Premium Members Get 10% Off and Earn Rewards Find Out More
Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA® Security foundation learning. This book provides you with the knowledge needed to secure Cisco® routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure.

 

This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS® security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances.

 

Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book.

 

Implementing Cisco IOS Network Security (IINS) is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

  • Develop a comprehensive network security policy to counter threats against information security
  • Configure routers on the network perimeter with Cisco IOS Software security features
  • Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network
  • Configure site-to-site VPNs using Cisco IOS features
  • Configure IPS on Cisco network routers
  • Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic

 

This volume is in the Certification Self-Study Series offered by Cisco Press®. Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations. 

 

1100305711
Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA® Security foundation learning. This book provides you with the knowledge needed to secure Cisco® routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure.

 

This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS® security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances.

 

Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book.

 

Implementing Cisco IOS Network Security (IINS) is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

  • Develop a comprehensive network security policy to counter threats against information security
  • Configure routers on the network perimeter with Cisco IOS Software security features
  • Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network
  • Configure site-to-site VPNs using Cisco IOS features
  • Configure IPS on Cisco network routers
  • Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic

 

This volume is in the Certification Self-Study Series offered by Cisco Press®. Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations. 

 

49.49 In Stock
Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

by Catherine Paquet
Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

by Catherine Paquet

Overview

Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA® Security foundation learning. This book provides you with the knowledge needed to secure Cisco® routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure.

 

This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS® security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances.

 

Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book.

 

Implementing Cisco IOS Network Security (IINS) is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

  • Develop a comprehensive network security policy to counter threats against information security
  • Configure routers on the network perimeter with Cisco IOS Software security features
  • Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network
  • Configure site-to-site VPNs using Cisco IOS features
  • Configure IPS on Cisco network routers
  • Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic

 

This volume is in the Certification Self-Study Series offered by Cisco Press®. Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations. 

 

Product Details

ISBN-13: 9781587058837
Publisher: Pearson Education
Publication date: 04/14/2009
Series: Self-Study Guide
Sold by: Barnes & Noble
Format: eBook
Pages: 624
File size: 17 MB
Note: This product may take a few minutes to download.
Age Range: 18 Years

About the Author

Catherine Paquet is a practitioner in the field of internetworking, network security, and security financials. She has authored or contributed to eight books thus far with Cisco Press. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP) and a Cisco Certified Network Professional (CCNP). Catherine is also a certified Cisco instructor with Cisco’s largest training partner, Global Knowledge, Inc. She also works on IT security projects for different organizations on a part-time basis. Following her university graduation from the Collège Militaire Royal de St-Jean (Canada), she worked as a system analyst, LAN manager, MAN manager, and eventually as a WAN manager. In 1994, she received a master’s degree in business administration (MBA) with a specialty in management information systems (MIS) from York University. Recently, she has been presenting a seminar on behalf of Cisco Systems (Emerging Markets) on the topic of the business case for network security in 22 countries. In 2002 and 2003, Catherine volunteered with the U.N. mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine lives in Toronto with her husband. They have two children, who are both attending university.

Read an Excerpt

Implementing Cisco IOS Network Security (IINS)Implementing Cisco IOS Network Security (IINS)Introduction

Network security is a complex and growing area of IT. As the premier provider of network security devices, Cisco Systems is committed to supporting this growing segment of the industry.

This book teaches you how to design, configure, maintain, and audit network security. It focuses on using Cisco IOS routers for protecting the network by capitalizing on its advanced features as a perimeter router, as a firewall, as an intrusion prevention system, and as a VPN device. By the end of this book, you will be able to select and implement the appropriate Cisco IOS services required to build flexible and secure networks. This book also introduces you to the concept of endpoint security.

This book provides you with the knowledge necessary to pass your CCNA Security certification because it provides in-depth information to help you prepare for the IINS exam. It also starts you on the path toward attaining your Cisco Certified Security Professional (CCSP) certification.

The commands and configuration examples presented in this book are based on Cisco IOS Releases 12.3.

Goals and Methods

The most important and somewhat obvious goal of this book is to help you pass the IINS exam (640-553). In fact, if the primary objective of this book were different, the book’s title would be misleading; however, the methods used in this book to help you pass the CCNA Security exam are designed to also make you much more knowledgeable about how to do your job.

