مبانی شبکه، سیسکو، مایکروسافت، میکروتیک

آشنایی با مبانی و ارائه راهکار

مبانی شبکه، سیسکو، مایکروسافت، میکروتیک

آشنایی با مبانی و ارائه راهکار

مبانی شبکه، سیسکو، مایکروسافت، میکروتیک
طبقه بندی موضوعی
آخرین نظرات
  • ۵ خرداد ۹۵، ۱۰:۵۱ - سیّد محمّد جعاوله
  • ۳۱ ارديبهشت ۹۵، ۱۸:۲۵ - سیّد محمّد جعاوله

معرفی کتاب CCNA Security Official Exam Certification Guide

پنجشنبه, ۱۳ اسفند ۱۳۹۴، ۰۹:۲۷ ق.ظ


 Foreword    xxvi
Introduction    xxvii
Part I     Network Security Concepts   3
Chapter 1      Understanding Network Security Principles   5
“Do I Know This Already?” Quiz    5
Foundation Topics    9
Exploring Security Fundamentals    9
Why Network Security Is a Necessity    9
Types of Threats    9
Scope of the Challenge    10
Nonsecured Custom Applications    11
The Three Primary Goals of Network Security    12
Confidentiality    12
Integrity    12
Availability    13
Categorizing Data    13
Classification Models    13
Classification Roles    15
Controls in a Security Solution    16
Responding to a Security Incident    17
Legal and Ethical Ramifications    18
Legal Issues to Consider    19
Understanding the Methods of Network Attacks    20
Vulnerabilities    20
Potential Attackers    21
The Mind-set of a Hacker    23
Defense in Depth    24
Understanding IP Spoofing    27
Launching a Remote IP Spoofing Attack with IP Source Routing    28
Launching a Local IP Spoofing Attack Using a Man-in-the-Middle Attack    29
Protecting Against an IP Spoofing Attack    30
Understanding Confidentiality Attacks    31
Understanding Integrity Attacks    33
Understanding Availability Attacks   36
Best-Practice Recommendations    40
Exam Preparation Tasks    41
Review All the Key Topics    41
Complete the Tables and Lists from Memory    42
Definition of Key Terms   42

Chapter 2      Developing a Secure Network  45
“Do I Know This Already?” Quiz    45
Foundation Topics    49
Increasing Operations Security    49
System Development Life Cycle    49
Initiation    49
Acquisition and Development    49
Implementation    50
Operations and Maintenance    50
Disposition    51
Operations Security Overview    51
Evaluating Network Security    52
Nmap    54
Disaster Recovery Considerations    55
Types of Disruptions    56
Types of Backup Sites    56
Constructing a Comprehensive Network Security Policy    57
Security Policy Fundamentals    57
Security Policy Components    58
Governing Policy   58
Technical Policies    58
End-User Policies    59
More-Detailed Documents    59
Security Policy Responsibilities    59
Risk Analysis, Management, and Avoidance    60
Quantitative Analysis    60
Qualitative Analysis    61
Risk Analysis Benefits    61
Risk Analysis Example: Threat Identification    61
Managing and Avoiding Risk    62
Factors Contributing to a Secure Network Design    62
Design Assumptions    63
Minimizing Privileges    63
Simplicity Versus Complexity    64
User Awareness and Training    64
Creating a Cisco Self-Defending Network    66
Evolving Security Threats    66
Constructing a Cisco Self-Defending Network    67
Cisco Security Management Suite   69
Cisco Integrated Security Products    70
Exam Preparation Tasks    74
Review All the Key Topics    74
Complete the Tables and Lists from Memory    75
Definition of Key Terms    75

Chapter 3    Defending the Perimeter  77    
    “Do I Know This Already?” Quiz    77
Foundation Topics    81
ISR Overview and Providing Secure Administrative Access    81
IOS Security Features    81
Cisco Integrated Services Routers    81
Cisco 800 Series    82
Cisco 1800 Series    83
Cisco 2800 Series    84
Cisco 3800 Series    84
ISR Enhanced Features    85
Password-Protecting a Router    86    
Limiting the Number of Failed Login Attempts    92    
Setting a Login Inactivity Timer    92    
Configuring Privilege Levels    93    
Creating Command-Line Interface Views    93    
Protecting Router Files    95    
Enabling Cisco IOS Login Enhancements for Virtual Connections    96
Creating a Banner Message    98    
Cisco Security Device Manager Overview    99
Introducing SDM    99
Preparing to Launch Cisco SDM    101
Exploring the Cisco SDM Interface    102
Exam Preparation Tasks    106
Review All the Key Topics    106
Complete the Tables and Lists from Memory    106
Definition of Key Terms    106
Command Reference to Check Your Memory    107

