Cantitate/Preț
Produs

Implementing Cisco IOS Network Security (IINS)


en Limba Engleză Hardback – 17 apr 2009
Authorized Self-Study Guide
Implementing Cisco IOS Network Security (IINS)
 
Foundation learning for CCNA Security IINS 640-553 exam
 
Catherine Paquet
 
Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA® Security foundation learning. This book provides you with the knowledge needed to secure Cisco® routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure.
 
This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS® security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances.
 
Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book.
 
Implementing Cisco IOS Network Security (IINS) is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
 
Catherine Paquet is a practitioner in the field of internetworking, network security and security financials. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is CCSP®, CCNP®, and CompTIA Security+ certified. She is also a certified Cisco instructor with the largest training partner of Cisco. Catherine, who has her M.B.A. from York University, is the director of her consulting company, Netrisec, Inc., specializing in making the business case for network security. In 2002 and 2003, Catherine volunteered with the UN mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking.
 
  • Develop a comprehensive network security policy to counter threats against information security
  • Configure routers on the network perimeter with Cisco IOS Software security features
  • Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network
  • Configure site-to-site VPNs using Cisco IOS features
  • Configure IPS on Cisco network routers
  • Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic
 
This volume is in the Certification Self-Study Series offered by Cisco Press®. Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.
 
Category: Cisco Certification
Covers: IINS exam 640-553
 
 
Citește tot Restrânge

Preț: 30973 lei

Preț vechi: 38716 lei
-20%

Puncte Express: 465

Preț estimativ în valută:
5934 6428$ 5089£

Cartea nu se mai tipărește

Doresc să fiu notificat când acest titlu va fi disponibil:

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9781587058158
ISBN-10: 1587058154
Pagini: 624
Dimensiuni: 187 x 232 mm
Greutate: 1.16 kg
Ediția:1
Editura: CISCO
Locul publicării:Indianapolis, United States

Cuprins

Chapter 1 Introduction to Network Security Principles

Examining Network Security Fundamentals
    The Need for Network Security
    Network Security Objectives
    Data Classification
    Security Controls
    Response to a Security Breach
    Laws and Ethics
Examining Network Attack Methodologies
    Adversaries, Motivations, and Classes of Attack
    Classes of Attack and Methodology
The Principles of Defense in Depth
    IP Spoofing Attacks
    Confidentiality Attacks
    Integrity Attacks
    Availability Attacks
    Best Practices to Defeat Network Attacks
Examining Operations Security
    Secure Network Life Cycle Management
    Principles of Operations Security
    Network Security Testing
    Disaster Recovery and Business Continuity Planning
Understanding and Developing a Comprehensive Network Security Policy
    Security Policy Overview
    Security Policy Components
    Standards, Guidelines, and Procedures
    Security Policy Roles and Responsibilities
    Risk Analysis and Management
    Principles of Secure Network Design
    Security Awareness
Cisco Self-Defending Networks
    Changing Threats and Challenges
    Building a Cisco Self-Defending Network
    Cisco Integrated Security Portfolio
Summary
    References
Review Questions
 
Chapter 2 Perimeter Security
Securing Administrative Access to Cisco Routers
    General Router Security Guidelines
    Introduction to the Cisco Integrated Services Router Family
    Configuring Secure Administration Access
    Configuring Multiple Privilege Levels
    Configuring Role-Based Command-Line Interface Access
Securing the Cisco IOS Image and Configuration Files
Configuring Enhanced Support for Virtual Logins
    Delays Between Successive Login Attempts
    Login Shutdown if DoS Attacks Are Suspected
    Generation of System Logging Messages for Login Detection
    Configuring Banner Messages
    Introducing Cisco SDM
    Supporting Cisco SDM and Cisco SDM Express
    Launching Cisco SDM Express
    Launching Cisco SDM
    Navigating the Cisco SDM Interface
    Cisco SDM Wizards in Configure Mode
Configuring AAA on a Cisco Router Using the Local Database
    Authentication, Authorization, and Accounting
    Introduction to AAA for Cisco Routers
    Using Local Services to Authenticate Router Access
Configuring AAA on a Cisco Router to Use Cisco Secure ACS
    Cisco Secure ACS Overview
    TACACS+ and RADIUS Protocols
    Installing Cisco Secure ACS for Windows
    Configuring the Server
    Configuring TACACS+ Support on a Cisco Router
    Troubleshooting TACACS+
Implementing Secure Management and Reporting
    Planning Considerations for Secure Management and Reporting
    Secure Management and Reporting Architecture
    Using Syslog Logging for Network Security
    Using Logs to Monitor Network Security
    Using SNMP to Manage Network Devices
    Configuring an SSH Daemon for Secure Management and Reporting
    Enabling Time Features
Locking Down the Router
    Vulnerable Router Services and Interfaces
    Management Service Vulnerabilities
    Performing a Security Audit
    Cisco AutoSecure
Chapter Summary
    References
Review Questions
 
Chapter 3 Network Security Using Cisco IOS Firewalls
Introducing Firewall Technologies
    Firewall Fundamentals
    Firewalls in a Layered Defense Strategy
    Static Packet-Filtering Firewalls
    Application Layer Gateways
    Dynamic or Stateful Packet-Filtering Firewalls
    Other Types of Firewalls
    Cisco Family of Firewalls
    Developing an Effective Firewall Policy
    ACL Fundamentals
    ACL Wildcard Masking
    Using ACLs to Control Traffic
    ACL Considerations
    Configuring ACLs Using SDM
    Using ACLs to Permit and Deny Network Services
Configuring a Cisco IOS Zone-Based Policy Firewall
    Zone-Based Policy Firewall Overview
    Configuring Zone-Based Policy Firewalls Using the Basic Firewall Wizard
    Manually Configuring Zone-Based Policy Firewalls Using Cisco SDM
Monitoring a Zone-Based-Firewall
Summary
    References
Review Questions
 
