O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Santos:CCNA Sec 210-260 OCG

Book Description

CCNA Security 210-260 Official Cert Guide

CCNA Security 210-260 Official Cert Guide is a best-of-breed Cisco exam study guide that focuses specifically on the objectives for the CCNA Security Implementing Cisco Network Security (IINS) 210-260 exam. Cisco Security experts Omar Santos and John Stuppi share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNA Security 210-260 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. A list of official exam topics makes referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

The companion CD-ROM contains the powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a chapter-by-chapter basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. The CD also contains 90 minutes of video training on CCP, NAT, object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNA Security 210-260 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit http://www.cisco.com/web/learning/index.html.

The official study guide helps you master all the topics on the CCNA Security Implementing Cisco Network Security (IINS) 210-260 exam, including

  • Security concepts and threats

  • Implementing AAA using IOS and ISE

  • Bring Your Own Device (BYOD)

  • VPN technology and cryptography

  • IP security

  • Implementing IPsec site-to-site VPNs

  • Implementing SSL remote-access VPNs using Cisco ASA

  • Securing Layer 2 technologies

  • Network Foundation Protection (NFP)

  • Securing the management, data, and control planes

  • Understand, implement, and configure Cisco firewall technologies

  • Cisco IPS fundamentals

  • Mitigation technologies for e-mail, web-based, and endpoint threats

The CD-ROM contains two free, complete practice exams and 90 minutes of video training.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), Windows 7, or Windows 8; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512MB RAM; 650MB disk space plus 50MB for each downloaded practice exam; access to the Internet to register and download the exam databases

