Home   FAQs   New Arrivals   Specials   Pricing & Shipping   Location   Corporate Services   Why Choose Bookware?  
 Search:   
Call our store: 9955 5567 (from within Sydney) or 1800 734 567 (from outside Sydney)
 View Cart   Check Out   
 
Browse by Subject
 TAFE Accounting
 TAFE I.T./Computing
 TAFE - Other
I.T
 .NET
 Windows 8
 Adobe CS6
 Cisco
 CCNA 2012
 CCNP 2012
 Java
 VB
 ASP
 Web Design
 E-Commerce
 Project Management
 ITIL
 Macintosh
 Mobile Devices
 Linux
 Windows Server 2012
 SQL Server 2012
 SAP
Certification
 MCITP
 MCTS
Economics and Business
 Accounting
 Business Information Systems
 Economics
 Finance
 Management
 Marketing
 TAX
 Human Resources
Academic
 Law
 Nursing
 Medical
 Psychology
 Engineering

CCNA Security 210-260 Official Cert Guide

by: Omar Santos

Notify me when in stock

On-line Price: $50.49 (includes GST)

package 0

31%Off Retail Price

You save: $22.00

This item is available to backorder. Usually ships within 7 - 10 working days

Retail Price: $72.49

Publisher: CISCO PRESS,16.11.15

Category: Cisco Level: B/I/A

ISBN: 1587205661
ISBN13: 9781587205668

Add to Shopping Cart

The CCNA Security 200-260 Official Cert Guide is a complete guide covering all the material presented in the CCNA Security 200-260 exam. It is meant to help network security professionals prepare for the CCNA Security certification exam and also improve their awareness and knowledge of network security. The book uses several key practices and methodologies to help the reader discover the exam topics for which they need more review. The goal is not to try to help the reader pass the exams only by memorization, but by truly learning and understanding the topics.

Introduction xxvi

Part I Fundamentals of Network Security

Chapter 1 Networking Security Concepts 3

"Do I Know This Already?" Quiz 3

Foundation Topics 6

Understanding Network and Information Security Basics 6


  Network Security Objectives 6


  Confidentiality, Integrity, and Availability 6


  Cost-Benefit Analysis of Security 7


  Classifying Assets 8


  Classifying Vulnerabilities 10


  Classifying Countermeasures 10


  What Do We Do with the Risk? 11

Recognizing Current Network Threats 12


  Potential Attackers 12


  Attack Methods 13


  Attack Vectors 14


  Man-in-the-Middle Attacks 14


  Other Miscellaneous Attack Methods 15

Applying Fundamental Security Principles to Network Design 16


  Guidelines 16


  Network Topologies 17


  Network Security for a Virtual Environment 20


  How It All Fits Together 22

Exam Preparation Tasks 23

Review All the Key Topics 23

Complete the Tables and Lists from Memory 23

Define Key Terms 23

Chapter 2 Common Security Threats 25

"Do I Know This Already?" Quiz 25

Foundation Topics 27

Network Security Threat Landscape 27

Distributed Denial-of-Service Attacks 27

Social Engineering Methods 28


  Social Engineering Tactics 29


  Defenses Against Social Engineering 29

Malware Identification Tools 30


  Methods Available for Malware Identification 30


  Data Loss and Exfiltration Methods 31

Summary 32

Exam Preparation Tasks 33

Review All the Key Topics 33

Complete the Tables and Lists from Memory 33

Define Key Terms 33

Part II Secure Access

Chapter 3 Implementing AAA in Cisco IOS 35

"Do I Know This Already?" Quiz 35

Foundation Topics 38

Cisco Secure ACS, RADIUS, and TACACS 38


  Why Use Cisco ACS? 38


  On What Platform Does ACS Run? 38


  What Is ISE? 39


  Protocols Used Between the ACS and the Router 39


  Protocol Choices Between the ACS Server and the Client (the Router) 40

Configuring Routers to Interoperate with an ACS Server 41

Configuring the ACS Server to Interoperate with a Router 51

Verifying and Troubleshooting Router-to-ACS Server Interactions 60

Exam Preparation Tasks 67

Review All the Key Topics 67

Complete the Tables and Lists from Memory 67

Define Key Terms 67

Command Reference to Check Your Memory 67

Chapter 4 Bring Your Own Device (BYOD) 71

"Do I Know This Already?" Quiz 71

Foundation Topics 73

Bring Your Own Device Fundamentals 73

BYOD Architecture Framework 74


  BYOD Solution Components 74

Mobile Device Management 76


  MDM Deployment Options 76


          On-Premise MDM Deployment 77


          Cloud-Based MDM Deployment 78

Exam Preparation Tasks 80

Review All the Key Topics 80

Complete the Tables and Lists from Memory 80

Define Key Terms 80

Part III Virtual Private Networks (VPN)