Although this book has more than enough questions to help you prepare for the actual exam, the method in which they are used is not to simply make you memorize as many questions and answers as you possibly can. One key methodology used in this book is to help you discover the exam topics that you need to review in more depth, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. So, this book does not try to help you pass by memorization, but helps you truly learn and understand the topics. The CCNA Security exam (640-553) is just one of the foundation topics in the CCSP certification, and the knowledge contained within is vitally important to consider yourself a truly skilled security specialist. This book would do you a disservice if it didn’t attempt to help you learn the material. To that end, the book will help you pass the CCNA Security exam by using the following methods:

  • Helping you discover which test topics you have not mastered
  • Providing explanations and information to fill in your knowledge gaps
  • Providing practice questions on the topics
Who Should Read This Book?

This book is not designed to be a general security topics book, although it can be used for that purpose. This book is intended to tremendously increase your chances of passing the CCNA Security exam. Although other objectives can be achieved from using this book, the book is written with two goals in mind: to improve your knowledge of Cisco IOS security and to help you pass the CCNA Security exam.

So why should you want to pass the CCNA Security exam? Because it is one of the milestones toward getting the CCSP certification; no small feat in itself. What would getting the CCSP mean to you? A raise, a promotion, recognition? How about to enhance your resumé? To demonstrate that you are serious about continuing the learning process and that you are not content to rest on your laurels? To have a chance of working in one of the most thrilling and fastest growing sectors of IT, network security? To please your reseller-employer, who needs more certified employees for a higher discount from Cisco? Or one of many other reasons.

Strategies for Exam Preparation

The strategy you use for CCNA Security might be slightly different from strategies used by other readers, mainly based on the skills, knowledge, and experience you already have obtained. For instance, if you have attended the IINS course, you might take a different approach than someone who learned firewalling via on-the-job training.

How This Book Is Organized

Although this book could be read cover to cover, it is designed to be flexible and allow you to move between chapters. However, if you do intend to read every chapter, the order in the book is an excellent sequence to use. Chapters 1 to 7 cover the following topics:

  • Chapter 1, “Introduction to Network Security Principles”: This chapter discusses how to develop a comprehensive network security policy to counter threats against information security. It also teaches you about possible threats and how to describe and implement the process of developing a security policy.
  • Chapter 2, “Perimeter Security”: This chapter discusses the concept of perimeter security and covers more precisely the physical installation of and administrative access to Cisco routers, the use of Cisco Security Device Manager (SDM), the use of Cisco routers to perform authentication, authorization, and accounting (AAA), the secure implementation of the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), Network Time Protocol (NTP), and it examines how to secure a Cisco router with the Security Audit and One-Step Lockdown features of Cisco SDM.
  • Chapter 3, “Network Security Using Cisco IOS Firewalls”: This chapter teaches you how to configure firewall features, including access control lists (ACL) and Cisco IOS zone-based policy firewalls to perform basic security operations on a network. It explains the operations of the different types of firewall technologies and especially the technology used by Cisco routers and Cisco security appliances. The chapter provides thorough explanations on how to create static packet filters using ACLs and how to configure a Cisco IOS zone-based policy firewall.
  • Chapter 4, “Fundamentals of Cryptography”: This chapter introduces the concepts of cryptography and covers encryption, hashing, and digital signatures and how these techniques provide confidentiality, integrity, authenticity, and nonrepudiation. You will learn about algorithms, symmetric and asymmetrical encryption, digital signatures, and Public Key Infrastructure (PKI).
  • Chapter 5, “Site-to-Site VPNs”: This chapter introduces the concepts of site-to-site virtual private networks (VPN) using Cisco IOS. It covers topics such as concepts, technologies, and terms that IP Security (IPsec) VPNs use, Site-to-site IPsec VPN configuration using the command-line interface (CLI), and using Cisco SDM.
  • Chapter 6, “Network Security Using Cisco IOS IPS”: This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). It explains the underlying IDS and IPS technology embedded in the Cisco host- and network-based IDS and IPS solutions. Through this chapter, you will learn to configure Cisco IOS IPS using Cisco SDM.
  • Chapter 7, “LAN, SAN, Voice, and Endpoint Security Overview”: This chapter focuses on several additional aspects of network security: LANs, storage-area networks (SAN), voice, and endpoints. This chapter emphasizes Layer 2 and host security to provide much more comprehensive coverage of the important issues involved in securing an enterprise. In this chapter, you learn about current endpoint protection methods, risks, and countermeasures for SANs security and for IP telephony. You will also read about how to protect your network against Layer 2 attacks.

© Copyright Pearson Education. All rights reserved.