Chapter 4      Configuring AAA   111
“Do I Know This Already?” Quiz    111
Foundation Topics    115
Configuring AAA Using the Local User Database    115
Authentication, Authorization, and Accounting    115
AAA for Cisco Routers    115
Router Access Authentication    116
Using AAA to Configure Local User Database Authentication    117
Implementing the aaa authorization Command    122
Working with the aaa accounting Command    124
Using the CLI to Troubleshoot AAA for Cisco Routers    126
Using Cisco SDM to Configure AAA    127
Configuring AAA Using Cisco Secure ACS    128
Overview of Cisco Secure ACS for Windows    129
Additional Features of Cisco Secure ACS 4.0 for Windows    130
Cisco Secure ACS 4.0 for Windows Installation    132
Overview of TACACS+ and RADIUS    137
TACACS+ Authentication    138
Command Authorization with TACACS+    140
TACACS+ Attributes    140
Authentication and Authorization with RADIUS    141
RADIUS Message Types    142
RADIUS Attributes    142
Features of RADIUS    143
Configuring TACACS+    144
Using the CLI to Configure AAA Login Authentication on Cisco Routers    144
Configuring Cisco Routers to Use TACACS+ Using the Cisco SDM    146
Defining the AAA Servers    147
Exam Preparation Tasks    149
Review All the Key Topics    149
Complete the Tables and Lists from Memory    150
Definition of Key Terms    150
Command Reference to Check Your Memory    150

Chapter 5      Securing the Router  155
“Do I Know This Already?” Quiz    155
Foundation Topics    158
Locking Down the Router    158
Identifying Potentially Vulnerable Router Interfaces and Services    158
Locking Down a Cisco IOS Router    160
AutoSecure    161
Cisco SDM One-Step Lockdown    166
Using Secure Management and Reporting    171
Planning for Secure Management and Reporting    172
Secure Management and Reporting Architecture    172
Configuring Syslog Support    175
Securing Management Traffic with SNMPv3    179
Enabling Secure Shell on a Router    183
Using Cisco SDM to Configure Management Features    185
Configuring Syslog Logging with Cisco SDM    186
Configuring SNMP with Cisco SDM    190
Configuring NTP with Cisco SDM    194
Configuring SSH with Cisco SDM    196
Exam Preparation Tasks    201
Review All the Key Topics    201
Complete the Tables and Lists from Memory    201
Definition of Key Terms    202
Command Reference to Check Your Memory    202

Part II    Constructing a Secure Infrastructure  205

Chapter 6      Securing Layer  2 Devices  207
“Do I Know This Already?” Quiz    207
Foundation Topics    211
Defending Against Layer 2 Attacks   211
Review of Layer 2 Switch Operation    211
Basic Approaches to Protecting Layer 2 Switches    212
Preventing VLAN Hopping    213
Switch Spoofing    213
Double Tagging   214
Protecting Against an STP Attack    215
Combating DHCP Server Spoofing   218
Using Dynamic ARP Inspection    220
Mitigating CAM Table Overflow Attacks    222
Spoofing MAC Addresses    223
Additional Cisco Catalyst Switch Security Features    225
Using the SPAN Feature with IDS    226
Enforcing Security Policies with VACLs    226
Isolating Traffic Within a VLAN Using Private VLANs    227
Traffic Policing    228
Notifying Network Managers of CAM Table Updates    228
Port Security Configuration    228
Configuration Recommendations    231
Cisco Identity-Based Networking Services    232
Introduction to Cisco IBNS    232
Overview of IEEE 802.1x    234
Extensible Authentication Protocols    236
EAP-MD5    236
EAP-TLS    236
PEAP (MS-CHAPv2)    238
EAP-FAST    239
Combining IEEE 802.1x with Port Security Features    239

Chapter 7      Implementing Endpoint Security   251
“Do I Know This Already?” Quiz    251
Foundation Topics    254
Examining Endpoint Security    254
Defining Endpoint Security    254
Examining Operating System Vulnerabilities    255
Examining Application Vulnerabilities    257
Understanding the Threat of Buffer Overflows    258
Buffer Overflow Defined    259
The Anatomy of a Buffer Overflow Exploit    259
Understanding the Types of Buffer Overflows    260
Additional Forms of Attack    261
Securing Endpoints with Cisco Technologies    265
Understanding IronPort    265
The Architecture Behind IronPort    266
Examining the Cisco NAC Appliance    266
Working with the Cisco Security Agent    268
Understanding Cisco Security Agent Interceptors    269
Examining Attack Response with the Cisco Security Agent    272
Best Practices for Securing Endpoints    273
Application Guidelines    274
Apply Application Protection Methods    274
Exam Preparation Tasks    276
Review All the Key Topics    276
Complete the Tables and Lists from Memory    277
Definition of Key Terms    277

