CCNA Security Official Exam Certification Guide (Exam 640-553)

CCNA Security Official Exam Certification Guide (Exam 640-553)

by Michael Watkins, Kevin CCIE No. 7945 Wallace
Released June 2008
Publisher(s): Cisco Press
ISBN: 9781587057953

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

CCNA Security

Official Exam Certification Guide

  • Master the IINS 640-553 exam with this official study guide

  • Assess your knowledge with chapter-opening quizzes

  • Review key concepts with Exam Preparation Tasks

  • Practice with realistic exam questions on the CD-ROM

    • CCNA Security Official Exam Certification Guide is a best of breed Cisco® exam study guide that focuses specifically on the objectives for the CCNA® Security IINS exam. Senior security instructors Michael Watkins and Kevin Wallace share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

    CCNA Security Official Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks sections help drill you on key concepts you must know thoroughly.

    The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a topic-by-topic basis, presenting question-by-question remediation to the text and laying out a complete study plan for review.

    Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

    CCNA Security Official Exam Certification Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

    Michael Watkins, CCNA/CCNP®/CCVP®/CCSP®, is a full-time senior technical instructor with SkillSoft Corporation. With 13 years of network management, training, and consulting experience, Michael has worked with organizations such as Kraft Foods, Johnson and Johnson, Raytheon, and the United States Air Force to help them implement and learn the latest network technologies.

    Kevin Wallace, CCIE® No. 7945, is a certified Cisco instructor working full time for SkillSoft, where he teaches courses in the Cisco CCSP, CCVP, and CCNP tracks. With 19 years of Cisco networking experience, Kevin has been a network design specialist for the Walt Disney World Resort and a network manager for Eastern Kentucky University. Kevin also is a CCVP, CCSP, CCNP, and CCDP with multiple Cisco security and IP communications specializations.

    The official study guide helps you master all the topics on the IINS exam, including

  • Network security threats

  • Security policies

  • Network perimeter defense

  • AAA configuration

  • Router security

  • Switch security

  • Endpoint security

  • SAN security

  • VoIP security

  • IOS firewalls

  • Cisco IOS® IPS

  • Cryptography

  • Digital signatures

  • PKI and asymmetric encryption

  • IPsec VPNs

    • This volume is part of the Exam Certification Guide Series from Cisco Press®. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