Table of Contents

&n>

Chapter 1 Introduction to Network Security Principles

Examining Network Security Fundamentals

    The Need for Network Security

    Network Security Objectives

    Data Classification

    Security Controls

    Response to a Security Breach

    Laws and Ethics

Examining Network Attack Methodologies

    Adversaries, Motivations, and Classes of Attack

    Classes of Attack and Methodology

The Principles of Defense in Depth

    IP Spoofing Attacks

    Confidentiality Attacks

    Integrity Attacks

    Availability Attacks

    Best Practices to Defeat Network Attacks

Examining Operations Security

    Secure Network Life Cycle Management

    Principles of Operations Security

    Network Security Testing

    Disaster Recovery and Business Continuity Planning

Understanding and Developing a Comprehensive Network Security Policy

    Security Policy Overview

    Security Policy Components

    Standards, Guidelines, and Procedures

    Security Policy Roles and Responsibilities

    Risk Analysis and Management

    Principles of Secure Network Design

    Security Awareness

Cisco Self-Defending Networks

    Changing Threats and Challenges

    Building a Cisco Self-Defending Network

    Cisco Integrated Security Portfolio

Summary

    References

Review Questions

 

Chapter 2 Perimeter Security

Securing Administrative Access to Cisco Routers

    General Router Security Guidelines

    Introduction to the Cisco Integrated Services Router Family

    Configuring Secure Administration Access

    Configuring Multiple Privilege Levels

    Configuring Role-Based Command-Line Interface Access

Securing the Cisco IOS Image and Configuration Files

Configuring Enhanced Support for Virtual Logins

    Delays Between Successive Login Attempts

    Login Shutdown if DoS Attacks Are Suspected

    Generation of System Logging Messages for Login Detection

    Configuring Banner Messages

    Introducing Cisco SDM

    Supporting Cisco SDM and Cisco SDM Express

    Launching Cisco SDM Express

    Launching Cisco SDM

    Navigating the Cisco SDM Interface

    Cisco SDM Wizards in Configure Mode

Configuring AAA on a Cisco Router Using the Local Database

    Authentication, Authorization, and Accounting

    Introduction to AAA for Cisco Routers

    Using Local Services to Authenticate Router Access

Configuring AAA on a Cisco Router to Use Cisco Secure ACS

    Cisco Secure ACS Overview

    TACACS+ and RADIUS Protocols

    Installing Cisco Secure ACS for Windows

    Configuring the Server

    Configuring TACACS+ Support on a Cisco Router

    Troubleshooting TACACS+

Implementing Secure Management and Reporting

    Planning Considerations for Secure Management and Reporting

    Secure Management and Reporting Architecture

    Using Syslog Logging for Network Security

    Using Logs to Monitor Network Security

    Using SNMP to Manage Network Devices

    Configuring an SSH Daemon for Secure Management and Reporting

    Enabling Time Features

Locking Down the Router

    Vulnerable Router Services and Interfaces

    Management Service Vulnerabilities

    Performing a Security Audit

    Cisco AutoSecure

Chapter Summary

    References

Review Questions

 

Chapter 3 Network Security Using Cisco IOS Firewalls

Introducing Firewall Technologies

    Firewall Fundamentals

    Firewalls in a Layered Defense Strategy

    Static Packet-Filtering Firewalls

    Application Layer Gateways

    Dynamic or Stateful Packet-Filtering Firewalls

    Other Types of Firewalls

    Cisco Family of Firewalls

    Developing an Effective Firewall Policy

    ACL Fundamentals

    ACL Wildcard Masking

    Using ACLs to Control Traffic

    ACL Considerations

    Configuring ACLs Using SDM

    Using ACLs to Permit and Deny Network Services

Configuring a Cisco IOS Zone-Based Policy Firewall

    Zone-Based Policy Firewall Overview

    Configuring Zone-Based Policy Firewalls Using the Basic Firewall Wizard

    Manually Configuring Zone-Based Policy Firewalls Using Cisco SDM

Monitoring a Zone-Based-Firewall

Summary

    References

Review Questions

 

Chapter 4 Fundamentals of Cryptography

Examining Cryptographic Services

    Cryptology Overview

    Symmetric and Asymmetric Encryption Algorithms

    Block and Stream Ciphers

    Encryption Algorithm Selection

    Cryptographic Hashes

    Key Management

    Introducing SSL VPNs

Examining Symmetric Encryption

    Symmetric Encryption Overview

    DES: Features and Functions

    3DES: Features and Functions

    AES: Features and Functions

    SEAL: Features and Functions

    Rivest Ciphers: Features and Functions

Examining Cryptographic Hashes and Digital Signatures

    Overview of Hash Algorithms

    Overview of Hashed Message Authentication Codes

    MD5: Features and Functions

    SHA-1: Features and Functions

    Overview of Digital Signatures

    DSS: Features and Functions

Examining Asymmetric Encryption and PKI

    Asymmetric Encryption Overview

    RSA: Features and Functions

    DH: Features and Functions

    PKI Definitions and Algorithms

    PKI Standards

    Certificate Authorities

Summary

    References

Review Questions

 

