Title:
CCSP : Cisco certified security professional certification exam guide
Personal Author:
Series:
All-in-one
Publication Information:
New York : McGraw-Hill, 2003
Physical Description:
1v + 1 CD-ROM
ISBN:
9780072226911
General Note:
Also available in compact disc version : CP 4258
Subject Term:
Added Author:
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010053858 | QA76.3 L37 2003 | Open Access Book | Book | Searching... |
Searching... | 30000010060077 | QA76.3 L37 2003 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Offers coverage of the material on CCSP exams SECUR (Exam 642-501), CSPFA (Exam 642-511), CSVPN (Exam 642-511), CSIDS (Exam 642-531), and CSI (Exam 642-541). This title contains exam objectives at the beginning of each chapter, exam tips, end-of-chapter practice questions, and photographs and illustrations. The CD-ROM contains a testing engine.
Table of Contents
Introduction | p. xxi |
Part I Introduction to Network Security | p. 1 |
Chapter 1 Understanding Network Security Threats | p. 3 |
Identify the Need for Network Security | p. 4 |
Identify the Causes of Network Security Problems | p. 5 |
The Four Primary Types of Network Threats | p. 8 |
The Four Primary Types of Network Attack | p. 11 |
Cisco AVVID and SAFE Strategies | p. 22 |
Cisco Security Wheel | p. 23 |
Network Security Policy | p. 25 |
Improving Network Security | p. 38 |
Chapter Review | p. 39 |
Chapter 2 Securing the Network | p. 47 |
Secure Network Design Example | p. 48 |
Securing Network Devices | p. 50 |
Using Access Control Lists to Secure the Network | p. 57 |
Chapter Review | p. 71 |
Part II Securing the Network Perimeter | p. 75 |
Chapter 3 Cisco AAA Security Technology | p. 77 |
The Cisco AAA Model | p. 78 |
AAA System Components | p. 88 |
Testing AAA Configuration | p. 103 |
Chapter Review | p. 104 |
Chapter 4 Cisco Secure ACS and TACACS+/RADIUS Technologies | p. 109 |
Describe Cisco Secure ACS | p. 110 |
Features and Architecture of Cisco Secure ACS for Windows | p. 111 |
Features of CiscoSecure ACS for UNIX | p. 118 |
Installing Cisco Secure ACS 3.0 for Windows | p. 119 |
Administering and Troubleshooting Cisco Secure ACS for Windows | p. 122 |
TACACS+ Overview | p. 132 |
Configuring Cisco Secure ACS and TACACS+ | p. 133 |
Verifying TACACS+ | p. 136 |
Chapter Review | p. 138 |
Chapter 5 Securing Cisco Perimeter Routers | p. 143 |
Perimeter Router Terms and Concepts | p. 143 |
Eavesdropping | p. 147 |
Limit Unneeded TCP/IP and Other Services | p. 150 |
Denial of Service Attacks | p. 150 |
Unauthorized Access | p. 152 |
Lack of Legal IP Addresses | p. 161 |
Rerouting Attacks | p. 169 |
Event Logging on Perimeter Routers | p. 170 |
Chapter Review | p. 171 |
Chapter 6 IOS Firewall Feature Set--CBAC | p. 175 |
Introduction to Cisco IOS Firewall | p. 175 |
Context-Based Access Control (CBAC) | p. 179 |
IOS Firewall Management | p. 198 |
Chapter Review | p. 200 |
Chapter 7 IOS Firewall--Intrusion Detection System | p. 205 |
Intrusion Detection System (IDS) | p. 205 |
Cisco IOS Firewall IDS Configuration Task List | p. 211 |
Initializing the IOS Firewall IDS | p. 212 |
Initializing the Post Office | p. 212 |
Creating and Applying Audit Rules | p. 216 |
Verifying the IDS Configuration | p. 222 |
Chapter Review | p. 224 |
Chapter 8 IOS Firewall--Authentication Proxy | p. 229 |
