Description
Wiley India Ccna Security Study Guide: Exam 210-260 by Troy McMillan
CCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you successfully prepare for the exam. Expert instruction guides you through critical concepts relating to secure network infrastructure, access management, VPN encryption, Firewalls, intrusion prevention and more, with complete coverage of the CCNA exam objectives. Practical examples allow you to apply your skills in real-world scenarios, helping you transition effectively from "learning" to "doing". You also get access to the Sybex online learning environment, featuring the tools you need to maximize your study time: key terminology and flash cards allow you to study anytime, anywhere, while chapter tests and practice exams help you track your progress and gauge your readiness along the way.
About the Author
Troy McMillan, CCNA, CCNP, CISSP, CASP, Security+, writes practice tests, study guides, and online course materials for Kaplan IT Cert Prep. He holds more than 30 industry certifications, delivers certification training classes, appears in training videos, and runs his own consulting and training business.
TABLE OF CONTENTS
Introduction
Assessment Test
Chapter 1 Understanding Security Fundamentals
Goals of Security
Confidentiality
Integrity
Availability
Guiding Principles
Common Security Terms
Risk Management Process
Network Topologies
CAN
WAN
Data Center
SOHO
Virtual
Common Network Security Zones
DMZ
Intranet and Extranet
Public and Private
VLAN
Chapter 2 Understanding Security Threats
Common Network Attacks
Motivations
Classifying Attack Vectors
Spoofing
Password Attacks
Reconnaissance Attacks
Buffer Overflow
DoS
DDoS
Man-in-the-Middle Attack
ARP Poisoning
Social Engineering
Phishing/Pharming
Prevention
Malware
Data Loss and Exfiltration
Chapter 3 Understanding Cryptography
Symmetric and Asymmetric Encryption
Ciphers
Algorithms
Hashing Algorithms
MD5
SHA-1
SHA-2
HMAC
Digital Signatures
Key Exchange
Application: SSH
Public Key Infrastructure
Public and Private Keys
Certificates
Certificate Authorities
PKI Standards
PKI Topologies
Certificates in the ASA
Cryptanalysis
Chapter 4 Securing the Routing Process
Securing Router Access
Configuring SSH Access
Configuring Privilege Levels in IOS
Configuring IOS Role-Based CLI
Implementing Cisco IOS Resilient Configuration
Implementing OSPF Routing Update Authentication
Implementing OSPF Routing Update Authentication
Implementing EIGRP Routing Update Authentication
Securing the Control Plane
Control Plane Policing
Chapter 5 Understanding Layer 2 Attacks
Understanding STP Attacks
Understanding ARP Attacks
Understanding MAC Attacks
Understanding CAM Overflows
Understanding CDP/LLDP Reconnaissance
Understanding VLAN Hopping
Switch Spoofing
Double Tagging
Understanding DHCP Spoofing
Chapter 6 Preventing Layer 2 Attacks
Configuring DHCP Snooping
Configuring Dynamic ARP Inspection
Configuring Port Security
Configuring STP Security Features
BPDU Guard
Root Guard
Loop Guard
Disabling DTP
Verifying Mitigations
DHCP Snooping
DAI
Port Security
STP Features
DTP
Chapter 7 VLAN Security
Native VLANs
Mitigation
PVLANs
PVLAN Edge
PVLAN Proxy Attack
ACLs on Switches
Port ACLs
VLAN ACLs
Chapter 8 Securing Management Traffic
In-Band and Out-of-Band Management
AUX Port
VTY Ports
HTTPS Connection
SNMP
Console Port
Securing Network Management
SSH
HTTPS
ACLs
Banner Messages
Securing Access through SNMP v3
Securing NTP
Using SCP for File Transfer
Chapter 9 Understanding 802.1x and AAA
802.1x Components
RADIUS and TACACS+ Technologies
Configuring Administrative Access with TACACS+
Local AAA Authentication and Accounting