Chapter 5 Site-to-Site VPNs

VPN Overview

    VPN Types

    Cisco VPN Product Family

Introducing IPsec

    Encryption Algorithms

    Diffie-Hellman Exchange

    Data Integrity

    Authentication

    IPsec Advantages

IPsec Protocol Framework

    Authentication Header

    Encapsulating Security Payload

    Tunnel Mode Versus Transport Mode

    IPsec Framework

IKE Protocol

    IKE Phase 1

    IKE Phase 1: Example

    IKE Phase 2

Building a Site-to-Site IPsec VPN

    Site-to-Site IPsec VPN Operations

    Configuring IPsec

    Verifying the IPsec Configuration

Configuring IPsec on a Site-to-Site VPN Using Cisco SDM

    Introducing the Cisco SDM VPN Wizard Interface

    Site-to-Site VPN Components

    Using the Cisco SDM Wizards to Configure Site-to-Site VPNs

    Completing the Configuration

Summary

    References

Review Questions

 

Chapter 6 Network Security Using Cisco IOS IPS

Introducing IDS and IPS

    Types of IDS and IPS Systems

    IPS Actions

    Event Monitoring and Management

Cisco IPS Management Software

    Cisco Router and Security Device Manager

    Cisco Security Monitoring, Analysis, and Response System

    Cisco IDS Event Viewer

    Cisco Security Manager

    Cisco IPS Device Manager

Host and Network IPS

    Host-Based IPS

    Network-Based IPS

    Comparing HIPS and Network IPS

Introducing Cisco IPS Appliances

    Cisco IPS 4200 Series Sensors

    Cisco ASA AIP SSM

    Cisco Catalyst 6500 Series IDSM-2

    Cisco IPS AIM

Signatures and Signature Engines

    Examining Signature Micro-Engines

    Signature Alarms

IPS Best Practices

Configuring Cisco IOS IPS

    Cisco IOS IPS Features

    Configuring Cisco IOS IPS Using Cisco SDM

    Configuring Cisco IOS IPS Using CLI

    Configuring IPS Signatures

    Monitoring IOS IPS

Verifying IPS Operation

Summary

    References

Review Questions

 

Chapter 7 LAN, SAN, Voice, and Endpoint Security Overview

Examining Endpoint Security

    Operating System Vulnerabilities

    Application Vulnerabilities

    Buffer Overflows

    IronPort

    Cisco NAC Products

    Cisco Security Agent

    Endpoint Security Best Practices

Examining SAN Security

    Defining SANs

    SAN Fundamentals

    SAN Security Scope

Examining Voice Security

    VoIP Fundamentals

    Voice Security Threats

    Defending Against VoIP Hacking

Mitigating Layer 2 Attacks

    Basic Switch Operation

    Mitigating VLAN Attacks

    Preventing Spanning Tree Protocol Manipulation

    CAM Table Overflow Attacks

    MAC Address Spoofing Attacks

    Using Port Security

    Additional Switch Security Features

    Layer 2 Best Practices

Summary

    References

Review Questions

 

Appendix Answers to Chapter Review Questions

 

Index

Preface

Implementing Cisco IOS Network Security (IINS)

Implementing Cisco IOS Network Security (IINS)

Introduction

Network security is a complex and growing area of IT. As the premier provider of network security devices, Cisco Systems is committed to supporting this growing segment of the industry.

This book teaches you how to design, configure, maintain, and audit network security. It focuses on using Cisco IOS routers for protecting the network by capitalizing on its advanced features as a perimeter router, as a firewall, as an intrusion prevention system, and as a VPN device. By the end of this book, you will be able to select and implement the appropriate Cisco IOS services required to build flexible and secure networks. This book also introduces you to the concept of endpoint security.

This book provides you with the knowledge necessary to pass your CCNA Security certification because it provides in-depth information to help you prepare for the IINS exam. It also starts you on the path toward attaining your Cisco Certified Security Professional (CCSP) certification.

The commands and configuration examples presented in this book are based on Cisco IOS Releases 12.3.

Goals and Methods

The most important and somewhat obvious goal of this book is to help you pass the IINS exam (640-553). In fact, if the primary objective of this book were different, the book’s title would be misleading; however, the methods used in this book to help you pass the CCNA Security exam are designed to also make you much more knowledgeable about how to do your job.

