Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010116303 | QA76.3 B464 2003 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Covers the CCIE Security written exam 2.0 objectives. Designed to optimize your study time, this book helps you assess your knowledge of the material at the start of each chapter with quizzes for each topic. The CD-ROM test engine enables you take timed practice exams that mimic the real testing environment.
Author Notes
Henry Benjamin , CCIE No. 4695, is a triple CCIE. He has more than 15 years experience in Cisco networks including planning, designing, and implementing large IP networks running IGRP, EIGRP, BGP, OSPF, and voice over IP. Henry has been a key member of the CCIE global team and internal Cisco IT team based in Sydney, Australia, where his tasks included writing and proctoring new laboratory examinations and questions for the coveted CCIE R/S, CCIE Security, and CCIE Service Provider tracks.
Table of Contents
Foreword | p. xviii |
Introduction | p. xx |
Chapter 1 General Networking Topics | p. 3 |
"Do I Know This Already?" Quiz | p. 4 |
Foundation Topics | p. 14 |
Networking Basics-The OSI Reference Model | p. 14 |
Layer 1 The Physical Layer | p. 14 |
Layer 2 The Data Link Layer | p. 15 |
Layer 3 The Network Layer | p. 16 |
Layer 4 The Transport Layer | p. 17 |
Layer 5 The Session Layer | p. 17 |
Layer 6 The Presentation Layer | p. 17 |
Layer 7 The Application Layer | p. 18 |
TCP/IP and OSI Model Comparison | p. 18 |
Example of Peer-to-Peer Communication | p. 19 |
Ethernet Overview | p. 20 |
Switching and Bridging | p. 22 |
Bridge Port States | p. 24 |
Fast EtherChannel | p. 25 |
Internet Protocol | p. 27 |
Variable-Length Subnet Masks | p. 31 |
Classless Interdomain Routing | p. 32 |
Transmission Control Protocol | p. 34 |
TCP Mechanisms | p. 34 |
TCP/IP Services | p. 38 |
Address Resolution Protocol | p. 38 |
Reverse ARP | p. 39 |
Dynamic Host Configuration Protocol | p. 40 |
Hot Standby Router Protocol | p. 41 |
Internet Control Message Protocol | p. 46 |
Telnet | p. 47 |
File Transfer Protocol and Trivial File Transfer Protocol | p. 47 |
Routing Protocols | p. 48 |
Routing Information Protocol | p. 52 |
Enhanced Interior Gateway Routing Protocol | p. 57 |
EIGRP Terminology | p. 57 |
EIGRP Configuration Example | p. 59 |
Open Shortest Path First | p. 61 |
OSPF in a Single Area | p. 62 |
Multiple OSPF Areas | p. 64 |
Virtual Links | p. 66 |
OSPF Configuration Example | p. 66 |
Border Gateway Protocol | p. 71 |
BGP Attributes | p. 72 |
Configuring BGP | p. 74 |
Integrated Services Digital Network | p. 75 |
Basic Rate and Primary Rate Interfaces | p. 75 |
ISDN Framing and Frame Format | p. 76 |
ISDN Layer 2 Protocols | p. 76 |
High-Level Data Link Control | p. 76 |
Point-to-Point Protocol | p. 77 |
Cisco IOS ISDN Commands | p. 78 |
IP Multicast | p. 79 |
Asynchronous Communications and Access Devices | p. 80 |
Telephony Best Practices | p. 82 |
Wireless Best Practices | p. 84 |
Foundation Summary | p. 89 |
Wireless Best Practices | p. 95 |
Q & A | p. 96 |
Scenario: Routing IP on Cisco Routers | p. 98 |
Scenario Answers | p. 100 |
Chapter 2 Application Protocols | p. 103 |
"Do I Know This Already?" Quiz | p. 103 |
Foundation Topics | p. 110 |
Domain Name System | p. 110 |
Trivial File Transfer Protocol | p. 114 |
File Transfer Protocol | p. 116 |
Active FTP | p. 117 |
Passive FTP | p. 118 |
Hypertext Transfer Protocol | p. 119 |
Secure Sockets Layer | p. 121 |
Simple Network Management Protocol | p. 122 |
SNMP Notifications | p. 123 |
SNMP Examples | p. 128 |
Simple Mail Transfer Protocol | p. 128 |
Network Time Protocol | p. 130 |
Secure Shell and Cisco IOS SSH | p. 133 |
Cisco IOS SSH | p. 135 |
Remote Data Exchange Protocol | p. 138 |
Foundation Summary | p. 140 |
Q & A | p. 143 |
Scenario: Configuring DNS, TFTP, NTP, and SNMP | p. 145 |
Scenario Answers | p. 147 |
Chapter 3 Cisco IOS Specifics and Security | p. 149 |
"Do I Know This Already?" Quiz | p. 149 |
Foundation Topics | p. 156 |
Cisco Hardware | p. 156 |
Random-Access Memory | p. 157 |