SSH Using AAA
Understanding Authentication and Authorization Using ACS and ISE
Understanding the Integration of Active Directory with AAA
TACACS+ on IOS
Verify Router Connectivity to TACACS+
Chapter 10 Securing a BYOD Initiative
The BYOD Architecture Framework
Cisco ISE
Cisco TrustSec
The Function of Mobile Device Management
Integration with ISE Authorization Policies
Chapter 11 Understanding VPNs
Understanding IPsec
Security Services
Protocols
Delivery Modes
IPsec with IPV6
Understanding Advanced VPN Concepts
Hairpinning
Split Tunneling
Always-on VPN
NAT Traversal
Chapter 12 Configuring VPNs
Configuring Remote Access VPNs
Basic Clientless SSL VPN Using ASDM
Verify a Clientless Connection
Basic AnyConnect SSL VPN Using ASDM
Verify an AnyConnect Connection
Endpoint Posture Assessment
Configuring Site-to-Site VPNs
Implement an IPsec Site-to-Site VPN with Preshared Key Authentication
Verify an IPsec Site-to-Site VPN
Chapter 13 Understanding Firewalls
Understanding Firewall Technologies
Packet Filtering
Proxy Firewalls
Application Firewall
Personal Firewall
Stateful vs. Stateless Firewalls
Operations
State Table
Chapter 14 Configuring NAT and Zone-Based Firewalls
Implementing NAT on ASA 9.x
Static
Dynamic
PAT
Policy NAT
Verifying NAT Operations
Configuring Zone-Based Firewalls
Class Maps
Default Policies
Configuring Zone-to-Zone Access
Chapter 15 Configuring the Firewall on an ASA
Understanding Firewall Services
Understanding Modes of Deployment
Routed Firewall
Transparent Firewall
Understanding Methods of Implementing High Availability
Active/Standby Failover
Active/Active Failover
Clustering
Understanding Security Contexts
Configuring ASA Management Access
Initial Configuration
Configuring Cisco ASA Interface Security Levels
Security Levels
Configuring Security Access Policies
Interface Access Rules
Object Groups
Configuring Default Cisco Modular Policy Framework (MPF)
Chapter 16 Intrusion Prevention
IPS Terminology
Threat
Risk
Vulnerability
Exploit
Zero-Day Threat
Actions
Network-Based IPS vs. Host-Based IPS
Host-Based IPS
Network-Based IPS
Promiscuous Mode
Detection Methods
Evasion Techniques
Packet Fragmentation
Injection Attacks
Alternate String Expressions
Introducing Cisco FireSIGHT
Capabilities
Protections
Understanding Modes of Deployment
Inline
Positioning of the IPS within the Network
Outside
DMZ
Inside
Understanding False Positives, False Negatives, True Positives, and True Negatives
Chapter 17 Content and Endpoint Security
Mitigating Email Threats
Spam Filtering
Context-Based Filtering
Anti-malware Filtering
DLP
Blacklisting
Email Encryption
Cisco Email Security Appliance
Putting the Pieces Together
Mitigating Web-Based Threats
Understanding Web Proxies
Cisco Web Security Appliance
Mitigating Endpoint Threats
Cisco Identity Services Engine (ISE)
Antivirus/Anti-malware
Personal Firewall
Hardware/Software Encryption of Local Data
HIPS
Summary
Exam Essentials
Review Questions
Appendix Answers to Review Questions
Chapter 1: Understanding Security Fundamentals
Chapter 2: Understanding Security Threats
Chapter 3: Understanding Cryptography
Chapter 4: Securing the Routing Process
Chapter 5: Understanding Layer 2 Attacks
Chapter 6: Preventing Layer 2 Attacks
Chapter 7: VLAN Security
Chapter 8: Securing Management Traffic
Chapter 9: Understanding 802.1x and AAA
Chapter 10: Securing a BYOD Initiative
Chapter 11: Understanding VPNs
Chapter 12: Configuring VPNs
Chapter 13: Understanding Firewalls
Chapter 14: Configuring NAT and Zone-Based Firewalls
Chapter 15: Configuring the Firewall on an ASA
Chapter 16: Intrusion Prevention
Chapter 17: Content and Endpoint Security
Index