CCNA® Security Study Guide

CCNA® Security Study Guide

by Tim Boyles
Released March 2010
Publisher(s): Sybex
ISBN: 9780470527672

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

A complete study guide for the new CCNA Security certification exam

In keeping with its status as the leading publisher of CCNA study guides, Sybex introduces the complete guide to the new CCNA security exam. The CCNA Security certification is the first step towards Cisco's new Cisco Certified Security Professional (CCSP) and Cisco Certified Internetworking Engineer-Security.

With a foreword by CCNA networking authority Todd Lammle, CCNA Security Study Guide fully covers every exam objective. The companion CD includes the Sybex Test Engine, flashcards, and a PDF of the book.

  • The CCNA Security certification is the first step toward Cisco's new CCSP and Cisco Certified Internetworking Engineer-Security

  • Describes security threats facing modern network infrastructures and how to mitigate threats to Cisco routers and networks using ACLs

  • Explores implementing AAA on Cisco routers and secure network management and reporting

  • Shows how to implement Cisco IOS firewall and IPS feature sets plus site-to-site VPNs using SDM

  • Foreword by Todd Lammle bestselling study guide author

  • CD includes the Sybex Test Engine, flashcards, and the book in PDF format

With hands-on labs and end-of-chapter reviews, CCNA Security Study Guide thoroughly prepares you for certification.