Chapter 5 Fundamentals of VPN Technology and Cryptography 83

"Do I Know This Already?" Quiz 83

Foundation Topics 87

Understanding VPNs and Why We Use Them 87


  What Is a VPN? 87


  Types of VPNs 88


          Two Main Types of VPNs 88


  Main Benefits of VPNs 89


          Confidentiality 89


          Data Integrity 90


          Authentication 90


          Antireplay Protection 90

Cryptography Basic Components 91


  Ciphers and Keys 91


          Ciphers 91


          Keys 92


  Block and Stream Ciphers 92


          Block Ciphers 92


          Stream Ciphers 92


  Symmetric and Asymmetric Algorithms 92


          Symmetric 93


          Asymmetric 93


  Hashes 94


  Hashed Message Authentication Code 95


  Digital Signatures 95


          Digital Signatures in Action 95


  Key Management 96


          Next-Generation Encryption Protocols 97


  IPsec and SSL 97


          IPsec 97


          SSL 98

Public Key Infrastructure 99


  Public and Private Key Pairs 99


  RSA Algorithm, the Keys, and Digital Certificates 99


          Who Has Keys and a Digital Certificate? 100


          How Two Parties Exchange Public Keys 100


          Creating a Digital Signature 100


  Certificate Authorities 100


  Root and Identity Certificates 101


          Root Certificate 101


          Identity Certificate 102


          Using the Digital Certificates to Get the Peer's Public Key 103


          X.500 and X.509v3 Certificates 103


  Authenticating and Enrolling with the CA 104


  Public Key Cryptography Standards 105


  Simple Certificate Enrollment Protocol 105


  Revoked Certificates 105


  Uses for Digital Certificates 106


  PKI Topologies 106


          Single Root CA 107


          Hierarchical CA with Subordinate CAs 107


          Cross-Certifying CAs 107

Putting the Pieces of PKI to Work 107


  ASA's Default Certificate 108


  Viewing the Certificates in ASDM 108


  Adding a New Root Certificate 109


  Easier Method for Installing Both Root and Identity Certificates 111

Exam Preparation Tasks 116

Review All the Key Topics 116

Complete the Tables and Lists from Memory 117

Define Key Terms 117

Command Reference to Check Your Memory 117

Chapter 6 Fundamentals of IP Security 119

"Do I Know This Already?" Quiz 119

Foundation Topics 122

IPsec Concepts, Components, and Operations 122


  The Goal of IPsec 122


  The Internet Key Exchange (IKE) Protocol 123


  The Play by Play for IPsec 124


          Step 1: Negotiate the IKEv1 Phase 1 Tunnel 124


          Step 2: Run the DH Key Exchange 125


          Step 3: Authenticate the Peer 126


          What About the User's Original Packet? 126


          Leveraging What They Have Already Built 126


          Now IPsec Can Protect the User's Packets 127


          Traffic Before IPsec 127


          Traffic After IPsec 127


  Summary of the IPsec Story 128

Configuring and Verifying IPsec 129


  Tools to Configure the Tunnels 129


  Start with a Plan 129


  Applying the Configuration 129


  Viewing the CLI Equivalent at the Router 137


  Completing and Verifying IPsec 139

Exam Preparation Tasks 146

Review All the Key Topics 146

Complete the Tables and Lists from Memory 146

Define Key Terms 146

Command Reference to Check Your Memory 147

Chapter 7 Implementing IPsec Site-to-Site VPNs 149

"Do I Know This Already?" Quiz 149

Foundation Topics 152

Planning and Preparing an IPsec Site-to-Site VPN 152


  Customer Needs 152


  Planning IKEv1 Phase 1 154


  Planning IKEv1 Phase 2 154

Implementing and Verifying an IPsec Site-to-Site VPN in Cisco IOS Devices 155


  Troubleshooting IPsec Site-to-Site VPNs in Cisco IOS 164

Implementing and Verifying an IPsec Site-to-Site VPN in Cisco ASA 179


  Troubleshooting IPsec Site-to-Site VPNs in Cisco ASA 193

Exam Preparation Tasks 199

Review All the Key Topics 199

Complete the Tables and Lists from Memory 199

Define Key Terms 199

Command Reference to Check Your Memory 199

Chapter 8 Implementing SSL VPNs Using Cisco ASA 203

"Do I Know This Already?" Quiz 203

Foundation Topics 206

Functions and Use of SSL for VPNs 206


  Is IPsec Out of the Picture? 206


  SSL and TLS Protocol Framework 207


  The Play by Play of SSL for VPNs 207


  SSL VPN Flavors 208

Configuring Clientless SSL VPNs on ASA 209


  Using the SSL VPN Wizard 209


  Digital Certificates 211


  Accessing the Connection Profile 211


  Authenticating Users 211


  Logging In 215


  Seeing the VPN Activity from the Server 217

Using the Cisco AnyConnect Secure Mobility Client 217


  Types of SSL VPNs 218


  Configuring the Cisco ASA to Terminate the Cisco AnyConnect Secure Mobility Client Connections 218


