Implementing Cisco IOS Network Security (IINS): Authorized Self-study Guide

Implementing Cisco IOS Network Security (IINS): Authorized Self-study Guide : CCNA Security Exam 640-553

4 (10 ratings by Goodreads)
By (author) 

List price: US$67.99

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA(R) Security foundation learning. This book provides you with the knowledge needed to secure Cisco(R) routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure. This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS(R) security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances. Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book. Implementing Cisco IOS Network Security (IINS) is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. * Develop a comprehensive network security policy to counter threats against information security * Configure routers on the network perimeter with Cisco IOS Software security features * Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network * Configure site-to-site VPNs using Cisco IOS features * Configure IPS on Cisco network routers * Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic This volume is in the Certification Self-Study Series offered by Cisco Press(R). Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.show more

Product details

  • Hardback | 624 pages
  • 195.58 x 236.22 x 38.1mm | 1,043.26g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • Study Guide
  • 1587058154
  • 9781587058158
  • 487,892

About Catherine Paquet

Catherine Paquet is a practitioner in the field of internetworking, network security, and security financials. She has authored or contributed to eight books thus far with Cisco Press. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP) and a Cisco Certified Network Professional (CCNP). Catherine is also a certified Cisco instructor with Cisco's largest training partner, Global Knowledge, Inc. She also works on IT security projects for different organizations on a part-time basis. Following her university graduation from the College Militaire Royal de St-Jean (Canada), she worked as a system analyst, LAN manager, MAN manager, and eventually as a WAN manager. In 1994, she received a master's degree in business administration (MBA) with a specialty in management information systems (MIS) from York University. Recently, she has been presenting a seminar on behalf of Cisco Systems (Emerging Markets) on the topic of the business case for network security in 22 countries. In 2002 and 2003, Catherine volunteered with the U.N. mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine lives in Toronto with her husband. They have two children, who are both attending university.show more

Back cover copy

"Authorized Self-Study Guide""Implementing Cisco IOS Network Security (IINS)" Foundation learning for CCNA Security IINS 640-553 exam Catherine Paquet "Implementing Cisco IOS Network Security (IINS)" is a Cisco-authorized, self-paced learning tool for CCNA(R) Security foundation learning. This book provides you with the knowledge needed to secure Cisco(R) routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure. This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS(R) security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances. Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book. "Implementing Cisco IOS Network Security (IINS)" is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. Catherine Paquet is a practitioner in the field of internetworking, network security and security financials. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is CCSP(R), CCNP(R), and CompTIA Security+ certified. She is also a certified Cisco instructor with the largest training partner of Cisco. Catherine, who has her M.B.A. from York University, is the director of her consulting company, Netrisec, Inc., specializing in making the business case for network security. In 2002 and 2003, Catherine volunteered with the UN mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Develop a comprehensive network security policy to counter threats against information securityConfigure routers on the network perimeter with Cisco IOS Software security featuresConfigure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a networkConfigure site-to-site VPNs using Cisco IOS featuresConfigure IPS on Cisco network routersConfigure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic This volume is in the Certification Self-Study Series offered by Cisco Press(R). Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations. Category: Cisco CertificationCovers: IINS exam 640-553show more

Table of contents

Chapter 1 Introduction to Network Security Principles Examining Network Security Fundamentals The Need for Network Security Network Security Objectives Data Classification Security Controls Response to a Security Breach Laws and Ethics Examining Network Attack Methodologies Adversaries, Motivations, and Classes of Attack Classes of Attack and Methodology The Principles of Defense in Depth IP Spoofing Attacks Confidentiality Attacks Integrity Attacks Availability Attacks Best Practices to Defeat Network Attacks Examining Operations Security Secure Network Life Cycle Management Principles of Operations Security Network Security Testing Disaster Recovery and Business Continuity Planning Understanding and Developing a Comprehensive Network Security Policy Security Policy Overview Security Policy Components Standards, Guidelines, and Procedures Security Policy Roles and Responsibilities Risk Analysis and Management Principles of Secure Network Design Security Awareness Cisco Self-Defending Networks Changing Threats and Challenges Building a Cisco Self-Defending Network Cisco Integrated Security Portfolio Summary References Review Questions Chapter 2 Perimeter Security Securing Administrative Access to Cisco Routers General Router Security Guidelines Introduction to the Cisco Integrated Services Router Family Configuring Secure Administration Access Configuring Multiple Privilege Levels Configuring Role-Based Command-Line Interface Access Securing the Cisco IOS Image and Configuration Files Configuring Enhanced Support for Virtual Logins Delays Between Successive Login Attempts Login Shutdown if DoS Attacks Are Suspected Generation of System Logging Messages for Login Detection Configuring Banner Messages Introducing Cisco SDM Supporting Cisco SDM and Cisco SDM Express Launching Cisco SDM Express Launching Cisco SDM Navigating the Cisco SDM Interface Cisco SDM Wizards in Configure Mode Configuring AAA on a Cisco Router Using the Local Database Authentication, Authorization, and Accounting Introduction to AAA for Cisco Routers Using Local Services to Authenticate Router Access Configuring AAA on a Cisco Router to Use Cisco Secure ACS Cisco Secure ACS Overview TACACS+ and RADIUS Protocols Installing Cisco Secure ACS for Windows Configuring the Server Configuring TACACS+ Support on a Cisco Router Troubleshooting TACACS+ Implementing Secure Management and Reporting Planning Considerations for Secure Management and Reporting Secure Management and Reporting Architecture Using Syslog Logging for Network Security Using Logs to Monitor Network Security Using SNMP to Manage Network Devices Configuring an SSH Daemon for Secure Management and Reporting Enabling Time Features Locking Down the Router Vulnerable Router Services and Interfaces Management Service Vulnerabilities Performing a Security Audit Cisco AutoSecure Chapter Summary References Review Questions Chapter 3 Network Security Using Cisco IOS Firewalls Introducing Firewall Technologies Firewall Fundamentals Firewalls in a Layered Defense Strategy Static Packet-Filtering Firewalls Application Layer Gateways Dynamic or Stateful Packet-Filtering Firewalls Other Types of Firewalls Cisco Family of Firewalls Developing an Effective Firewall Policy ACL Fundamentals ACL Wildcard Masking Using ACLs to Control Traffic ACL Considerations Configuring ACLs Using SDM Using ACLs to Permit and Deny Network Services Configuring a Cisco IOS Zone-Based Policy Firewall Zone-Based Policy Firewall Overview Configuring Zone-Based Policy Firewalls Using the Basic Firewall Wizard Manually Configuring Zone-Based Policy Firewalls Using Cisco SDM Monitoring a Zone-Based-Firewall Summary References Review Questions Chapter 4 Fundamentals of Cryptography Examining Cryptographic Services Cryptology Overview Symmetric and Asymmetric Encryption Algorithms Block and Stream Ciphers Encryption Algorithm Selection Cryptographic Hashes Key Management Introducing SSL VPNs Examining Symmetric Encryption Symmetric Encryption Overview DES: Features and Functions 3DES: Features and Functions AES: Features and Functions SEAL: Features and Functions Rivest Ciphers: Features and Functions Examining Cryptographic Hashes and Digital Signatures Overview of Hash Algorithms Overview of Hashed Message Authentication Codes MD5: Features and Functions SHA-1: Features and Functions Overview of Digital Signatures DSS: Features and Functions Examining Asymmetric Encryption and PKI Asymmetric Encryption Overview RSA: Features and Functions DH: Features and Functions PKI Definitions and Algorithms PKI Standards Certificate Authorities Summary References Review Questions Chapter 5 Site-to-Site VPNs VPN Overview VPN Types Cisco VPN Product Family Introducing IPsec Encryption Algorithms Diffie-Hellman Exchange Data Integrity Authentication IPsec Advantages IPsec Protocol Framework Authentication Header Encapsulating Security Payload Tunnel Mode Versus Transport Mode IPsec Framework IKE Protocol IKE Phase 1 IKE Phase 1: Example IKE Phase 2 Building a Site-to-Site IPsec VPN Site-to-Site IPsec VPN Operations Configuring IPsec Verifying the IPsec Configuration Configuring IPsec on a Site-to-Site VPN Using Cisco SDM Introducing the Cisco SDM VPN Wizard Interface Site-to-Site VPN Components Using the Cisco SDM Wizards to Configure Site-to-Site VPNs Completing the Configuration Summary References Review Questions Chapter 6 Network Security Using Cisco IOS IPS Introducing IDS and IPS Types of IDS and IPS Systems IPS Actions Event Monitoring and Management Cisco IPS Management Software Cisco Router and Security Device Manager Cisco Security Monitoring, Analysis, and Response System Cisco IDS Event Viewer Cisco Security Manager Cisco IPS Device Manager Host and Network IPS Host-Based IPS Network-Based IPS Comparing HIPS and Network IPS Introducing Cisco IPS Appliances Cisco IPS 4200 Series Sensors Cisco ASA AIP SSM Cisco Catalyst 6500 Series IDSM-2 Cisco IPS AIM Signatures and Signature Engines Examining Signature Micro-Engines Signature Alarms IPS Best Practices Configuring Cisco IOS IPS Cisco IOS IPS Features Configuring Cisco IOS IPS Using Cisco SDM Configuring Cisco IOS IPS Using CLI Configuring IPS Signatures Monitoring IOS IPS Verifying IPS Operation Summary References Review Questions Chapter 7 LAN, SAN, Voice, and Endpoint Security Overview Examining Endpoint Security Operating System Vulnerabilities Application Vulnerabilities Buffer Overflows IronPort Cisco NAC Products Cisco Security Agent Endpoint Security Best Practices Examining SAN Security Defining SANs SAN Fundamentals SAN Security Scope Examining Voice Security VoIP Fundamentals Voice Security Threats Defending Against VoIP Hacking Mitigating Layer 2 Attacks Basic Switch Operation Mitigating VLAN Attacks Preventing Spanning Tree Protocol Manipulation CAM Table Overflow Attacks MAC Address Spoofing Attacks Using Port Security Additional Switch Security Features Layer 2 Best Practices Summary References Review Questions Appendix Answers to Chapter Review Questions Indexshow more

Rating details

10 ratings
4 out of 5 stars
5 40% (4)
4 30% (3)
3 20% (2)
2 10% (1)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X