Network Security 1 and 2 Companion Guide
內容描述
Description
The completely revised, updated and
only authorized textbook for the Cisco Networking Academy Program Network
Security 1 and 2 course
A portable reference that supports the topics in the
Cisco Networking Academy Network Security course aligning 1:1 with course
modules
Features improved readability, enhanced topic
explanations, real-world examples, and all-new graphical presentations
Written by leading Academy instructor, Antoon Rufi,
who bring a fresh voice to the course material
Network Security 1 and 2 Companion
Guide is the official supplemental textbook for version 2 of the Network
Security 1 and 2 course of the Cisco Networking Academy Program. Completely
revised and updated with new examples and explanations, this textbook includes
original material developed by the author, yet it fully aligns with the
Network Security curriculum. Written by an experienced author who presents
material in a comprehensive manner--using his own voice and own examples--this
new edition augments student understanding of course material. The new edition
incorporates improved features to aid instructors and enhance student
comprehension. For example, chapters align with course modules in both name
and number, and chapter objectives are stated as questions to encourage
students to think about and find answers as they read chapters. End-of-chapter
questions and summaries align with chapter objectives to emphasize key topics,
while key terms are listed in each chapter opener in the order of occurrence
to alert students to upcoming vocabulary words. In addition, new features
include "How To" quick references for step-by-step tasks; real-world examples
and all-new illustrations; concise explanations with a focus on word usage and
sentence structure for improved readability; and correlations to the CCNA exam
in Chapter Objectives, Check Your Understanding questions, and new Challenge
Activities.
Table of
Contents
Course 1
Chapter
1 Vulnerabilities,
Threats, and Attacks
Key Terms
Introduction to Network Security
The Need for Network Security
Identifying Potential Risks to Network Security
Open Versus Closed Security Models
Trends Driving Network Security
Information Security Organizations
Introduction to Vulnerabilities, Threats, and Attacks
Vulnerabilities
Threats
Attacks
Attack Examples
Reconnaissance Attacks
Access Attacks
Denial-of-Service (DoS) Attacks
Masquerade/IP Spoofing Attacks
Distributed Denial-of-Service Attacks
Malicious Code
Vulnerability Analysis
Policy Identification
Network Analysis
Host Analysis
Analysis Tools
Summary
Check Your Understanding
Chapter
2 Security Planning and
Policy
Key Terms
Discussing Network Security and Cisco
The Security Wheel
Network Security Policy
Endpoint Protection and Management
Host- and Server-Based Security Components and
Technologies
PC Management
Network Protection and Management
Network-Based Security Components and Technologies
Network Security Management
Security Architecture
Security Architecture (SAFE)
The Cisco Self-Defending Network
Secure Connectivity
Threat Defense
Cisco Integrated Security
Plan, Design, Implement, Operate, Optimize (PDIOO)
Basic Router Security
Control Access to Network Devices
Remote Configuration Using SSH
Router Passwords
Router Privileges and Accounts
Cisco IOS Network Services
Routing, Proxy ARP, and ICMP
Routing Protocol Authentication and Update Filtering
NTP, SNMP, Router Name, DNS
Summary
Check Your Understanding
Chapter
3 Security
Devices
Device Options
Cisco IOS Firewall Feature Set
Creating a Customized Firewall
PIX Security Appliance
Adaptive Security Appliance
Finesse Operating System
The Adaptive Security Algorithm
Firewall Services Module
Using Security Device Manager
Using the SDM Startup Wizard
SDM User Interface
SDM Wizards
Using SDM to Configure a WAN
Using the Factory Reset Wizard
Monitor Mode
Introduction to the Cisco Security Appliance Family
PIX 501 Security Appliance
PIX 506E Security Appliance
PIX 515E Security Appliance
PIX 525 Security Appliance
PIX 535 Security Appliance
Adaptive Security Appliance Models
PIX Security Appliance Licensing
PIX VPN Encryption License
Security Contexts
PIX Security Appliance Context Licensing
ASA Security Appliance Licensing
Expanding the Features of the PIX 515E
Expanding the Features of the PIX 525
Expanding the Features of the PIX 535
Expanding the Features of the Adaptive Security Appliance
Family
Getting Started with the PIX Security Appliance
Configuring the PIX Security Appliance
The help Command
Security Levels
Basic PIX Security Appliance Configuration Commands
Additional PIX Security Appliance Configuration
Commands
Examining the PIX Security Appliance Status
