CCSP Secur Exam Certification Guide (CCSP Self-Study)

CCSP Secur Exam Certification Guide (CCSP Self-Study)

3.16 (6 ratings by Goodreads)
By (author)  , By (author)  , By (author) 

List price: US$64.95

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Official self-study test preparation guide for the Cisco SNRS exam 642-502 *Attack threats *Router management and administration *Authentication, Authorization, and Accounting (AAA) and Cisco Secure Access Control Server *RADIUS and TACACS+ *Cisco IOS(R) Firewall feature set *Securing networks with Cisco routers *Mitigating Layer 2 attacks *IPsec and Easy Virtual Private Network (VPN) *Security Device Manager (SDM) CCSP SNRS Exam Certification Guide is a best-of-breed Cisco(R) exam study guide that focuses specifically on the objectives for the SNRS exam. Network security engineers Greg Bastien, Sara Nasseh, and Christian Degu share preparation hints and test-taking tips, helping you identify areas of weakness and improve your knowledge of router and switch security. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. CCSP SNRS Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. "Do I Know This Already" quizzes open each chapter and allow you to decide how much time you need to spend on each section.Foundation summary information gives you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts. The companion CD-ROM contains a powerful test engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback module-by-module basis, presenting question-by-question remediation to the text. Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that will enable you to succeed on the exam the first time. CCSP SNRS Exam Certification Guide is part of a recommended learning path from Cisco Systems(R) that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press(R). To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.Companion CD-ROM The CD-ROM contains an electronic copy of the book and over 200 practice questions for the SNRS exam, all available in study mode, test mode, and flash card format. Includes a FREE 45-Day Online Edition This volume is part of the Exam Certification Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.show more

Product details

  • Mixed media product | 696 pages
  • 195 x 240 x 50mm | 1,301.82g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • Revised
  • 1st Revised edition
  • 1587201534
  • 9781587201530

About Sarah Nasseh

Greg Bastien, CCNP(R), CCSP , CISSP, is the chief technical officer of Virtue Technologies, Inc., and directs the actions of the engineering staff that supports several federal agencies. Sara Nasseh, CCIE(R) No. 5824, CISSP, is a senior consultant for Intercom Consulting and Federal Systems, working as the network architect and consultant for various federal agencies. Christian Abera Degu, CCSP, CCNP, CCDP(R), is a network architect with General Dynamics Network Systems supporting civilian federal agencies.show more

