Home > Store

CCNA Security (210-260) Portable Command Guide, 2nd Edition

Register your product to gain access to bonus material or receive a coupon.

CCNA Security (210-260) Portable Command Guide, 2nd Edition

eBook (Watermarked)

  • Sorry, this book is no longer in print.
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Not for Sale

Description

  • Copyright 2016
  • Dimensions: 6" x 9"
  • Edition: 2nd
  • eBook (Watermarked)
  • ISBN-10: 0-13-430747-X
  • ISBN-13: 978-0-13-430747-3

Preparing for the latest CCNA Security exam? Here are all  the CCNA Security (210-260) commands you need in one condensed, portable resource. Filled with valuable, easy-to-access information, the CCNA Security Portable Command Guide, is portable enough for you to use whether you’re in the server room or the equipment closet.


Completely updated to reflect the new CCNA Security 210-260 exam, this quick reference summarizes relevant Cisco IOS® Software commands, keywords, command arguments, and associated prompts, and offers tips and examples for applying these commands to real-world security challenges. Configuration examples, throughout, provide an even deeper understanding of how to use IOS to protect networks.


Topics covered include


  • Networking security fundamentals: concepts, policies, strategy
  •  Protecting network infrastructure: network foundations, security management planes/access; data planes (Catalyst switches and IPv6)
  •  Threat control/containment: protecting endpoints and content; configuring ACLs, zone-based firewalls, and Cisco IOS IPS
  •  Secure connectivity: VPNs, cryptology, asymmetric encryption, PKI, IPsec VPNs, and site-to-site VPN configuration
  •  ASA network security: ASA/ASDM concepts; configuring ASA basic settings, advanced settings, and VPNs

 Access all CCNA Security commands: use as a quick, offline resource for research and solutions


  • Logical how-to topic groupings provide one-stop research
  • Great for review before CCNA Security certification exams
  • Compact size makes it easy to carry with you, wherever you go
  •  “Create Your Own Journal” section with blank, lined pages allows you to personalize the book for your needs
  •  “What Do You Want to Do?” chart inside the front cover helps you to quickly reference specific tasks


Sample Content

Sample Pages

Download the sample pages (includes Chapter 3 and Index)