    Category: Cisco Press—Cisco Certification

    Covers: IINS exam 640-553

    Table of contents

    1. Copyright
      1. Dedications
    2. About the Authors
    3. About the Technical Reviewers
    4. Acknowledgments
    5. Icons Used in This Book
    6. Command Syntax Conventions
    7. Foreword
    8. Introduction
      1. Format of the IINS Exam
      2. What’s on the IINS Exam?
        1. IINS Exam Topics
        2. IINS Course Outlines
      3. About the CCNA Security Official Exam Certification Guide
        1. Objectives and Methods
        2. Book Features
        3. How This Book Is Organized
      4. How to Use This Book to Prepare for the IINS Exam
      5. For More Information
    9. I. Network Security Concepts
      1. 1. Understanding Network Security Principles
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Exploring Security Fundamentals
            1. Why Network Security Is a Necessity
              1. Types of Threats
                1. Internal Threats
                2. External Threats
              2. Scope of the Challenge
              3. Nonsecured Custom Applications
            2. The Three Primary Goals of Network Security
              1. Confidentiality
              2. Integrity
              3. Availability
            3. Categorizing Data
              1. Classification Models
                1. Government and Military Classification Model
                2. Organizational Classification Model
                3. Data Classification Characteristics
              2. Classification Roles
            4. Controls in a Security Solution
            5. Responding to a Security Incident
            6. Legal and Ethical Ramifications
              1. Legal Issues to Consider
                1. U.S. Laws and Regulations
                2. International Jurisdiction Issues
        3. Understanding the Methods of Network Attacks
          1. Vulnerabilities
          2. Potential Attackers
          3. The Mind-set of a Hacker
          4. Defense in Depth
          5. Understanding IP Spoofing
            1. Launching a Remote IP Spoofing Attack with IP Source Routing
            2. Launching a Local IP Spoofing Attack Using a Man-in-the-Middle Attack
            3. Protecting Against an IP Spoofing Attack
          6. Understanding Confidentiality Attacks
          7. Understanding Integrity Attacks
          8. Understanding Availability Attacks
          9. Best-Practice Recommendations
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
      2. 2. Developing a Secure Network
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Increasing Operations Security
            1. System Development Life Cycle
              1. Initiation
              2. Acquisition and Development
              3. Implementation
              4. Operations and Maintenance
              5. Disposition
            2. Operations Security Overview
            3. Evaluating Network Security
              1. Nmap
            4. Disaster Recovery Considerations
              1. Types of Disruptions
              2. Types of Backup Sites
        3. Constructing a Comprehensive Network Security Policy
          1. Security Policy Fundamentals
          2. Security Policy Components
            1. Governing Policy
            2. Technical Policies
            3. End-User Policies
            4. More-Detailed Documents
          3. Security Policy Responsibilities
          4. Risk Analysis, Management, and Avoidance
            1. Quantitative Analysis
            2. Qualitative Analysis
            3. Risk Analysis Benefits
            4. Risk Analysis Example: Threat Identification
            5. Managing and Avoiding Risk
          5. Factors Contributing to a Secure Network Design
            1. Design Assumptions
            2. Minimizing Privileges
            3. Simplicity Versus Complexity
          6. User Awareness and Training
        4. Creating a Cisco Self-Defending Network
          1. Evolving Security Threats
          2. Constructing a Cisco Self-Defending Network
            1. Cisco Security Management Suite
              1. Cisco Security Manager
              2. Cisco Security MARS
          3. Cisco Integrated Security Products
        5. Exam Preparation Tasks
          1. Review All the Key Topics
        6. Complete the Tables and Lists from Memory
        7. Definition of Key Terms
      3. 3. Defending the Perimeter
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. ISR Overview and Providing Secure Administrative Access
            1. IOS Security Features
            2. Cisco Integrated Services Routers
              1. Cisco 800 Series
              2. Cisco 1800 Series
              3. Cisco 2800 Series
              4. Cisco 3800 Series
              5. ISR Enhanced Features
            3. Password-Protecting a Router
            4. Limiting the Number of Failed Login Attempts
            5. Setting a Login Inactivity Timer
            6. Configuring Privilege Levels
            7. Creating Command-Line Interface Views
            8. Protecting Router Files
            9. Enabling Cisco IOS Login Enhancements for Virtual Connections
            10. Creating a Banner Message
        3. Cisco Security Device Manager Overview
          1. Introducing SDM
          2. Preparing to Launch Cisco SDM
