CCIE security exam certification guide

Select an Action

Place Hold(s)
Add to My Lists
Email
Print

Title:

Personal Author:

Benjamin, Henry

Series:

CCIE self-study

Edition:

2nd ed.

Publication Information:

Indianapolis, IN : Cisco Press, 2005

Physical Description:

1v + 1 CD-ROM

ISBN:

9781587201356

General Note:

Accompanied by compact disc : CP 8962

Subject Term:

Computer networks -- Security measures -- Examinations -- Study guides

Electronic data processing personnel -- Certification -- Study guides

Available:*

Library	Item Barcode	Call Number	Material Type	Item Category 1	Status
Searching... PSZ JB	30000010116303	QA76.3 B464 2003	Open Access Book	Book	Searching... Unknown

Covers the CCIE Security written exam 2.0 objectives. Designed to optimize your study time, this book helps you assess your knowledge of the material at the start of each chapter with quizzes for each topic. The CD-ROM test engine enables you take timed practice exams that mimic the real testing environment.

Author Notes

Henry Benjamin , CCIE No. 4695, is a triple CCIE. He has more than 15 years experience in Cisco networks including planning, designing, and implementing large IP networks running IGRP, EIGRP, BGP, OSPF, and voice over IP. Henry has been a key member of the CCIE global team and internal Cisco IT team based in Sydney, Australia, where his tasks included writing and proctoring new laboratory examinations and questions for the coveted CCIE R/S, CCIE Security, and CCIE Service Provider tracks.

