Home > Store > Certification

CCNA Security (210-260) Portable Command Guide, 2nd Edition

Register your product to gain access to bonus material or receive a coupon.

CCNA Security (210-260) Portable Command Guide, 2nd Edition

Best Value Purchase

Book + eBook Bundle

  • Your Price: $37.79
  • List Price: $62.98
  • Includes EPUB, MOBI, and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

More Purchase Options

Book

  • Your Price: $27.99
  • List Price: $34.99
  • Usually ships in 24 hours.

eBook (Watermarked)

  • Your Price: $22.39
  • List Price: $27.99
  • Includes EPUB, MOBI, and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

About

Features

  • Practical, example-rich information for every command on Cisco's newest CCNA® Security exam
  • Real-world samples and best-practice topologies help students work more efficiently, and pass the first time
  • Covers security policies, securing routers, switches, and firewalls; VPNs, IPS, LAN security, and more
  • Perfect take-anywhere resource: no need for thick books or Web access

Description

  • Copyright 2016
  • Dimensions: 6" x 9"
  • Pages: 352
  • Edition: 2nd
  • Book
  • ISBN-10: 1-58720-575-0
  • ISBN-13: 978-1-58720-575-0

Preparing for the latest CCNA Security exam? Here are all  the CCNA Security (210-260) commands you need in one condensed, portable resource. Filled with valuable, easy-to-access information, the CCNA Security Portable Command Guide, is portable enough for you to use whether you’re in the server room or the equipment closet.


Completely updated to reflect the new CCNA Security 210-260 exam, this quick reference summarizes relevant Cisco IOS® Software commands, keywords, command arguments, and associated prompts, and offers tips and examples for applying these commands to real-world security challenges. Configuration examples, throughout, provide an even deeper understanding of how to use IOS to protect networks.


Topics covered include


  • Networking security fundamentals: concepts, policies, strategy
  •  Protecting network infrastructure: network foundations, security management planes/access; data planes (Catalyst switches and IPv6)
  •  Threat control/containment: protecting endpoints and content; configuring ACLs, zone-based firewalls, and Cisco IOS IPS
  •  Secure connectivity: VPNs, cryptology, asymmetric encryption, PKI, IPsec VPNs, and site-to-site VPN configuration
  •  ASA network security: ASA/ASDM concepts; configuring ASA basic settings, advanced settings, and VPNs

 Access all CCNA Security commands: use as a quick, offline resource for research and solutions


  • Logical how-to topic groupings provide one-stop research
  • Great for review before CCNA Security certification exams
  • Compact size makes it easy to carry with you, wherever you go
  •  “Create Your Own Journal” section with blank, lined pages allows you to personalize the book for your needs
  •  “What Do You Want to Do?” chart inside the front cover helps you to quickly reference specific tasks


Sample Content

Sample Pages

Download the sample pages (includes Chapter 3 and Index)