          3. Exploring the Cisco SDM Interface
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
        7. Command Reference to Check Your Memory
      4. 4. Configuring AAA
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Configuring AAA Using the Local User Database
            1. Authentication, Authorization, and Accounting
            2. AAA for Cisco Routers
            3. Router Access Authentication
            4. Using AAA to Configure Local User Database Authentication
              1. Defining a Method List
              2. Setting AAA Authentication for Login
              3. Configuring AAA Authentication on Serial Interfaces Running PPP
              4. Using the aaa authentication enable default Command
              5. Implementing the aaa authorization Command
              6. Working with the aaa accounting Command
            5. Using the CLI to Troubleshoot AAA for Cisco Routers
            6. Using Cisco SDM to Configure AAA
        3. Configuring AAA Using Cisco Secure ACS
          1. Overview of Cisco Secure ACS for Windows
            1. Additional Features of Cisco Secure ACS 4.0 for Windows
          2. Cisco Secure ACS 4.0 for Windows Installation
          3. Overview of TACACS+ and RADIUS
            1. TACACS+ Authentication
            2. Command Authorization with TACACS+
            3. TACACS+ Attributes
            4. Authentication and Authorization with RADIUS
            5. RADIUS Message Types
            6. RADIUS Attributes
            7. Features of RADIUS
          4. Configuring TACACS+
            1. Using the CLI to Configure AAA Login Authentication on Cisco Routers
            2. Configuring Cisco Routers to Use TACACS+ Using the Cisco SDM
            3. Defining the AAA Servers
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
        7. Command Reference to Check Your Memory
      5. 5. Securing the Router
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Locking Down the Router
            1. Identifying Potentially Vulnerable Router Interfaces and Services
            2. Locking Down a Cisco IOS Router
              1. AutoSecure
              2. Cisco SDM One-Step Lockdown
        3. Using Secure Management and Reporting
          1. Planning for Secure Management and Reporting
          2. Secure Management and Reporting Architecture
          3. Configuring Syslog Support
          4. Securing Management Traffic with SNMPv3
          5. Enabling Secure Shell on a Router
          6. Using Cisco SDM to Configure Management Features
            1. Configuring Syslog Logging with Cisco SDM
            2. Configuring SNMP with Cisco SDM
            3. Configuring NTP with Cisco SDM
            4. Configuring SSH with Cisco SDM
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
        7. Command Reference to Check Your Memory
    10. II. Constructing a Secure Infrastructure
      1. 6. Securing Layer 2 Devices
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Defending Against Layer 2 Attacks
            1. Review of Layer 2 Switch Operation
            2. Basic Approaches to Protecting Layer 2 Switches
            3. Preventing VLAN Hopping
              1. Switch Spoofing
              2. Double Tagging
            4. Protecting Against an STP Attack
            5. Combating DHCP Server Spoofing
            6. Using Dynamic ARP Inspection
            7. Mitigating CAM Table Overflow Attacks
            8. Spoofing MAC Addresses
            9. Additional Cisco Catalyst Switch Security Features
              1. Using the SPAN Feature with IDS
              2. Enforcing Security Policies with VACLs
              3. Isolating Traffic Within a VLAN Using Private VLANs
              4. Traffic Policing
              5. Notifying Network Managers of CAM Table Updates
            10. Port Security Configuration
            11. Configuration Recommendations
        3. Cisco Identity-Based Networking Services
          1. Introduction to Cisco IBNS
          2. Overview of IEEE 802.1x
          3. Extensible Authentication Protocols
            1. EAP-MD5
            2. EAP-TLS
            3. PEAP (MS-CHAPv2)
            4. EAP-FAST
          4. Combining IEEE 802.1x with Port Security Features
          5. Using IEEE 802.1x for VLAN Assignment
          6. Configuring and Monitoring IEEE 802.1x
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
        7. Command Reference to Check Your Memory
      2. 7. Implementing Endpoint Security
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Examining Endpoint Security
            1. Defining Endpoint Security
              1. Examining Operating System Vulnerabilities
              2. Examining Application Vulnerabilities
            2. Understanding the Threat of Buffer Overflows
              1. Buffer Overflow Defined
              2. The Anatomy of a Buffer Overflow Exploit
              3. Understanding the Types of Buffer Overflows
              4. Additional Forms of Attack
        3. Securing Endpoints with Cisco Technologies
          1. Understanding IronPort
            1. The Architecture Behind IronPort
          2. Examining the Cisco NAC Appliance
          3. Working with the Cisco Security Agent
            1. Understanding Cisco Security Agent Interceptors
            2. Examining Attack Response with the Cisco Security Agent
          4. Best Practices for Securing Endpoints