Foreword	p. xviii
Introduction	p. xx
Chapter 1 General Networking Topics	p. 3
"Do I Know This Already?" Quiz	p. 4
Foundation Topics	p. 14
Networking Basics-The OSI Reference Model	p. 14
Layer 1 The Physical Layer	p. 14
Layer 2 The Data Link Layer	p. 15
Layer 3 The Network Layer	p. 16
Layer 4 The Transport Layer	p. 17
Layer 5 The Session Layer	p. 17
Layer 6 The Presentation Layer	p. 17
Layer 7 The Application Layer	p. 18
TCP/IP and OSI Model Comparison	p. 18
Example of Peer-to-Peer Communication	p. 19
Ethernet Overview	p. 20
Switching and Bridging	p. 22
Bridge Port States	p. 24
Fast EtherChannel	p. 25
Internet Protocol	p. 27
Variable-Length Subnet Masks	p. 31
Classless Interdomain Routing	p. 32
Transmission Control Protocol	p. 34
TCP Mechanisms	p. 34
TCP/IP Services	p. 38
Address Resolution Protocol	p. 38
Reverse ARP	p. 39
Dynamic Host Configuration Protocol	p. 40
Hot Standby Router Protocol	p. 41
Internet Control Message Protocol	p. 46
Telnet	p. 47
File Transfer Protocol and Trivial File Transfer Protocol	p. 47
Routing Protocols	p. 48
Routing Information Protocol	p. 52
Enhanced Interior Gateway Routing Protocol	p. 57
EIGRP Terminology	p. 57
EIGRP Configuration Example	p. 59
Open Shortest Path First	p. 61
OSPF in a Single Area	p. 62
Multiple OSPF Areas	p. 64
Virtual Links	p. 66
OSPF Configuration Example	p. 66
Border Gateway Protocol	p. 71
BGP Attributes	p. 72
Configuring BGP	p. 74
Integrated Services Digital Network	p. 75
Basic Rate and Primary Rate Interfaces	p. 75
ISDN Framing and Frame Format	p. 76
ISDN Layer 2 Protocols	p. 76
High-Level Data Link Control	p. 76
Point-to-Point Protocol	p. 77
Cisco IOS ISDN Commands	p. 78
IP Multicast	p. 79
Asynchronous Communications and Access Devices	p. 80
Telephony Best Practices	p. 82
Wireless Best Practices	p. 84
Foundation Summary	p. 89
Wireless Best Practices	p. 95
Q & A	p. 96
Scenario: Routing IP on Cisco Routers	p. 98
Scenario Answers	p. 100
Chapter 2 Application Protocols	p. 103
"Do I Know This Already?" Quiz	p. 103
Foundation Topics	p. 110
Domain Name System	p. 110
Trivial File Transfer Protocol	p. 114
File Transfer Protocol	p. 116
Active FTP	p. 117
Passive FTP	p. 118
Hypertext Transfer Protocol	p. 119
Secure Sockets Layer	p. 121
Simple Network Management Protocol	p. 122
SNMP Notifications	p. 123
SNMP Examples	p. 128
Simple Mail Transfer Protocol	p. 128
Network Time Protocol	p. 130
Secure Shell and Cisco IOS SSH	p. 133
Cisco IOS SSH	p. 135
Remote Data Exchange Protocol	p. 138
Foundation Summary	p. 140
Q & A	p. 143
Scenario: Configuring DNS, TFTP, NTP, and SNMP	p. 145
Scenario Answers	p. 147
Chapter 3 Cisco IOS Specifics and Security	p. 149
"Do I Know This Already?" Quiz	p. 149
Foundation Topics	p. 156
Cisco Hardware	p. 156
Random-Access Memory	p. 157
Nonvolatile RAM	p. 157
System Flash	p. 157
Central Processing Unit	p. 158
Read-Only Memory	p. 159
Configuration Registers	p. 160
Cisco Interfaces	p. 163
Saving and Loading Files	p. 165
show and debug Commands	p. 166
Router CLI	p. 166
show Commands	p. 166
Debugging Cisco Routers	p. 175
Password Recovery	p. 182
Basic Security on Cisco Routers	p. 187
IP Access Lists	p. 190
Access Lists on Cisco Routers	p. 190
Extended Access Lists	p. 196
Layer 2 Switching Security	p. 199
CAM Table Overflow	p. 199
VLAN Hopping	p. 202
Spanning Tree Protocol Manipulation	p. 204
MAC Spoofing Attack	p. 205
DHCP Starvation Attacks	p. 207
Security Policy Best Practices-A Cisco View	p. 208
Foundation Summary	p. 210
Q & A	p. 213
Scenario: Configuring Cisco Routers for Passwords and Access Lists	p. 215
Scenario Answers	p. 217
Chapter 4 Security Protocols	p. 221
"Do I Know This Already?" Quiz	p. 221
Foundation Topics	p. 228
Authentication, Authorization, and Accounting	p. 228
Authentication	p. 230
Authorization	p. 230
Accounting	p. 231
Remote Authentication Dial-In User Service	p. 232
RADIUS Configuration Task List	p. 236
Terminal Access Controler Access Control System Plus	p. 238
TACACS+ Configuration Task List	p. 241
TACACS+ Versus RADIUS	p. 245
Encryption Technology Overview	p. 246
DES and 3DES	p. 248
Advanced Encryption Standard	p. 250
Message Digest 5 and Secure Hash Algorithm	p. 251
Diffie-Hellman	p. 252
IP Security	p. 254
Encapsulating Security Payload	p. 255
Authentication Header	p. 257
Internet Key Exchange	p. 258
Cisco IOS IPSec Configuration	p. 264
Certificate Enrollment Protocol	p. 272
Extensible Authentication Protocol, Protected EAP, and Temporal Key Integrity Protocol	p. 272
Virtual Private Dial-Up Networks (VPDN)	p. 276
VPDN Configuration Task List	p. 279
Foundation Summary	p. 282
Q & A	p. 286
Scenario: Configuring Cisco Routers for IPSec	p. 288
Scenario Answers	p. 292
Chapter 5 Cisco Security Applications	p. 297
"Do I Know This Already?" Quiz	p. 298
Foundation Topics	p. 301
Cisco Secure for Windows (NT) and Cisco Secure ACS	p. 301
Cisco Secure ACS	p. 303
IDS Fundamentals	p. 303
Notification Alarms	p. 303
Signature-Based IDS	p. 304
Anomaly-Based IDS	p. 305
Network-Based IDS Versus Host-Based IDS	p. 305
IDS Placement	p. 305
IDS Tuning	p. 307
Cisco Secure Intrusion Detection System and Catalyst Services Modules	p. 309