Nonvolatile RAM | p. 157 |
System Flash | p. 157 |
Central Processing Unit | p. 158 |
Read-Only Memory | p. 159 |
Configuration Registers | p. 160 |
Cisco Interfaces | p. 163 |
Saving and Loading Files | p. 165 |
show and debug Commands | p. 166 |
Router CLI | p. 166 |
show Commands | p. 166 |
Debugging Cisco Routers | p. 175 |
Password Recovery | p. 182 |
Basic Security on Cisco Routers | p. 187 |
IP Access Lists | p. 190 |
Access Lists on Cisco Routers | p. 190 |
Extended Access Lists | p. 196 |
Layer 2 Switching Security | p. 199 |
CAM Table Overflow | p. 199 |
VLAN Hopping | p. 202 |
Spanning Tree Protocol Manipulation | p. 204 |
MAC Spoofing Attack | p. 205 |
DHCP Starvation Attacks | p. 207 |
Security Policy Best Practices-A Cisco View | p. 208 |
Foundation Summary | p. 210 |
Q & A | p. 213 |
Scenario: Configuring Cisco Routers for Passwords and Access Lists | p. 215 |
Scenario Answers | p. 217 |
Chapter 4 Security Protocols | p. 221 |
"Do I Know This Already?" Quiz | p. 221 |
Foundation Topics | p. 228 |
Authentication, Authorization, and Accounting | p. 228 |
Authentication | p. 230 |
Authorization | p. 230 |
Accounting | p. 231 |
Remote Authentication Dial-In User Service | p. 232 |
RADIUS Configuration Task List | p. 236 |
Terminal Access Controler Access Control System Plus | p. 238 |
TACACS+ Configuration Task List | p. 241 |
TACACS+ Versus RADIUS | p. 245 |
Encryption Technology Overview | p. 246 |
DES and 3DES | p. 248 |
Advanced Encryption Standard | p. 250 |
Message Digest 5 and Secure Hash Algorithm | p. 251 |
Diffie-Hellman | p. 252 |
IP Security | p. 254 |
Encapsulating Security Payload | p. 255 |
Authentication Header | p. 257 |
Internet Key Exchange | p. 258 |
Cisco IOS IPSec Configuration | p. 264 |
Certificate Enrollment Protocol | p. 272 |
Extensible Authentication Protocol, Protected EAP, and Temporal Key Integrity Protocol | p. 272 |
Virtual Private Dial-Up Networks (VPDN) | p. 276 |
VPDN Configuration Task List | p. 279 |
Foundation Summary | p. 282 |
Q & A | p. 286 |
Scenario: Configuring Cisco Routers for IPSec | p. 288 |
Scenario Answers | p. 292 |
Chapter 5 Cisco Security Applications | p. 297 |
"Do I Know This Already?" Quiz | p. 298 |
Foundation Topics | p. 301 |
Cisco Secure for Windows (NT) and Cisco Secure ACS | p. 301 |
Cisco Secure ACS | p. 303 |
IDS Fundamentals | p. 303 |
Notification Alarms | p. 303 |
Signature-Based IDS | p. 304 |
Anomaly-Based IDS | p. 305 |
Network-Based IDS Versus Host-Based IDS | p. 305 |
IDS Placement | p. 305 |
IDS Tuning | p. 307 |
Cisco Secure Intrusion Detection System and Catalyst Services Modules | p. 309 |
Cisco Secure IDS | p. 309 |
Cisco Inline IDS (Intrusion Prevention System) | p. 311 |
Catalyst Services Module | p. 312 |
CiscoWorks VMS | p. 313 |
Cisco VPN 3000 Concentrator | p. 314 |
Cisco Secure VPN Client | p. 326 |
Cisco Router and Security Device Manager | p. 328 |
Security Information Monitoring System | p. 331 |
Foundation Summary | p. 332 |
Q & A | p. 334 |
Scenario: Cisco Secure IDS Database Event | p. 335 |
Scenario Answers | p. 337 |
Chapter 6 Security Technologies | p. 341 |
"Do I Know This Already?" Quiz | p. 342 |
Foundation Topics | p. 351 |
Advanced Security Concepts | p. 351 |
Network Address Translation and Port Address Translation | p. 355 |
NAT Operation on Cisco Routers | p. 358 |
Dynamic NAT Configuration Task List | p. 359 |
Monitoring NAT Operations with show Commands | p. 360 |
Cisco PIX Firewall | p. 361 |
Configuring a PIX Firewall | p. 364 |
PIX Firewall Configuration Task List | p. 364 |
Miscellaneous PIX Firewall Commands | p. 370 |
Advanced Cisco PIX Commands | p. 373 |
Troubleshooting PIX Firewall Log Files | p. 374 |
Cisco PIX Firewall Software Features | p. 376 |
Cisco IOS Firewall Feature Set | p. 377 |
CBAC Configuration Task List | p. 380 |
Public Key Infrastructure | p. 382 |
Virtual Private Networks | p. 383 |
Network-Based Intrusion Detection Systems | p. 386 |
Cisco Security Agent and Host-Based IDS | p. 387 |
Cisco Threat Response | p. 391 |