Category: Cisco Press–Cisco Certification

Covers: CCNA Security 210-260

Table of Contents

  1. About This eBook
  2. Title Page
  3. Copyright Page
  4. About the Authors
  5. About the Technical Reviewers
  6. Dedications
  7. Acknowledgments
  8. Contents at a Glance
  9. Contents
  10. Command Syntax Conventions
  11. Introduction
    1. About the CCNA Security Implementing Cisco Network Security (IINS) 210-260 Exam
    2. CCNA Security Exam
    3. About the CCNA Security 210-260 Official Cert Guide
    4. Objectives and Methods
    5. Book Features
    6. How This Book Is Organized
    7. Premium Edition eBook and Practice Test
  12. Part I: Fundamentals of Network Security
    1. Chapter 1. Networking Security Concepts
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Understanding Network and Information Security Basics
          1. Network Security Objectives
          2. Confidentiality, Integrity, and Availability
          3. Cost-Benefit Analysis of Security
          4. Classifying Assets
          5. Classifying Vulnerabilities
          6. Classifying Countermeasures
          7. What Do We Do with the Risk?
        2. Recognizing Current Network Threats
          1. Potential Attackers
          2. Attack Methods
          3. Attack Vectors
          4. Man-in-the-Middle Attacks
          5. Other Miscellaneous Attack Methods
        3. Applying Fundamental Security Principles to Network Design
          1. Guidelines
          2. Network Topologies
          3. Network Security for a Virtual Environment
          4. How It All Fits Together
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
    2. Chapter 2. Common Security Threats
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Network Security Threat Landscape
        2. Distributed Denial-of-Service Attacks
        3. Social Engineering Methods
          1. Social Engineering Tactics
          2. Defenses Against Social Engineering
        4. Malware Identification Tools
          1. Methods Available for Malware Identification
        5. Data Loss and Exfiltration Methods
        6. Summary
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
  13. Part II: Secure Access
    1. Chapter 3. Implementing AAA in Cisco IOS
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Cisco Secure ACS, RADIUS, and TACACS
          1. Why Use Cisco ACS?
          2. On What Platform Does ACS Run?
          3. What Is ISE?
          4. Protocols Used Between the ACS and the Router
          5. Protocol Choices Between the ACS Server and the Client (the Router)
        2. Configuring Routers to Interoperate with an ACS Server
        3. Configuring the ACS Server to Interoperate with a Router
        4. Verifying and Troubleshooting Router-to-ACS Server Interactions
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    2. Chapter 4. Bring Your Own Device (BYOD)
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Bring Your Own Device Fundamentals
        2. BYOD Architecture Framework
          1. BYOD Solution Components
        3. Mobile Device Management
          1. MDM Deployment Options
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
  14. Part III: Virtual Private Networks (VPN)
    1. Chapter 5. Fundamentals of VPN Technology and Cryptography
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Understanding VPNs and Why We Use Them
          1. What Is a VPN?
          2. Types of VPNs
          3. Main Benefits of VPNs
        2. Cryptography Basic Components
          1. Ciphers and Keys
          2. Block and Stream Ciphers
          3. Symmetric and Asymmetric Algorithms
          4. Hashes
          5. Hashed Message Authentication Code
          6. Digital Signatures
          7. Key Management
          8. IPsec and SSL
        3. Public Key Infrastructure
          1. Public and Private Key Pairs
          2. RSA Algorithm, the Keys, and Digital Certificates
          3. Certificate Authorities
          4. Root and Identity Certificates
          5. Authenticating and Enrolling with the CA
          6. Public Key Cryptography Standards
          7. Simple Certificate Enrollment Protocol
          8. Revoked Certificates
          9. Uses for Digital Certificates
          10. PKI Topologies
        4. Putting the Pieces of PKI to Work
          1. ASA’s Default Certificate
          2. Viewing the Certificates in ASDM
          3. Adding a New Root Certificate
          4. Easier Method for Installing Both Root and Identity Certificates
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    2. Chapter 6. Fundamentals of IP Security
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. IPsec Concepts, Components, and Operations
          1. The Goal of IPsec
          2. The Internet Key Exchange (IKE) Protocol
          3. The Play by Play for IPsec
          4. Summary of the IPsec Story
        2. Configuring and Verifying IPsec
          1. Tools to Configure the Tunnels
          2. Start with a Plan
          3. Applying the Configuration
          4. Viewing the CLI Equivalent at the Router
          5. Completing and Verifying IPsec
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    3. Chapter 7. Implementing IPsec Site-to-Site VPNs
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Planning and Preparing an IPsec Site-to-Site VPN
          1. Customer Needs
          2. Planning IKEv1 Phase 1
          3. Planning IKEv1 Phase 2
        2. Implementing and Verifying an IPsec Site-to-Site VPN in Cisco IOS Devices
          1. Troubleshooting IPsec Site-to-Site VPNs in Cisco IOS
        3. Implementing and Verifying an IPsec Site-to-Site VPN in Cisco ASA
          1. Troubleshooting IPsec Site-to-Site VPNs in Cisco ASA
          2. Note
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    4. Chapter 8. Implementing SSL VPNs Using Cisco ASA
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Functions and Use of SSL for VPNs
          1. Is IPsec Out of the Picture?
          2. SSL and TLS Protocol Framework
          3. The Play by Play of SSL for VPNs
          4. SSL VPN Flavors
        2. Configuring Clientless SSL VPNs on ASA
