Bookstore

Lay the foundation for a successful career in network securityCCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you successfully prepare for the exam. Expert instruction guides you through critical concepts relating to secure network infrastructure, access management, VPN encryption, Firewalls, intrusion prevention and more, with complete coverage of the CCNA exam objectives. Practical examples allow you to apply your skills in real-world scenarios, helping you transition effectively from "learning" to "doing". You also get access to the Sybex online learning environment, featuring the tools you need to maximize your study time: key terminology and flash cards allow you to study anytime, anywhere, while chapter tests and practice exams help you track your progress and gauge your readiness along the way.The CCNA Security certification tests your knowledge of secure network installation, monitoring, and troubleshooting using Cisco security hardware and software solutions. When you're ready to get serious about preparing for the exam, this book gives you the advantage of complete coverage, real-world application, and extensive learning aids to help you pass with confidence.* Master Cisco security essentials, standards, and core technologies* Work through practical examples drawn from real-world examples* Track your progress with online study aids and self-tests* Develop critical competencies in maintaining data integrity, confidentiality, and availabilityEarning your CCNA Security certification validates your abilities in areas that define careers including network security, administrator, and network security support engineer. With data threats continuing to mount, the demand for this skill set will only continue to grow--and in an employer's eyes, a CCNA certification makes you a true professional. CCNA Security Study Guide is the ideal preparation resource for candidates looking to not only pass the exam, but also succeed in the field.