Cisco IOS Firewall Authentication Proxy | p. 229 |
AAA Server Configuration | p. 238 |
AAA Router Configuration | p. 244 |
Configuring the HTTP Server | p. 253 |
Authentication Proxy Configuration on the Router | p. 254 |
Verify Authentication Proxy Configuration | p. 257 |
Chapter Review | p. 260 |
Part III Virtual Private Networks (VPNs) | p. 265 |
Chapter 9 Cisco IOS IPSec Introduction | p. 267 |
Virtual Private Networks | p. 268 |
Tunneling Protocols | p. 275 |
How IPSec Works | p. 276 |
Cisco IOS IPSec Technologies | p. 277 |
Cisco IOS Cryptosystem Components | p. 288 |
Security Association (SA) | p. 294 |
Five Steps of IPSec Revisited | p. 296 |
IPSec Support in Cisco Systems Products | p. 301 |
Chapter Review | p. 302 |
Chapter 10 Cisco IOS IPSec for Preshared Keys | p. 307 |
Configure IPSec Encryption Tasks | p. 307 |
Configuring IPSec Manually | p. 333 |
Chapter Review | p. 335 |
Chapter 11 Cisco IOS IPSec Certificate Authority Support | p. 341 |
CA Support Overview | p. 341 |
Configure CA Support Tasks | p. 348 |
RSA Encrypted Nonces Overview | p. 372 |
Chapter Review | p. 374 |
Chapter 12 Cisco IOS Remote Access Using Cisco Easy VPN | p. 381 |
Introduction to Cisco Easy VPN | p. 381 |
Cisco Easy VPN Server | p. 382 |
Cisco Easy VPN Remote | p. 383 |
Cisco VPN 3.6 Client | p. 385 |
Easy VPN Server Configuration Tasks | p. 386 |
Preconfiguring the Cisco VPN 3.6 Client | p. 386 |
Management Center for VPN Routers | p. 392 |
Easy VPN Remote Phase Two | p. 396 |
Cisco VPN Firewall Feature for VPN Client | p. 402 |
Chapter Review | p. 408 |
Chapter 13 Cisco VPN Hardware Overview | p. 413 |
Cisco Products Enable a Secure VPN | p. 413 |
Cisco VPN 3002 Client Devices | p. 414 |
Cisco VPN 3000 Concentrator Devices | p. 419 |
Chapter Review | p. 429 |
Chapter 14 Cisco VPN 3000 Remote Access Networks | p. 435 |
VPN Concentrator User Interfaces and Startup | p. 436 |
VPN Concentrators in IPSec VPN Implementations | p. 450 |
Remote Access VPNs with Preshared Keys | p. 452 |
Digital Certificates | p. 477 |
Configure Cisco VPN Client Support | p. 486 |
VPN Client Autoinitiation Feature | p. 487 |
Administer and Monitor Remote Access Networks | p. 489 |
Chapter Review | p. 495 |
Chapter 15 Configuring Cisco VPN 3002 Remote Clients | p. 501 |
The VPN 3002 in the Network | p. 502 |
Configuring the 3002 Device | p. 506 |
Common Configuration Tasks | p. 515 |
Basic Configuration for the VPN 3002 | p. 521 |
Other VPN 3002 Software Features | p. 532 |
Auto-Update Feature | p. 546 |
Chapter Review | p. 547 |
Chapter 16 Cisco VPN 3000 LAN-to-LAN Networks | p. 553 |
The VPN Concentrators in LAN-to-LAN VPNs | p. 553 |
LAN-to-LAN Networks with Preshared Keys | p. 555 |
LAN-to-LAN Networks with Digital Certificates | p. 566 |
NAT Issues | p. 567 |
NAT Transparency | p. 568 |
LAN-to-LAN VPN with Overlapping Network Addresses | p. 572 |
LAN-to-LAN Routing | p. 575 |
Chapter Review | p. 581 |
Part IV PIX Firewalls | p. 585 |
Chapter 17 CiscoSecure PIX Firewalls | p. 587 |
Firewall and Firewall Security Systems | p. 587 |
CiscoSecure PIX Firewall Technology | p. 589 |
Basic PIX Firewall Configuration | p. 597 |
Chapter Review | p. 604 |
Chapter 18 Getting Started with the Cisco PIX Firewall | p. 609 |
Basic PIX Firewall Configuration | p. 609 |