Cisco Secure IDS	p. 309
Cisco Inline IDS (Intrusion Prevention System)	p. 311
Catalyst Services Module	p. 312
CiscoWorks VMS	p. 313
Cisco VPN 3000 Concentrator	p. 314
Cisco Secure VPN Client	p. 326
Cisco Router and Security Device Manager	p. 328
Security Information Monitoring System	p. 331
Foundation Summary	p. 332
Q & A	p. 334
Scenario: Cisco Secure IDS Database Event	p. 335
Scenario Answers	p. 337
Chapter 6 Security Technologies	p. 341
"Do I Know This Already?" Quiz	p. 342
Foundation Topics	p. 351
Advanced Security Concepts	p. 351
Network Address Translation and Port Address Translation	p. 355
NAT Operation on Cisco Routers	p. 358
Dynamic NAT Configuration Task List	p. 359
Monitoring NAT Operations with show Commands	p. 360
Cisco PIX Firewall	p. 361
Configuring a PIX Firewall	p. 364
PIX Firewall Configuration Task List	p. 364
Miscellaneous PIX Firewall Commands	p. 370
Advanced Cisco PIX Commands	p. 373
Troubleshooting PIX Firewall Log Files	p. 374
Cisco PIX Firewall Software Features	p. 376
Cisco IOS Firewall Feature Set	p. 377
CBAC Configuration Task List	p. 380
Public Key Infrastructure	p. 382
Virtual Private Networks	p. 383
Network-Based Intrusion Detection Systems	p. 386
Cisco Security Agent and Host-Based IDS	p. 387
Cisco Threat Response	p. 391
Cisco Threat Response IDS Requirements	p. 392
Authorization Technologies (IOS Authentication 802.1X)	p. 392
Foundation Summary	p. 395
Q & A	p. 399
Scenario: Configuring a Cisco PIX Firewall for NAT	p. 401
Scenario Answer	p. 402
Chapter 7 Network Security Policies, Vulnerabilities, and Protection	p. 405
"Do I Know This Already?" Quiz	p. 405
Foundation Topics	p. 412
Network Security Policies	p. 412
Standards Bodies and Incident Response Teams	p. 413
Incident Response Teams	p. 415
Internet Newsgroups	p. 416
Vulnerabilities, Attacks, and Common Exploits	p. 417
Intrusion Detection System	p. 422
Protecting Cisco IOS from Intrusion	p. 425
Foundation Summary	p. 432
Q & A	p. 435
Scenario: Defining Cisco IOS Commands to View DoS Attacks in Real Time	p. 436
Scenario Answers	p. 437
Chapter 8 CCIE Security Self-Study Lab	p. 441
How to Use This Chapter	p. 442
Preparing for this Lab	p. 442
Goal of This Lab	p. 443
CCIE Security Self-Study Lab Part I Goals	p. 444
CCIE Security Self-Study Lab Part II Goals	p. 445
General Lab Guidelines and Setup	p. 445
Communications Server (0 Points)	p. 448
Communications Server Solution	p. 448
CCIE Security Self-Study Lab Part I: Basic Network Connectivity (4 Hours)	p. 450
Basic Frame Relay Setup (5 Points)	p. 450
Basic Frame Relay Setup Solution	p. 451
Physical Connectivity (0 Points)	p. 456
Catalyst Ethernet Switch Setup I (5 Points)	p. 457
Catalyst Ethernet Switch Setup I Solution	p. 457
Catalyst Ethernet Switch Setup II (6 Points)	p. 463
Catalyst Ethernet Switch Setup II Solution	p. 463
IP Host Lookup and Disable DNS (1 Point)	p. 464
IP Host Lookup and Disable DNS Solution	p. 464
PIX Configuration (6 Points)	p. 465
PIX Configuration Solution	p. 466
IGP Routing (18 Points)	p. 470
Basic RIP Configuration (6 of 18 Points)	p. 470
EIGRP Configuration (5 of 18 Points)	p. 471
OSPF Configuration (7 of 18 Points)	p. 475
Basic ISDN Configuration (6 Points)	p. 484
Basic ISDN Configuration Solution	p. 485
DHCP Configuration (3 Points)	p. 490
DHCP Configuration Solution	p. 491
BGP Routing Configuration (6 Points)	p. 491
Basic IBGP Configuration	p. 492
CCIE Security Self-Study Lab Part II: Advanced Security Design (4 Hours)	p. 495
IP Access List (4 Points)	p. 495
IP Access List Solution	p. 496
Prevent Denial-of-Service Attacks (4 Points)	p. 497
Prevent Denial-of-Service Attacks Solution	p. 497
Time-Based Access List (4 Points)	p. 499
Time-Based Access List Solution	p. 499
Dynamic Access List/Lock and Key Feature (5 Points)	p. 501
Dynamic Access List/Lock and Key Feature Solution	p. 501
Cisco IOS Firewall Configuration on R5 (6 Points)	p. 503
Cisco IOS Firewall Configuration on R5 Solution	p. 503
IPSec Configuration (6 Points)	p. 505
IPSec Configuration Solution	p. 506
Advanced PIX Configuration (5 Points)	p. 511
Configuring SSH on the PIX	p. 512
Configuring the PIX for Intrusion Detection	p. 512
ACS Configuration (5 Points)	p. 514
Non-AAA Authentication Methods	p. 514
Login Authentication Methods	p. 516
Login Authentication Using TACACS+	p. 518
ACS Configuration: Login Authentication Using RADIUS	p. 521
Cisco Intrusion Detection System (5 Points)	p. 525
Cisco Intrusion Detection System Solution	p. 527
Final Configurations	p. 538
Additional Advanced Lab Topics (No Solutions Provided)	p. 557
Advanced Security Lab Topics (4 Points)	p. 558
Content Filtering (2 Points)	p. 558
FTP Issues (3 Points)	p. 558
Routing Table Authenticity (4 Points)	p. 558
Access Control on R2 Ethernet Interface (4 Points)	p. 558
Conclusion	p. 559
Appendix A Answers to Quiz Questions	p. 561
Appendix B Study Tips for CCIE Security Examinations	p. 625
Appendix C Sample CCIE Routing and Switching Lab I	p. 639
Appendix D Sample CCIE Routing and Switching Lab II	p. 657
Index	p. 671

Available:*

On Order

Summary

Summary

Author Notes

Table of Contents