Table of Contents


    Introduction xxi


Part I: Networking Security Fundamentals


Chapter 1 Networking Security Concepts 1


    Basic Security Concepts 2


        Security Terminology 2


        Confidentiality, Integrity, and Availability (CIA) 2


        Data Classification Criteria 2


        Data Classification Levels 3


        Classification Roles 3


    Threat Classification 3


        Trends in Information Security Threats 4


        Preventive, Detective, and Corrective Controls 4


        Risk Avoidance, Transfer, and Retention 4


    Drivers for Network Security 5


        Evolution of Threats 5


        Data Loss and Exfiltration 5


        Tracking Threats 6


    Malware 6


        Anatomy of a Worm 7


        Mitigating Malware and Worms 7


    Threats in Borderless Networks 8


        Hacker Titles 8


        Thinking Like a Hacker 9


        Reconnaissance Attacks 9


        Access Attacks 10


        Password Cracking 11


        Denial-of-Service Attacks 11


        Distributed Denial-of-Service Attacks 12


        Tools Used by Attackers 13


    Principles of Secure Network Design 13


        Defense in Depth 14


Chapter 2 Implementing Security Policies 15


    Managing Risk 15


        Quantitative Risk Analysis Formula 16


        Quantitative Risk Analysis Example 17


        Regulatory Compliance 17


    Security Policy 19


        Standards, Guidelines, and Procedures 20


        Security Policy Audience Responsibilities 21


        Security Awareness 21


    Secure Network Lifecycle Management 22


        Models and Frameworks 23


        Assessing and Monitoring the Network Security Posture 23


        Testing the Security Architecture 24


    Incident Response 24


        Incident Response Phases 24


        Computer Crime Investigation 25


        Collection of Evidence and Forensics 25


        Law Enforcement and Liability 25


        Ethics 25


    Disaster-Recovery and Business-Continuity Planning 26


Chapter 3 Building a Security Strategy 27


    Cisco Borderless Network Architecture 27


        Borderless Security Products 28


    Cisco SecureX Architecture and Context-Aware Security 28


        Cisco TrustSec 30


        TrustSec Confidentiality 30


        Cisco AnyConnect 31


        Cisco Talos 31


    Threat Control and Containment 31


    Cloud Security and Data-Loss Prevention 32


    Secure Connectivity Through VPNs 32


    Security Management 33


Part II: Protecting the Network Infrastructure


Chapter 4 Network Foundation Protection 35


    Threats Against the Network Infrastructure 35


    Cisco Network Foundation Protection Framework 36


    Control Plane Security 37


        Control Plane Policing 37


    Management Plane Security 38


        Role-Based Access Control 39


        Secure Management and Reporting 39


        Data Plane Security 39


        ACLs 40


        Antispoofing 40


        Layer 2 Data Plane Protection 40


Chapter 5 Securing the Management Plane 41


    Planning a Secure Management and Reporting Strategy 42


    Securing the Management Plane 42


        Securing Passwords 43


        Securing the Console Line and Disabling the Auxiliary Line 43


        Securing VTY Access with SSH 44


        Securing VTY Access with SSH Example 45


        Securing Configuration and IOS Files 46


        Restoring Bootset Files 47


    Implementing Role-Based Access Control on Cisco Routers 47


        Configuring Privilege Levels 47


        Configuring Privilege Levels Example 47


        Configuring RBAC 48


        Configuring RBAC via the CLI Example 49


        Configuring Superviews 49


        Configuring a Superview Example 50


    Network Monitoring 51


        Configuring a Network Time Protocol Master Clock 51


        Configuring an NTP Client 52


        Configuring an NTP Master and Client Example 52


        Configuring Syslog 53


        Configuring Syslog Example 54


        Configuring SNMPv3 54


        Configuring SNMPv3 Example 55


Chapter 6 Securing Management Access with AAA 57


    Authenticating Administrative Access 57


        Local Authentication 57


        Server-Based Authentication 58


        Authentication, Authorization, and Accounting Framework 58


    Local AAA Authentication 58


        Configuring Local AAA Authentication Example 60


    Server-Based AAA Authentication 61


        TACACS+ Versus RADIUS 61


        Configuring Server-Based AAA Authentication 62


        Configuring Server-Based AAA Authentication Example 63


    AAA Authorization 64


        Configuring AAA Authorization Example 64


    AAA Accounting 65


        Configuring AAA Accounting Example 65


    802.1X Port-Based Authentication 65


        Configuring 802.1X Port-Based Authentication 66


        Configuring 802.1X Port-Based Authentication Example 68


Chapter 7 Securing the Data Plane on Catalyst Switches 69


    Common Threats to the Switching Infrastructure 70


        Layer 2 Attacks 70


        Layer 2 Security Guidelines 71


    MAC Address Attacks 72


        Configuring Port Security 72


        Fine-Tuning Port Security 73


        Configuring Optional Port Security Settings 74


        Configuring Port Security Example 75


    VLAN Hopping Attacks 76