Table of contents

  1. Copyright
  2. Acknowledgments
  3. About The Author
  4. About the Contributor
  5. Introduction
      1. Cisco's Security Certifications
      2. What Skills Do You Need to Become CCNA Security Certified?
      3. How Do You Become CCNA Security Certified?
    2. Who Should Buy This Book
    3. What's Inside
      1. How to Use This Book
      2. What's on the CD?
        1. The Sybex Test Engine
        2. Electronic Flashcards for PCs and Mobile PC Devices
        3. CCNA Security Study Guide in PDF
      3. Tips for Taking Your CCNA Security Exam
      4. Test-Day Tips for Certification Success
    4. How to Contact the Author
  6. Assessment Test
    1. Answers to Assessment Test
  7. 1. Introduction to Network Security
    1. 1.1. Threats to Network Security
      1. 1.1.1. External Threats
      2. 1.1.2. Internal Threats
      3. 1.1.3. Application Security
    2. 1.2. Network Security Objectives
    3. 1.3. Classification of Data
    4. 1.4. Security Controls
      1. 1.4.1. Security Controls by Type
      2. 1.4.2. Security Controls by Purpose
    5. 1.5. Incident Response
      1. 1.5.1. Preparation
        1. 1.5.1.1. Policy
        2. 1.5.1.2. Human Factors
        3. 1.5.1.3. Additional Recommendations
      2. 1.5.2. Identification
      3. 1.5.3. Containment
      4. 1.5.4. Eradication
      5. 1.5.5. Recovery
      6. 1.5.6. Lessons Learned
    6. 1.6. Law and Ethics
      1. 1.6.1. Legal Matters
        1. 1.6.1.1. Criminal Law
        2. 1.6.1.2. Civil Law
        3. 1.6.1.3. Administrative Law
      2. 1.6.2. Intellectual Property
      3. 1.6.3. Ethics
    7. 1.7. Review Questions
    8. 1.8. Answers to Review Questions
  8. 2. Creating the Secure Network
    1. 2.1. Creating a Security Policy
      1. 2.1.1. Goals of a Security Policy
      2. 2.1.2. Policies and Procedures
      3. 2.1.3. Other Documents
      4. 2.1.4. Managing Risk
        1. 2.1.4.1. Threat Identification
        2. 2.1.4.2. Risk Analysis
        3. 2.1.4.3. Risk Management versus Risk Avoidance
      5. 2.1.5. Secure Network Design
      6. 2.1.6. Creating Security Awareness
        1. 2.1.6.1. Awareness
        2. 2.1.6.2. Training
        3. 2.1.6.3. Education
    2. 2.2. Maintaining Operational Security
      1. 2.2.1. Defining the Systems Development Life Cycle
      2. 2.2.2. Review of Operations Security
    3. 2.3. Evolution of Threats
    4. 2.4. The Cisco Self-Defending Network
      1. 2.4.1. Characteristics of the Cisco Self-Defending Network
      2. 2.4.2. Components of the Cisco Self-Defending Network
    5. 2.5. Summary
    6. 2.6. Exam Essentials
    7. 2.7. Written Lab
    8. 2.8. Review Questions
    9. 2.9. Answers to Review Questions
    10. 2.10. Answers to Written Lab
  9. 3. Securing Administrative Access
    1. 3.1. Securing Administrative Access
      1. 3.1.1. Methods of Accessing the Router
      2. 3.1.2. Modes of Interaction with the Router
        1. 3.1.2.1. Password Guidelines
        2. 3.1.2.2. Password Types
      3. 3.1.3. Configuring Passwords
      4. 3.1.4. Configuring Privilege Levels
      5. 3.1.5. CLI Views
      6. 3.1.6. Securing Router Files
      7. 3.1.7. Login Features for Virtual Connections
        1. 3.1.7.1. Delays between Successive Login Attempts
        2. 3.1.7.2. Shut Down Logins When a DoS Attack Is Detected
        3. 3.1.7.3. Generate System Logging Messages for Login Attempts
      8. 3.1.8. Configuring a Banner Message
    2. 3.2. Cisco ISR Routers
    3. 3.3. Cisco Security Device Manager (SDM)
      1. 3.3.1. Prerequisites for Running SDM
      2. 3.3.2. Introduction to SDM
    4. 3.4. Summary
    5. 3.5. Exam Essentials
    6. 3.6. Written Lab
    7. 3.7. Hands-on Lab
      1. 3.7.1. Hands-on Lab 3.1: Configuring Passwords
    8. 3.8. Review Questions
    9. 3.9. Answers to Review Questions
    10. 3.10. Answers to Written Lab
  10. 4. Configuring AAA Services
    1. 4.1. Defining AAA Services
    2. 4.2. Defining RADIUS and TACACS+
      1. 4.2.1. RADIUS