Table of contents

Contents Part I Overview of Network Security Chapter 1 Network Security Essentials "Do I Know This Already?" Quiz Foundation Topics Defining Network Security Balancing Business Needs with Network Security Requirements Network Security Policies Security Policy Goals Security Guidelines Network Security as a Process Network Security as a Legal Issue Foundation Summary Network Security Policies Security Policy Goals Security Guidelines Network Security as a Process Q&A Chapter 2 Defining and Detailing Attack Threats "Do I Know This Already?" Quiz Foundation Topics Vulnerabilities Self-Imposed Network Vulnerabilities Technology Weakness Threats Intruder Motivations Lack of Understanding of Computers or Networks Intruding for Curiosity Intruding for Fun and Pride Intruding for Revenge Intruding for Profit Intruding for Political Purposes Types of Network Attacks Reconnaissance Attacks Access Attacks DoS Attacks Foundation Summary Vulnerabilities Self-Imposed Network Vulnerabilities Threats Intruder Motivations Types of Network Attacks Q&A Chapter 3 Defense in Depth "Do I Know This Already?" Quiz Foundation Topics Overview of Defense in Depth Foundation Summary Q&A Part II Managing Cisco Routers Chapter 4 Basic Router Management "Do I Know This Already?" Quiz Foundation Topics Router Configuration Modes Accessing the Cisco Router CLI Cisco IOS Firewall Features Foundation Summary Router Configuration Modes Accessing the Cisco Router CLI Cisco IOS Firewall Features Q&A Chapter 5 Secure Router Administration "Do I Know This Already?" Quiz Foundation Topics Privilege Levels Securing Console Access Configuring the enable Password enable secret Command service password-encryption Command Configuring Multiple Privilege Levels Warning Banners Interactive Access Securing vty Access SSH Protocol Setting Up SSH on a Cisco IOS Router or Switch Secure Copy Port Security for Ethernet Switches Configuring Port Security AutoSecure Foundation Summary Q&A Part III AAA Chapter 6 Authentication "Do I Know This Already?" Quiz Foundation Topics Authentication Configuring Line Password Authentication Configuring Username Authentication Remote Security Servers PAP, CHAP, and EAP Authentication PAP CHAP EAP Foundation Summary Q&A Chapter 7 Authentication, Authorization, and Accounting "Do I Know This Already?" Quiz Foundation Topics AAA Overview Authentication Authorization Accounting Configuring AAA Services Configuring AAA Authentication Configuring AAA Authorization Configuring AAA Accounting Troubleshooting AAA Foundation Summary Q&A Chapter 8 Configuring RADIUS and TACACS+ on Cisco IOS Software "Do I Know This Already?" Quiz Foundation Topics Configuring TACACS+ on Cisco IOS Software TACACS+ Authentication Example TACACS+ Authorization Example TACACS+ Accounting Example AAA TACACS+ Testing and Troubleshooting Configuring RADIUS on Cisco IOS Software RADIUS Authentication Example RADIUS Authorization Example RADIUS Accounting Example RADIUS Configuration Testing and Troubleshooting Foundation Summary Q&A Chapter 9 Cisco Secure Access Control Server "Do I Know This Already?" Quiz Foundation Topics Cisco Secure ACS for Windows Authentication Authorization Accounting Administration Replicating, Synchronizing, and Backing Up Databases Database Replication RDBMS Synchronization Database Backup Cisco Secure ACS for Windows Architecture CSAdmin CSAuth CSDBSync CSLog CSMon CSTacacs and CSRadius Authenticating Users Local Database Windows NT/2000 AD Generic LDAP User Database Token Server Enabling User Changeable Passwords Foundation Summary Q&A Chapter 10 Administration of Cisco Secure Access Control Server for Windows "Do I Know This Already?" Quiz Foundation Topics Basic Deployment Factors for Cisco Secure ACS Hardware Requirements Operating System Requirements Browser Compatibility Performance Considerations AAA Clients Installing Cisco Secure ACS for Microsoft Windows Cisco Secure ACS Deployment Sequence Troubleshooting Cisco Secure ACS for Microsoft Windows Authentication Problems Troubleshooting Authorization Problems Administration Issues Foundation Summary Q&A Part IV IOS Firewall Feature Set Chapter 11 Securing Networks with Cisco Routers "Do I Know This Already?" Quiz Foundation Topics Defining ACLs Determining When to Configure Access Lists Types of IP ACLs Configuring ACLs on a Router Simple Network Management Protocol Controlling Interactive Access