        Mitigating VLAN Attacks 76


        Mitigating VLAN Attacks Example 77


    DHCP Attacks 78


        Mitigating DHCP Attacks 78


        Mitigating DHCP Attacks Example 80


    ARP Attacks 80


        Mitigating ARP Attacks 80


        Mitigating ARP Attacks Example 82


    Address Spoofing Attacks 83


        Mitigating Address Spoofing Attacks 83


        Mitigating Address Spoofing Attacks Example 83


    Spanning Tree Protocol Attacks 84


        STP Stability Mechanisms 84


        Configuring STP Stability Mechanisms 85


        Configuring STP Stability Mechanisms Example 86


    LAN Storm Attacks 87


        Configuring Storm Control 88


        Configuring Storm Control Example 88


    Advanced Layer 2 Security Features 88


        ACLs and Private VLANs 89


        Secure the Switch Management Plane 89


Chapter 8 Securing the Data Plane in IPv6 Environments 91


    Overview of IPv6 91


        Comparison Between IPv4 and IPv6 91


        The IPv6 Header 92


        ICMPv6 93


        Stateless Autoconfiguration 94


        IPv4-to-IPv6 Transition Solutions 94


        IPv6 Routing Solutions 94


    IPv6 Threats 95


        IPv6 Vulnerabilities 96


    IPv6 Security Strategy 96


        Configuring Ingress Filtering 96


        Secure Transition Mechanisms 97


        Future Security Enhancements 97


Part III: Threat Control and Containment


Chapter 9 Endpoint and Content Protection 99


    Protecting Endpoints 99


        Endpoint Security 99


        Data Loss Prevention 100


        Endpoint Posture Assessment 100


    Cisco Advanced Malware Protection (AMP) 101


        Cisco AMP Elements 101


        Cisco AMP for Endpoint 102


        Cisco AMP for Endpoint Products 102


    Content Security 103


        Email Threats 103


        Cisco Email Security Appliance (ESA) 103


        Cisco Email Security Virtual Appliance (ESAV) 104


    Cisco Web Security Appliance (WSA) 104


    Cisco Web Security Virtual Appliance (WSAV) 105


    Cisco Cloud Web Security (CWS) 105


Chapter 10 Configuring ACLs for Threat Mitigation 107


    Access Control List 108


        Mitigating Threats Using ACLs 108


        ACL Design Guidelines 108


        ACL Operation 108


    Configuring ACLs 110


        ACL Configuration Guidelines 110


        Filtering with Numbered Extended ACLs 110


        Configuring a Numbered Extended ACL Example 111


        Filtering with Named Extended ACLs 111


        Configuring a Named Extended ACL Example 112


    Mitigating Attacks with ACLs 112


        Antispoofing ACLs Example 112


        Permitting Necessary Traffic through a Firewall Example 114


        Mitigating ICMP Abuse Example 115


    Enhancing ACL Protection with Object Groups 117


        Network Object Groups 117


        Service Object Groups 118


        Using Object Groups in Extended ACLs 119


        Configuring Object Groups in ACLs Example 119


    ACLs in IPv6 121


        Mitigating IPv6 Attacks Using ACLs 121


        IPv6 ACLs Implicit Entries 122


        Filtering with IPv6 ACLs 122


        Configuring an IPv6 ACL Example 123


Chapter 11 Configuring Zone-Based Firewalls 125


    Firewall Fundamentals 125


        Types of Firewalls 125


    Firewall Design 126


        Security Architectures 127


        Firewall Policies 127


        Firewall Rule Design Guidelines 128


        Cisco IOS Firewall Evolution 128


    Cisco IOS Zone-Based Policy Firewall 129


        Cisco Common Classification Policy Language 129


        ZPF Design Considerations 129


        Default Policies, Traffic Flows, and Zone Interaction 130


        Configuring an IOS ZPF 131


        Configuring an IOS ZPF Example 132


Chapter 12 Configuring Cisco IOS IPS 135


    IDS and IPS Fundamentals 135


        Types of IPS Sensors 136


        Types of Signatures 136


        Types of Alarms 136


    Intrusion Prevention Technologies 137


        IPS Attack Responses 137


        IPS Anti-Evasion Techniques 138


        Managing Signatures 140


        Cisco IOS IPS Signature Files 140


        Implementing Alarms in Signatures 140


        IOS IPS Severity Levels 141


        Event Monitoring and Management 141


        IPS Recommended Practices 142


    Configuring IOS IPS 142


        Creating an IOS IPS Rule and Specifying the IPS Signature File Location 143


        Tuning Signatures per Category 144


        Configuring IOS IPS Example 147


Part IV: Secure Connectivity


Chapter 13 VPNs and Cryptology 149


    Virtual Private Networks 149


        VPN Deployment Modes 150


    Cryptology = Cryptography + Cryptanalysis 151


        Historical Cryptographic Ciphers 151


        Modern Substitution Ciphers 152


        Encryption Algorithms 152


        Cryptanalysis 153


    Cryptographic Processes in VPNs 154


        Classes of Encryption Algorithms 155


        Symmetric Encryption Algorithms 155


        Asymmetric Encryption Algorithm 156


        Choosing an Encryption Algorithm 157


        Choosing an Adequate Keyspace 157


    Cryptographic Hashes 157


        Well-Known Hashing Algorithms 158


        Hash-Based Message Authentication Codes 158


    Digital Signatures 159


Chapter 14 Asymmetric Encryption and PKI 161