      2. 4.2.2. TACACS+
    3. 4.3. Configuring AAA Using Cisco Secure ACS
      1. 4.3.1. Introduction to Cisco Secure ACS for Windows
      2. 4.3.2. Preparation and Installation of Cisco Secure ACS for Windows
        1. 4.3.2.1. Installation Requirements
          1. 4.3.2.1.1. Hardware Requirements
          2. 4.3.2.1.2. Operating System Requirements
          3. 4.3.2.1.3. Browser Requirements
          4. 4.3.2.1.4. Network Requirements
          5. 4.3.2.1.5. Port Requirements
        2. 4.3.2.2. Confirming Preparations Before Installing Cisco Secure ACS for Windows
        3. 4.3.2.3. Installing Cisco Secure ACS for Windows
        4. 4.3.2.4. Setting Up Remote Administration
    4. 4.4. Configuring Authentication
      1. 4.4.1. AAA Local User Authentication
      2. 4.4.2. Using Method Lists
    5. 4.5. Configuring Authorization
    6. 4.6. Configuring Accounting
    7. 4.7. Configuring TACACS+
      1. 4.7.1. Configuring AAA Services from the Command Line
      2. 4.7.2. Configuring AAA Services with Cisco SDM
    8. 4.8. Troubleshooting AAA on Cisco Routers
    9. 4.9. Summary
    10. 4.10. Exam Essentials
    11. 4.11. Written Lab
    12. 4.12. Hands-on Labs
      1. 4.12.1. Hands-on Lab 4.1: Configuring AAA Authentication with a Local Database
      2. 4.12.2. Hands-on Lab 4.2: Configuring TACACS+ Authentication, Authorization, and Accounting
    13. 4.13. Review Questions
    14. 4.14. Answers to Review Questions
    15. 4.15. Answers to Written Lab
  11. 5. Securing Your Router
    1. 5.1. Using the Command-Line Interface to Lock Down the Router
      1. 5.1.1. Locking Down the Management Plane
      2. 5.1.2. Locking Down the Forwarding Plane
    2. 5.2. Understanding One-Step Lockdown
      1. 5.2.1. Configuring One-Step Lockdown with SDM
      2. 5.2.2. Differences between One-Step Lockdown and AutoSecure
    3. 5.3. Securing Management and Logging
      1. 5.3.1. Configuring Syslog Support on a Cisco Router
      2. 5.3.2. Using SNMP v3 to Secure Management Traffic
        1. 5.3.2.1. Basic Components of SNMP
        2. 5.3.2.2. SNMP V3 Security Model
      3. 5.3.3. Securing Administration Using SSH
      4. 5.3.4. Using SDM to Configure a Syslog Server, SSH, SNMP, and NTP
        1. 5.3.4.1. Configuring a Syslog Server Using SDM
        2. 5.3.4.2. Configuring SSH Using SDM
        3. 5.3.4.3. Configuring SNMP Using SDM
        4. 5.3.4.4. Configuring NTP Using SDM
    4. 5.4. Summary
    5. 5.5. Exam Essentials
    6. 5.6. Written Lab
    7. 5.7. Hands-on Lab
      1. 5.7.1. Hands-on Lab 5.1: Configuring a Router for SSH Administrative Access
    8. 5.8. Review Questions
    9. 5.9. Answers to Review Questions
    10. 5.10. Answers to Written Lab
  12. 6. Layer 2 Security
    1. 6.1. Basic Protection of Layer 2 Switches
    2. 6.2. How to Prevent VLAN Attacks
      1. 6.2.1. Double Tagging
      2. 6.2.2. Switch Spoofing
    3. 6.3. Mitigating STP Attacks
    4. 6.4. Mitigating DHCP Server Spoofing
      1. 6.4.1. Configuring DCHP Snooping
      2. 6.4.2. Dynamic ARP Inspection
    5. 6.5. Protecting against CAM Table Attacks
    6. 6.6. Preventing MAC Spoofing
    7. 6.7. Configuring Port Security
    8. 6.8. Configuring SPAN, RSPAN, and Storm Control
      1. 6.8.1. Configuring Switched Port Analyzer (SPAN)
        1. 6.8.1.1. Using SPAN with a Network Analyzer
        2. 6.8.1.2. Using SPAN with an Intrusion Detection System (IDS)
      2. 6.8.2. Configuring Remote Switched Port Analyzer (RSPAN)
      3. 6.8.3. Configuring Storm Control
    9. 6.9. Summary
    10. 6.10. Exam Essentials
    11. 6.11. Written Lab
    12. 6.12. Hands-on Labs
      1. 6.12.1. Hands-on Lab 6.1: Configuring Protection against a Spanning Tree Attack
      2. 6.12.2. Hands-on Lab 6.2: Configuring SPAN on a Cisco Switch to Do Troubleshooting
      3. 6.12.3. Hands-on Lab 6.3: Configuring Port Security on a Cisco Switch
    13. 6.13. Review Questions
    14. 6.14. Answers to Review Questions
    15. 6.15. Answers to Written Lab
  13. 7. Implementing Cisco IOS Firewall
