Network Security 1 and 2 Companion Guide

Antoon Rufi

  • 出版商: Cisco Press
  • 出版日期: 2006-10-15
  • 定價: $2,600
  • 售價: 1.5$399
  • 語言: 英文
  • 頁數: 840
  • 裝訂: Hardcover
  • ISBN: 1587131625
  • ISBN-13: 9781587131622
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 3)




The completely revised, updated and only authorized textbook for the Cisco Networking Academy Program Network Security 1 and 2 course

  • A portable reference that supports the topics in the Cisco Networking Academy Network Security course aligning 1:1 with course modules
  • Features improved readability, enhanced topic explanations, real-world examples, and all-new graphical presentations
  • Written by leading Academy instructor, Antoon Rufi, who bring a fresh voice to the course material 
Network Security 1 and 2 Companion Guide is the official supplemental textbook for version 2 of the Network Security 1 and 2 course of the Cisco Networking Academy Program. Completely revised and updated with new examples and explanations, this textbook includes original material developed by the author, yet it fully aligns with the Network Security curriculum. Written by an experienced author who presents material in a comprehensive manner--using his own voice and own examples--this new edition augments student understanding of course material. The new edition incorporates improved features to aid instructors and enhance student comprehension. For example, chapters align with course modules in both name and number, and chapter objectives are stated as questions to encourage students to think about and find answers as they read chapters. End-of-chapter questions and summaries align with chapter objectives to emphasize key topics, while key terms are listed in each chapter opener in the order of occurrence to alert students to upcoming vocabulary words. In addition, new features include "How To" quick references for step-by-step tasks; real-world examples and all-new illustrations; concise explanations with a focus on word usage and sentence structure for improved readability; and correlations to the CCNA exam in Chapter Objectives, Check Your Understanding questions, and new Challenge Activities.

Table of Contents

Course 1

Chapter 1          Vulnerabilities, Threats, and Attacks  

            Key Terms  

            Introduction to Network Security  

                         The Need for Network Security  

                         Identifying Potential Risks to Network Security  

                         Open Versus Closed Security Models  

                         Trends Driving Network Security  

                         Information Security Organizations  

            Introduction to Vulnerabilities, Threats, and Attacks  




            Attack Examples  

                         Reconnaissance Attacks  

                         Access Attacks  

                         Denial-of-Service (DoS) Attacks  

                         Masquerade/IP Spoofing Attacks  

                         Distributed Denial-of-Service Attacks  

                         Malicious Code  

            Vulnerability Analysis  

                         Policy Identification  

                         Network Analysis  

                         Host Analysis  

                         Analysis Tools  


            Check Your Understanding  

Chapter 2          Security Planning and Policy  

            Key Terms  

            Discussing Network Security and Cisco  

                         The Security Wheel  

                         Network Security Policy  

            Endpoint Protection and Management  

                         Host- and Server-Based Security Components and Technologies  

                         PC Management  

            Network Protection and Management   

                         Network-Based Security Components and Technologies  

                         Network Security Management  

            Security Architecture  

                         Security Architecture (SAFE)  

                         The Cisco Self-Defending Network  

                         Secure Connectivity  

                         Threat Defense  

                         Cisco Integrated Security  

                         Plan, Design, Implement, Operate, Optimize (PDIOO)  