          1. Using the SSL VPN Wizard
          2. Digital Certificates
          3. Accessing the Connection Profile
          4. Authenticating Users
          5. Logging In
          6. Seeing the VPN Activity from the Server
        3. Using the Cisco AnyConnect Secure Mobility Client
          1. Types of SSL VPNs
          2. Configuring the Cisco ASA to Terminate the Cisco AnyConnect Secure Mobility Client Connections
          3. Groups, Connection Profiles, and Defaults
          4. One Item with Three Different Names
          5. Split Tunneling
        4. Troubleshooting SSL VPN
          1. Troubleshooting SSL Negotiations
          2. Troubleshooting AnyConnect Client Issues
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
  15. Part IV: Secure Routing and Switching
    1. Chapter 9. Securing Layer 2 Technologies
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. VLAN and Trunking Fundamentals
          1. What Is a VLAN?
          2. Trunking with 802.1Q
          3. Following the Frame, Step by Step
          4. The Native VLAN on a Trunk
          5. So, What Do You Want to Be? (Asks the Port)
          6. Inter-VLAN Routing
          7. The Challenge of Using Physical Interfaces Only
          8. Using Virtual “Sub” Interfaces
        2. Spanning-Tree Fundamentals
          1. Loops in Networks Are Usually Bad
          2. The Life of a Loop
          3. The Solution to the Layer 2 Loop
          4. STP Is Wary of New Ports
          5. Improving the Time Until Forwarding
        3. Common Layer 2 Threats and How to Mitigate Them
          1. Disrupt the Bottom of the Wall, and the Top Is Disrupted, Too
          2. Layer 2 Best Practices
          3. Do Not Allow Negotiations
          4. Layer 2 Security Toolkit
          5. Specific Layer 2 Mitigation for CCNA Security
        4. CDP and LLDP
        5. DHCP Snooping
        6. Dynamic ARP Inspection
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Review the Port Security Video Included with This Book
        4. Define Key Terms
        5. Command Reference to Check Your Memory
    2. Chapter 10. Network Foundation Protection
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Using Network Foundation Protection to Secure Networks
          1. The Importance of the Network Infrastructure
          2. The Network Foundation Protection Framework
          3. Interdependence
          4. Implementing NFP
        2. Understanding the Management Plane
          1. First Things First
          2. Best Practices for Securing the Management Plane
        3. Understanding the Control Plane
          1. Best Practices for Securing the Control Plane
        4. Understanding the Data Plane
          1. Best Practices for Protecting the Data Plane
          2. Additional Data Plane Protection Mechanisms
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
    3. Chapter 11. Securing the Management Plane on Cisco IOS Devices
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Securing Management Traffic
          1. What Is Management Traffic and the Management Plane?
          2. Beyond the Blue Rollover Cable
          3. Management Plane Best Practices
          4. Password Recommendations
          5. Using AAA to Verify Users
          6. Role-Based Access Control
          7. Encrypted Management Protocols
          8. Using Logging Files
          9. Understanding NTP
          10. Protecting Cisco IOS Files
        2. Implementing Security Measures to Protect the Management Plane
          1. Implementing Strong Passwords
          2. User Authentication with AAA
          3. Using the CLI to Troubleshoot AAA for Cisco Routers
          4. RBAC Privilege Level/Parser View
          5. Implementing Parser Views
          6. SSH and HTTPS
          7. Implementing Logging Features
          8. SNMP Features
          9. Configuring NTP
          10. Secure Copy Protocol
          11. Securing the Cisco IOS Image and Configuration Files
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    4. Chapter 12. Securing the Data Plane in IPv6
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Understanding and Configuring IPv6
          1. Why IPv6?
          2. The Format of an IPv6 Address
        2. Configuring IPv6 Routing
          1. Moving to IPv6
        3. Developing a Security Plan for IPv6
          1. Best Practices Common to Both IPv4 and IPv6
          2. Threats Common to Both IPv4 and IPv6
          3. The Focus on IPv6 Security
          4. New Potential Risks with IPv6
          5. IPv6 Best Practices
          6. IPv6 Access Control Lists
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    5. Chapter 13. Securing Routing Protocols and the Control Plane
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Securing the Control Plane
          1. Minimizing the Impact of Control Plane Traffic on the CPU
        2. Control Plane Policing
          1. Control Plane Protection
        3. Securing Routing Protocols
          1. Implement Routing Update Authentication on OSPF
          2. Implement Routing Update Authentication on EIGRP
          3. Implement Routing Update Authentication on RIP
          4. Implement Routing Update Authentication on BGP
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
  16. Part V: Cisco Firewall Technologies and Intrusion Prevention System Technologies
    1. Chapter 14. Understanding Firewall Fundamentals
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Firewall Concepts and Technologies
          1. Firewall Technologies
          2. Objectives of a Good Firewall
          3. Firewall Justifications
          4. The Defense-in-Depth Approach
          5. Firewall Methodologies
        2. Using Network Address Translation
          1. NAT Is About Hiding or Changing the Truth About Source Addresses
          2. Inside, Outside, Local, Global
          3. Port Address Translation
          4. NAT Options
        3. Creating and Deploying Firewalls
          1. Firewall Technologies
          2. Firewall Design Considerations
          3. Firewall Access Rules
          4. Packet-Filtering Access Rule Structure