            1. Application Guidelines
            2. Apply Application Protection Methods
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
      3. 8. Providing SAN Security
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Overview of SAN Operations
            1. Fundamentals of SANs
            2. Organizational Benefits of SAN Usage
            3. Understanding SAN Basics
            4. Fundamentals of SAN Security
              1. Classes of SAN Attacks
        3. Implementing SAN Security Techniques
          1. Using LUN Masking to Defend Against Attacks
          2. Examining SAN Zoning Strategies
            1. Examining Soft and Hard Zoning
          3. Understanding World Wide Names
          4. Defining Virtual SANs
            1. Combining VSANs and Zones
          5. Identifying Port Authentication Protocols
            1. Understanding DHCHAP
            2. CHAP in Securing SAN Devices
          6. Working with Fibre Channel Authentication Protocol
          7. Understanding Fibre Channel Password Authentication Protocol
          8. Assuring Data Confidentiality in SANs
            1. Incorporating Encapsulating Security Payload (ESP)
            2. Providing Security with Fibre Channel Security Protocol
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
      4. 9. Exploring Secure Voice Solutions
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Defining Voice Fundamentals
            1. Defining VoIP
            2. The Need for VoIP
            3. VoIP Network Components
            4. VoIP Protocols
        3. Identifying Common Voice Vulnerabilities
          1. Attacks Targeting Endpoints
          2. VoIP Spam
          3. Vishing and Toll Fraud
          4. SIP Attack Targets
        4. Securing a VoIP Network
          1. Protecting a VoIP Network with Auxiliary VLANs
          2. Protecting a VoIP Network with Security Appliances
          3. Hardening Voice Endpoints and Application Servers
          4. Summary of Voice Attack Mitigation Techniques
        5. Exam Preparation Tasks
          1. Review All the Key Topics
        6. Complete the Tables and Lists from Memory
        7. Definition of Key Terms
      5. 10. Using Cisco IOS Firewalls to Defend the Network
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Exploring Firewall Technology
            1. The Role of Firewalls in Defending Networks
            2. The Advance of Firewall Technology
            3. Transparent Firewalls
            4. Application Layer Firewalls
              1. Benefits of Using Application Layer Firewalls
              2. Working with Application Layer Firewalls
              3. Application Firewall Limitations
            5. Static Packet-Filtering Firewalls
            6. Stateful Packet-Filtering Firewalls
              1. Stateful Packet Filtering and the State Table
              2. Disadvantages of Stateful Filtering
              3. Uses of Stateful Packet-Filtering Firewalls
            7. Application Inspection Firewalls
              1. Application Inspection Firewall Operation
              2. Effective Use of an Application Inspection Firewall
            8. Overview of the Cisco ASA Adaptive Security Appliance
            9. The Role of Firewalls in a Layered Defense Strategy
            10. Creating an Effective Firewall Policy
        3. Using ACLs to Construct Static Packet Filters
          1. The Basics of ACLs
          2. Cisco ACL Configuration
            1. Working with Turbo ACLs
            2. Developing ACLs
          3. Using the CLI to Apply ACLs to the Router Interface
          4. Considerations When Creating ACLs
          5. Filtering Traffic with ACLs
          6. Preventing IP Spoofing with ACLs
          7. Restricting ICMP Traffic with ACLs
          8. Configuring ACLs to Filter Router Service Traffic
            1. vty Filtering
            2. SNMP Service Filtering
            3. RIPv2 Route Filtering
          9. Grouping ACL Functions
        4. Implementing a Cisco IOS Zone-Based Firewall
          1. Understanding Cisco IOS Firewalls
            1. Traffic Filtering
            2. Traffic Inspection
            3. The Role of Alerts and Audit Trails
            4. Classic Firewall Process
            5. SPI and CBAC
          2. Examining the Principles Behind Zone-Based Firewalls
            1. Changes to Firewall Configuration
            2. Zone Membership Rules
            3. Understanding Security Zones
            4. Zones and Inspection
            5. Security Zone Restrictions
            6. Working with Zone Pairs
            7. Security Zone Firewall Policies
            8. Class Maps
          3. Verifying Zone-Based Firewall Configuration
        5. Exam Preparation Tasks
          1. Review All the Key Topics
        6. Complete the Tables and Lists from Memory
        7. Definition of Key Terms
        8. Command Reference to Check Your Memory
      6. 11. Using Cisco IOS IPS to Secure the Network
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Examining IPS Technologies
            1. IDS Versus IPS
            2. IDS and IPS Device Categories
              1. Detection Methods
                1. Signature-Based Detection
                2. Policy-Based Detection
                3. Anomaly-Based Detection
                4. Honey Pot Detection