    Asymmetric Encryption 161


        Public Key Confidentiality and Authentication 161


        RSA Functions 162


    Public Key Infrastructure 162


        PKI Terminology 163


        PKI Standards 163


        PKI Topologies 164


        PKI Characteristics 165


Chapter 15 IPsec VPNs 167


    IPsec Protocol 167


        IPsec Protocol Framework 168


        Encapsulating IPsec Packets 169


        Transport Versus Tunnel Mode 169


        Confidentiality Using Encryption Algorithms 170


        Data Integrity Using Hashing Algorithms 170


        Peer Authentication Methods 171


        Key Exchange Algorithms 172


        NSA Suite B Standard 172


    Internet Key Exchange 172


        IKE Negotiation Phases 173


        IKEv1 Phase 1 (Main Mode and Aggressive Mode) 173


        IKEv1 Phase 2 (Quick Mode) 174


        IKEv2 Phase 1 and 2 174


        IKEv1 Versus IKEv2 175


    IPv6 VPNs 175


Chapter 16 Configuring Site-to-Site VPNs 177


    Site-to-Site IPsec VPNs 177


        IPsec VPN Negotiation Steps 177


        Planning an IPsec VPN 178


        Cipher Suite Options 178


    Configuring IOS Site-to-Site VPNs 179


        Verifying the VPN Tunnel 183


        Configuring a Site-to-Site IPsec VPN 183


Part V: Securing the Network Using the ASA


Chapter 17 Introduction to the ASA 187


    Adaptive Security Appliance 187


        ASA Models 188


        Routed and Transparent Firewall Modes 189


        ASA Licensing 190


    Basic ASA Configuration 191


        ASA 5505 Front and Back Panel 191


        ASA Security Levels 193


        ASA 5505 Port Configuration 194


        ASA 5505 Deployment Scenarios 194


        ASA 5505 Configuration Options 194


Chapter 18 Introduction to ASDM 195


    Adaptive Security Device Manager 195


        Accessing ASDM 195


        Factory Default Settings 196


        Resetting the ASA 5505 to Factory Default Settings 197


        Erasing the Factory Default Settings 197


        Setup Initialization Wizard 197


    Installing and Running ASDM 198


        Running ASDM 200


    ASDM Wizards 202


        The Startup Wizard 202


        VPN Wizards 203


        Advanced Wizards 204


Chapter 19 Configuring Cisco ASA Basic Settings 205


    ASA Command-Line Interface 205


        Differences Between IOS and ASA OS 206


    Configuring Basic Settings 206


        Configuring Basic Management Settings 207


        Enabling the Master Passphrase 208


    Configuring Interfaces 208


        Configuring the Inside and Outside SVIs 208


        Assigning Layer 2 Ports to VLANs 209


        Configuring a Third SVI 209


    Configuring the Management Plane 210


        Enabling Telnet, SSH, and HTTPS Access 210


        Configuring Time Services 211


    Configuring the Control Plane 212


        Configuring a Default Route 212


    Basic Settings Example 212


        Configuring Basic Settings Example Using the CLI 213


        Configuring Basic Settings Example Using ASDM 215


        Configuring Interfaces Using ASDM 217


        Configuring the System Time Using ASDM 221


        Configuring Static Routing Using ASDM 223


        Configuring Device Management Access Using ASDM 226


Chapter 20 Configuring Cisco ASA Advanced Settings 229


    ASA DHCP Services 230


        DHCP Client 230


        DHCP Server Services 230


        Configuring DHCP Server Example Using the CLI 231


        Configuring DHCP Server Example Using ASDM 232


    ASA Objects and Object Groups 235


        Network and Service Objects 236


        Network, Protocol, ICMP, and Service Object Groups 237


        Configuring Objects and Object Groups Example Using ASDM 239


    ASA ACLs 243


        ACL Syntax 244


        Configuring ACLs Example Using the CLI 245


        Configuring ACLs with Object Groups Example Using the CLI 246


        Configuring ACLs with Object Groups Example Using ASDM 247


    ASA NAT Services 250


        Auto-NAT 251


        Dynamic NAT, Dynamic PAT, and Static NAT 251


        Configuring Dynamic and Static NAT Example Using the CLI 253


        Configuring Dynamic NAT Example Using ASDM 254


        Configuring Dynamic PAT Example Using ASDM 257


        Configuring Static NAT Example Using ASDM 258


    AAA Access Control 260


        Local AAA Authentication 260


        Server-Based AAA Authentication 261


        Configuring AAA Server-Based Authentication Example Using the CLI 261


        Configuring AAA Server-Based Authentication Example Using ASDM 262


    Modular Policy Framework Service Policies 266


        Class Maps, Policy Maps, and Service Policies 267


        Default Global Policies 269


        Configure Service Policy Example Using ASDM 271


Chapter 21 Configuring Cisco ASA VPNs 273


    Remote-Access VPNs 273


        Types of Remote-Access VPNs 273


    ASA SSL VPN 274


        Client-Based SSL VPN Example Using ASDM 275


        Clientless SSL VPN Example Using ASDM 286


    ASA Site-to-Site IPsec VPN 294


        ISR IPsec VPN Configuration 294


        ASA Initial Configuration 296


        ASA VPN Configuration Using ASDM 297


Appendix A    Create Your Own Journal Here 303


9781587205750, TOC, 3/11/2016


Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020