    1. 7.1. Firewall Basics
      1. 7.1.1. Packet Filtering Firewall
      2. 7.1.2. Application-Layer Firewall
      3. 7.1.3. Stateful Firewall
    2. 7.2. Access Control Lists
      1. 7.2.1. Basic ACLs
      2. 7.2.2. Turbo ACLs
      3. 7.2.3. How to Develop ACLs
      4. 7.2.4. Applying ACLs to Router Interfaces
      5. 7.2.5. Filtering Traffic with ACLs
      6. 7.2.6. Logical and Performance Considerations for ACLs
    3. 7.3. The Cisco IOS Firewall
      1. 7.3.1. Authentication Proxy
      2. 7.3.2. Transparent Firewall
      3. 7.3.3. Stateful Packet Inspection
        1. 7.3.3.1. Context-Based Access Control
        2. 7.3.3.2. DDoS Protection
    4. 7.4. Configure Cisco IOS Firewall with SDM
      1. 7.4.1. Basic Firewall
      2. 7.4.2. Advanced Firewall
    5. 7.5. Verify Cisco IOS Firewall Configurations
      1. 7.5.1. Basic Firewall
        1. 7.5.1.1. Inspection Commands for the Basic Firewall
        2. 7.5.1.2. HTTP Commands for the Basic Firewall
        3. 7.5.1.3. Inside Interface and Outbound ACL Commands for the Basic Firewall
        4. 7.5.1.4. Outside Interface and Inbound ACL Commands for the Basic Firewall
        5. 7.5.1.5. Access Lists Commands for the Basic Firewall
        6. 7.5.1.6. Putting It All Together
      2. 7.5.2. Advanced Firewall
        1. 7.5.2.1. Inspection Commands for the Advanced Firewall
        2. 7.5.2.2. Inside Interface and Outbound ACL Commands for the Advanced Firewall
        3. 7.5.2.3. DMZ Interface and ACL Commands for the Advanced Firewall
        4. 7.5.2.4. Outside Interface and Inbound ACL Commands for the Advanced Firewall
    6. 7.6. Implementing Zone-Based Firewall
    7. 7.7. Summary
    8. 7.8. Exam Essentials
    9. 7.9. Written Lab
    10. 7.10. Hands-on Lab
      1. 7.10.1. Hands-on Lab 7.1: Configuring an Access List
    11. 7.11. Review Questions
    12. 7.12. Answers to Review Questions
    13. 7.13. Answers to Written Lab
  14. 8. Implementing Cisco IOS Intrusion Prevention
    1. 8.1. IDS and IPS
      1. 8.1.1. Introducing the Intrusion Detection System
      2. 8.1.2. Basic Functions of the Intrusion Prevention System
      3. 8.1.3. Using IDS and IPS Together
      4. 8.1.4. Benefits and Drawbacks of IPS/IDS Sensors
      5. 8.1.5. Types of IDS and IPS Sensors
        1. 8.1.5.1. Sensor Scope
          1. 8.1.5.1.1. Network-Based Intrusion Prevention System
          2. 8.1.5.1.2. Host-Based Intrusion Prevention System
        2. 8.1.5.2. IDS and IPS Approaches
          1. 8.1.5.2.1. Signature-Based Approach
          2. 8.1.5.2.2. Policy-Based Approach
          3. 8.1.5.2.3. Anomaly-Based Approach
          4. 8.1.5.2.4. Honeypot Approach
      6. 8.1.6. IPS Signatures
        1. 8.1.6.1. Signature Types
        2. 8.1.6.2. Signature Files
        3. 8.1.6.3. IPS Alarms
    2. 8.2. Configuring IOS IPS
    3. 8.3. Summary
    4. 8.4. Exam Essentials
    5. 8.5. Written Lab
    6. 8.6. Hands-on Lab
      1. 8.6.1. Hands-on Lab 8.1: Configuring an IPS Policy Using Cisco SDM
    7. 8.7. Review Questions
    8. 8.8. Answers to Review Questions
    9. 8.9. Answers to Written Lab
  15. 9. Understanding Cryptographic Solutions
    1. 9.1. Introduction to Cryptography
      1. 9.1.1. Caesar's Cipher
      2. 9.1.2. Vigenère Cipher
      3. 9.1.3. One-Time Pads
      4. 9.1.4. Transposition Ciphers
    2. 9.2. Symmetric Encryption
      1. 9.2.1. Symmetric Encryption Keys
      2. 9.2.2. DES Encryption Algorithm
        1. 9.2.2.1. Block cipher modes
        2. 9.2.2.2. Stream cipher modes
      3. 9.2.3. 3DES Encryption Algorithm
      4. 9.2.4. Advanced Encryption Algorithm
      5. 9.2.5. SEAL
      6. 9.2.6. Rivest Ciphers
    3. 9.3. Encryption Algorithms
      1. 9.3.1. Choosing the Right Encryption Algorithm
      2. 9.3.2. Hashing Functions
    4. 9.4. Summary
    5. 9.5. Exam Essentials
    6. 9.6. Written Lab
    7. 9.7. Hands-on Lab
      1. 9.7.1. Hands-on Lab 9.1: Creating a Substitution Cipher
    8. 9.8. Review Questions