Table of Contents


    Introduction xxi


Part I: Networking Security Fundamentals


Chapter 1 Networking Security Concepts 1


    Basic Security Concepts 2


        Security Terminology 2


        Confidentiality, Integrity, and Availability (CIA) 2


        Data Classification Criteria 2


        Data Classification Levels 3


        Classification Roles 3


    Threat Classification 3


        Trends in Information Security Threats 4


        Preventive, Detective, and Corrective Controls 4


        Risk Avoidance, Transfer, and Retention 4


    Drivers for Network Security 5


        Evolution of Threats 5


        Data Loss and Exfiltration 5


        Tracking Threats 6


    Malware 6


        Anatomy of a Worm 7


        Mitigating Malware and Worms 7


    Threats in Borderless Networks 8


        Hacker Titles 8


        Thinking Like a Hacker 9


        Reconnaissance Attacks 9


        Access Attacks 10


        Password Cracking 11


        Denial-of-Service Attacks 11


        Distributed Denial-of-Service Attacks 12


        Tools Used by Attackers 13


    Principles of Secure Network Design 13


        Defense in Depth 14


Chapter 2 Implementing Security Policies 15


    Managing Risk 15


        Quantitative Risk Analysis Formula 16


        Quantitative Risk Analysis Example 17


        Regulatory Compliance 17


    Security Policy 19


        Standards, Guidelines, and Procedures 20


        Security Policy Audience Responsibilities 21


        Security Awareness 21


    Secure Network Lifecycle Management 22


        Models and Frameworks 23


        Assessing and Monitoring the Network Security Posture 23


        Testing the Security Architecture 24


    Incident Response 24


        Incident Response Phases 24


        Computer Crime Investigation 25


        Collection of Evidence and Forensics 25


        Law Enforcement and Liability 25


        Ethics 25


    Disaster-Recovery and Business-Continuity Planning 26


Chapter 3 Building a Security Strategy 27


    Cisco Borderless Network Architecture 27


        Borderless Security Products 28


    Cisco SecureX Architecture and Context-Aware Security 28


        Cisco TrustSec 30


        TrustSec Confidentiality 30


        Cisco AnyConnect 31


        Cisco Talos 31


    Threat Control and Containment 31


    Cloud Security and Data-Loss Prevention 32


    Secure Connectivity Through VPNs 32


    Security Management 33


Part II: Protecting the Network Infrastructure


Chapter 4 Network Foundation Protection 35


    Threats Against the Network Infrastructure 35


    Cisco Network Foundation Protection Framework 36


    Control Plane Security 37


        Control Plane Policing 37


    Management Plane Security 38


        Role-Based Access Control 39


        Secure Management and Reporting 39


        Data Plane Security 39


        ACLs 40


        Antispoofing 40


        Layer 2 Data Plane Protection 40


Chapter 5 Securing the Management Plane 41


    Planning a Secure Management and Reporting Strategy 42


    Securing the Management Plane 42


        Securing Passwords 43


        Securing the Console Line and Disabling the Auxiliary Line 43


        Securing VTY Access with SSH 44


        Securing VTY Access with SSH Example 45


        Securing Configuration and IOS Files 46


        Restoring Bootset Files 47


    Implementing Role-Based Access Control on Cisco Routers 47


        Configuring Privilege Levels 47


        Configuring Privilege Levels Example 47


        Configuring RBAC 48


        Configuring RBAC via the CLI Example 49


        Configuring Superviews 49


        Configuring a Superview Example 50


    Network Monitoring 51


        Configuring a Network Time Protocol Master Clock 51


        Configuring an NTP Client 52


        Configuring an NTP Master and Client Example 52


        Configuring Syslog 53


        Configuring Syslog Example 54


        Configuring SNMPv3 54


        Configuring SNMPv3 Example 55


Chapter 6 Securing Management Access with AAA 57


    Authenticating Administrative Access 57


        Local Authentication 57


        Server-Based Authentication 58


        Authentication, Authorization, and Accounting Framework 58


    Local AAA Authentication 58


        Configuring Local AAA Authentication Example 60


    Server-Based AAA Authentication 61


        TACACS+ Versus RADIUS 61


        Configuring Server-Based AAA Authentication 62


        Configuring Server-Based AAA Authentication Example 63


    AAA Authorization 64


        Configuring AAA Authorization Example 64


    AAA Accounting 65


        Configuring AAA Accounting Example 65


    802.1X Port-Based Authentication 65


        Configuring 802.1X Port-Based Authentication 66


        Configuring 802.1X Port-Based Authentication Example 68


Chapter 7 Securing the Data Plane on Catalyst Switches 69


    Common Threats to the Switching Infrastructure 70


        Layer 2 Attacks 70


        Layer 2 Security Guidelines 71


    MAC Address Attacks 72


        Configuring Port Security 72


        Fine-Tuning Port Security 73


        Configuring Optional Port Security Settings 74


        Configuring Port Security Example 75


    VLAN Hopping Attacks 76


