You are previewing CCIE Practical Studies: Security (CCIE Self-Study).
O'Reilly logo
CCIE Practical Studies: Security (CCIE Self-Study)

Book Description

Hands-on preparation for the CCIE Security lab exam

  • Prepare for the CCIE Security lab exam with comprehensive practice lab scenarios designed to test your readiness to take the actual exam

  • Enhance your network security deployment skills by examining the wealth of case studies and lessons in each chapter

  • Understand the security capabilities of Cisco IOS Software and Catalyst 3550 switches, VLANs, and IP addressing

  • Configure ATM, Frame Relay, and ISDN connectivity

  • Evaluate the common security problems associated with IP routing, including coverage of RIP, EIGRP, OSPF, IS-IS, and BGP routing protocols

  • Examine security practices for Cisco devices that can be utilized to increase security on the network, including access lists, IP services, and Cisco IOS Software and CatOS security

  • Learn how to implement AAA, basic and advanced VPNs, and VPDNs

  • Discover effective deployment techniques for the Cisco PIX and IOS Firewalls

  • Learn the steps necessary to deploy IDS on the PIX Firewall and Cisco IOS Software

  • CCIE Practical Studies: Security leads you through the requirements of the CCIE Security one-day lab exam by providing practical lab exercises designed to model complex security solutions. These lab scenarios help you to master the broad scope of technologies needed to succeed on the CCIE Security lab exam and provide you with a solid foundation of knowledge that you can apply to your everyday job as a network security expert.

    Serving the dual role of expert-level network security reference and CCIE Security lab exam preparation tool, CCIE Practical Studies: Security begins with a review of routing and switching fundamentals and builds upon this foundation with more advanced requirements of modern network security technology. Each chapter contains technology overviews coupled with mini-lab scenarios that demonstrate practical application of the technology. The book concludes with a final chapter containing complete lab scenarios that integrate the concepts and technologies covered in all the earlier chapters. These comprehensive labs mimic the types of scenarios candidates face on the actual one-day lab exam.

    CCIE Practical Studies: Security is part of a recommended study program from Cisco Systems that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

    "Working through lab activities and practice with show commands and debugs will better prepare the exam candidate to implement and troubleshoot solutions efficiently and successfully."

    -Kathe Saccenti, co-developer of the CCIE Security exam, Cisco Systems, Inc.

    Companion CD-ROM

    CD-ROM contains the solutions to the 8 complete lab scenarios in the book.

    This book is part of the Cisco Press Practical Studies Series, which offers readers a means to apply theoretical knowledge through hands-on lab scenarios. This unique approach enables readers to practice and hone their internetworking skills while preparing for Cisco certification exams.

    Table of Contents

    1. Copyright
    2. About the Authors
    3. Acknowledgments
    4. Foreword
    5. Introduction
    6. Command Syntax Conventions
    7. Device Icons Used in the Figures
    8. The CCIE Program and Your Lab Environment
      1. The CCIE Security Program
        1. The Cisco CCIE Program
        2. The CCIE Security Exam
        3. Summary
      2. Building a CCIE Mind-Set
        1. What It Takes to Become a CCIE
        2. Developing Proper Study Habits
        3. Lab Experience Versus Real-World Experience
        4. Summary
      3. Building the Test Laboratory
        1. Study Time on a Lab
        2. Planning Your Home Lab
        3. Designing Your Practice Lab for This Book
        4. Summary
    9. Connectivity
      1. Layer 2 and Layer 3 Switching and LAN Connectivity
        1. Catalyst Operating System
        2. Switching Overview
        3. Spanning Tree Overview
        4. Layer 3 Switching Overview
        5. Virtual LAN Overview
        6. VLAN Trunking Protocol Overview
        7. Switch Interface Overview
        8. EtherChannel Overview
        9. Optional Configuration Items
        10. Switched Port Analyzer Overview
        11. Basic Catalyst 3550 Switch Configuration
        12. Summary
        13. Review Questions
        14. FAQs
      2. Frame Relay Connectivity
        1. Frame Relay Overview
        2. Frame Relay Devices
        3. Frame Relay Topologies
        4. Frame Relay Virtual Circuits
        5. Frame Relay Signaling
        6. Network-to-Network Interface
        7. User-Network Interface
        8. Congestion-Control Mechanisms
        9. Configuring Frame Relay
        10. Creating a Broadcast Queue for an Interface
        11. Transparent Bridging and Frame Relay
        12. Configuring a Backup Interface for a Subinterface
        13. TCP/IP Header Compression
        14. Troubleshooting Frame Relay Connectivity
        15. Summary
        16. Review Questions
        17. FAQs
      3. ISDN Connectivity
        1. ISDN Overview
        2. Point-to-Point Protocol (PPP) Overview
        3. Dial-on-Demand Routing (DDR) Overview
        4. Configuring ISDN
        5. Summary
        6. Review Questions
        7. FAQs
      4. ATM Connectivity
        1. ATM Overview
        2. Configuring ATM
        3. Summary
        4. Review Questions
        5. FAQs
    10. IP Routing
      1. RIP
        1. RIP Structure
        2. Configuring RIP
        3. Summary
        4. Review Questions
        5. FAQs
      2. EIGRP
        1. An EIGRP Overview
        2. Configuring EIGRP
        3. EIGRP Building Blocks
        4. Configuring EIGRP Options
        5. Troubleshooting EIGRP
        6. Summary
        7. Review Questions
        8. FAQs
      3. OSPF
        1. Configuring OSPF
        2. Monitoring and Maintaining OSPF
        3. Summary
        4. Review Questions
        5. FAQs
      4. IS-IS
        1. Integrated IS-IS Overview
        2. Configuring IS-IS
        3. IS-IS Building Blocks
        4. The IS-IS State Machine
        5. Pseudonodes
        6. IS-IS Addressing
        7. Limiting LSP Flooding
        8. Generating a Default Route
        9. Route Redistribution
        10. Setting IS-IS Optional Parameters
        11. Configuring IS-IS Authentication
        12. Using show and debug Commands
        13. Summary
        14. Review Questions
        15. FAQs
      5. BGP
        1. Understanding BGP Concepts
        2. Configuring BGP
        3. Summary
        4. Review Questions
        5. FAQ
      6. Redistribution
        1. Metrics
        2. Administrative Distance
        3. Classless and Classful Capabilities
        4. Avoiding Problems Due to Redistribution
        5. Configuring Redistribution of Routing Information
        6. Summary
        7. Review Questions
        8. FAQs
    11. Security Practices
      1. Security Primer
        1. Important Security Acronyms
        2. White Hats Versus Black Hats
        3. Cisco Security Implementations
        4. VPN Overview
        5. AAA Overview
        6. IDS Fundamentals
        7. Summary
        8. Review Questions
        9. FAQs
      2. Basic Cisco IOS Software and Catalyst 3550 Series Security
        1. Cisco IOS Software Security
        2. Basic IOS Security Configuration
        3. Catalyst 3550 Security
        4. Summary
        5. Review Questions
        6. FAQs
      3. Access Control Lists
        1. Overview of Access Control Lists
        2. ACLs on the IOS Router and the Catalyst 3550 Switch
        3. Time-of-Day ACLs
        4. Lock-and-Key ACLs
        5. Reflexive ACLs
        6. Router ACLs
        7. Port ACLs
        8. Fragmented and Unfragmented Traffic
        9. Logging ACLs
        10. Defining ACLs
        11. Maintaining ACLs
        12. Unsupported Features on the Catalyst 3550 Switch
        13. Summary
        14. Review Questions
        15. FAQs
      4. IP Services
        1. Managing IP Connections
        2. MTU Packet Size
        3. Filtering IP Packets Using Access Lists
        4. Hot Standby Router Protocol Overview
        5. IP Accounting Overview
        6. Configuring TCP Performance Parameters