ICMP Traffic to the Firewall | p. 612 |
Time Setting and NTP Support | p. 614 |
Syslog Configuration | p. 617 |
DHCP Server Configuration | p. 625 |
Chapter Review | p. 633 |
Chapter 19 Access Through the PIX Firewall | p. 639 |
Adaptive Security Algorithm | p. 639 |
Translations and Connections | p. 644 |
Access Control Lists (ACLs) | p. 661 |
Content Filtering | p. 668 |
Object Grouping | p. 673 |
Conduit Statements | p. 676 |
PIX Routing Configuration | p. 678 |
Chapter Review | p. 682 |
Chapter 20 Advanced PIX Firewall Features | p. 687 |
Remote Access | p. 687 |
AAA on the PIX Firewall | p. 691 |
Advanced Protocol Handling | p. 702 |
Attack Guards | p. 710 |
Intrusion Detection | p. 715 |
Shunning | p. 718 |
Managing SNMP Services | p. 719 |
Chapter Review | p. 723 |
Chapter 21 Firewalls and VPN Features | p. 729 |
Pix Firewall Enables a Secure VPN | p. 729 |
IPSec Configuration Tasks | p. 732 |
Cisco VPN Client | p. 748 |
Scale PIX Firewall VPNs | p. 750 |
PPPoE and the PIX Firewall | p. 752 |
Chapter Review | p. 754 |
Chapter 22 Managing and Maintaining the PIX Firewall | p. 765 |
PDM Overview | p. 765 |
PDM Operating Requirements | p. 767 |
Prepare for PDM | p. 771 |
Using PDM to Configure the PIX Firewall | p. 775 |
Using PDM to Create a Site-to-Site VPN | p. 776 |
Using PDM to Create a Remote Access VPN | p. 780 |
CiscoWorks Management Center for PIX Firewalls (PIX MC) | p. 783 |
PIX Failover Feature | p. 784 |
Password Recovery | p. 794 |
Upgrading the PIX OS | p. 797 |
Chapter Review | p. 800 |
Part V Intrusion Detection Systems (IDS) | p. 805 |
Chapter 23 Intrusion Detection System Overview | p. 807 |
Security Threats | p. 807 |
The Attack Types and Phases | p. 809 |
Intrusion Detection Systems Overview | p. 816 |
Summary | p. 827 |
Chapter 24 Cisco Secure Intrusion Detection System | p. 835 |
CIDS Operations and Functionality | p. 836 |
CIDS Architecture | p. 850 |
Chapter Review | p. 866 |
Chapter 25 Sensor Installation and Configuration | p. 873 |
Sensor Deployment Considerations | p. 873 |
Sensor Installation | p. 878 |
IDS Device Manager | p. 885 |
Chapter Review | p. 917 |
Chapter 26 Signature and Alarm Management | p. 921 |
CIDS Signatures | p. 922 |
Event Viewer | p. 930 |
Chapter Review | p. 940 |
Part VI Cisco SAFE Implementation | p. 945 |
Chapter 27 Cisco SAFE Implementation | p. 947 |
Preparation Documents | p. 947 |
Exam Topics | p. 948 |
Skills Required for the Exam | p. 950 |
Chapter Review | p. 950 |
Appendix A Access Control Lists | p. 955 |
Access List Basics | p. 955 |
Two-Step Process | p. 956 |
Numbered ACL Common Characteristics | p. 957 |
The Numbers Matter | p. 957 |
Standard Access Lists | p. 958 |
Building a Standard ACL | p. 958 |
Verifying ACLs | p. 963 |
Show Run Command | p. 963 |
Show Access-Lists Command | p. 964 |
Show IP Interfaces Command | p. 964 |
Extended Access Lists | p. 965 |
Creating an Extended Access List | p. 965 |
Named Access Lists | p. 971 |
Appendix B About the CD | p. 975 |
System Requirements | p. 975 |
LearnKey Online Training | p. 975 |
Installing and Running MasterExam | p. 976 |
MasterExam | p. 976 |
Electronic Book | p. 976 |
Lab Exercises | p. 976 |
Help | p. 976 |
Removing Installation(s) | p. 977 |
Technical Support | p. 977 |
LearnKey Technical Support | p. 977 |
Index | p. 979 |