CCNA security 210-260 certification guide : build your knowledge of network security and pass your CCNA security exam (210-260) / Glen D. Singh, Michael Vinod and Vijay Anandh.

Format:

Book

Author/Creator:

Singh, Glen D., author.

Vinod, Michael, author.

Anandh, Vijay, author.

Language:

English

Subjects (All):

Network analysis (Planning).

Physical Description:

1 online resource (509 pages)

Edition:

1st edition

Other Title:

Cisco Certified Network Associate security 210-260 certification guide

Place of Publication:

Birmingham ; Mumbai : Packt Publishing, 2018.

System Details:

text file

Summary:

Become a Cisco security specialist by developing your skills in network security and explore advanced security technologies About This Book Enhance your skills in network security by learning about Cisco's device configuration and installation Unlock the practical aspects of CCNA security to secure your devices Explore tips and tricks to help you achieve the CCNA Security 210-260 Certification Who This Book Is For CCNA Security 210-260 Certification Guide can help you become a network security engineer, a cyber security professional, or a security administrator. You should have valid CCENT or CCNA Routing and Switching certification before taking your CCNA Security exam. What You Will Learn Grasp the fundamentals of network security Configure routing protocols to secure network devices Mitigate different styles of security attacks using Cisco devices Explore the different types of firewall technologies Discover the Cisco ASA functionality and gain insights into some advanced ASA configurations Implement IPS on a Cisco device and understand the concept of endpoint security In Detail With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam. You'll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you'll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols. Next, you'll learn about security on the data link layer by implementing various security toolkits. You'll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You'll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you'll delve into the concepts of IPS and endpoint security to secure your organization's network infrastructure. By the end of this book, you'll be ready to take the CCNA Security Exam (210-260). Style and approach This book is a step-by-step certification guide that ensures you secure organization's network and also helps you in clearing this certification. The practical aspe...

Contents:

Intro

Title Page

Copyright and Credits

Packt Upsell

Contributors

Table of Contents

Preface

Chapter 1: Exploring Security Threats

Important terms in network security

Threats

Vulnerability

Analyzing vulnerability

Introduction to an attack

Passive attacks

Active attacks

Spoofing attacks

Internet protocol - the heart of internet communication

How is an IP datagram spoofed?

IP spoofing

Scanning

Hijacking an online session

Flooding

ARP spoofing attacks

Mitigating ARP spoofing attacks

The DHCP process

Why DHCP snooping?

Trusted and untrusted sources

Ping of Death

TCP SYN flood attacks

Password attacks

Buffer overflow attacks

Malware

Network security tools

Wireshark

Metasploit

Kali Linux

Summary

Chapter 2: Delving into Security Toolkits

Firewall functions

Rules of a firewall

Types of firewall

Packet-filtering firewall/stateless firewall

Circuit-level gateway firewall/stateful firewall

Application-layer firewall

Zone-based firewall

Intrusion prevention system

Intrusion detection system

Virtual Private Network

Benefits of VPN

Site-to-site VPNs

Remote-access VPN

Content security

Content Security Policy

Cisco Email Security Appliance

Cisco IronPort Web Security Appliance

Endpoint security

Chapter 3: Understanding Security Policies

Need for a security policy

Five steps for a security policy

Security policy components

Best example for a security policy - a password policy

How to develop a policy

Risk

Risk analysis

Benefits of risk analysis

Quantitative risk

Qualitative risk

Weakness in technology

Weakness in configuration

Weakness in a security policy

Threat

Threat consequence

Disclosure

Threat action - exposure.

Threat action - interception

Threat action - inference

Threat action - intrusion

Deception

Threat action - masquerade

Threat action - falsification

Threat action - repudiation

Disruption

Threat action - incapacitation

Types of threat

Asset

Why classifying of assets is required

Identifying the asset

Asset accountability

Creating a plan for asset classification

Implementing the plan

Countermeasures

Zones

Planes

Data plane

Control plane

Management plane

Regulatory compliance

Payment Card Industry Data Security Standard (PCI DSS)

Health Insurance Portability and Accountability Act (HIPAA)

Sarbanes-Oxley Act (SOX)

Federal Information Security Management Act (FISMA)

GLBA

PIPED Act

Data Protection Directive

Digital Millennium Copyright Act (DMCA)

Safe Harbor Act

Chapter 4: Deep Diving into Cryptography

What is cryptography?

Objectives of cryptography

Confidentiality

Data integrity

Authentication

Non-repudiation

Terminologies

Types of encryption

Symmetric encryption

Asymmetric encryption

Types of cipher

Substitution cipher

Transposition cipher

Block ciphers

Stream ciphers

Key

Encryption algorithms

Data Encryption Standard

Triple Data Encryption Standard (3DES)

Advanced Encryption Standard (AES)

Rivest Cipher 4

RSA (Rivest, Shamir, Adleman)

Hashing algorithms

Message Digest 5 (MD5)

Secure Hashing Algorithm (SHA)

Hashed Message Authentication Code (HMAC)

Cryptographic systems

Digital signature

Secure Sockets Layer (SSL)

Transport Layer Security

Pretty Good Privacy

Public Key Infrastructure

Public Key Infrastructure components

Certificate Authority

Certificate management system

Digital certificate

X.509

Registration Authority (RA).