        7. Configuring the MultiNode Load Balancing (MNLB) Forwarding Agent
        8. Network Address Translation Overview
        9. Configuring IP Services
        10. Monitoring and Maintaining IP Services
        11. Summary
        12. Review Questions
        13. FAQs
    12. Authentication and Virtual Private Networks
      1. AAA Services
        1. TACACS+ Versus RADIUS
        2. Configuring AAA
        3. Summary
        4. Review Questions
        5. FAQs
      2. Virtual Private Networks
        1. Virtual Private Network (VPN) Overview
        2. IPSec Overview
        3. Tunnel and Transport Modes
        4. IPSec Operation
        5. Configuring IPSec in Cisco IOS Software and PIX Firewalls
        6. Certificate Authority (CA) Support
        7. Summary
        8. Review Questions
        9. FAQs
      3. Advanced Virtual Private Networks
        1. Issues with Conventional IPSec VPNs
        2. Configuring Advanced VPNs
        3. Summary
        4. Review Questions
        5. FAQs
      4. Virtual Private Dialup Networks
        1. L2F and L2TP Overview
        2. VPDN Process Overview
        3. PPTP Overview
        4. Configuring VPDNs
        5. Summary
        6. Review Questions
        7. FAQs
    13. Firewalls
      1. Cisco IOS Firewall
        1. Creating a Customized Firewall
        2. Configuring TCP Intercept
        3. CBAC Overview
        4. Port-to-Application Mapping (PAM)
        5. Summary
        6. Review Questions
        7. FAQs
      2. Cisco PIX Firewall
        1. Security Levels and Address Translation
        2. TCP and UDP
        3. Configuring a Cisco PIX Firewall
        4. Summary
        5. Review Questions
        6. FAQs
    14. Intrusion Detection
      1. IDS on the Cisco PIX Firewall and IOS Software
        1. Cisco IOS Software Intrusion Detection
        2. Cisco PIX Firewall Intrusion Detection
        3. Cisco IOS Software and PIX IDS Signatures
        4. Configuring Cisco IDS
        5. Summary
        6. Review Questions
        7. FAQs
      2. Internet Service Provider Security Services
        1. Preventing Denial-of-Service Attacks
        2. Layer 2 VPN (L2VPN)
        3. Configuring ISP Services
        4. Summary
        5. Review Questions
        6. FAQs
    15. Sample Lab Scenarios
      1. Sample Lab Scenarios
        1. Practice Lab Format
        2. How the Master Lab Compares to the CCIE Security Lab Exam
        3. CCIE Practice Lab 1: Building Layer 2
        4. CCIE Practice Lab 2: Routing
        5. CCIE Practice Lab 3: Configuring Protocol Redistribution and Dial Backup
        6. CCIE Practice Lab 4: Configuring Basic Security
        7. CCIE Practice Lab 5: Dial and Application Security
        8. CCIE Practice Lab 6: Configuring Advanced Security Features
        9. CCIE Practice Lab 7: Service Provider
        10. CCIE Practice Lab 8: All-Inclusive Master Lab
        11. Summary
    16. Appendixes
      1. Basic UNIX Security
        1. Installing Solaris
        2. Applying Patches
        3. Securing Network Services
        4. Securing Your Startup Scripts
        5. Enabling Logging
        6. Performing Optional Security Tasks
        7. Summary
      2. Basic Windows Security
        1. Installing the OS
        2. Securing Network Services
        3. Checklist for Enabling Baseline Security
        4. Applying Patches
        5. Enabling Auditing and Logging
        6. File Systems
        7. Summary
      3. ISDN Error Codes and Debugging Reference
        1. ISDN Switch Types
        2. ISDN Cause Code Fields
        3. ISDN Cause Values
        4. ISDN Bearer Capability Values
        5. ISDN Progress Field Values
        6. Summary
      4. Password Recovery on Cisco IOS, CatalystOS, and PIX
        1. The Software Configuration Register
        2. The Break Sequence
        3. Using the Software Configuration Register for Password Recovery
        4. Renaming Software to Recover a Password
        5. Replacing Software to Recover a Password
        6. Password Recovery Through Resetting the Device
        7. Using Hardware Settings to Recover a Password
        8. Password Recovery on the Cisco Secure IDS Sensor
        9. Password Recovery on the Cisco Secure PIX Firewall
        10. Password Recovery for ACS on UNIX
        11. Password Recovery for ACS on NT
        12. Password Recovery on VPN Concentrators
        13. How to Simulate a Break Key Sequence
        14. Summary
      5. Security-Related RFCs and Publications
        1. Requests for Comments
        2. Publications
        3. White Papers
      6. Answers to the Review Questions
        1. Chapter 4
        2. Chapter 5
        3. Chapter 6
        4. Chapter 7
        5. Chapter 8
        6. Chapter 9
        7. Chapter 10
        8. Chapter 11
        9. Chapter 12
        10. Chapter 13
        11. Chapter 14
        12. Chapter 15
        13. Chapter 16
        14. Chapter 17
        15. Chapter 18
        16. Chapter 19
        17. Chapter 20
        18. Chapter 21
        19. Chapter 22
        20. Chapter 23
        21. Chapter 24
        22. Chapter 25
    17. Index