Chapter 4 Fundamentals of Cryptography
Examining Cryptographic Services
    Cryptology Overview
    Symmetric and Asymmetric Encryption Algorithms
    Block and Stream Ciphers
    Encryption Algorithm Selection
    Cryptographic Hashes
    Key Management
    Introducing SSL VPNs
Examining Symmetric Encryption
    Symmetric Encryption Overview
    DES: Features and Functions
    3DES: Features and Functions
    AES: Features and Functions
    SEAL: Features and Functions
    Rivest Ciphers: Features and Functions
Examining Cryptographic Hashes and Digital Signatures
    Overview of Hash Algorithms
    Overview of Hashed Message Authentication Codes
    MD5: Features and Functions
    SHA-1: Features and Functions
    Overview of Digital Signatures
    DSS: Features and Functions
Examining Asymmetric Encryption and PKI
    Asymmetric Encryption Overview
    RSA: Features and Functions
    DH: Features and Functions
    PKI Definitions and Algorithms
    PKI Standards
    Certificate Authorities
Summary
    References
Review Questions
 
Chapter 5 Site-to-Site VPNs
VPN Overview
    VPN Types
    Cisco VPN Product Family
Introducing IPsec
    Encryption Algorithms
    Diffie-Hellman Exchange
    Data Integrity
    Authentication
    IPsec Advantages
IPsec Protocol Framework
    Authentication Header
    Encapsulating Security Payload
    Tunnel Mode Versus Transport Mode
    IPsec Framework
IKE Protocol
    IKE Phase 1
    IKE Phase 1: Example
    IKE Phase 2
Building a Site-to-Site IPsec VPN
    Site-to-Site IPsec VPN Operations
    Configuring IPsec
    Verifying the IPsec Configuration
Configuring IPsec on a Site-to-Site VPN Using Cisco SDM
    Introducing the Cisco SDM VPN Wizard Interface
    Site-to-Site VPN Components
    Using the Cisco SDM Wizards to Configure Site-to-Site VPNs
    Completing the Configuration
Summary
    References
Review Questions
 
Chapter 6 Network Security Using Cisco IOS IPS
Introducing IDS and IPS
    Types of IDS and IPS Systems
    IPS Actions
    Event Monitoring and Management
Cisco IPS Management Software
    Cisco Router and Security Device Manager
    Cisco Security Monitoring, Analysis, and Response System
    Cisco IDS Event Viewer
    Cisco Security Manager
    Cisco IPS Device Manager
Host and Network IPS
    Host-Based IPS
    Network-Based IPS
    Comparing HIPS and Network IPS
Introducing Cisco IPS Appliances
    Cisco IPS 4200 Series Sensors
    Cisco ASA AIP SSM
    Cisco Catalyst 6500 Series IDSM-2
    Cisco IPS AIM
Signatures and Signature Engines
    Examining Signature Micro-Engines
    Signature Alarms
IPS Best Practices
Configuring Cisco IOS IPS
    Cisco IOS IPS Features
    Configuring Cisco IOS IPS Using Cisco SDM
    Configuring Cisco IOS IPS Using CLI
    Configuring IPS Signatures
    Monitoring IOS IPS
Verifying IPS Operation
Summary
    References
Review Questions
 
Chapter 7 LAN, SAN, Voice, and Endpoint Security Overview
Examining Endpoint Security
    Operating System Vulnerabilities
    Application Vulnerabilities
    Buffer Overflows
    IronPort
    Cisco NAC Products
    Cisco Security Agent
    Endpoint Security Best Practices
Examining SAN Security
    Defining SANs
    SAN Fundamentals
    SAN Security Scope
Examining Voice Security
    VoIP Fundamentals
    Voice Security Threats
    Defending Against VoIP Hacking
Mitigating Layer 2 Attacks
    Basic Switch Operation
    Mitigating VLAN Attacks
    Preventing Spanning Tree Protocol Manipulation
    CAM Table Overflow Attacks
    MAC Address Spoofing Attacks
    Using Port Security
    Additional Switch Security Features
    Layer 2 Best Practices
Summary
    References
Review Questions
 
Appendix Answers to Chapter Review Questions
 
Index

 

Notă biografică

Catherine Paquet
is a practitioner in the field of internetworking, network security, and security financials. She has authored or contributed to eight books thus far with Cisco Press. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP) and a Cisco Certified Network Professional (CCNP). Catherine is also a certified Cisco instructor with Cisco’s largest training partner, Global Knowledge, Inc. She also works on IT security projects for different organizations on a part-time basis. Following her university graduation from the Collège Militaire Royal de St-Jean (Canada), she worked as a system analyst, LAN manager, MAN manager, and eventually as a WAN manager. In 1994, she received a master’s degree in business administration (MBA) with a specialty in management information systems (MIS) from York University. Recently, she has been presenting a seminar on behalf of Cisco Systems (Emerging Markets) on the topic of the business case for network security in 22 countries. In 2002 and 2003, Catherine volunteered with the U.N. mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine lives in Toronto with her husband. They have two children, who are both attending university.