Time Setting and NTP Support
Syslog Configuration
Security Appliance Translations and Connections
Transport Protocols
NAT
Dynamic Inside NAT
Two Interfaces with NAT
Three Interfaces with NAT
PAT
Augmenting a Global Pool with PAT
The static Command
The nat 0 Command
Connections and Translations
Manage a PIX Security Appliance with Adaptive Security Device
Manager
ASDM Operating Requirements
Prepare for ASDM
Using ASDM to Configure the PIX Security Appliance
PIX Security Appliance Routing Capabilities
Virtual LANs
Static and RIP Routing
OSPF
Multicast Routing
Firewall Services Module Operation
FWSM Requirements
Getting Started with the FWSM
Verify FWSM Installation
Configure the FWSM Access Lists
Using PDM with the FWSM
Resetting and Rebooting the FWSM
Summary
Check Your Understanding
Chapter
4 Trust and Identity
Technology
Key Terms
AAA
TACACS
RADIUS
Comparing TACACS+ and RADIUS
Authentication Technologies
Static Passwords
One-Time Passwords
Token Cards
Token Card and Server Methods
Digital Certificates
Biometrics
Identity Based Networking Services (IBNS)
802.1x
Wired and Wireless Implementations
Network Admission Control (NAC)
NAC Components
NAC Phases
NAC Operation
NAC Vendor Participation
Summary
Check Your Understanding
Chapter
5 Cisco Secure Access
Control Server
Key Terms
Cisco Secure Access Control Server Product Overview
Authentication and User Databases
The Cisco Secure ACS User Database
Keeping Databases Current
Cisco Secure ACS for Windows Architecture
How Cisco Secure ACS Authenticates Users
User-Changeable Passwords
Configuring RADIUS and TACACS+ with Cisco Secure ACS
Installation Steps
Administering Cisco Secure ACS for Windows
Troubleshooting
Enabling TACACS+
Verifying TACACS+
Failure
Pass
Configuring RADIUS
Summary
Check Your Understanding
Chapter
6 Configure Trust and
Identity at Layer 3
Key Terms
Cisco IOS Firewall Authentication Proxy
Authentication Proxy Operation
Supported AAA Servers
AAA Server Configuration
AAA Configuration
Allow AAA Traffic to the Router
Authentication Proxy Configuration
Test and Verify Authentication Proxy
Introduction to PIX Security Appliance AAA Features
PIX Security Appliance Authentication
PIX Security Appliance Authorization
PIX Security Appliance Accounting
AAA Server Support
Configure AAA on the PIX Security Appliance
PIX Security Appliance Access Authentication
Interactive User Authentication
The Local User Database
Authentication Prompts and Timeout
Cut-Through Proxy Authentication
Authentication of Non-Telnet, -FTP, or -HTTP Traffic
Tunnel User Authentication
Authorization Configuration
Downloadable ACLs
Accounting Configuration
Console Session Accounting
Command Accounting
Troubleshooting the AAA Configuration
Summary
Check Your Understanding
Chapter
7 Configure Trust and
Identity at Layer 2
Key Terms
Identity Based Networking Services (IBNS)
Features and Benefits
IEEE 802.1x
Selecting the Correct EAP
Cisco LEAP
IBNS and Cisco Secure ACS
ACS Deployment Considerations
Cisco Secure ACS RADIUS Profile Configuration
Configuring 802.1x Port-Based Authentication
Enabling 802.1x Authentication
Configuring the Switch-to-RADIUS Server Communication
Enabling Periodic Reauthentication
Manually Reauthenticating a Client Connected to a Port
Enabling Multiple Hosts
Resetting the 802.1x Configuration to the Default
Values
Displaying 802.1x Statistics and Status
Summary
Check Your Understanding 3
Chapter
8 Configure Filtering on
a Router
Key Terms
Filtering and Access Lists
Packet Filtering
Stateful Filtering
URL Filtering
Cisco IOS Firewall Context-Based Access Control
CBAC Packets
Cisco IOS ACLs
How CBAC Works
CBAC-Supported Protocols
Configuring Cisco IOS Firewall Context-Based Access
Control
CBAC Configuration Tasks
Prepare for CBAC
Setting Audit Trails and Alerts
Setting Global Timeouts
Setting Global Thresholds
Half-Open Connection Limits by Host
System-Defined Port-to-Application Mapping
User-Defined PAM
Defining Inspection Rules for Applications
Defining Inspection Rules for IP Fragmentation
Defining Inspection Rules for ICMP
Applying Inspection Rules and ACLs to Interfaces
Testing and Verifying CBAC
Configuring a Cisco IOS Firewall Using SDM
Summary
Check Your Understanding
Chapter
9 Configure Filtering on
a PIX Security Appliance
Key Terms
Configuring ACLs and Content Filters
PIX Security Appliance ACLs
Configuring ACLs
ACL Line Numbers
The icmp Command
nat 0 ACLs
Turbo ACLs
Using ACLs
Malicious Code Filtering
URL Filtering
Object Grouping
Getting Started with Object Groups
&n
相關書籍
_@9781118016848_https://static.coderbridge.com/images/books/9781118016848.jpg)
Hacking Electronics: Learning Electronics with Arduino and Raspberry Pi, Second Edition
2006-10-15