    9. 9.9. Answers to Review Questions
    10. 9.10. Answers to Written Lab
  16. 10. Using Digital Signatures
    1. 10.1. Hashing Overview
    2. 10.2. Features of Hash Functions and Values
      1. 10.2.1. Fast and Efficient
      2. 10.2.2. Collision Resistant
      3. 10.2.3. Manipulation Resistant
      4. 10.2.4. One-Way Hashing
      5. 10.2.5. Fixed-Length Hashing Values
    3. 10.3. Hash Message Authentication Code
    4. 10.4. Hashing Algorithms
      1. 10.4.1. MD5 Algorithm
      2. 10.4.2. SHA-1 Algorithm
      3. 10.4.3. MD5 and SHA-1 Comparison Chart
    5. 10.5. Digital Signatures
      1. 10.5.1. Digital Signatures Overview
        1. 10.5.1.1. Integrity
        2. 10.5.1.2. Authentication
        3. 10.5.1.3. Non-repudiation
      2. 10.5.2. Digital Signature Process
        1. 10.5.2.1. Digital Signature Standard
        2. 10.5.2.2. DSA Digital Signature Process
        3. 10.5.2.3. RSA Digital Signature Process
        4. 10.5.2.4. DSA and RSA Comparison Chart
    6. 10.6. Summary
    7. 10.7. Exam Essentials
    8. 10.8. Written Lab
    9. 10.9. Hands-on Lab
      1. 10.9.1. Hands-on Lab 10.1: Generate a Hash Value from a File
    10. 10.10. Review Questions
    11. 10.11. Answers to Review Questions
    12. 10.12. Answers to Written Lab
  17. 11. Using Asymmetric Encryption and PKI
    1. 11.1. Asymmetric Encryption
      1. 11.1.1. Public Key Cryptography Process
        1. 11.1.1.1. Key Pairs
        2. 11.1.1.2. Key Size
        3. 11.1.1.3. Private Key
        4. 11.1.1.4. Public Key
      2. 11.1.2. Features
      3. 11.1.3. Drawbacks
      4. 11.1.4. Usage
      5. 11.1.5. Hybrid Encryption
    2. 11.2. Asymmetric Encryption Algorithms
      1. 11.2.1. RSA Algorithm
        1. 11.2.1.1. RSA Key Table
        2. 11.2.1.2. RSA Key Creation
        3. 11.2.1.3. RSA Encryption Example
        4. 11.2.1.4. RSA Decryption Example
        5. 11.2.1.5. Summary of the RSA Algorithm
      2. 11.2.2. Diffie-Hellman Algorithm
        1. 11.2.2.1. DH Key Table
        2. 11.2.2.2. DH Key Creation
        3. 11.2.2.3. DH Key Exchange Example
        4. 11.2.2.4. Summary of the Diffie-Hellman Algorithm
    3. 11.3. Public Key Infrastructure
      1. 11.3.1. PKI Overview
      2. 11.3.2. Certificate Authorities
      3. 11.3.3. CA Structures
        1. 11.3.3.1. Single CA Structure
        2. 11.3.3.2. Hierarchical CA Structure
    4. 11.4. Digital Certificates
      1. 11.4.1. Certificate Enrollment
        1. 11.4.1.1. Certificate Request
        2. 11.4.1.2. Certificate Classes
        3. 11.4.1.3. Certificate Enrollment Process
      2. 11.4.2. Digital Certificates Exposed
        1. 11.4.2.1. Certificate Information
        2. 11.4.2.2. Version Field
        3. 11.4.2.3. Serial Number Field
        4. 11.4.2.4. Signature Algorithm and Signature Hash Algorithm Fields
        5. 11.4.2.5. Issuer Field
        6. 11.4.2.6. Validity Fields
        7. 11.4.2.7. Subject Field
        8. 11.4.2.8. Public Key Field
        9. 11.4.2.9. Extension Fields
        10. 11.4.2.10. Certification Path
      3. 11.4.3. Certificate Usage
        1. 11.4.3.1. Identity
        2. 11.4.3.2. Secure Communication
        3. 11.4.3.3. User Authentication
      4. 11.4.4. Certificate Limitations
    5. 11.5. PKI Standards
      1. 11.5.1. Public Key Cryptography Standards
        1. 11.5.1.1. PKCS #1 Standard
        2. 11.5.1.2. PKCS #10 Standard
        3. 11.5.1.3. PKCS #7 Standard
      2. 11.5.2. X.509 Standard
        1. 11.5.2.1. X.509 Specification of Digital Certificates
        2. 11.5.2.2. X.509 Specification of CRLs
        3. 11.5.2.3. X.509 Specification of the Certification Path Validation Algorithm
        4. 11.5.2.4. X.509 Specification of File Extensions
      3. 11.5.3. SCEP Standard
        1. 11.5.3.1. Certificate Enrollment
        2. 11.5.3.2. Public Key Distribution
        3. 11.5.3.3. Certificate Query
        4. 11.5.3.4. CRL Query
    6. 11.6. Summary
    7. 11.7. Exam Essentials
    8. 11.8. Written Lab
    9. 11.9. Hands-on Lab
