CCSP Self-Study: Securing Cisco IOS Networks (SECUR)

Book description

Cisco authorized self-study book for CCSP 642-501 foundation learning

  • Identify the lineup of Cisco Systems network security products and enumerate the components of a complete security policy

  • Use Cisco Secure ACS for Windows and Cisco Secure ACS for UNIX to implement TACACS+ and RADIUS AAA support in Cisco router networks

  • Configure AAA support on perimeter Cisco routers and Cisco IOS Firewalls

  • Implement standard practices to secure administrative access and disable unused router protocols, services, and interfaces

  • Use AutoSecure to configure security parameters on Cisco routers

  • Configure Cisco IOS Firewalls for CBAC, Authentication Proxy, and AAA support

  • Configure and manage Cisco IOS IDS router signatures and audit rules

  • Monitor Cisco IOS IDS routers using Security Monitor or Syslog servers

  • Configure IPSec VPN tunnels on Cisco routers using preshared keys or RSA signatures

  • Configure Cisco routers to use IPSec with Network Address Translation

  • Use Security Device Manager and Router Management Center to configure and manage Cisco IOS VPN and Cisco IOS Firewall policies

  • Mitigate common router security threats with access control lists (ACLs)

  • CCSP Self-Study: Securing Cisco IOS Networks (SECUR) is a complete reference for security practices, protocols, software, and equipment that work on or in conjunction with Cisco IOS equipment to provide layers of security to networks. In addition to acting as a key study aid for the CCSP SECUR 642-501 exam, this book will be an invaluable theory and configuration guide for years to come.

    CCSP Self-Study: Securing Cisco IOS Networks (SECUR) is a Cisco authorized, self-paced learning tool that helps you gain mastery over all security techniques and technologies, including newer topics such as Cisco Easy VPN and Security Device Manager (SDM). Chapter overviews bring you quickly up to speed on technologies you can use to secure your network. Configuration examples are designed to show you how to make Cisco IOS devices secure, and unique chapter-ending review questions test your knowledge.

    Whether you are seeking a reference guide to working with Cisco IOS security or a study guide for the 642-501 exam, CCSP Self-Study: Securing Cisco IOS Networks (SECUR) is the reference you are looking for.

    CCSP Self-Study: Securing Cisco IOS Networks (SECUR) is part of a recommended learning path from Cisco Systems that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit

    This volume is in the Certification Self-Study Series offered by Cisco Press. Books in this series provide officially developed training solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.