  Groups, Connection Profiles, and Defaults 225


  One Item with Three Different Names 226


  Split Tunneling 227

Troubleshooting SSL VPN 228


  Troubleshooting SSL Negotiations 228


  Troubleshooting AnyConnect Client Issues 228


          Initial Connectivity Issues 228


          Traffic-Specific Issues 230

Exam Preparation Tasks 231

Review All the Key Topics 231

Complete the Tables and Lists from Memory 231

Define Key Terms 231

Part IV Secure Routing and Switching

Chapter 9 Securing Layer 2 Technologies 233

"Do I Know This Already?" Quiz 233

Foundation Topics 236

VLAN and Trunking Fundamentals 236


  What Is a VLAN? 236


  Trunking with 802.1Q 238


  Following the Frame, Step by Step 239


  The Native VLAN on a Trunk 239


  So, What Do You Want to Be? (Asks the Port) 239


  Inter-VLAN Routing 240


  The Challenge of Using Physical Interfaces Only 240


  Using Virtual "Sub" Interfaces 240

Spanning-Tree Fundamentals 241


  Loops in Networks Are Usually Bad 241


  The Life of a Loop 241


  The Solution to the Layer 2 Loop 242


  STP Is Wary of New Ports 245


  Improving the Time Until Forwarding 245

Common Layer 2 Threats and How to Mitigate Them 246


  Disrupt the Bottom of the Wall, and the Top Is Disrupted, Too 246


  Layer 2 Best Practices 246


  Do Not Allow Negotiations 247


  Layer 2 Security Toolkit 248


  Specific Layer 2 Mitigation for CCNA Security 248


          BPDU Guard 248


          Root Guard 249


          Port Security 250

CDP and LLDP 251

DHCP Snooping 253

Dynamic ARP Inspection 254

Exam Preparation Tasks 257

Review All the Key Topics 257

Complete the Tables and Lists from Memory 258

Review the Port Security Video Included with This Book 258

Define Key Terms 258

Command Reference to Check Your Memory 258

Chapter 10 Network Foundation Protection 261

"Do I Know This Already?" Quiz 261

Foundation Topics 264

Using Network Foundation Protection to Secure Networks 264


  The Importance of the Network Infrastructure 264


  The Network Foundation Protection Framework 264


  Interdependence 265


  Implementing NFP 265

Understanding the Management Plane 266


  First Things First 266


  Best Practices for Securing the Management Plane 267

Understanding the Control Plane 268


  Best Practices for Securing the Control Plane 268

Understanding the Data Plane 270


  Best Practices for Protecting the Data Plane 271


  Additional Data Plane Protection Mechanisms 271

Exam Preparation Tasks 272

Review All the Key Topics 272

Complete the Tables and Lists from Memory 272

Define Key Terms 272

Chapter 11 Securing the Management Plane on Cisco IOS Devices 275

"Do I Know This Already?" Quiz 275

Foundation Topics 278

Securing Management Traffic 278


  What Is Management Traffic and the Management Plane? 278


  Beyond the Blue Rollover Cable 278


  Management Plane Best Practices 278


  Password Recommendations 281


  Using AAA to Verify Users 281


          AAA Components 282


          Options for Storing Usernames, Passwords, and Access Rules 282


          Authorizing VPN Users 283


          Router Access Authentication 284


          The AAA Method List 285


  Role-Based Access Control 286


          Custom Privilege Levels 287


          Limiting the Administrator by Assigning a View 287


  Encrypted Management Protocols 287


  Using Logging Files 288


  Understanding NTP 289


  Protecting Cisco IOS Files 289

Implementing Security Measures to Protect the Management Plane 290


  Implementing Strong Passwords 290


  User Authentication with AAA 292


  Using the CLI to Troubleshoot AAA for Cisco Routers 296


  RBAC Privilege Level/Parser View 301


  Implementing Parser Views 303


  SSH and HTTPS 305


  Implementing Logging Features 308


          Configuring Syslog Support 308


  SNMP Features 310


  Configuring NTP 313


  Secure Copy Protocol 315