            Basic Router Security  

                         Control Access to Network Devices  

                         Remote Configuration Using SSH  

                         Router Passwords  

                         Router Privileges and Accounts  

                         Cisco IOS Network Services  

                         Routing, Proxy ARP, and ICMP  

                         Routing Protocol Authentication and Update Filtering  

                         NTP, SNMP, Router Name, DNS   


            Check Your Understanding  

Chapter 3          Security Devices  

            Device Options  

                         Cisco IOS Firewall Feature Set  

                         Creating a Customized Firewall  

                         PIX Security Appliance  

                         Adaptive Security Appliance  

                         Finesse Operating System  

                         The Adaptive Security Algorithm  

                         Firewall Services Module  

            Using Security Device Manager  

                         Using the SDM Startup Wizard  

                         SDM User Interface  

                         SDM Wizards  

                         Using SDM to Configure a WAN  

                         Using the Factory Reset Wizard  

                         Monitor Mode  

            Introduction to the Cisco Security Appliance Family  

                         PIX 501 Security Appliance  

                         PIX 506E Security Appliance  

                         PIX 515E Security Appliance  

                         PIX 525 Security Appliance  

                         PIX 535 Security Appliance  

                         Adaptive Security Appliance Models  

                         PIX Security Appliance Licensing  

                         PIX VPN Encryption License  

                         Security Contexts   

                         PIX Security Appliance Context Licensing   

                         ASA Security Appliance Licensing   

                         Expanding the Features of the PIX 515E  

                         Expanding the Features of the PIX 525   

                         Expanding the Features of the PIX 535  

                         Expanding the Features of the Adaptive Security Appliance Family  

            Getting Started with the PIX Security Appliance  

                         Configuring the PIX Security Appliance  

                         The help Command  

                         Security Levels  

                         Basic PIX Security Appliance Configuration Commands  

                         Additional PIX Security Appliance Configuration Commands  

                         Examining the PIX Security Appliance Status  

                         Time Setting and NTP Support  

                         Syslog Configuration  

            Security Appliance Translations and Connections  

                         Transport Protocols  


                         Dynamic Inside NAT  

                         Two Interfaces with NAT  

                         Three Interfaces with NAT  


                         Augmenting a Global Pool with PAT  

                         The static Command  

                         The nat 0 Command  

                         Connections and Translations  

            Manage a PIX Security Appliance with Adaptive Security Device Manager  

                         ASDM Operating Requirements  

                         Prepare for ASDM  

                         Using ASDM to Configure the PIX Security Appliance  

            PIX Security Appliance Routing Capabilities  

                         Virtual LANs  

                         Static and RIP Routing   


                         Multicast Routing  

            Firewall Services Module Operation  

                         FWSM Requirements  

                         Getting Started with the FWSM  

                         Verify FWSM Installation  

                         Configure the FWSM Access Lists  

                         Using PDM with the FWSM  

                         Resetting and Rebooting the FWSM  


            Check Your Understanding  

Chapter 4          Trust and Identity Technology  

            Key Terms  




                         Comparing TACACS+ and RADIUS  

            Authentication Technologies  

                         Static Passwords  

                         One-Time Passwords   

                         Token Cards  

                         Token Card and Server Methods  

                         Digital Certificates  


            Identity Based Networking Services (IBNS)  


            Wired and Wireless Implementations  

            Network Admission Control (NAC)  

                         NAC Components  

                         NAC Phases  

                         NAC Operation  

                         NAC Vendor Participation  


            Check Your Understanding  

Chapter 5          Cisco Secure Access Control Server  

            Key Terms  

            Cisco Secure Access Control Server Product Overview  

                         Authentication and User Databases  

                         The Cisco Secure ACS User Database  

                         Keeping Databases Current  

                         Cisco Secure ACS for Windows Architecture  

                         How Cisco Secure ACS Authenticates Users  

                         User-Changeable Passwords  

                Configuring RADIUS and TACACS+ with Cisco Secure ACS  

                         Installation Steps  

                         Administering Cisco Secure ACS for Windows  


            Enabling TACACS+  

            Verifying TACACS+  



            Configuring RADIUS  


            Check Your Understanding  

Chapter 6          Configure Trust and Identity at Layer 3  

            Key Terms  

            Cisco IOS Firewall Authentication Proxy  

                         Authentication Proxy Operation  

                         Supported AAA Servers    

                         AAA Server Configuration   

                         AAA Configuration  

                         Allow AAA Traffic to the Router  

                         Authentication Proxy Configuration  

                         Test and Verify Authentication Proxy  

            Introduction to PIX Security Appliance AAA Features  

                         PIX Security Appliance Authentication  

                         PIX Security Appliance Authorization  

                         PIX Security Appliance Accounting  

                         AAA Server Support  

            Configure AAA on the PIX Security Appliance   

                         PIX Security Appliance Access Authentication  

                         Interactive User Authentication  

                         The Local User Database  

                         Authentication Prompts and Timeout  

                         Cut-Through Proxy Authentication  

                         Authentication of Non-Telnet, -FTP, or -HTTP Traffic  

                         Tunnel User Authentication  

                         Authorization Configuration  

                         Downloadable ACLs  

                         Accounting Configuration  

                         Console Session Accounting   

                         Command Accounting   

                         Troubleshooting the AAA Configuration  


            Check Your Understanding  

Chapter 7          Configure Trust and Identity at Layer 2  

            Key Terms  

            Identity Based Networking Services (IBNS)  

                         Features and Benefits  

                         IEEE 802.1x  

                         Selecting the Correct EAP  

                         Cisco LEAP   

                         IBNS and Cisco Secure ACS  

                         ACS Deployment Considerations  

                         Cisco Secure ACS RADIUS Profile Configuration  

            Configuring 802.1x Port-Based Authentication  

                         Enabling 802.1x Authentication  

                         Configuring the Switch-to-RADIUS Server Communication  

                         Enabling Periodic Reauthentication  

                         Manually Reauthenticating a Client Connected to a Port  

                         Enabling Multiple Hosts  

                         Resetting the 802.1x Configuration to the Default Values  

                         Displaying 802.1x Statistics and Status  


            Check Your Understanding  3

Chapter 8          Configure Filtering on a Router  

            Key Terms  

            Filtering and Access Lists  

                         Packet Filtering  

                         Stateful Filtering  

                         URL Filtering  

            Cisco IOS Firewall Context-Based Access Control  

                         CBAC Packets  

                         Cisco IOS ACLs  

                         How CBAC Works  

                         CBAC-Supported Protocols  

            Configuring Cisco IOS Firewall Context-Based Access Control  

                         CBAC Configuration Tasks  

                         Prepare for CBAC  

                         Setting Audit Trails and Alerts  

                         Setting Global Timeouts  

                         Setting Global Thresholds  

                         Half-Open Connection Limits by Host  

                         System-Defined Port-to-Application Mapping  

                         User-Defined PAM  

                         Defining Inspection Rules for Applications  

                         Defining Inspection Rules for IP Fragmentation  

                         Defining Inspection Rules for ICMP  

                         Applying Inspection Rules and ACLs to Interfaces  

                         Testing and Verifying CBAC  

                         Configuring a Cisco IOS Firewall Using SDM  


            Check Your Understanding  

Chapter 9          Configure Filtering on a PIX Security Appliance  

            Key Terms  

            Configuring ACLs and Content Filters  

                         PIX Security Appliance ACLs  

                         Configuring ACLs  

                         ACL Line Numbers  

                         The icmp Command  

                         nat 0 ACLs  

                         Turbo ACLs  

                         Using ACLs  

                         Malicious Code Filtering   

                         URL Filtering  

            Object Grouping  

                         Getting Started with Object Groups