    Table of contents

    1. Copyright
    2. About the Author
    3. Acknowledgments
    4. Foreword
    5. Preface
    6. Introduction
    7. Introduction to Network Security
      1. Objectives
      2. The Cisco SAFE Blueprint
      3. Network Attack Taxonomy
      4. Network Security Policy
      5. Cisco Network Security Products
      6. Cisco Management Software
      7. Management Protocols and Functions
      8. Network Address Translation and NAT Transversal
      9. Chapter Summary
      10. Chapter Review Questions
    8. Basic Cisco Router Security
      1. Cisco IOS Firewall Features
      2. Securing Cisco Router Installations
      3. Securing Cisco Router Administrative Access
      4. Introduction to AAA for Cisco Routers
      5. Configuring AAA for Cisco Perimeter Routers
      6. Troubleshooting AAA
      7. Chapter Summary
      8. Review of Cisco IOS Commands
      9. Chapter Review Questions
      10. Case Study
    9. Advanced AAA Security for Cisco Router Networks
      1. Cisco Secure ACS Introduction
      2. Installing Cisco Secure ACS 3.0 for Windows 2000/NT Servers
      3. Administering and Troubleshooting Cisco Secure ACS for Windows
      4. TACACS+ Overview
      5. RADIUS Overview
      6. Kerberos Overview
      7. Chapter Summary
      8. Cisco IOS Commands Presented in This Chapter
      9. Chapter Review Questions
      10. Case Study
    10. Cisco Router Threat Mitigation
      1. Using Routers to Secure the Network
      2. Securing Router Services and Interfaces
      3. Disabling Unused Router Interfaces
      4. Implementing Cisco Access Control Lists
      5. Mitigating Security Threats by Using ACLs
      6. Filtering Router Service Traffic
      7. Filtering Network Traffic
      8. DDoS Mitigation
      9. Sample Router Configuration
      10. Implementing Syslog Logging
      11. Designing Secure Management and Reporting for Enterprise Networks
      12. Using AutoSecure to Secure Cisco Routers
      13. Chapter Summary
      14. Cisco IOS Commands Presented in This Chapter
      15. Chapter Review Questions
      16. Case Study
    11. Cisco IOS Firewall Context-Based Access Control Configuration
      1. Cisco IOS Firewall Introduction
      2. Using CBAC to Protect Users from Attack
      3. Configuring CBAC
      4. Chapter Summary
      5. Cisco IOS Commands Presented in This Chapter
      6. Chapter Review Questions
      7. Case Study
    12. Cisco IOS Firewall Authentication Proxy
      1. Introduction to the Cisco IOS Firewall Authentication Proxy
      2. Configuring the AAA Server
      3. Configuring the Cisco IOS Firewall with an AAA Server
      4. Configuring the Authentication Proxy
      5. Testing and Verifying the Configuration
      6. Chapter Summary
      7. Cisco IOS Commands Presented in This Chapter
      8. Chapter Review Questions
      9. Case Study
    13. Cisco IOS Firewall Intrusion Detection System
      1. Cisco IOS IDS Introduction
      2. Configuring Cisco IOS IDS
      3. Chapter Summary
      4. Signatures Used By Cisco IOS IDS
      5. Cisco IOS Commands Presented in This Chapter
      6. Chapter Review Questions
      7. Case Study
    14. Building IPSec VPNs Using Cisco Routers and Pre-Shared Keys
      1. Cisco Routers Enable Secure VPNs
      2. What Is IPSec?
      3. IPSec Protocol Framework
      4. Five Steps of IPSec
      5. IPSec and Dynamic Virtual Private Networks
      6. Configuring IPSec for IKE Pre-Shared Keys
      7. Configuring IPSec Manually
      8. Configuring IPSec for RSA-Encrypted Nonces
      9. Using NAT with IPSec
      10. Chapter Summary
      11. Cisco IOS Commands Presented in This Chapter
      12. Chapter Review Questions
      13. Case Study
    15. Building Advanced IPSec VPNs Using Cisco Routers and Certificate Authorities
      1. Certificate Authorities
      2. Configuring CA Support Tasks
      3. Chapter Summary
      4. Cisco IOS Commands Presented in This Chapter
      5. Chapter Review Questions
      6. Case Study
    16. Configuring IOS Remote Access Using Cisco Easy VPN
      1. Cisco Easy VPN Introduction
      2. Cisco Easy VPN Server Overview
      3. Cisco Easy VPN Remote Overview
      4. Configuring Cisco Easy VPN Server for XAUTH
      5. RADIUS Authentication for Group Profiles
      6. Cisco VPN Client 3.5 Installation and Configuration Tasks
      7. Working with Cisco VPN Client 3.5
      8. Upcoming Cisco VPN Client Changes
      9. Chapter Summary
      10. Cisco IOS Commands Presented in This Chapter
      11. Chapter Review Questions
      12. Case Study
    17. Securing Cisco Routers Using Security Device Manager
      1. Understanding Security Device Manager
      2. Understanding SDM Software
      3. Using the SDM Startup Wizard
      4. Introducing the SDM User Interface
      5. Configuring a WAN Using the WAN Wizard
      6. Using SDM to Configure a Firewall
      7. Using SDM to Configure a VPN
      8. Using SDM to Perform Security Audits
      9. Using the Factory Reset Wizard
      10. Using SDM Advanced Mode
      11. Understanding Monitor Mode
      12. Chapter Summary
      13. Cisco IOS Commands Presented in This Chapter
      14. Chapter Review Questions
      15. Case Study
    18. Managing Enterprise VPN Routers
      1. Router MC 1.2.1 Introduction
      2. Installing Router MC
      3. Using Router MC
      4. Creating Workflows and Activities
      5. Configuring General Cisco IOS Firewall Settings
      6. Building Access Rules
      7. Using Building Blocks
      8. Network Address Translation Rules
      9. Managing Configurations
      10. Administration
      11. Chapter Summary
      12. Chapter Review Questions
      13. Case Study
    19. Case Study
      1. Introduction
      2. Requirements
      3. Solutions
    20. Answers to Chapter Review Questions
      1. Chapter 1
      2. Chapter 2
      3. Chapter 3
      4. Chapter 4
      5. Chapter 5
      6. Chapter 6
      7. Chapter 7
      8. Chapter 8
      9. Chapter 9
      10. Chapter 10
      11. Chapter 11
      12. Chapter 12
    21. Sample Network Security Policy
      1. Statement of Authority and Scope
      2. Vulnerability Audit Policy
      3. Network Use Policy
      4. Identification and Authentication Policy
      5. Internet Access Policy
      6. Campus Access Policy
      7. Remote Access Policy
      8. Incident-Handling Policy
    22. Configuring Standard and Extended Access Lists
      1. IP Addressing and General Access List Concepts
      2. Configuring Standard IP Access Lists
      3. Configuring Extended IP Access Lists
      4. Verifying Access List Configuration
      5. Named IP Access Lists
      6. Summary
      7. References
    23. Glossary
      1. A
      2. B
      3. C
      4. D
      5. E
      6. F - G
      7. H
      8. I
      9. J - L
      10. M
      11. N
      12. O - P
      13. Q - R
      14. S
      15. T
      16. U - W
    24. Index

    Product information

    • Title: CCSP Self-Study: Securing Cisco IOS Networks (SECUR)
    • Author(s): John F. Roland
    • Release date: April 2004
    • Publisher(s): Cisco Press
    • ISBN: 9781587051517