Through a Browser Disabling Directed Broadcasts Routing Protocol Authentication Defining Small Server Services Disabling Finger Services Disabling Network Time Protocol Disabling Cisco Discovery Protocol Foundation Summary Q&A Chapter 12 The Cisco IOS Firewall and Advanced Security Feature Set "Do I Know This Already?" Quiz Foundation Topics Cisco IOS Firewall and Advanced Security Feature Set Authentication Proxy DoS Protection Logging and Audit Trail Port-to-Application Mapping URL Filtering Foundation Summary Q&A Chapter 13 Cisco IOS Intrusion Prevention System "Do I Know This Already?" Quiz Foundation Topics Cisco IOS IPS Cisco IOS IPS Features Cisco IOS IPS Functions Cisco IOS IPS Restrictions Cisco IOS IPS Application Cisco IOS IPS Configuration Tasks Initializing the Cisco IOS IPS Configuring the Notification Type Configuring the Router Maximum Queue for Alarms Defining the Protected Network Working with Cisco IOS IPS Signatures and Rules Loading IPS-Based Signatures Creating and Applying IPS Rules Verifying the Cisco IOS IPS Configuration Cisco IOS IPS Deployment Strategies Foundation Summary Q&A Chapter 14 Mitigating Layer 2 Attacks "Do I Know This Already?" Quiz Foundation Topics Types of Attacks CAM Table Overflow Attacks VLAN Hopping Attacks STP Manipulation Attacks MAC Address Spoofing--Man-in-the-Middle Attacks Private VLAN Vulnerabilities DHCP Starvation Attacks IEEE 802.1x EAP Attacks Factors Affecting Layer 2 Mitigation Techniques Foundation Summary Q&A Chapter 15 Context-Based Access Control "Do I Know This Already?" Quiz Foundation Topics Context-Based Access Control Features Detecting and Protecting Against DoS Attacks Generating Alerts and Audit Trails How CBAC Works CBAC Restrictions Supported Protocols CPU and Performance Impact Configuring CBAC Selecting an Interface Configuring IP ACLs at the Interface Configuring Global Timeouts and Thresholds Port to Application Mapping Defining an Inspection Rule Applying the Inspection Rule to an Interface Verifying and Debugging CBAC Debugging CBAC Configuring CBAC Example Foundation Summary Q&A Chapter 16 Authentication Proxy and the Cisco IOS Firewall "Do I Know This Already?" Quiz Foundation Topics Understanding Authentication Proxy How Authentication Proxy Works What Authentication Proxy Looks Like Authentication Proxy and the Cisco IOS Firewall Configuring Authentication Proxy on the Cisco IOS Firewall Authentication Proxy Configuration Steps Authentication Proxy Configuration Examples Using Authentication Proxy with TACACS+ Step 1: Complete the Network Configuration Step 2: Complete the Interface Configuration Step 3: Complete the Group Setup Using Authentication Proxy with RADIUS Limitations of Authentication Proxy Foundation Summary Q&A Chapter 17 Identity-Based Networking Services "Do I Know This Already?" Quiz Foundation Topics IBNS Overview IEEE 802.1x 802.1x Components How 802.1x Works Port State Selecting EAP EAP-MD5 Cisco Lightweight EAP EAP Transport Layer Security Protected EAP EAP Flexible Authentication via Secure Tunneling EAP Methods Comparison Cisco Secure ACS Foundation Summary Q&A Chapter 18 Configuring 802.1x Port-Based Authentication "Do I Know This Already?" Quiz Foundation Topics 802.1x Port-Based Authentication Configuration Tasks 802.1x Mandatory Configuration Enabling 802.1x Authentication Configuring the Switch-to-RADIUS Server Communication 802.1x Optional Configurations Enabling Periodic Re-Authentication Manually Re-Authenticating a Client Connected to a Port Changing the Quiet Period Changing the Switch-to-Client Retransmission Time Setting the Switch-to-Client Frame-Retransmission Number Enabling Multiple Hosts Configuring a Guest VLAN Resetting the 802.1X Configuration to the Default Values Displaying 802.1x Statistics and Status Foundation Summary Q&A Part V VPN Chapter 19 Building a VPN Using IPsec "Do I Know This Already?" Quiz Foundation Topics Configuring a Cisco Router for IPsec Using Preshared Keys How IPsec Works Step 1: Select the IKE and IPsec Parameters Step 2: Configure IKE Step 3: Configure IPsec Step 4: Test and Verify the IPsec Configuration Configuring Manual IPsec Configuring IPsec Using RSA-Encrypted Nonces Configure the RSA Keys Foundation Summary Configure a Cisco Router for IPsec Using Preshared Keys Verifying the IKE and IPsec Configuration Explain the Issues Regarding Configuring IPsec Manually and Using RSA-Encrypted Nonces Q&A