                5. Summary of IDS/IPS Detection Methods
              2. Network-Based Versus Host-Based IPS
                1. Network-Based Sensors
                2. Host-Based IPS Software
              3. Deploying Network-Based and Host-Based Solutions
            3. IDS and IPS Appliances
              1. Cisco IDS 4215 Sensor
              2. Cisco IPS 4240 Sensor
              3. Cisco IPS 4255 Sensor
              4. Cisco IPS 4260 Sensor
            4. Signatures
              1. Exploit Signatures
              2. Connection Signatures
              3. String Signatures
              4. Denial-of-Service Signatures
            5. Signature Definition Files
            6. Alarms
        3. Using SDM to Configure Cisco IOS IPS
          1. Launching the Intrusion Prevention Wizard
          2. IPS Policies Wizard
          3. Creating IPS Rules
          4. Manipulating Global IPS Settings
          5. Signature Configuration
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
    11. III. Extending Security and Availability with Cryptography and VPNs
      1. 12. Designing a Cryptographic Solution
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Introducing Cryptographic Services
            1. Understanding Cryptology
              1. Cryptography Through the Ages
              2. The Substitution Cipher
              3. The Vigenère Cipher
              4. Transposition Ciphers
              5. Working with the One-Time Pad
              6. The Encryption Process
              7. Cryptanalysis
              8. Understanding the Features of Encryption Algorithms
            2. Symmetric and Asymmetric Encryption Algorithms
              1. Encryption Algorithms and Keys
              2. Symmetric Encryption Algorithms
              3. Asymmetric Encryption Algorithms
            3. The Difference Between Block and Stream Ciphers
              1. Block Ciphers
              2. Stream Ciphers
        3. Exploring Symmetric Encryption
          1. Functionality of Symmetric Encryption Algorithms
            1. Key Lengths
          2. Features and Functions of DES
            1. Working with the DES Key
            2. Modes of Operation for DES
            3. Working with DES Stream Cipher Modes
            4. Usage Guidelines for Working with DES
            5. Understanding How 3DES Works
            6. Encrypting with 3DES
          3. AES
            1. The Rijndael Cipher
            2. Comparing AES and 3DES
            3. Availability of AES in the Cisco Product Line
          4. SEAL
            1. SEAL Restrictions
          5. The Rivest Ciphers
        4. Understanding Security Algorithms
          1. Selecting an Encryption Algorithm
          2. Understanding Cryptographic Hashes
          3. Working with Hashing
          4. Designing Key Management
            1. Components of Key Management
            2. Understanding Keyspaces
            3. Issues Related to Key Length
          5. SSL VPNs
          6. Establishing an SSL Tunnel
        5. Exam Preparation Tasks
          1. Review All the Key Topics
        6. Complete the Tables and Lists from Memory
        7. Definition of Key Terms
      2. 13. Implementing Digital Signatures
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Examining Hash Algorithms
            1. Exploring Hash Algorithms and HMACs
              1. Anatomy of a Hash Function
              2. Application of Hash Functions
              3. Cryptographic Hash Functions
              4. Application of Cryptographic Hashes
              5. HMAC Explained
            2. MD5 Features and Functionality
              1. Origins of MD5
              2. Vulnerabilities of MD5
              3. Usage of MD5
            3. SHA-1 Features and Functionality
              1. Overview of SHA-1
              2. Vulnerabilities of SHA-1
              3. Usage of SHA-1
        3. Using Digital Signatures
          1. Understanding Digital Signatures
            1. Digital Signature Scheme
            2. Authentication and Integrity
          2. Examining RSA Signatures
            1. Exploring the History of RSA
            2. Understanding How RSA Works
            3. Encrypting and Decrypting Messages with RSA
            4. Signing Messages with RSA
            5. Vulnerabilities of RSA
          3. Exploring the Digital Signature Standard
            1. Using the DSA Algorithm
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
      3. 14. Exploring PKI and Asymmetric Encryption
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Understanding Asymmetric Algorithms
            1. Exploring Asymmetric Encryption Algorithms
              1. Using Public-Key Encryption to Achieve Confidentiality
              2. Providing Authentication with a Public Key
            2. Understanding the Features of the RSA Algorithm
              1. Working with RSA Digital Signatures
              2. Guidelines for Working with RSA
            3. Examining the Features of the Diffie-Hellman Key Exchange Algorithm
              1. Steps of the Diffie-Hellman Key Exchange Algorithm
        3. Working with a PKI
          1. Examining the Principles Behind a PKI
            1. Understanding PKI Terminology
            2. Components of a PKI
            3. Classes of Certificates
            4. Examining the PKI Topology of a Single Root CA