Putting the components of PKI together

Chapter 5: Implementing the AAA Framework

Components of AAA

Implementing Cisco AAA - authentication

Implementing authentication using local services

Implementing authentication using external services

TACACS+

Configuring TACACS+

Using AAA with TACACS+

RADIUS

Configuring RADIUS

Using AAA with RADIUS

Example of AAA using local authentication

Choosing a protocol between the ACS server and the router

Example of AAA authentication using the TACACS+ server

Command list

Issues with authentication

Encryption

Implementing Cisco AAA - authorization

Prerequisites for authorization

Configuring method lists for authorization

Different methods of authorization

Configuring the privilege level for AAA authorization

Example of AAA authorization with privilege levels

Implementing Cisco AAA - accounting

Configuring AAA - authorization and accounting

Step 1

Step 2

Step 3

Step 4

Chapter 6: Securing the Control and Management Planes

Introducing the security policy

Phases of secure network life cycle

Initiation phase

Security categorization

Initial risk assessment

Acquisition and development phase

Risk assessment

Requirements analysis of security functions

Cost considerations and reporting

Security control development

Developmental security test and evaluation

Implementation phase

Operations and maintenance phase

Configuration management and control

Continuous monitoring

Disposal phase

Technologies to implement secure management network

Syslog protocol

Facility

Severity

Hostname

Timestamp

Message

Configuring Cisco router for syslog server

Network Time Protocol

Secure Shell (SSH).

Simple Network Management Protocol version 3

SNMP basic terminologies

SNMP view

SNMP group

SNMP user

SNMPv3 lab execution

Planning considerations for secure management

Guidelines for secure management and reporting

Log messaging implementation for security

Control Plane Policing

Implementing class-map

Chapter 7: Protecting Layer 2 Protocols

Layer 2 attack mitigation

Features of the Virtual Local Area Network

VLAN tagging

Features of trunking

Trunking modes

VLAN Trunking Protocol

Spanning Tree Protocol fundamentals

Port states

Steps in implementing STP

Root bridge election

Root port election

Designated port election

Alternative port election

Cisco Discovery Protocol

Layer 2 protection toolkit

Protecting with a BPDU guard

Protecting with root guard

Combating DHCP server spoofing

Mitigating CAM-table overflow attacks

MAC spoofing attack

Port security configuration

Protect

Restrict

Shutdown

LAB: securing Layer 2 switches

Lab-port security

Chapter 8: Protecting the Switch Infrastructure

Private VLANs VACL trunking vulnerabilities port security

What is a private VLAN?

Private VLAN lab

Access Control List

VLAN ACLs (VACLs)

Steps for configuring VACL:

Trunking-related attacks

VLAN hopping

Double-tagging

Chapter 9: Exploring Firewall Technologies

Services offered by the firewall

Static-packet filtering

Circuit-level firewalls

Proxy server

Application server

Network Address Translation

Stateful inspection

Firewalls in a layered defense strategy

Transparent firewall

Application-layer firewalls

Authenticates individuals and not devices

It's more difficult to spoof and implement DoS attacks

Can monitor and filter application data.

Logging information in more detail

Working with the application-layer firewall

Application-level proxy server

Typical proxy server deployment

Areas of opportunity

Packet filtering and the OSI model

Chapter 10: Cisco ASA

Cisco ASA portfolio

ASA features

Stateful filtering

Packet filtering

Routing

Dynamic Host Configuration Protocol

Botnet filtering

Advanced Malware Protection

Authentication, authorization, and accounting

Class map and policy map

Basic ASA configuration

Viewing the filesystem

Setting a hostname

Setting the clock

Assigning a domain name to the ASA

Securing access to the privilege exec mode

Saving the configurations

Setting a banner

Assigning IP addresses on the interfaces

Setting a default static route

Creating a local user account

Remote access

Setting up SSH

Setting up Telnet

Configuring Port Address Translation

Setting up the Adaptive Security Device Manager

Getting familiar with the ASDM

Chapter 11: Advanced ASA Configuration

Routing on the ASA

Static routing

Configuring static routing using the CLI

Adding a default route using the ASDM

Adding a default route using the CLI

Open Shortest Path First

Configuring OSPF using the CLI

Routing Information Protocol

Configuring RIP using the CLI

Enhanced Interior Gateway Routing Protocol

Configuring EIGRP using the CLI

Device name, passwords, and domain name

Setting banners using the ASDM

Configuring interfaces

System time and Network Time Protocol

Configuring NTP using the CLI

Configuring DHCP using the CLI

Access control list on the ASA

Types of ACLs

Standard ACL

Applying an ACL on an interface

Extended ACL.

Using the ASDM to create ACLs.

Notes:

Includes index.

Description based on print version record.

ISBN:

9781787124585

1787124584

OCLC:

1042318729