| 0 comments ]

Introduction

Add a note hereNetwork security is a complex and growing area of IT. As the premier provider of network security devices, Cisco Systems is committed to supporting this growing segment of the industry.

Add a note hereThis book teaches you how to design, configure, maintain, and audit network security. It focuses on using Cisco IOS routers for protecting the network by capitalizing on its advanced features as a perimeter router, as a firewall, as an intrusion prevention system, and as a VPN device. By the end of this book, you will be able to select and implement the appropriate Cisco IOS services required to build flexible and secure networks. This book also introduces you to the concept of endpoint security.

Add a note hereThis book provides you with the knowledge necessary to pass your CCNA Security certification because it provides in-depth information to help you prepare for the IINS exam. It also starts you on the path toward attaining your Cisco Certified Security Professional (CCSP) certification.

Add a note hereThe commands and configuration examples presented in this book are based on Cisco IOS Releases 12.3.

Add a note here Goals and Methods

Add a note here The most important and somewhat obvious goal of this book is to help you pass the IINS exam (640-553). In fact, if the primary objective of this book were different, the book’s title would be misleading; however, the methods used in this book to help you pass the CCNA Security exam are designed to also make you much more knowledgeable about how to do your job.

Add a note hereAlthough this book has more than enough questions to help you prepare for the actual exam, the method in which they are used is not to simply make you memorize as many questions and answers as you possibly can. One key methodology used in this book is to help you discover the exam topics that you need to review in more depth, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. So, this book does not try to help you pass by memorization, but helps you truly learn and understand the topics. The CCNA Security exam (640-553) is just one of the foundation topics in the CCSP certification, and the knowledge contained within is vitally important to consider yourself a truly skilled security specialist. This book would do you a disservice if it didn’t attempt to help you learn the material. To that end, the book will help you pass the CCNA Security exam by using the following methods:

  • Add a note hereHelping you discover which test topics you have not mastered

  • Add a note hereProviding explanations and information to fill in your knowledge gaps

  • Add a note hereProviding practice questions on the topics


How This Book Is Organized

Add a note hereAlthough this book could be read cover to cover, it is designed to be flexible and allow you to move between chapters. However, if you do intend to read every chapter, the order in the book is an excellent sequence to use. Chapters 1 to 7 cover the following topics:

  • Add a note here Chapter 1, “Introduction to Network Security Principles”: This chapter discusses how to develop a comprehensive network security policy to counter threats against information security. It also teaches you about possible threats and how to describe and implement the process of developing a security policy.

  • Add a note here Chapter 2, “Perimeter Security”: This chapter discusses the concept of perimeter security and covers more precisely the physical installation of and administrative access to Cisco routers, the use of Cisco Security Device Manager (SDM), the use of Cisco routers to perform authentication, authorization, and accounting (AAA), the secure implementation of the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), Network Time Protocol (NTP), and it examines how to secure a Cisco router with the Security Audit and One-Step Lockdown features of Cisco SDM.

  • Add a note here Chapter 3, “Network Security Using Cisco IOS Firewalls”: This chapter teaches you how to configure firewall features, including access control lists (ACL) and Cisco IOS zone-based policy firewalls to perform basic security operations on a network. It explains the operations of the different types of firewall technologies and especially the technology used by Cisco routers and Cisco security appliances. The chapter provides thorough explanations on how to create static packet filters using ACLs and how to configure a Cisco IOS zone-based policy firewall.

  • Add a note here Chapter 4, “Fundamentals of Cryptography”: This chapter introduces the concepts of cryptography and covers encryption, hashing, and digital signatures and how these techniques provide confidentiality, integrity, authenticity, and nonrepudiation. You will learn about algorithms, symmetric and asymmetrical encryption, digital signatures, and Public Key Infrastructure (PKI).

  • Add a note here Chapter 5, “Site-to-Site VPNs”: This chapter introduces the concepts of site-to-site virtual private networks (VPN) using Cisco IOS. It covers topics such as concepts, technologies, and terms that IP Security (IPsec) VPNs use, Site-to-site IPsec VPN configuration using the command-line interface (CLI), and using Cisco SDM.

  • Add a note here Chapter 6, “Network Security Using Cisco IOS IPS”: This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). It explains the underlying IDS and IPS technology embedded in the Cisco host- and network-based IDS and IPS solutions. Through this chapter, you will learn to configure Cisco IOS IPS using Cisco SDM.

  • Add a note here Chapter 7, “LAN, SAN, Voice, and Endpoint Security Overview”: This chapter focuses on several additional aspects of network security: LANs, storage-area networks (SAN), voice, and endpoints. This chapter emphasizes Layer 2 and host security to provide much more comprehensive coverage of the important issues involved in securing an enterprise. In this chapter, you learn about current endpoint protection methods, risks, and countermeasures for SANs security and for IP telephony. You will also read about how to protect your network against Layer 2 attacks.


640-553 IINS Exam Topics (Blueprint)

Exam Description

The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS) course.

Exam Topics

The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security (IINS) exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Describe the security threats facing modern network infrastructures

  • Describe and list mitigation methods for common network attacks

  • Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks

  • Describe the Cisco Self Defending Network architecture

Secure Cisco routers

  • Secure Cisco routers using the SDM Security Audit feature

  • Use the One-Step Lockdown feature in SDM to secure a Cisco router

  • Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements

  • Secure administrative access to Cisco routers by configuring multiple privilege levels

  • Secure administrative access to Cisco routers by configuring role based CLI

  • Secure the Cisco IOS image and configuration file

Implement AAA on Cisco routers using local router database and external ACS

  • Explain the functions and importance of AAA

  • Describe the features of TACACS+ and RADIUS AAA protocols

  • Configure AAA authentication

  • Configure AAA authorization

  • Configure AAA accounting

Mitigate threats to Cisco routers and networks using ACLs

  • Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets

  • Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI

  • Configure IP ACLs to prevent IP address spoofing using CLI

  • Discuss the caveats to be considered when building ACLs

Implement secure network management and reporting

  • Use CLI and SDM to configure SSH on Cisco routers to enable secured management access

  • Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Mitigate common Layer 2 attacks

  • Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

Implement the Cisco IOS firewall feature set using SDM

  • Describe the operational strengths and weaknesses of the different firewall technologies

  • Explain stateful firewall operations and the function of the state table

  • Implement Zone Based Firewall using SDM

Implement the Cisco IOS IPS feature set using SDM

  • Define network based vs. host based intrusion detection and prevention

  • Explain IPS technologies, attack responses, and monitoring options

  • Enable and verify Cisco IOS IPS operations using SDM

Implement site-to-site VPNs on Cisco Routers using SDM

  • Explain the different methods used in cryptography

  • Explain IKE protocol functionality and phases

  • Describe the building blocks of IPSec and the security functions it provides

  • Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM

0 comments

Post a Comment