA NAT Services 301 Auto-NAT 302 Dynamic NAT, Dynamic PAT, and Static NAT 302 Configuring Dynamic and Static NAT Example Using the CLI 304 Configuring Dynamic NAT Example Using ASDM 306 AAA Access Control 308 Local AAA Authentication 308 Server-Based AAA Authentication 309 Configuring AAA Server-Based Authentication Example Using the CLI 309 Configuring AAA Server-Based Authentication Example Using ASDM 310 Modular Policy Framework Service Policies 313 Class Maps, Policy Maps, and Service Policies 314 Default Global Policies 317 Configure Service Policy Example Using ASDM 318CHAPTER 22 Confi guring Cisco ASA SSL VPNs 319 Remote-Access VPNs 319 Types of Remote-Access VPNs 319 ASA SSL VPN 320 Client-Based SSL VPN Example Using ASDM 321 Clientless SSL VPN Example Using ASDM 328APPENDIX Create Your Own Journal Here 335TOC, 9781587204487, 5/1/2012show more

Rating details

13 ratings
4.3 out of 5 stars
5 46% (6)
4 46% (6)
3 0% (0)
2 8% (1)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X