      1. 11.9.1. Hands-on Lab 11.1: View the Content of Root CA Certificates
    10. 11.10. Review Questions
    11. 11.11. Answers to Review Questions
    12. 11.12. Answers to Written Lab
  18. 12. Implementing Site-to-Site IPsec VPN Solutions
    1. 12.1. Introduction to Virtual Private Networks and IPsec
    2. 12.2. VPN Operation
      1. 12.2.1. Cisco-Specific Operation
        1. 12.2.1.1. IKE Phase 1
        2. 12.2.1.2. IKE Phase 2
        3. 12.2.1.3. Summing It Up
      2. 12.2.2. Configuring a Site-to-Site VPN
        1. 12.2.2.1. SDM Home
        2. 12.2.2.2. SDM Configure Tool
        3. 12.2.2.3. Site-to-Site VPN Wizard
      3. 12.2.3. Verifying VPN
      4. 12.2.4. Troubleshooting VPN
        1. 12.2.4.1. Checking the Crypto Map
        2. 12.2.4.2. Checking Security Associations
        3. 12.2.4.3. Using Debug
    3. 12.3. Cisco Easy VPN
      1. 12.3.1. Configuring Cisco Easy VPN
      2. 12.3.2. Redundant Connections and Equipment
    4. 12.4. Summary
    5. 12.5. Exam Essentials
    6. 12.6. Written Lab
    7. 12.7. Hands-on Lab
      1. 12.7.1. Hands-on Lab 12.1: Configuring a Site-to-Site VPN
    8. 12.8. Review Questions
    9. 12.9. Answers to Review Questions
    10. 12.10. Answers to Written Lab
  19. A. Securing Voice Solutions
    1. A.1. Voice over IP Essentials
      1. A.1.1. What Is VoIP?
      2. A.1.2. Components of VoIP
      3. A.1.3. Common Protocols Used in Voice over IP
      4. A.1.4. Threats to Voice over IP
        1. A.1.4.1. Toll Fraud
        2. A.1.4.2. Phishing and Vishing
        3. A.1.4.3. Denial of Service
        4. A.1.4.4. Unauthorized Access to VoIP Components
        5. A.1.4.5. Eavesdropping
        6. A.1.4.6. SPIT
      5. A.1.5. Methods of Securing the Voice over IP Environment
        1. A.1.5.1. Separating Your Voice Traffic
        2. A.1.5.2. Utilizing Security Devices
        3. A.1.5.3. Encrypt Traffic with VPNs
        4. A.1.5.4. Protecting VoIP Devices
          1. A.1.5.4.1. Secure Server Architecture
          2. A.1.5.4.2. IP Phone Hardening
          3. A.1.5.4.3. Server Hardening
  20. B. Introduction to SAN Security
    1. B.1. Introduction to Storage Area Networks
    2. B.2. Benefits of a SAN
    3. B.3. SAN Transport Methods
      1. B.3.1. Fibre Channel
      2. B.3.2. iSCSI
      3. B.3.3. FCIP
      4. B.3.4. FCOE
    4. B.4. Elements of a SAN
      1. B.4.1. Logical Unit Numbers (LUNs) and LUN Masking
      2. B.4.2. Fibre Channel Zoning
      3. B.4.3. World Wide Names
      4. B.4.4. VSANs
      5. B.4.5. Port Authentication Protocols
      6. B.4.6. SAN Security Essentials
      7. B.4.7. SAN Management Security Risks
      8. B.4.8. Fabric and Target Access Security Risks
      9. B.4.9. Secure SAN Protocols
      10. B.4.10. Secure IP Storage Access
      11. B.4.11. Secure Data
    5. B.5. Cisco MDS 9000 Features
  21. C. Exploring Endpoint Security
    1. C.1. Introduction to Endpoint Security
    2. C.2. Buffer Overflow Threats
    3. C.3. Cisco Endpoint Security Products
      1. C.3.1. IronPort for Email and Web Protection
      2. C.3.2. Cisco Network Admission Control
      3. C.3.3. Cisco Security Agent
    4. C.4. Endpoint Security Best Practices
      1. C.4.1. Operating System and Network Security
      2. C.4.2. Application Security
  22. D. Capstone Exercise
    1. D.1. Layer 2 Exercise
    2. D.2. IOS Firewall Exercise
    3. D.3. Secure Management Access Exercise
    4. D.4. Cisco IOS IPS Exercise
    5. D.5. AAA Exercise
    6. D.6. Site-to-Site VPN Exercise
  23. E. About the Companion CD
    1. E.1. What You'll Find on the CD
      1. E.1.1. Sybex Test Engine
      2. E.1.2. PDF of the Book
      3. E.1.3. Adobe Reader
      4. E.1.4. Electronic Flashcards
    2. E.2. System Requirements
    3. E.3. Using the CD
    4. E.4. Troubleshooting
      1. E.4.1. Customer Care
  24. Glossary

Product information

  • Title: CCNA® Security Study Guide
  • Author(s): Tim Boyles
  • Release date: March 2010
  • Publisher(s): Sybex
  • ISBN: 9780470527672