Ccna Security Study Guide: Exam 210-260 by Troy McMillan, Wiley India

Description

Wiley India Ccna Security Study Guide: Exam 210-260 by Troy McMillan

CCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you successfully prepare for the exam. Expert instruction guides you through critical concepts relating to secure network infrastructure, access management, VPN encryption, Firewalls, intrusion prevention and more, with complete coverage of the CCNA exam objectives. Practical examples allow you to apply your skills in real-world scenarios, helping you transition effectively from "learning" to "doing". You also get access to the Sybex online learning environment, featuring the tools you need to maximize your study time: key terminology and flash cards allow you to study anytime, anywhere, while chapter tests and practice exams help you track your progress and gauge your readiness along the way. About the Author Troy McMillan, CCNA, CCNP, CISSP, CASP, Security+, writes practice tests, study guides, and online course materials for Kaplan IT Cert Prep. He holds more than 30 industry certifications, delivers certification training classes, appears in training videos, and runs his own consulting and training business. TABLE OF CONTENTS Introduction Assessment Test Chapter 1 Understanding Security Fundamentals Goals of Security Confidentiality Integrity Availability Guiding Principles Common Security Terms Risk Management Process Network Topologies CAN WAN Data Center SOHO Virtual Common Network Security Zones DMZ Intranet and Extranet Public and Private VLAN Chapter 2 Understanding Security Threats Common Network Attacks Motivations Classifying Attack Vectors Spoofing Password Attacks Reconnaissance Attacks Buffer Overflow DoS DDoS Man-in-the-Middle Attack ARP Poisoning Social Engineering Phishing/Pharming Prevention Malware Data Loss and Exfiltration Chapter 3 Understanding Cryptography Symmetric and Asymmetric Encryption Ciphers Algorithms Hashing Algorithms MD5 SHA-1 SHA-2 HMAC Digital Signatures Key Exchange Application: SSH Public Key Infrastructure Public and Private Keys Certificates Certificate Authorities PKI Standards PKI Topologies Certificates in the ASA Cryptanalysis Chapter 4 Securing the Routing Process Securing Router Access Configuring SSH Access Configuring Privilege Levels in IOS Configuring IOS Role-Based CLI Implementing Cisco IOS Resilient Configuration Implementing OSPF Routing Update Authentication Implementing OSPF Routing Update Authentication Implementing EIGRP Routing Update Authentication Securing the Control Plane Control Plane Policing Chapter 5 Understanding Layer 2 Attacks Understanding STP Attacks Understanding ARP Attacks Understanding MAC Attacks Understanding CAM Overflows Understanding CDP/LLDP Reconnaissance Understanding VLAN Hopping Switch Spoofing Double Tagging Understanding DHCP Spoofing Chapter 6 Preventing Layer 2 Attacks Configuring DHCP Snooping Configuring Dynamic ARP Inspection Configuring Port Security Configuring STP Security Features BPDU Guard Root Guard Loop Guard Disabling DTP Verifying Mitigations DHCP Snooping DAI Port Security STP Features DTP Chapter 7 VLAN Security Native VLANs Mitigation PVLANs PVLAN Edge PVLAN Proxy Attack ACLs on Switches Port ACLs VLAN ACLs Chapter 8 Securing Management Traffic In-Band and Out-of-Band Management AUX Port VTY Ports HTTPS Connection SNMP Console Port Securing Network Management SSH HTTPS ACLs Banner Messages Securing Access through SNMP v3 Securing NTP Using SCP for File Transfer Chapter 9 Understanding 802.1x and AAA 802.1x Components RADIUS and TACACS+ Technologies Configuring Administrative Access with TACACS+ Local AAA Authentication and Accounting SSH Using AAA Understanding Authentication and Authorization Using ACS and ISE Understanding the Integration of Active Directory with AAA TACACS+ on IOS Verify Router Connectivity to TACACS+ Chapter 10 Securing a BYOD Initiative The BYOD Architecture Framework Cisco ISE Cisco TrustSec The Function of Mobile Device Management Integration with ISE Authorization Policies Chapter 11 Understanding VPNs Understanding IPsec Security Services Protocols Delivery Modes IPsec with IPV6 Understanding Advanced VPN Concepts Hairpinning Split Tunneling Always-on VPN NAT Traversal Chapter 12 Configuring VPNs Configuring Remote Access VPNs Basic Clientless SSL VPN Using ASDM Verify a Clientless Connection Basic AnyConnect SSL VPN Using ASDM Verify an AnyConnect Connection Endpoint Posture Assessment Configuring Site-to-Site VPNs Implement an IPsec Site-to-Site VPN with Preshared Key Authentication Verify an IPsec Site-to-Site VPN Chapter 13 Understanding Firewalls Understanding Firewall Technologies Packet Filtering Proxy Firewalls Application Firewall Personal Firewall Stateful vs. Stateless Firewalls Operations State Table Chapter 14 Configuring NAT and Zone-Based Firewalls Implementing NAT on ASA 9.x Static Dynamic PAT Policy NAT Verifying NAT Operations Configuring Zone-Based Firewalls Class Maps Default Policies Configuring Zone-to-Zone Access Chapter 15 Configuring the Firewall on an ASA Understanding Firewall Services Understanding Modes of Deployment Routed Firewall Transparent Firewall Understanding Methods of Implementing High Availability Active/Standby Failover Active/Active Failover Clustering Understanding Security Contexts Configuring ASA Management Access Initial Configuration Configuring Cisco ASA Interface Security Levels Security Levels Configuring Security Access Policies Interface Access Rules Object Groups Configuring Default Cisco Modular Policy Framework (MPF) Chapter 16 Intrusion Prevention IPS Terminology Threat Risk Vulnerability Exploit Zero-Day Threat Actions Network-Based IPS vs. Host-Based IPS Host-Based IPS Network-Based IPS Promiscuous Mode Detection Methods Evasion Techniques Packet Fragmentation Injection Attacks Alternate String Expressions Introducing Cisco FireSIGHT Capabilities Protections Understanding Modes of Deployment Inline Positioning of the IPS within the Network Outside DMZ Inside Understanding False Positives, False Negatives, True Positives, and True Negatives Chapter 17 Content and Endpoint Security Mitigating Email Threats Spam Filtering Context-Based Filtering Anti-malware Filtering DLP Blacklisting Email Encryption Cisco Email Security Appliance Putting the Pieces Together Mitigating Web-Based Threats Understanding Web Proxies Cisco Web Security Appliance Mitigating Endpoint Threats Cisco Identity Services Engine (ISE) Antivirus/Anti-malware Personal Firewall Hardware/Software Encryption of Local Data HIPS Summary Exam Essentials Review Questions Appendix Answers to Review Questions Chapter 1: Understanding Security Fundamentals Chapter 2: Understanding Security Threats Chapter 3: Understanding Cryptography Chapter 4: Securing the Routing Process Chapter 5: Understanding Layer 2 Attacks Chapter 6: Preventing Layer 2 Attacks Chapter 7: VLAN Security Chapter 8: Securing Management Traffic Chapter 9: Understanding 802.1x and AAA Chapter 10: Securing a BYOD Initiative Chapter 11: Understanding VPNs Chapter 12: Configuring VPNs Chapter 13: Understanding Firewalls Chapter 14: Configuring NAT and Zone-Based Firewalls Chapter 15: Configuring the Firewall on an ASA Chapter 16: Intrusion Prevention Chapter 17: Content and Endpoint Security Index