Chapter 20 Scaling a VPN Using IPsec with a Certificate Authority "Do I Know This Already?" Quiz Foundation Topics Advanced IPsec VPNs Using Cisco Routers and CAs Digital Signatures, Certificates, and Certificate Authorities Overview of Cisco Router CA Support SCEP Configuring the Cisco Router for IPsec VPNs Using CA Support Foundation Summary Advanced IPsec VPNs Using Cisco Routers and CAs Q&A Chapter 21 Troubleshooting the VPN Configuration on a Cisco Router "Do I Know This Already?" Quiz Foundation Topics show Commands show crypto ca certificates Command show crypto isakmp policy Command show crypto ipsec sa Command show crypto ipsec security-association lifetime Command show crypto ipsec transform-set Command show crypto isakmp key Command show crypto map Command (IPsec) show crypto key pubkey-chain rsa Command show crypto key mypubkey rsa Command debug Commands debug crypto isakmp Command debug crypto key-exchange Command debug crypto engine Command debug crypto ipsec Command debug crypto pki messages Command debug crypto pki transactions Command clear Commands clear crypto sa Command clear crypto isakmp Command clear crypto sa counters Command Foundation Summary Q&A Chapter 22 Configuring Remote Access Using Easy VPN "Do I Know This Already?" Quiz Foundation Topics Describe the Easy VPN Server Describe the Easy VPN Remote Easy VPN Server Functionality How Cisco Easy VPN Works? Configuring the Easy VPN Server Easy VPN Modes of Operation Foundation Summary Describe the Easy VPN Server Easy VPN Server Functionality Configuring the Easy VPN Server Easy VPN Modes of Operation Q&A Part VI Enterprise Network Management Chapter 23 Security Device Manager "Do I Know This Already?" Quiz Foundation Topics Security Device Manager Overview Hardware Requirements Operating System Requirements Browser Compatibility Installing SDM Software SDM User Interface SDM Wizards SDM LAN Wizard Using SDM to Configure a Firewall Using SDM to Configure a VPN Using SDM to Perform Security Audits Using the Factory Reset Wizard Using SDM Advanced Options Using SDM Monitor Mode Foundation Summary Q&A Part VII Scenarios Chapter 24 Final Scenarios Task 1--Configure Cisco Secure ACS for AAA on Miami Network Devices Task 2--Configure and Secure Miami Router Task 3--Configure 802.1x on Miami User Switches Task 4--Configure Miami User Switches and Router to Mitigate Layer 2 Attacks Task 5--Configure PEAP with Cisco Secure ACS Task 6--Prepare the Network for IPsec Using Preshared Keys Establish a Common Convention for Connectivity Between Locations Configure Initial Setup of the Router and Verify Connectivity Prepare for IKE and IPsec Define the Preshared Key Task 7--Configure IKE Using Preshared Keys Enable IKE Create the IKE Policy Configure the Preshared Key Verify the IKE Configuration Task 8--Configure IPsec Using Preshared Keys Configure Transform Sets and SA Parameters Configure IPsec SA Lifetimes Configure Crypto ACLs Configure Crypto Maps Apply the Crypto Map to the Interface Task 9--Configure IKE and IPsec on a Cisco Router Enable IKE Create an IKE Policy Using RSA Signatures Configure Transform Sets and SA Parameters Configure IPsec SA Lifetimes Configure Crypto ACLs Configure Crypto Maps Apply the Crypto Map to the Interface Task 10--Prepare the Network for IPsec Using Digital Certificates Configure Initial Setup of the Router and Verify Connectivity Prepare for IKE and IPsec Configure CA Support Task 11--Test and Verify IPsec CA Configuration Display IKE Policies Display Transform Sets Display Configured crypto maps Display the Current State of IPsec SAs Clear Any Existing SAs Enable Debug Output for IPsec Events Enable Debug Output for ISAKMP Events Observe the IKE and IPsec Debug Outputs Verify IKE and IPsec SAs Task 12--Configure Authentication Proxy on the Miami Router Configure AAA Configure the HTTP Server Configure Authentication Proxy Test and Verify the Authentication Proxy Configuration Task 13--Configure CBAC on the Miami Router Task 14--Configure Miami Router with IPS Using SDM Task 15--Verify and Monitor Miami Router with IPS Using SDM Task 16--Configure Easy VPN Server Using SDM Task 17--Configure Easy VPN Remote Using SDM Part VIII Appendix Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Sections 1587201534TOC121905show more

Rating details

6 ratings
3.16 out of 5 stars
5 0% (0)
4 17% (1)
3 83% (5)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X