  Securing the Cisco IOS Image and Configuration Files 315

Exam Preparation Tasks 317

Review All the Key Topics 317

Complete the Tables and Lists from Memory 318

Define Key Terms 318

Command Reference to Check Your Memory 318

Chapter 12 Securing the Data Plane in IPv6 321

"Do I Know This Already?" Quiz 321

Foundation Topics 324

Understanding and Configuring IPv6 324


  Why IPv6? 324


  The Format of an IPv6 Address 325


          Understanding the Shortcuts 327


          Did We Get an Extra Address? 327


          IPv6 Address Types 327

Configuring IPv6 Routing 330


  Moving to IPv6 331

Developing a Security Plan for IPv6 332


  Best Practices Common to Both IPv4 and IPv6 332


  Threats Common to Both IPv4 and IPv6 333


  The Focus on IPv6 Security 334


  New Potential Risks with IPv6 334


  IPv6 Best Practices 336


  IPv6 Access Control Lists 337

Exam Preparation Tasks 338

Review All the Key Topics 338

Complete the Tables and Lists from Memory 338

Define Key Terms 338

Command Reference to Check Your Memory 338

Chapter 13 Securing Routing Protocols and the Control Plane 341

"Do I Know This Already?" Quiz 341

Foundation Topics 344

Securing the Control Plane 344


  Minimizing the Impact of Control Plane Traffic on the CPU 344

Control Plane Policing 346


  Control Plane Protection 348

Securing Routing Protocols 348


  Implement Routing Update Authentication on OSPF 348


  Implement Routing Update Authentication on EIGRP 349


  Implement Routing Update Authentication on RIP 350


  Implement Routing Update Authentication on BGP 351

Exam Preparation Tasks 353

Review All the Key Topics 353

Complete the Tables and Lists from Memory 353

Define Key Terms 353

Part V Cisco Firewall Technologies and Intrusion Prevention System Technologies

Chapter 14 Understanding Firewall Fundamentals 355

"Do I Know This Already?" Quiz 355

Foundation Topics 358

Firewall Concepts and Technologies 358


  Firewall Technologies 358


  Objectives of a Good Firewall 358


  Firewall Justifications 359


  The Defense-in-Depth Approach 360


  Firewall Methodologies 361


          Static Packet Filtering 362


          Application Layer Gateway 363


          Stateful Packet Filtering 363


          Application Inspection 364


          Transparent Firewalls 365


          Next-Generation Firewalls 365

Using Network Address Translation 366


  NAT Is About Hiding or Changing the Truth About Source Addresses 366


  Inside, Outside, Local, Global 367


  Port Address Translation 368


  NAT Options 369

Creating and Deploying Firewalls 370


  Firewall Technologies 370


  Firewall Design Considerations 370


  Firewall Access Rules 371


  Packet-Filtering Access Rule Structure 372


  Firewall Rule Design Guidelines 372


  Rule Implementation Consistency 373

Exam Preparation Tasks 375

Review All the Key Topics 375

Complete the Tables and Lists from Memory 375

Define Key Terms 375

Chapter 15 Implementing Cisco IOS Zone-Based Firewalls 377

"Do I Know This Already?" Quiz 377

Foundation Topics 379

Cisco IOS Zone-Based Firewalls 379


  How Zone-Based Firewall Operates 379


  Specific Features of Zone-Based Firewalls 379


  Zones and Why We Need Pairs of Them 380


  Putting the Pieces Together 381


  Service Policies 382


  The Self Zone 384

Configuring and Verifying Cisco IOS Zone-Based Firewalls 385


  First Things First 385


  Using CCP to Configure the Firewall 386


  Verifying the Firewall 399


  Verifying the Configuration from the Command Line 400


  Implementing NAT in Addition to ZBF 404


  Verifying Whether NAT Is Working 407

Exam Preparation Tasks 409

Review All the Key Topics 409

Complete the Tables and Lists from Memory 409

Define Key Terms 409

Command Reference to Check Your Memory 409

Chapter 16 Configuring Basic Firewall Policies on Cisco ASA 413

"Do I Know This Already?" Quiz 413

Foundation Topics 416