          5. Firewall Rule Design Guidelines
          6. Rule Implementation Consistency
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
    2. Chapter 15. Implementing Cisco IOS Zone-Based Firewalls
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Cisco IOS Zone-Based Firewalls
          1. How Zone-Based Firewall Operates
          2. Specific Features of Zone-Based Firewalls
          3. Zones and Why We Need Pairs of Them
          4. Putting the Pieces Together
          5. Service Policies
          6. The Self Zone
        2. Configuring and Verifying Cisco IOS Zone-Based Firewalls
          1. First Things First
          2. Using CCP to Configure the Firewall
          3. Verifying the Firewall
          4. Verifying the Configuration from the Command Line
          5. Implementing NAT in Addition to ZBF
          6. Verifying Whether NAT Is Working
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    3. Chapter 16. Configuring Basic Firewall Policies on Cisco ASA
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. The ASA Appliance Family and Features
          1. Meet the ASA Family
          2. ASA Features and Services
        2. ASA Firewall Fundamentals
          1. ASA Security Levels
          2. The Default Flow of Traffic
          3. Tools to Manage the ASA
          4. Initial Access
          5. Packet Filtering on the ASA
          6. Implementing a Packet-Filtering ACL
          7. Modular Policy Framework
          8. Where to Apply a Policy
        3. Configuring the ASA
          1. Beginning the Configuration
          2. Getting to the ASDM GUI
          3. Configuring the Interfaces
          4. IP Addresses for Clients
          5. Basic Routing to the Internet
          6. NAT and PAT
          7. Permitting Additional Access Through the Firewall
          8. Using Packet Tracer to Verify Which Packets Are Allowed
          9. Verifying the Policy of No Telnet
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    4. Chapter 17. Cisco IDS/IPS Fundamentals
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. IPS Versus IDS
          1. What Sensors Do
          2. Difference Between IPS and IDS
          3. Sensor Platforms
          4. True/False Negatives/Positives
          5. Positive/Negative Terminology
        2. Identifying Malicious Traffic on the Network
          1. Signature-Based IPS/IDS
          2. Policy-Based IPS/IDS
          3. Anomaly-Based IPS/IDS
          4. Reputation-Based IPS/IDS
          5. When Sensors Detect Malicious Traffic
          6. Controlling Which Actions the Sensors Should Take
          7. Implementing Actions Based on the Risk Rating
          8. Circumventing an IPS/IDS
        3. Managing Signatures
          1. Signature or Severity Levels
        4. Monitoring and Managing Alarms and Alerts
          1. Security Intelligence
          2. IPS/IDS Best Practices
        5. Cisco Next-Generation IPS Solutions
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
  17. Part VI: Content and Endpoint Security
    1. Chapter 18. Mitigation Technologies for E-mail-Based and Web-Based Threats
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Mitigation Technology for E-mail-Based Threats
          1. E-mail-Based Threats
          2. Cisco Cloud E-mail Security
          3. Cisco Hybrid E-mail Security
          4. Cisco E-mail Security Appliance
          5. Cisco ESA Initial Configuration
        2. Mitigation Technology for Web-Based Threats
          1. Cisco CWS
          2. Cisco WSA
        3. Cisco Content Security Management Appliance
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
        4. Command Reference to Check Your Memory
    2. Chapter 19. Mitigation Technologies for Endpoint Threats
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Antivirus and Antimalware Solutions
        2. Personal Firewalls and Host Intrusion Prevention Systems
        3. Advanced Malware Protection for Endpoints
        4. Hardware and Software Encryption of Endpoint Data
          1. E-mail Encryption
          2. Encrypting Endpoint Data at Rest
          3. Virtual Private Networks
      3. Exam Preparation Tasks
        1. Review All the Key Topics
        2. Complete the Tables and Lists from Memory
        3. Define Key Terms
  18. Part VII: Final Preparation
    1. Chapter 20. Final Preparation
      1. Tools for Final Preparation
      2. Exam Engine and Questions on the CD
        1. Install the Exam Engine
        2. Activate and Download the Practice Exam
        3. Activating Other Exams
        4. Premium Edition
      3. The Cisco Learning Network
      4. Memory Tables
      5. Chapter-Ending Review Tools
      6. Study Plan
      7. Recall the Facts
      8. Practice Configurations
      9. Using the Exam Engine
  19. Part VIII: Appendixes
    1. Appendix A. Answers to the “Do I Know This Already?” Quizzes
      1. Chapter 1
      2. Chapter 2
      3. Chapter 3
      4. Chapter 4
      5. Chapter 5
      6. Chapter 6
      7. Chapter 7
      8. Chapter 8
      9. Chapter 9
      10. Chapter 10
      11. Chapter 11
      12. Chapter 12
      13. Chapter 13
      14. Chapter 14
      15. Chapter 15
      16. Chapter 16
      17. Chapter 17
      18. Chapter 18
      19. Chapter 19
    2. Appendix B. CCNA Security 210-260 (IINS) Exam Updates
      1. Always Get the Latest at the Companion Website
      2. Technical Content
  20. Glossary
  21. Index
  22. Cisco Connect, Engage, Collaborate
  23. Where are the companion content files?
  24. Appendix C. Memory Tables
    1. Chapter 1
    2. Chapter 3
    3. Chapter 5
    4. Chapter 6
    5. Chapter 7
    6. Chapter 8
    7. Chapter 9
    8. Chapter 10
    9. Chapter 11
    10. Chapter 12
    11. Chapter 14
    12. Chapter 15
    13. Chapter 17
  25. Appendix D. Memory Tables Answer Key
    1. Chapter 1
    2. Chapter 3
    3. Chapter 5
    4. Chapter 6
    5. Chapter 7
    6. Chapter 8
    7. Chapter 9
    8. Chapter 10
    9. Chapter 11
    10. Chapter 12
    11. Chapter 14
    12. Chapter 15
    13. Chapter 17
  26. Appendix E. Study Planner
  27. Code Snippets