O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CCSP SND Quick Reference

Book Description

CCSP SND Quick Reference (Digital Short Cut)

Brandon James Carroll

ISBN-10: 1-58705-503-1

ISBN-13: 978-158705-503-4

As a final exam preparation tool, the CCSP SND Quick Reference provides a concise review of all objectives on the new CCSP SND exam (642-552). This digital Short Cut provides you with detailed, graphical-based information, highlighting only the key topics in cram-style format.

With this document as your guide, you will review topics on securing network routers and switches with Cisco IOS features available through the CLI and web-based GUIs. These fact-filled Quick Reference Sheets allow you to get all-important information at a glance, helping you focus your study on areas of weakness and to enhance memory retention of essential exam concepts.

Table of Contents

Chapter 1 Introduction to Network Security Policies

Chapter 2 Securing the Perimeter

Chapter 3 Securing LAN and WLAN Devices

Chapter 4 Cisco IOS Firewall Configuration

Chapter 5 Securing Networks with Cisco IOS IPS

Chapter 6 Building IPsec VPNs

Table of Contents

  1. Copyright
  2. About the author
  3. About the Technical Editor
  4. 1. Introduction to Network Security Policies
    1. Requirements for a Network Security Policy
      1. Information Assurance
      2. Network Security Process
      3. Network Attack Mitigation
        1. Physical and Environmental Threat Mitigation
        2. Reconnaissance Attack Mitigation
        3. Access Attack Mitigation
        4. IP Spoofing Attack Mitigation
        5. Denial-of-Service Attack Mitigation
        6. Worms, Virus, and Trojan Horse Attack Mitigation
        7. Application Layer Attack Mitigation
      4. Developing a Secure Network Life Cycle Model
        1. Components of Security Design
        2. PDIOO
        3. Planning Phase
        4. Designing Phase
        5. Implementing Phase
        6. Operating Phase
        7. Optimizing Phase
      5. Developing a Comprehensive Security Policy
        1. Components of a Security Policy
      6. Building Cisco Self-Defending Networks
  5. 2. Securing the Perimeter
    1. Security Policy for Cisco Routers
      1. Securing Administrative Access
        1. Password-Creation Rules
        2. Configuration Dialog
        3. Console Port Password
        4. Enable Secret Password
        5. Vty Passwords
        6. Auxiliary Line Password
        7. Password Encryption
        8. Login Failure Rates
        9. Timeouts
        10. Privilege Levels
        11. Role-Based CLI
        12. Enhanced Virtual Login Support
      2. Cisco Security Device Manager
      3. Configuring AAA Functions
        1. Methods of Authentication
        2. Configuring AAA Authentication Login
        3. Configuring AAA Authentication for PPP
        4. Configuring AAA Authentication Enable
        5. Configuring AAA Authorization and Accounting
      4. Disabling Unused Network Services and Interfaces
  6. 3. Securing LAN and WLAN Devices
    1. Security Policies on Network Switches
      1. Access Modes and Password Protection
      2. Mitigating Layer 2 Attacks
        1. VLAN Hopping with Switch Spoofing
        2. VLAN Hopping with Double Tagging
          1. VLAN Hopping Mitigation
        3. Spanning Tree Protocol Manipulation
          1. Spanning Tree Protocol Manipulation Mitigation
        4. DHCP Snooping
          1. DHCP Spoofing Attack Mitigation with DHCP Snooping
        5. ARP Spoofing and Dynamic ARP Inspection
          1. Mitigating ARP Spoofing Attacks with DAI
        6. CAM Table Overflows
        7. MAC Spoofing
        8. Mitigating CAM Table Overflows and MAC Spoofing with Port Security
      3. Cisco Catalyst Switch Security Features
        1. IBNS
        2. VACLs
        3. Private VLANs
        4. MAC Address Notifications
        5. Rate Limiting
        6. SPAN
        7. SSHv2
        8. SNMPv3
  7. 4. Cisco IOS Firewall Configuration
    1. Firewall Technologies
      1. Static Packet filters
      2. Circuit Level
      3. Application Layer
      4. Stateful Packet Filters
      5. Cut-Through Proxy
      6. NAT/PAT
      7. Application Inspection
    2. Cisco ACLs
      1. Configuring ACLs
      2. Applying ACLs to Interfaces
      3. Optimizing ACLs with Turbo ACLs
      4. Working ACL Example
      5. ACL Gotchas and Caveats
    3. Cisco Security Device Manager Firewall Wizard
      1. SDM Firewall Wizard Selection
      2. Basic Firewalls
      3. Advanced Firewalls
      4. Inspection Rules
    4. Cisco Security Appliance Product Family
      1. Cisco IOS Firewall
      2. Cisco PIX 500 Series Security Appliance
      3. Cisco ASA 5500 Series Security Appliance
      4. Cisco FWSM
  8. 5. Securing Networks with Cisco IOS IPS
    1. IDS Versus IPS
      1. Types of IDS/IPS Sensors
      2. HIPS
      3. Types of Signatures
      4. Signature Definition Files
      5. Distributed Threat Mitigation
      6. Micro-Engines
      7. Alarms
      8. Security Device Event Exchange
    2. Configuring Cisco IOS IPS
      1. Using SDM to Configure IPS Rules
      2. IPS Policies Wizard
      3. Configuring Signatures
      4. Importing the Latest SDF
      5. Global Configuration
    3. Cisco IPS Product Family
      1. IPS Platforms
  9. 6. Building IPsec VPNs
    1. Overview of IPsec VPNs
      1. Encryption Keys and IKE
      2. Encapsulating Security Payload and Authentication Header
      3. MD5 and SHA-1
      4. Encryption Keys
      5. Diffie-Hellman
    2. Site-to-Site IPsec VPN Overview
    3. Configuring IPsec Site-to-Site VPNs Using Cisco SDM
    4. Remote-Access VPNs
      1. Easy VPN Server Configuration
      2. Easy VPN Remote
    5. The Cisco VPN Product Family