The ASA Appliance Family and Features 416


  Meet the ASA Family 416


  ASA Features and Services 417

ASA Firewall Fundamentals 419


  ASA Security Levels 419


  The Default Flow of Traffic 420


  Tools to Manage the ASA 422


  Initial Access 422


  Packet Filtering on the ASA 422


  Implementing a Packet-Filtering ACL 423


  Modular Policy Framework 424


  Where to Apply a Policy 425

Configuring the ASA 425


  Beginning the Configuration 425


  Getting to the ASDM GUI 433


  Configuring the Interfaces 435


  IP Addresses for Clients 443


  Basic Routing to the Internet 444


  NAT and PAT 445


  Permitting Additional Access Through the Firewall 447


  Using Packet Tracer to Verify Which Packets Are Allowed 449


  Verifying the Policy of No Telnet 453

Exam Preparation Tasks 454

Review All the Key Topics 454

Complete the Tables and Lists from Memory 454

Define Key Terms 454

Command Reference to Check Your Memory 455

Chapter 17 Cisco IDS/IPS Fundamentals 457

"Do I Know This Already?" Quiz 457

Foundation Topics 460

IPS Versus IDS 460


  What Sensors Do 460


  Difference Between IPS and IDS 460


  Sensor Platforms 462


  True/False Negatives/Positives 463


  Positive/Negative Terminology 463

Identifying Malicious Traffic on the Network 463


  Signature-Based IPS/IDS 464


  Policy-Based IPS/IDS 464


  Anomaly-Based IPS/IDS 464


  Reputation-Based IPS/IDS 464


  When Sensors Detect Malicious Traffic 465


  Controlling Which Actions the Sensors Should Take 467


  Implementing Actions Based on the Risk Rating 468


  Circumventing an IPS/IDS 468

Managing Signatures 469


  Signature or Severity Levels 470

Monitoring and Managing Alarms and Alerts 471


  Security Intelligence 471


  IPS/IDS Best Practices 472

Cisco Next-Generation IPS Solutions 472

Exam Preparation Tasks 474

Review All the Key Topics 474

Complete the Tables and Lists from Memory 474

Define Key Terms 474

Part VI Content and Endpoint Security

Chapter 18 Mitigation Technologies for E-mail-Based and Web-Based Threats 477

"Do I Know This Already?" Quiz 477

Foundation Topics 479

Mitigation Technology for E-mail-Based Threats 479


  E-mail-Based Threats 479


  Cisco Cloud E-mail Security 479


  Cisco Hybrid E-mail Security 480


  Cisco E-mail Security Appliance 480


  Cisco ESA Initial Configuration 483

Mitigation Technology for Web-Based Threats 486


  Cisco CWS 486


  Cisco WSA 487

Cisco Content Security Management Appliance 491

Exam Preparation Tasks 493

Review All the Key Topics 493

Complete the Tables and Lists from Memory 493

Define Key Terms 493

Command Reference to Check Your Memory 493

Chapter 19 Mitigation Technologies for Endpoint Threats 495

"Do I Know This Already?" Quiz 495

Foundation Topics 497

Antivirus and Antimalware Solutions 497

Personal Firewalls and Host Intrusion Prevention Systems 498

Advanced Malware Protection for Endpoints 499

Hardware and Software Encryption of Endpoint Data 500


  E-mail Encryption 500


  Encrypting Endpoint Data at Rest 501


  Virtual Private Networks 501

Exam Preparation Tasks 503

Review All the Key Topics 503

Complete the Tables and Lists from Memory 503

Define Key Terms 503

Part VII Final Preparation

Chapter 20 Final Preparation 505

Tools for Final Preparation 505

Exam Engine and Questions on the CD 505


  Install the Exam Engine 505


  Activate and Download the Practice Exam 506


  Activating Other Exams 506


  Premium Edition 506

The Cisco Learning Network 507

Memory Tables 507

Chapter-Ending Review Tools 507

Study Plan 507

Recall the Facts 507

Practice Configurations 508

Using the Exam Engine 508

Part VIII Appendixes

Appendix A Answers to the "Do I Know This Already?" Quizzes 511

Appendix B CCNA Security 210-260 (IINS) Exam Updates 517

Glossary 521

On the CD

Glossary

Appendix C Memory Tables

Appendix D Memory Tables Answer Key

Appendix E Study Planner