        Mitigating VLAN Attacks 76


        Mitigating VLAN Attacks Example 77


    DHCP Attacks 78


        Mitigating DHCP Attacks 78


        Mitigating DHCP Attacks Example 80


    ARP Attacks 80


        Mitigating ARP Attacks 80


        Mitigating ARP Attacks Example 82


    Address Spoofing Attacks 83


        Mitigating Address Spoofing Attacks 83


        Mitigating Address Spoofing Attacks Example 83


    Spanning Tree Protocol Attacks 84


        STP Stability Mechanisms 84


        Configuring STP Stability Mechanisms 85


        Configuring STP Stability Mechanisms Example 86


    LAN Storm Attacks 87


        Configuring Storm Control 88


        Configuring Storm Control Example 88


    Advanced Layer 2 Security Features 88


        ACLs and Private VLANs 89


        Secure the Switch Management Plane 89


Chapter 8 Securing the Data Plane in IPv6 Environments 91


    Overview of IPv6 91


        Comparison Between IPv4 and IPv6 91


        The IPv6 Header 92


        ICMPv6 93


        Stateless Autoconfiguration 94


        IPv4-to-IPv6 Transition Solutions 94


        IPv6 Routing Solutions 94


    IPv6 Threats 95


        IPv6 Vulnerabilities 96


    IPv6 Security Strategy 96


        Configuring Ingress Filtering 96


        Secure Transition Mechanisms 97


        Future Security Enhancements 97


Part III: Threat Control and Containment


Chapter 9 Endpoint and Content Protection 99


    Protecting Endpoints 99


        Endpoint Security 99


        Data Loss Prevention 100


        Endpoint Posture Assessment 100


    Cisco Advanced Malware Protection (AMP) 101


        Cisco AMP Elements 101


        Cisco AMP for Endpoint 102


        Cisco AMP for Endpoint Products 102


    Content Security 103


        Email Threats 103


        Cisco Email Security Appliance (ESA) 103


        Cisco Email Security Virtual Appliance (ESAV) 104


    Cisco Web Security Appliance (WSA) 104


    Cisco Web Security Virtual Appliance (WSAV) 105


    Cisco Cloud Web Security (CWS) 105


Chapter 10 Configuring ACLs for Threat Mitigation 107


    Access Control List 108


        Mitigating Threats Using ACLs 108


        ACL Design Guidelines 108


        ACL Operation 108


    Configuring ACLs 110


        ACL Configuration Guidelines 110


        Filtering with Numbered Extended ACLs 110


        Configuring a Numbered Extended ACL Example 111


        Filtering with Named Extended ACLs 111


        Configuring a Named Extended ACL Example 112


    Mitigating Attacks with ACLs 112


        Antispoofing ACLs Example 112


        Permitting Necessary Traffic through a Firewall Example 114


        Mitigating ICMP Abuse Example 115


    Enhancing ACL Protection with Object Groups 117


        Network Object Groups 117


        Service Object Groups 118


        Using Object Groups in Extended ACLs 119


        Configuring Object Groups in ACLs Example 119


    ACLs in IPv6 121


        Mitigating IPv6 Attacks Using ACLs 121


        IPv6 ACLs Implicit Entries 122


        Filtering with IPv6 ACLs 122


        Configuring an IPv6 ACL Example 123


Chapter 11 Configuring Zone-Based Firewalls 125


    Firewall Fundamentals 125


        Types of Firewalls 125


    Firewall Design 126


        Security Architectures 127


        Firewall Policies 127


        Firewall Rule Design Guidelines 128


        Cisco IOS Firewall Evolution 128


    Cisco IOS Zone-Based Policy Firewall 129


        Cisco Common Classification Policy Language 129


        ZPF Design Considerations 129


        Default Policies, Traffic Flows, and Zone Interaction 130


        Configuring an IOS ZPF 131


        Configuring an IOS ZPF Example 132


Chapter 12 Configuring Cisco IOS IPS 135


    IDS and IPS Fundamentals 135


        Types of IPS Sensors 136


        Types of Signatures 136


        Types of Alarms 136


    Intrusion Prevention Technologies 137


        IPS Attack Responses 137


        IPS Anti-Evasion Techniques 138


        Managing Signatures 140


        Cisco IOS IPS Signature Files 140


        Implementing Alarms in Signatures 140


        IOS IPS Severity Levels 141


        Event Monitoring and Management 141


        IPS Recommended Practices 142


    Configuring IOS IPS 142


        Creating an IOS IPS Rule and Specifying the IPS Signature File Location 143


        Tuning Signatures per Category 144


        Configuring IOS IPS Example 147


Part IV: Secure Connectivity


Chapter 13 VPNs and Cryptology 149


    Virtual Private Networks 149


        VPN Deployment Modes 150


    Cryptology = Cryptography + Cryptanalysis 151


        Historical Cryptographic Ciphers 151


        Modern Substitution Ciphers 152


        Encryption Algorithms 152


        Cryptanalysis 153


    Cryptographic Processes in VPNs 154


        Classes of Encryption Algorithms 155


        Symmetric Encryption Algorithms 155


        Asymmetric Encryption Algorithm 156


        Choosing an Encryption Algorithm 157


        Choosing an Adequate Keyspace 157


    Cryptographic Hashes 157


        Well-Known Hashing Algorithms 158


        Hash-Based Message Authentication Codes 158


    Digital Signatures 159


Chapter 14 Asymmetric Encryption and PKI 161


