Cisco authorized self-study book for network security foundation learning
While the benefits of the information revolution are enormous, so too are the risks you take when offering products, services, and information to your customers, employees, and business partners via your network. Now more than ever, taking the proper steps to ensure the integrity of your network is critical for protecting your most valuable asset: your data. Even so, most corporate and government networks are vulnerable to attack. Managing Cisco Network Security teaches you how to install, configure, operate, manage, and verify Cisco network security products and Cisco IOS(r) Software security features.
Managing Cisco Network Security focuses on implementing IP network security. Each chapter in the book presents a practical, task-based approach to implementing the security features discussed through a running case study of a hypothetical company that builds a network security architecture from the ground up. Divided into six parts, the book begins with an overview of network security threats and helps you identify the causes of network security problems. Part I also contains information that teaches you how to establish network security policies and secure the network infrastructure. Part II describes methods for securing remote dial-in access using CiscoSecure ACS and Cisco IOS Software AAA security features. Part III focuses on protecting Internet access by identifying the basic components of a perimeter security system and configuring perimeter routers and the Cisco PIX(r) Firewall Feature set. Part IV introduces you to the features and components of the PIX Firewall, presenting details on how to configure essential PIX Firewall features. Part V examines Cisco Encryption Technology, and shows you how to configure Cisco Encryption Technology to ensure data privacy. In Part VI, you will learn how to implement a secure virtual private network (VPN) solution using IPSec features as well as how to use intrusion detection and network auditing tools. In addition to the running case study, Managing Cisco Network Security contains a wealth of configuration examples, command summaries, helpful tables and diagrams, and chapter-ending review questions.
Managing Cisco Network Security is part of a recommended study program from Cisco Systems that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners, please visit www.cisco.com/go/authorizedtraining.
Mike Wenstrom is an education specialist at Cisco Systems, Inc., where he designs, develops, and delivers training on Cisco VPN and network security products. Mike has more than 18 years of experience in many facets of technical training, having been an instructional designer, course developer, technical instructor, and project manager.
I. ESTABLISHING NETWORK SECURITY POLICY.1. Evaluating Network Security Threats.
Why We Need Network Security. Why We Have Security Issues. Security Threat Types. The Security Opportunity.2. Evaluating a Network Security Policy.
The Importance of Protecting the Network. The Security Posture Assessment Process. Improving Your Security Posture. Network Security Case Studies. Case Study: Evaluating the XYZ Company Network Security Policy.3. Securing the Network Infrastructure.
Campus Security Problems and Solutions. Securing the Physical Devices. Securing the Administrative Interface. Securing Router-to-Router Communications. Securing Ethernet Switches. Case Study: Configuring Basic Network Security.
II. Dialup Security.4. Examining Cisco AAA Security Technology.
Securing Network Access by Using AAA. Authentication Methods. Authorization Methods. Accounting Methods. AAA Security Servers.5. Configuring the Network Access Server for AAA Security.
The Remote Access Security Problem and Solution. The NAS AAA Configuration Process. Case Study: Configuring the NAS for AAA Security.6. Configuring CiscoSecure ACS and TACACS+/RADIUS.
CiscoSecure ACS for Windows NT and UNIX. CiscoSecure ACS for Windows NT. CiscoSecure ACS for UNIX. Configuring TACACS+ for CiscoSecure ACS. Configuring RADIUS for CiscoSecure ACS. Double Authentication. Case Study: Configuring CSNT.
III. SECURING THE INTERNET CONNECTION.7. Configuring a Cisco Perimeter Router.
Cisco Perimeter Security Systems. Controlling TCP/IP Services. Preventing Rerouting Attacks. Controlling Access. DoS Protection. Using Network Layer Encryption. Managing IP Addresses with NAT and PAT. Logging Perimeter Router Events. Case Study: Configuring a Cisco Perimeter Router.8. Configuring the Cisco IOS Firewall.
Cisco IOS Firewall Security Problems and Solutions. Configuring Cisco IOS Firewall. Planning for Cisco IOS Firewall. Configuring CBAC. Cisco IOS Firewall Administration. Case Study: Configuring Cisco IOS Firewall.
IV. CONFIGURING THE CISCOSECURE PIX FIREWALL.9. PIX Firewall Basics.
What Is the PIX Firewall? Getting Through the PIX Firewall from the Outside. PIX Firewall Models and Components. Configuring the PIX Firewall. A PIX Firewall Configuration Example. Case Study: Configuring NAT on the PIX Firewall to Protect the Identity of the Internal Network.10. Configuring Access Through the PIX Firewall.
Configuring Outbound Access Control. Controlling Access to Inside Hosts. Case Study: Configuring the PIX Firewall for Secured Bidirectional Communication.11. Configuring Multiple Interfaces and AAA on the PIX Firewall.
Configuring Access to Multiple Interfaces. Configuring User Authentication. Case Study: Configuring Multiple Interfaces and AAA on the PIX Firewall.12. Configuring Advanced PIX Firewall Features.
Advanced Network Address Translation: NAT 0. Controlling Outbound Access. Configuring Java Applet Blocking and URL Filtering. Configuring FTP and URL Logging. Configuring SNMP. Configuring PIX Firewall Failover. Configuring VPN Features. CiscoSecure Policy Manager. PIX Firewall Maintenance. Case Study: Configuring Advanced PIX Firewall Features.
V. CONFIGURING CISCO ENCRYPTION TECHNOLOGY.13. Cisco Encryption Technology Overview.
Encryption Solutions. Cisco IOS Cryptosystem Overview.14. Configuring Cisco Encryption Technology.
Cisco Encryption Technology Basics. Configuring Cisco Encryption Technology. Diagnosing and Troubleshooting Cisco Encryption Technology. Encryption Implementation Considerations. The Encryption Export Policy. Planning for Encryption Job Aid. Configuration Procedures Job Aid.
VI. CONFIGURING A VPN WITH IPSEC.15. Understanding Cisco IPSec Support.
Using IPSec to Enable a Secure VPN. What Is IPSec? How IPSec Works. Technologies Used in IPSec. Public Key Infrastructure and CA Support. IKE and IPSec Flow in Cisco IOS Software. Configuring IPSec Encryption Task Overview.16. Configuring Cisco IOS IPSec.
Configuring Cisco IOS IPSec Using Preshared Keys for Authentication. Configuring Cisco IOS IPSec Using RSA-Encrypted Nonces for Authentication. Case Study: Configuring Cisco IOS IPSec for Preshared Keys.17. Configuring PIX Firewall IPSec Support.
Task 1: Prepare for IPSec. Task 2: Configure IKE for Preshared Keys. Task 3: Configure IPSec. Task 4: Test and Verify the Overall IPSec Configuration. Case Study: Configuring PIX Firewall IPSec for Preshared Keys.18. Scaling Cisco IPSec Networks.
Configuring CA Support in Cisco Routers and the PIX Firewall. Scaling Cisco VPNs.
VII. APPENDIXES.Appendix A: XYZ Company Case Study Scenario.
XYZ Company Overview. The Departments Involved. XYZ's Network Security Goal.Appendix B: An Example of an XYZ Company Network Security Policy.
Statement of Authority and Scope. Acceptable Use Policy. Identification and Authentication Policy. Internet Access Policy. Campus Access Policy. Remote Access Policy. Incident-Handling Procedure.Appendix C: Configuring Standard and Extended Access Lists.
IP Addressing and General Access List Concepts. Configuring Standard IP Access Lists. Configuring Extended IP Access Lists. Verifying Access List Configuration. Named IP Access Lists.Appendix D: Answers to Review Questions.
Download - 137 KB -- Index