CCNA Security Study Guide: Exam 210-260

Introduction xxiAssessment Test xxxiChapter 1 Understanding Security Fundamentals 1Goals of Security 2Confidentiality 2Integrity 3Availability 3Guiding Principles 3Common Security Terms 6Risk Management Process 7Network Topologies 15CAN 15WAN 16Data Center 16SOHO 17Virtual 17Common Network Security Zones 17DMZ 17Intranet and Extranet 18Public and Private 18VLAN 18Summary 19Exam Essentials 19Review Questions 20Chapter 2 Understanding Security Threats 25Common Network Attacks 26Motivations 26Classifying Attack Vectors 27Spoofing 28Password Attacks 29Reconnaissance Attacks 30Buffer Overflow 34DoS 34DDoS 36Man-in-the-Middle Attack 37ARP Poisoning 37Social Engineering 38Phishing/Pharming 38Prevention 38Malware 39Data Loss and Exfiltration 39Summary 40Exam Essentials 40Review Questions 42Chapter 3 Understanding Cryptography 45Symmetric and Asymmetric Encryption 46Ciphers 46Algorithms 48Hashing Algorithms 53MD5 54SHA-1 54SHA-2 54HMAC 55Digital Signatures 55Key Exchange 57Application: SSH 57Public Key Infrastructure 57Public and Private Keys 58Certificates 60Certificate Authorities 61PKI Standards 63PKI Topologies 64Certificates in the ASA 65Cryptanalysis 67Summary 68Exam Essentials 68Review Questions 69Chapter 4 Securing the Routing Process 73Securing Router Access 74Configuring SSH Access 74Configuring Privilege Levels in IOS 76Configuring IOS Role-Based CLI 77Implementing Cisco IOS Resilient Configuration 79Implementing OSPF Routing Update Authentication 80Implementing OSPF Routing Update Authentication 80Implementing EIGRP Routing Update Authentication 82Securing the Control Plane 82Control Plane Policing 83Summary 84Exam Essentials 85Review Questions 86Chapter 5 Understanding Layer 2 Attacks 91Understanding STP Attacks 92Understanding ARP Attacks 93Understanding MAC Attacks 95Understanding CAM Overflows 96Understanding CDP/LLDP Reconnaissance 97Understanding VLAN Hopping 98Switch Spoofing 98Double Tagging 99Understanding DHCP Spoofing 99Summary 101Exam Essentials 101Review Questions 102Chapter 6 Preventing Layer 2 Attacks 107Configuring DHCP Snooping 108Configuring Dynamic ARP Inspection 110Configuring Port Security 112Configuring STP Security Features 114BPDU Guard 114Root Guard 115Loop Guard 115Disabling DTP 116Verifying Mitigations 116DHCP Snooping 116DAI 117Port Security 118STP Features 118DTP 120Summary 120Exam Essentials 121Review Questions 122Chapter 7 VLAN Security 127Native VLANs 128Mitigation 128PVLANs 128PVLAN Edge 131PVLAN Proxy Attack 132ACLs on Switches 133Port ACLs 133VLAN ACLs 133Summary 134Exam Essentials 134Review Questions 136Chapter 8 Securing Management Traffic 141In-Band and Out-of-Band Management 142AUX Port 142VTY Ports 143HTTPS Connection 144SNMP 144Console Port 145Securing Network Management 146SSH 146HTTPS 146ACLs 146Banner Messages 147Securing Access through SNMP v3 149Securing NTP 150Using SCP for File Transfer 151Summary 151Exam Essentials 152Review Questions 153Chapter 9 Understanding 802.1x and AAA 157802.1x Components 158RADIUS and TACACS+ Technologies 159Configuring Administrative Access with TACACS+ 160Local AAA Authentication and Accounting 160SSH Using AAA 161Understanding Authentication and AuthorizationUsing ACS and ISE 161Understanding the Integration of Active Directory with AAA 162TACACS+ on IOS 162Verify Router Connectivity to TACACS+ 164Summary 164Exam Essentials 165Review Questions 166Chapter 10 Securing a BYOD Initiative 171The BYOD Architecture Framework 172Cisco ISE 172Cisco TrustSec 174The Function of Mobile Device Management 177Integration with ISE Authorization Policies 177Summary 178Exam Essentials 179Review Questions 180Chapter 11 Understanding VPNs 185Understanding IPsec 186Security Services 186Protocols 189Delivery Modes 192IPsec with IPV6 194Understanding Advanced VPN Concepts 195Hairpinning 195Split Tunneling 196Always-on VPN 197NAT Traversal 198Summary 199Exam Essentials 199Review Questions 200Chapter 12 Configuring VPNs 203Configuring Remote Access VPNs 204Basic Clientless SSL VPN Using ASDM 204Verify a Clientless Connection 207Basic AnyConnect SSL VPN Using ASDM 207Verify an AnyConnect Connection 209Endpoint Posture Assessment 209Configuring Site-to-Site VPNs 209Implement an IPsec Site-to-Site VPN with Preshared Key Authentication 209Verify an IPsec Site-to-Site VPN 212Summary 212Exam Essentials 213Review Questions 214Chapter 13 Understanding Firewalls 219Understanding Firewall Technologies 220Packet Filtering 220Proxy Firewalls 220Application Firewall 221Personal Firewall 221Stateful vs. Stateless Firewalls 222Operations 222State Table 223Summary 224Exam Essentials 224Review Questions 225Chapter 14 Configuring NAT and Zone-Based Firewalls 229Implementing NAT on ASA 9.x 230Static 231Dynamic 232PAT 233Policy NAT 233Verifying NAT Operations 235Configuring Zone-Based Firewalls 236Class Maps 237Default Policies 237Configuring Zone-to-Zone Access 239Summary 240Exam Essentials 240Review Questions 241Chapter 15 Configuring the Firewall on an ASA 245Understanding Firewall Services 246Understanding Modes of Deployment 247Routed Firewall 247Transparent Firewall 247Understanding Methods of Implementing High Availability 247Active/Standby Failover 248Active/Active Failover 248Clustering 249Understanding Security Contexts 249Configuring ASA Management Access 250Initial Configuration 250Configuring Cisco ASA Interface Security Levels 251Security Levels 251Configuring Security Access Policies 253Interface Access Rules 253Object Groups 254Configuring Default Cisco Modular Policy Framework (MPF) 256Summary 257Exam Essentials 257Review Questions 259Chapter 16 Intrusion Prevention 263IPS Terminology 264Threat 264Risk 264Vulnerability 265Exploit 265Zero-Day Threat 265Actions 265Network-Based IPS vs. Host-Based IPS 266Host-Based IPS 266Network-Based IPS 266Promiscuous Mode 266Detection Methods 267Evasion Techniques 267Packet Fragmentation 267Injection Attacks 270Alternate String Expressions 271Introducing Cisco FireSIGHT 271Capabilities 271Protections 272Understanding Modes of Deployment 273Inline 275Positioning of the IPS within the Network 275Outside 275DMZ 276Inside 277Understanding False Positives, False Negatives, True Positives, and True Negatives 277Summary 278Exam Essentials 278Review Questions 280Chapter 17 Content and Endpoint Security 285Mitigating Email Threats 286Spam Filtering 286Context-Based Filtering 287Anti-malware Filtering 287DLP 287Blacklisting 288Email Encryption 288Cisco Email Security Appliance 288Putting the Pieces Together 290Mitigating Web-Based Threats 292Understanding Web Proxies 292Cisco Web Security Appliance 293Mitigating Endpoint Threats 294Cisco Identity Services Engine (ISE) 294Antivirus/Anti-malware 294Personal Firewall 294Hardware/Software Encryption of Local Data 294HIPS 295Summary 295Exam Essentials 295Review Questions 296Appendix Answers to Review Questions 301Chapter 1: Understanding Security Fundamentals 302Chapter 2: Understanding Security Threats 304Chapter 3: Understanding Cryptography 305Chapter 4: Securing the Routing Process 307Chapter 5: Understanding Layer 2 Attacks 309Chapter 6: Preventing Layer 2 Attacks 311Chapter 7: VLAN Security 312Chapter 8: Securing Management Traffic 314Chapter 9: Understanding 802.1x and AAA 316Chapter 10: Securing a BYOD Initiative 317Chapter 11: Understanding VPNs 319Chapter 12: Configuring VPNs 321Chapter 13: Understanding Firewalls 322Chapter 14: Configuring NAT and Zone-Based Firewalls 324Chapter 15: Configuring the Firewall on an ASA 325Chapter 16: Intrusion Prevention 327Chapter 17: Content and Endpoint Security 328Index 331