            5. Examining the PKI Topology of Hierarchical CAs
            6. Examining the PKI Topology of Cross-Certified CAs
            7. Understanding PKI Usage and Keys
            8. Working with PKI Server Offload
          2. Understanding PKI Standards
            1. Understanding X.509v3
            2. Understanding Public Key Cryptography Standards (PKCS)
            3. Understanding Simple Certificate Enrollment Protocol (SCEP)
          3. Exploring the Role of Certificate Authorities and Registration Authorities in a PKI
            1. Examining Identity Management
            2. Retrieving the CA Certificate
            3. Understanding the Certificate Enrollment Process
            4. Examining Authentication Using Certificates
            5. Examining Features of Digital Certificates and CAs
            6. Understanding the Caveats of Using a PKI
            7. Understanding How Certificates Are Employed
        4. Exam Preparation Tasks
          1. Review All the Key Topics
        5. Complete the Tables and Lists from Memory
        6. Definition of Key Terms
      4. 15. Building a Site-to-Site IPsec VPN Solution
        1. “Do I Know This Already?” Quiz
        2. Foundation Topics
          1. Exploring the Basics of IPsec
            1. Introducing Site-to-Site VPNs
            2. Overview of IPsec
            3. IKE Modes and Phases
            4. Authentication Header and Encapsulating Security Payload
            5. Cisco VPN Product Offerings
              1. Cisco VPN-Enabled Routers and Switches
              2. Cisco VPN 3000 Series Concentrators
              3. Cisco ASA 5500 Series Appliances
              4. Cisco 500 Series PIX Security Appliances
              5. Hardware Acceleration Modules
            6. VPN Design Considerations and Recommendations
              1. Best-Practice Recommendations for Identity and IPsec Access Control
              2. Best-Practice Recommendations for IPsec
              3. Best-Practice Recommendations for Network Address Translation
              4. Best-Practice Recommendations for Selecting a Single-Purpose Versus Multipurpose Device
        3. Constructing an IPsec Site-to-Site VPN
          1. The Five Steps in the Life of an IPsec Site-to-Site VPN
          2. The Five Steps of Configuring an IPsec Site-to-Site VPN
          3. Configuring an IKE Phase 1 Tunnel
          4. Configuring an IKE Phase 2 Tunnel
          5. Applying Crypto Maps
        4. Using Cisco SDM to Configure IPsec on a Site-to-Site VPN
          1. Introduction to the Cisco SDM VPN Wizard
          2. Quick Setup
          3. Step-by-Step Setup
            1. Configuring Connection Settings
            2. Selecting an IKE Proposal
            3. Selecting a Transform Set
            4. Selecting Traffic to Protect in the IPsec Tunnel
            5. Applying the Generated Configuration
            6. Monitoring the Configuration
        5. Exam Preparation Tasks
          1. Review All the Key Topics
        6. Complete the Tables and Lists from Memory
        7. Definition of Key Terms
        8. Command Reference to Check Your Memory
    12. IV. Final Preparation
      1. 16. Final Preparation
        1. Exam Engine and Questions on the CD
          1. Install the Software from the CD
          2. Activate and Download the Practice Exam
          3. Activating Other Exams
        2. Study Plan
          1. Recall the Facts
          2. Use the Exam Engine
            1. Choosing Study or Simulation Mode
            2. Passing Scores for the IINS Exam
    13. V. Appendixes
      1. A. Answers to “Do I Know This Already?” Questions
        1. Chapter 1
          1. Q&A
        2. Chapter 2
          1. Q&A
        3. Chapter 3
          1. Q&A
        4. Chapter 4
          1. Q&A
        5. Chapter 5
          1. Q&A
        6. Chapter 6
          1. Q&A
        7. Chapter 7
          1. Q&A
        8. Chapter 8
          1. Q&A
        9. Chapter 9
          1. Q&A
        10. Chapter 10
          1. Q&A
        11. Chapter 11
          1. Q&A
        12. Chapter 12
          1. Q&A
        13. Chapter 13
          1. Q&A
        14. Chapter 14
          1. Q&A
        15. Chapter 15
          1. Q&A
      2. B. Glossary
      3. C. CCNA Security Exam Updates: Version 1.0
        1. Always Get the Latest at the Companion Website
        2. Technical Content
      4. D. Memory Tables
        1. Chapter 1
        2. Chapter 2
        3. Chapter 3
        4. Chapter 4
        5. Chapter 5
        6. Chapter 6
        7. Chapter 7
        8. Chapter 8
        9. Chapter 9
        10. Chapter 10
        11. Chapter 11
        12. Chapter 12
        13. Chapter 13
        14. Chapter 14
        15. Chapter 15
      5. E. Memory Tables Answer Key
        1. Chapter 1
        2. Chapter 2
        3. Chapter 3
        4. Chapter 4
        5. Chapter 5
        6. Chapter 6
        7. Chapter 7
        8. Chapter 8
        9. Chapter 9
        10. Chapter 10
        11. Chapter 11
        12. Chapter 12
        13. Chapter 13
        14. Chapter 14
        15. Chapter 15

    Product information

    • Title: CCNA Security Official Exam Certification Guide (Exam 640-553)
    • Author(s): Michael Watkins, Kevin CCIE No. 7945 Wallace
    • Release date: June 2008
    • Publisher(s): Cisco Press
    • ISBN: 9781587057953