    Asymmetric Encryption 161


        Public Key Confidentiality and Authentication 161


        RSA Functions 162


    Public Key Infrastructure 162


        PKI Terminology 163


        PKI Standards 163


        PKI Topologies 164


        PKI Characteristics 165


Chapter 15 IPsec VPNs 167


    IPsec Protocol 167


        IPsec Protocol Framework 168


        Encapsulating IPsec Packets 169


        Transport Versus Tunnel Mode 169


        Confidentiality Using Encryption Algorithms 170


        Data Integrity Using Hashing Algorithms 170


        Peer Authentication Methods 171


        Key Exchange Algorithms 172


        NSA Suite B Standard 172


    Internet Key Exchange 172


        IKE Negotiation Phases 173


        IKEv1 Phase 1 (Main Mode and Aggressive Mode) 173


        IKEv1 Phase 2 (Quick Mode) 174


        IKEv2 Phase 1 and 2 174


        IKEv1 Versus IKEv2 175


    IPv6 VPNs 175


Chapter 16 Configuring Site-to-Site VPNs 177


    Site-to-Site IPsec VPNs 177


        IPsec VPN Negotiation Steps 177


        Planning an IPsec VPN 178


        Cipher Suite Options 178


    Configuring IOS Site-to-Site VPNs 179


        Verifying the VPN Tunnel 183


        Configuring a Site-to-Site IPsec VPN 183


Part V: Securing the Network Using the ASA


Chapter 17 Introduction to the ASA 187


    Adaptive Security Appliance 187


        ASA Models 188


        Routed and Transparent Firewall Modes 189


        ASA Licensing 190


    Basic ASA Configuration 191


        ASA 5505 Front and Back Panel 191


        ASA Security Levels 193


        ASA 5505 Port Configuration 194


        ASA 5505 Deployment Scenarios 194


        ASA 5505 Configuration Options 194


Chapter 18 Introduction to ASDM 195


    Adaptive Security Device Manager 195


        Accessing ASDM 195


        Factory Default Settings 196


        Resetting the ASA 5505 to Factory Default Settings 197


        Erasing the Factory Default Settings 197


        Setup Initialization Wizard 197


    Installing and Running ASDM 198


        Running ASDM 200


    ASDM Wizards 202


        The Startup Wizard 202


        VPN Wizards 203


        Advanced Wizards 204


Chapter 19 Configuring Cisco ASA Basic Settings 205


    ASA Command-Line Interface 205


        Differences Between IOS and ASA OS 206


    Configuring Basic Settings 206


        Configuring Basic Management Settings 207


        Enabling the Master Passphrase 208


    Configuring Interfaces 208


        Configuring the Inside and Outside SVIs 208


        Assigning Layer 2 Ports to VLANs 209


        Configuring a Third SVI 209


    Configuring the Management Plane 210


        Enabling Telnet, SSH, and HTTPS Access 210


        Configuring Time Services 211


    Configuring the Control Plane 212


        Configuring a Default Route 212


    Basic Settings Example 212


        Configuring Basic Settings Example Using the CLI 213


        Configuring Basic Settings Example Using ASDM 215


        Configuring Interfaces Using ASDM 217


        Configuring the System Time Using ASDM 221


        Configuring Static Routing Using ASDM 223


        Configuring Device Management Access Using ASDM 226


Chapter 20 Configuring Cisco ASA Advanced Settings 229


    ASA DHCP Services 230


        DHCP Client 230


        DHCP Server Services 230


        Configuring DHCP Server Example Using the CLI 231


        Configuring DHCP Server Example Using ASDM 232


    ASA Objects and Object Groups 235


        Network and Service Objects 236


        Network, Protocol, ICMP, and Service Object Groups 237


        Configuring Objects and Object Groups Example Using ASDM 239


    ASA ACLs 243


        ACL Syntax 244


        Configuring ACLs Example Using the CLI 245


        Configuring ACLs with Object Groups Example Using the CLI 246


        Configuring ACLs with Object Groups Example Using ASDM 247


    ASA NAT Services 250


        Auto-NAT 251


        Dynamic NAT, Dynamic PAT, and Static NAT 251


        Configuring Dynamic and Static NAT Example Using the CLI 253


        Configuring Dynamic NAT Example Using ASDM 254


        Configuring Dynamic PAT Example Using ASDM 257


        Configuring Static NAT Example Using ASDM 258


    AAA Access Control 260


        Local AAA Authentication 260


        Server-Based AAA Authentication 261


        Configuring AAA Server-Based Authentication Example Using the CLI 261


        Configuring AAA Server-Based Authentication Example Using ASDM 262


    Modular Policy Framework Service Policies 266


        Class Maps, Policy Maps, and Service Policies 267


        Default Global Policies 269


        Configure Service Policy Example Using ASDM 271


Chapter 21 Configuring Cisco ASA VPNs 273


    Remote-Access VPNs 273


        Types of Remote-Access VPNs 273


    ASA SSL VPN 274


        Client-Based SSL VPN Example Using ASDM 275


        Clientless SSL VPN Example Using ASDM 286


    ASA Site-to-Site IPsec VPN 294


        ISR IPsec VPN Configuration 294


        ASA Initial Configuration 296


        ASA VPN Configuration Using ASDM 297


Appendix A    Create Your Own Journal Here 303


9781587205750, TOC, 3/11/2016


Updates

Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership