You are previewing CCIE Security Exam Certification Guide.
O'Reilly logo
CCIE Security Exam Certification Guide

Book Description

Official self-study test preparation guide for the CCIE Security written exam

Review all CCIE Security written exam topics, including:

  • Switching concepts, routing protocols, and WAN protocols, including PPP, ISDN, and Frame Relay

  • DNS, TFTP, Secure Shell, Secure Socket Layer Protocol, NTP, and SNMP

  • Cisco IOS(r) Software specifics, including password security, password recovery, and standard and extended access lists

  • Encryption technologies and security protocols, including TACACS+, RADIUS, and Kerberos Windows and UNIX operating system security issues

  • Cisco security applications, including Cisco PIX(r) Firewall, VPN, IDS, and Cisco Policy Manager

  • Basic security methods and the evolution of new secure networks including packet filtering, proxies, and NAT/PAT

  • Network security policies, vulnerabilities, and protection techniques

With increased reliance on networking resources to provide productivity gains and corporate revenue contributions, the need for network security has never been higher. Rising concerns over corporate espionage, cyber-terrorism, financial fraud, and theft of proprietary information have radically increased the demand for highly skilled networking security professionals. One of the most sought-after and highly valued networking certifications, the Cisco Systems CCIE Security certification is answering the need for technical expertise in this critical market by distinguishing the top echelon of internetworking experts.

CCIE Security Exam Certification Guide is a comprehensive study tool for the Security written exam. Written and reviewed by members of the CCIE Security team at Cisco, this book helps you understand and master the material you will need to know to pass the written exam. Designed to optimize your study time, this book helps you assess your knowledge of the material at the beginning of each chapter with customized quizzes for each topic. Increase retention of key concepts by reviewing summaries of crucial concepts. Test your comprehension with chapter-ending review questions. Determine your assimilation of knowledge and get a taste for the CCIE Security lab exam with two complete practice lab scenarios focused on security and routing and switching topics. Take timed practice exams that mimic the real testing environment with the CD-ROM test engine or customize the test bank to focus on the topics for which you need the most help. Along with an electronic version of the text, a complete copy of Henry Benjamin's previously published CCIE Routing and Switching Exam Cram is also presented on the CD-ROM as an additional bonus.

CCIE Security Exam Certification Guide is part of a recommended study program from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

"This book will be a valuable asset for potential CCIE Security candidates. I am positive individuals will inevitably gain extensive security network knowledge during their preparation by using this book."
-Gert De Laet, Product Manager, CCIE Security, Cisco Systems, Inc.

Companion CD-ROM
CD contains a test engine with over 300 questions, lab equipment suggestions, sample configurations, and a bonus electronic copy of the complete CCIE Routing and Switching Exam Cram text.