Although this book has more than enough questions to help you prepare for the actual exam, the method in which they are used is not to simply make you memorize as many questions and answers as you possibly can. One key methodology used in this book is to help you discover the exam topics that you need to review in more depth, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. So, this book does not try to help you pass by memorization, but helps you truly learn and understand the topics. The CCNA Security exam (640-553) is just one of the foundation topics in the CCSP certification, and the knowledge contained within is vitally important to consider yourself a truly skilled security specialist. This book would do you a disservice if it didn’t attempt to help you learn the material. To that end, the book will help you pass the CCNA Security exam by using the following methods:

  • Helping you discover which test topics you have not mastered
  • Providing explanations and information to fill in your knowledge gaps
  • Providing practice questions on the topics

Who Should Read This Book?

This book is not designed to be a general security topics book, although it can be used for that purpose. This book is intended to tremendously increase your chances of passing the CCNA Security exam. Although other objectives can be achieved from using this book, the book is written with two goals in mind: to improve your knowledge of Cisco IOS security and to help you pass the CCNA Security exam.

So why should you want to pass the CCNA Security exam? Because it is one of the milestones toward getting the CCSP certification; no small feat in itself. What would getting the CCSP mean to you? A raise, a promotion, recognition? How about to enhance your resumé? To demonstrate that you are serious about continuing the learning process and that you are not content to rest on your laurels? To have a chance of working in one of the most thrilling and fastest growing sectors of IT, network security? To please your reseller-employer, who needs more certified employees for a higher discount from Cisco? Or one of many other reasons.

Strategies for Exam Preparation

The strategy you use for CCNA Security might be slightly different from strategies used by other readers, mainly based on the skills, knowledge, and experience you already have obtained. For instance, if you have attended the IINS course, you might take a different approach than someone who learned firewalling via on-the-job training.

How This Book Is Organized

Although this book could be read cover to cover, it is designed to be flexible and allow you to move between chapters. However, if you do intend to read every chapter, the order in the book is an excellent sequence to use. Chapters 1 to 7 cover the following topics:

  • Chapter 1, “Introduction to Network Security Principles”: This chapter discusses how to develop a comprehensive network security policy to counter threats against information security. It also teaches you about possible threats and how to describe and implement the process of developing a security policy.
  • Chapter 2, “Perimeter Security”: This chapter discusses the concept of perimeter security and covers more precisely the physical installation of and administrative access to Cisco routers, the use of Cisco Security Device Manager (SDM), the use of Cisco routers to perform authentication, authorization, and accounting (AAA), the secure implementation of the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), Network Time Protocol (NTP), and it examines how to secure a Cisco router with the Security Audit and One-Step Lockdown features of Cisco SDM.
  • Chapter 3, “Network Security Using Cisco IOS Firewalls”: This chapter teaches you how to configure firewall features, including access control lists (ACL) and Cisco IOS zone-based policy firewalls to perform basic security operations on a network. It explains the operations of the different types of firewall technologies and especially the technology used by Cisco routers and Cisco security appliances. The chapter provides thorough explanations on how to create static packet filters using ACLs and how to configure a Cisco IOS zone-based policy firewall.
  • Chapter 4, “Fundamentals of Cryptography”: This chapter introduces the concepts of cryptography and covers encryption, hashing, and digital signatures and how these techniques provide confidentiality, integrity, authenticity, and nonrepudiation. You will learn about algorithms, symmetric and asymmetrical encryption, digital signatures, and Public Key Infrastructure (PKI).
  • Chapter 5, “Site-to-Site VPNs”: This chapter introduces the concepts of site-to-site virtual private networks (VPN) using Cisco IOS. It covers topics such as concepts, technologies, and terms that IP Security (IPsec) VPNs use, Site-to-site IPsec VPN configuration using the command-line interface (CLI), and using Cisco SDM.
  • Chapter 6, “Network Security Using Cisco IOS IPS”: This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). It explains the underlying IDS and IPS technology embedded in the Cisco host- and network-based IDS and IPS solutions. Through this chapter, you will learn to configure Cisco IOS IPS using Cisco SDM.
  • Chapter 7, “LAN, SAN, Voice, and Endpoint Security Overview”: This chapter focuses on several additional aspects of network security: LANs, storage-area networks (SAN), voice, and endpoints. This chapter emphasizes Layer 2 and host security to provide much more comprehensive coverage of the important issues involved in securing an enterprise. In this chapter, you learn about current endpoint protection methods, risks, and countermeasures for SANs security and for IP telephony. You will also read about how to protect your network against Layer 2 attacks.

© Copyright Pearson Education. All rights reserved.

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Networking & Telecommunications
Security - Computer Networks
Computers
Networking & Telecommunications
Security - Computer Networks

Customer Reviews