Cisco Threat Response IDS Requirements | p. 392 |
Authorization Technologies (IOS Authentication 802.1X) | p. 392 |
Foundation Summary | p. 395 |
Q & A | p. 399 |
Scenario: Configuring a Cisco PIX Firewall for NAT | p. 401 |
Scenario Answer | p. 402 |
Chapter 7 Network Security Policies, Vulnerabilities, and Protection | p. 405 |
"Do I Know This Already?" Quiz | p. 405 |
Foundation Topics | p. 412 |
Network Security Policies | p. 412 |
Standards Bodies and Incident Response Teams | p. 413 |
Incident Response Teams | p. 415 |
Internet Newsgroups | p. 416 |
Vulnerabilities, Attacks, and Common Exploits | p. 417 |
Intrusion Detection System | p. 422 |
Protecting Cisco IOS from Intrusion | p. 425 |
Foundation Summary | p. 432 |
Q & A | p. 435 |
Scenario: Defining Cisco IOS Commands to View DoS Attacks in Real Time | p. 436 |
Scenario Answers | p. 437 |
Chapter 8 CCIE Security Self-Study Lab | p. 441 |
How to Use This Chapter | p. 442 |
Preparing for this Lab | p. 442 |
Goal of This Lab | p. 443 |
CCIE Security Self-Study Lab Part I Goals | p. 444 |
CCIE Security Self-Study Lab Part II Goals | p. 445 |
General Lab Guidelines and Setup | p. 445 |
Communications Server (0 Points) | p. 448 |
Communications Server Solution | p. 448 |
CCIE Security Self-Study Lab Part I: Basic Network Connectivity (4 Hours) | p. 450 |
Basic Frame Relay Setup (5 Points) | p. 450 |
Basic Frame Relay Setup Solution | p. 451 |
Physical Connectivity (0 Points) | p. 456 |
Catalyst Ethernet Switch Setup I (5 Points) | p. 457 |
Catalyst Ethernet Switch Setup I Solution | p. 457 |
Catalyst Ethernet Switch Setup II (6 Points) | p. 463 |
Catalyst Ethernet Switch Setup II Solution | p. 463 |
IP Host Lookup and Disable DNS (1 Point) | p. 464 |
IP Host Lookup and Disable DNS Solution | p. 464 |
PIX Configuration (6 Points) | p. 465 |
PIX Configuration Solution | p. 466 |
IGP Routing (18 Points) | p. 470 |
Basic RIP Configuration (6 of 18 Points) | p. 470 |
EIGRP Configuration (5 of 18 Points) | p. 471 |
OSPF Configuration (7 of 18 Points) | p. 475 |
Basic ISDN Configuration (6 Points) | p. 484 |
Basic ISDN Configuration Solution | p. 485 |
DHCP Configuration (3 Points) | p. 490 |
DHCP Configuration Solution | p. 491 |
BGP Routing Configuration (6 Points) | p. 491 |
Basic IBGP Configuration | p. 492 |
CCIE Security Self-Study Lab Part II: Advanced Security Design (4 Hours) | p. 495 |
IP Access List (4 Points) | p. 495 |
IP Access List Solution | p. 496 |
Prevent Denial-of-Service Attacks (4 Points) | p. 497 |
Prevent Denial-of-Service Attacks Solution | p. 497 |
Time-Based Access List (4 Points) | p. 499 |
Time-Based Access List Solution | p. 499 |
Dynamic Access List/Lock and Key Feature (5 Points) | p. 501 |
Dynamic Access List/Lock and Key Feature Solution | p. 501 |
Cisco IOS Firewall Configuration on R5 (6 Points) | p. 503 |
Cisco IOS Firewall Configuration on R5 Solution | p. 503 |
IPSec Configuration (6 Points) | p. 505 |
IPSec Configuration Solution | p. 506 |
Advanced PIX Configuration (5 Points) | p. 511 |
Configuring SSH on the PIX | p. 512 |
Configuring the PIX for Intrusion Detection | p. 512 |
ACS Configuration (5 Points) | p. 514 |
Non-AAA Authentication Methods | p. 514 |
Login Authentication Methods | p. 516 |
Login Authentication Using TACACS+ | p. 518 |
ACS Configuration: Login Authentication Using RADIUS | p. 521 |
Cisco Intrusion Detection System (5 Points) | p. 525 |
Cisco Intrusion Detection System Solution | p. 527 |
Final Configurations | p. 538 |
Additional Advanced Lab Topics (No Solutions Provided) | p. 557 |
Advanced Security Lab Topics (4 Points) | p. 558 |
Content Filtering (2 Points) | p. 558 |
FTP Issues (3 Points) | p. 558 |
Routing Table Authenticity (4 Points) | p. 558 |
Access Control on R2 Ethernet Interface (4 Points) | p. 558 |
Conclusion | p. 559 |
Appendix A Answers to Quiz Questions | p. 561 |
Appendix B Study Tips for CCIE Security Examinations | p. 625 |
Appendix C Sample CCIE Routing and Switching Lab I | p. 639 |
Appendix D Sample CCIE Routing and Switching Lab II | p. 657 |
Index | p. 671 |