You are previewing Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide, Second Edition.
O'Reilly logo
Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide, Second Edition

Book Description

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide Second Edition

Foundation learning for the CCNA Security IINS 640-554 exam

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition, is a Cisco-authorized, self-paced learning tool for CCNA® Security 640-554 foundation learning. This book provides you with the knowledge needed to secure Cisco® networks. By reading this book, you will gain a thorough understanding of how to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

This book focuses on using Cisco IOS routers to protect the network by capitalizing on their advanced features as a perimeter router, firewall, intrusion prevention system, and site-to-site VPN device. The book also covers the use of Cisco Catalyst switches for basic network security, the  Cisco Secure Access Control System (ACS), and the Cisco Adaptive Security Appliance (ASA). You learn how to perform basic tasks to secure a small branch office network using Cisco IOS security features available through web-based GUIs (Cisco Configuration Professional) and the CLI
on Cisco routers, switches, and ASAs.

Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book.

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

-- Develop a comprehensive network security policy to counter threats against information security

-- Secure borderless networks

-- Learn how to use Cisco IOS Network Foundation Protection (NFP) and Cisco Configuration Professional (CCP)

-- Securely implement the management and reporting features of Cisco IOS devices

-- Deploy Cisco Catalyst Switch security features

-- Understand IPv6 security features

-- Plan threat control strategies

-- Filter traffic with access control lists

-- Configure ASA and Cisco IOS zone-based firewalls

-- Implement intrusion prevention systems (IPS) and network address translation (NAT)

-- Secure connectivity with site-to-site IPsec VPNs and remote access VPNs

This volume is in the Foundation Learning Guide Series offered by Cisco Press®. These guides are developed together with Cisco as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams.

Category: Cisco Certification

Covers: CCNA Security IINS exam 640-554

Table of Contents

  1. Title Page
  2. Copyright Page
  3. About the Author
  4. About the Technical Reviewer
  5. Dedication
  6. Acknowledgments
  7. Contents at a Glance
  8. Contents
  9. Icons Used in This Book
  10. Command Syntax Conventions
  11. Introduction
    1. Goals and Methods
    2. Who Should Read This Book?
    3. Strategies for Exam Preparation
    4. How This Book Is Organized
  12. Part I: Networking Security Fundamentals
    1. Chapter 1. Network Security Concepts and Policies
      1. Building Blocks of Information Security
      2. Evaluating and Managing the Risk
      3. Security Policies
      4. Secure Network Lifecycle Management
      5. Summary
      6. References
      7. Review Questions
    2. Chapter 2. Security Strategy and Cisco Borderless Network
      1. Borderless Networks
      2. Cisco Borderless Network Security Architecture
      3. Borderless Security Products
      4. Summary
      5. References
      6. Review Questions
  13. Part II: Protecting the Network Infrastructure
    1. Chapter 3. Network Foundation Protection and Cisco Configuration Professional
      1. Threats Against the Network Infrastructure
      2. Cisco NFP Framework
      3. Cisco Configuration Professional
      4. Cisco Configuration Professional Building Blocks
      5. Summary
      6. References
      7. Review Questions
    2. Chapter 4. Securing the Management Plane on Cisco IOS Devices and AAA
      1. Configuring Secure Administration Access
      2. Implementing Secure Management and Reporting
      3. Configuring AAA on a Cisco Router
      4. TACACS+ and RADIUS Protocols
      5. AAA on a Cisco Router Using an External Database
      6. Deploying and Configuring Cisco Secure ACS
      7. Summary
      8. References
      9. Review Questions
    3. Chapter 5. Securing the Data Plane on Cisco Catalyst Switches
      1. Overview of VLANs and Trunking
      2. Spanning Tree Overview
      3. Mitigating Layer 2 Attacks
      4. Summary
      5. References
      6. Review Questions
    4. Chapter 6. Securing the Data Plane in IPv6 Environments
      1. The Need for IPv6
      2. IPv6 Features and Enhancements
      3. IPv6 Addressing
      4. IPv6 and Cisco Routers
      5. Revisiting Threats: Considerations for IPv6
      6. Summary
      7. References
      8. Review Questions
  14. Part III: Threat Control and Containment
    1. Chapter 7. Planning a Threat Control Strategy
      1. Threats Revisited
      2. Integrated Threat Control Strategy
      3. Summary
      4. References
      5. Review Questions
    2. Chapter 8. Access Control Lists for Threat Mitigation
      1. ACL Fundamentals
      2. ACL Wildcard Masking and VLSM Review
      3. Configuring ACLs for Threat Control Using Cisco Configuration Professional
      4. Using ACLs in IPv6 Environments
      5. Summary
      6. References
      7. Review Questions
    3. Chapter 9. Firewall Fundamentals and Network Address Translation
      1. Introducing Firewall Technologies
      2. NAT Fundamentals
      3. Firewall Designs
      4. Summary
      5. References
      6. Review Questions
    4. Chapter 10. Cisco Firewalling Solutions: Cisco IOS Zone-Based Firewall and Cisco ASA
      1. Cisco Firewall Solutions
      2. Cisco IOS Zone-Based Policy Firewall
      3. Introduction to Cisco Common Classification Policy Language
      4. Cisco ASA Firewall
      5. Summary
      6. References
      7. Review Questions
    5. Chapter 11. Intrusion Prevention Systems
      1. IPS Fundamentals
      2. Cisco IOS IPS
      3. Summary
      4. References
      5. Review Questions
  15. Part IV: Secure Connectivity
    1. Chapter 12. Fundamentals of Cryptography and VPN Technologies
      1. VPN Overview
      2. Examining Cryptographic Services
      3. Symmetric and Asymmetric Encryption Overview
      4. Cryptographic Hashes and Digital Signatures
      5. Diffie-Hellman
      6. Asymmetric Encryption: Digital Signatures
      7. Public Key Infrastructure
      8. Summary
      9. References
      10. Review Questions
    2. Chapter 13. IPsec Fundamentals
      1. IPsec Framework
      2. IPsec Protocol
      3. IKE Protocol
      4. IPv6 VPNs
      5. Summary
      6. References
      7. Review Questions
    3. Chapter 14. Site-to-Site IPsec VPNs with Cisco IOS Routers
      1. Site-to-Site IPsec: Planning and Preparation
      2. Configuring a Site-to-Site IPsec VPN Using CCP
      3. Verifying the IPsec Configuration Using CCP and CLI
      4. Monitoring Established IPsec VPN Connections
      5. Summary
      6. References
      7. Review Questions
    4. Chapter 15. SSL VPNs with Cisco ASA
      1. SSL VPNs in Borderless Networks
      2. SSL and TLS Protocol Framework
      3. Cisco SSL VPN Deployment Options and Considerations
      4. SSL VPN on Cisco ASA in Clientless Mode
      5. SSL VPN on ASA Using the Cisco AnyConnect VPN Client
      6. Summary
      7. References
      8. Review Questions
  16. Appendix A. Answers to Chapter Review Questions
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10
    11. Chapter 11
    12. Chapter 12
    13. Chapter 13
    14. Chapter 14
    15. Chapter 15
  17. Index