Table of Contents

  1. Copyright
  2. About the Author
  3. Acknowledgments
  4. Foreword
  5. Introduction
  6. Using This Book to Prepare for the CCIE Security Written Exam
    1. CCIE Security Certification
    2. CCIE Security Written Exam Blueprint
    3. How to Prepare for the CCIE Security Written Exam Using This Book
  7. General Networking Topics
    1. “Do I Know This Already?” Quiz
    2. Foundation Topics
    3. Networking Basics—The OSI Reference Model
    4. Ethernet Overview
    5. Internet Protocol
    6. Variable-Length Subnet Masks
    7. Classless Interdomain Routing
    8. Transmission Control Protocol
    9. TCP Services
    10. Routing Protocols
    11. ISDN
    12. IP Multicast
    13. Asynchronous Communications and Access Devices
    14. Foundation Summary
    15. Requirements for FastEther Channel
    16. Q & A
    17. Scenario
    18. Scenario 2-1: Routing IP on Cisco Routers
    19. Scenario Answers
    20. Scenario 2-1 Answers: Routing IP on Cisco Routers
  8. Application Protocols
    1. “Do I Know This Already?” Quiz
    2. Foundation Topics
    3. Domain Name System
    4. Trivial File Transfer Protocol
    5. File Transfer Protocol
    6. Hypertext Transfer Protocol
    7. Secure Socket Layer
    8. Simple Network Management Protocol
    9. Simple Mail Transfer Protocol
    10. Network Time Protocol
    11. Secure Shell
    12. Foundation Summary
    13. Q & A
    14. Scenario
    15. Scenario 3-1: Configuring DNS, TFTP, NTP, and SNMP
    16. Scenario Answers
    17. Scenario 3-1 Solutions
  9. Cisco IOS Specifics and Security
    1. “Do I Know This Already?” Quiz
    2. Foundation Topics
    3. Cisco Hardware
    4. show and debug Commands
    5. Password Recovery
    6. Basic Security on Cisco Routers
    7. IP Access Lists
    8. Foundation Summary
    9. Q & A
    10. Scenario
    11. Scenario 4-1: Configuring Cisco Routers for Passwords and Access Lists
    12. Scenario Answers
  10. Security Protocols
    1. “Do I Know This Already?” Quiz
    2. Foundation Topics
    3. Authentication, Authorization, and Accounting (AAA)
    4. Remote Authentication Dial-In User Service (RADIUS)
    5. Terminal Access Controller Access Control System Plus (TACACS+)
    6. Kerberos
    7. Virtual Private Dial-Up Networks (VPDN)
    8. Encryption Technology Overview
    9. Internet Key Exchange (IKE)
    10. Certificate Enrollment Protocol (CEP)
    11. Foundation Summary
    12. Q & A
    13. Scenario
    14. Scenario 5-1: Configuring Cisco Routers for IPSec
    15. Scenario Answers
    16. Scenario 5-1 Solutions
  11. Operating Systems and Cisco Security Applications
    1. “Do I Know This Already?” Quiz
    2. Foundation Topics
    3. UNIX
    4. Microsoft NT Systems
    5. Common Windows DOS Commands
    6. Cisco Secure for Windows and UNIX
    7. Cisco Secure Policy Manager
    8. Cisco Secure Intrusion Detection System and Cisco Secure Scanner
    9. Cisco Security Wheel
    10. Foundation Summary
    11. Q & A
    12. Scenarios
    13. Scenario 6-1: NT File Permissions
    14. Scenario 6-2: UNIX File Permissions
    15. Scenario Answers
    16. Scenario 6-1 Solution
    17. Scenario 6-2 Solution
  12. Security Technologies
    1. “Do I Know This Already?” Quiz
    2. Foundation Topics
    3. Advanced Security Concepts
    4. Network Address Translation and Port Address Translation
    5. Cisco Private Internet Exchange (PIX)
    6. Cisco IOS Firewall Security Feature Set
    7. Public Key Infrastructure
    8. Virtual Private Networks
    9. Foundation Summary
    10. Q & A
    11. Scenario
    12. Scenario 7-1: Configuring a Cisco PIX for NAT
    13. Scenario Answer
    14. Scenario 7-1 Solution
  13. Network Security Policies, Vulnerabilities, and Protection
    1. “Do I Know This Already?” Quiz
    2. Foundation Topics
    3. Network Security Policies
    4. Standards Bodies and Incident Response Teams
    5. Vulnerabilities, Attacks, and Common Exploits
    6. Intrusion Detection System
    7. Protecting Cisco IOS from Intrusion
    8. Foundation Summary
    9. Q & A
    10. Scenario
    11. Scenario 8-1: Defining IOS Commands to View DoS Attacks in Real Time
    12. Scenario Answer
    13. Scenario 8-1 Solution
  14. CCIE Security Self-Study Lab
    1. How to Use This Chapter
    2. Goal of This Lab
    3. General Lab Guidelines and Setup
    4. CCIE Security Self-Study Lab Part I: Basic Network Connectivity (4 Hours)
    5. CCIE Security Self-Study Lab Part II: Advanced Security Design (4 Hours)
    6. Final Configurations
    7. Conclusion
  15. Answers to Quiz Questions
    1. Chapter 2 “Do I Know This Already?” Quiz Answers
    2. Chapter 2 Q & A Answers
    3. Chapter 3 “Do I Know This Already?” Quiz Answers
    4. Chapter 3 Q & A Answers
    5. Chapter 4 “Do I Know This Already?” Quiz Answers
    6. Chapter 4 Q & A Answers
    7. Chapter 5 “Do I Know This Already?” Quiz Answers
    8. Chapter 5 Q & A Answers
    9. Chapter 6 “Do I Know This Already?” Quiz Answers
    10. Chapter 6 Q & A Answers
    11. Chapter 7 “Do I Know This Already?” Quiz Answers
    12. Chapter 7 Q & A Answers
    13. Chapter 8 “Do I Know This Already?” Quiz Answers
    14. Chapter 8 Q & A Answers
  16. Study Tips for CCIE Security Examinations
    1. Steps Required to Achieve CCIE Security Certification
    2. CCIE Security Written Exam
    3. CCIE Security Lab Exam
  17. Sample CCIE Routing and Switching Lab
    1. Basic Setup (1 Hour)
    2. IP Configuration and IP Addressing (No Time)
    3. Frame Relay Setup (0.5 Hours)
    4. Basic ATM Configuration (0.5 hours)
    5. IGP Routing (3 Hours)
    6. Basic ISDN Configuration (0.5 Hours)
    7. DLSw+ Configuration (0.75 Hours)
    8. Flash Configuration (0.2 Hours)
    9. VTY Changes (0.2 Hours)
    10. HTTP server (0.2 Hours)
    11. Catalyst 6509 Password Recovery (0.2 Hours)
    12. Private Address Space Allocation (0.2 Hours)
    13. BGP Routing Configuration (0.75 Hours)
    14. Conclusion
  18. Index