Chapter 8      Providing SAN Security  279
“Do I Know This Already?” Quiz    279
Foundation Topics    282
Overview of SAN Operations    282
Fundamentals of SANs    282
Organizational Benefits of SAN Usage    283
Understanding SAN Basics    284
Fundamentals of SAN Security    285
Classes of SAN Attacks    286
Implementing SAN Security Techniques    287
Using LUN Masking to Defend Against Attacks    287
Examining SAN Zoning Strategies    288
Examining Soft and Hard Zoning   288
Understanding World Wide Names   289
Defining Virtual SANs    290
Combining VSANs and Zones    291
Identifying Port Authentication Protocols    292
Understanding DHCHAP   292
CHAP in Securing SAN Devices    292
Working with Fibre Channel Authentication Protocol    292
Understanding Fibre Channel Password Authentication Protocol    293
Assuring Data Confidentiality in SANs    293
Incorporating Encapsulating Security Payload (ESP)    294
Providing Security with Fibre Channel Security Protocol    294
Exam Preparation Tasks    295
Review All the Key Topics    295
Complete the Tables and Lists from Memory    295
Definition of Key Terms    295

Chapter 9      Exploring Secure Voice Solutions  297
“Do I Know This Already?” Quiz    297
Foundation Topics    301
Defining Voice Fundamentals    301
Defining VoIP    301
The Need for VoIP    302
VoIP Network Components    303
VoIP Protocols    305
Identifying Common Voice Vulnerabilities    307
Attacks Targeting Endpoints    307
VoIP Spam    308
Vishing and Toll Fraud    308
SIP Attack Targets    309
Securing a VoIP Network    310
Protecting a VoIP Network with Auxiliary VLANs    310
Protecting a VoIP Network with Security Appliances    311
Hardening Voice Endpoints and Application Servers    313
Summary of Voice Attack Mitigation Techniques    316
Exam Preparation Tasks    317
Review All the Key Topics    317
Complete the Tables and Lists from Memory    317
Definition of Key Terms    317

Chapter 10    Using Cisco IOS Firewalls to Defend the Network  319
“Do I Know This Already?” Quiz    319
Foundation Topics    323
Exploring Firewall Technology    323
The Role of Firewalls in Defending Networks    323
The Advance of Firewall Technology    325
Transparent Firewalls    326
Application Layer Firewalls    327
Benefits of Using Application Layer Firewalls    329
Working with Application Layer Firewalls    330
Application Firewall Limitations    332
Static Packet-Filtering Firewalls    333
Stateful Packet-Filtering Firewalls    335
Stateful Packet Filtering and the State Table    335
Disadvantages of Stateful Filtering    336
Uses of Stateful Packet-Filtering Firewalls    337
Application Inspection Firewalls    338
Application Inspection Firewall Operation    340
Effective Use of an Application Inspection Firewall    341
Overview of the Cisco ASA Adaptive Security Appliance    342
The Role of Firewalls in a Layered Defense Strategy    343
Creating an Effective Firewall Policy    345
Using ACLs to Construct Static Packet Filters   347
The Basics of ACLs    348
Cisco ACL Configuration    349
Working with Turbo ACLs    350
Developing ACLs   351
Using the CLI to Apply ACLs to the Router Interface    352
Considerations When Creating ACLs    353
Filtering Traffic with ACLs    354
Preventing IP Spoofing with ACLs   357
Restricting ICMP Traffic with ACLs    358
Configuring ACLs to Filter Router Service Traffic    360 vty Filtering    360
SNMP Service Filtering    361
RIPv2 Route Filtering    361
Grouping ACL Functions    362
Implementing a Cisco IOS Zone-Based Firewall    364
Understanding Cisco IOS Firewalls    364
Traffic Filtering    365
Traffic Inspection    366
The Role of Alerts and Audit Trails    366
Classic Firewall Process    367
SPI and CBAC    368
Examining the Principles Behind Zone-Based Firewalls    369
Changes to Firewall Configuration    370
Zone Membership Rules    371
Understanding Security Zones    373
Zones and Inspection    373
Security Zone Restrictions    373
Working with Zone Pairs    375
Security Zone Firewall Policies    376
Class Maps    378
Verifying Zone-Based Firewall Configuration    379
Exam Preparation Tasks    380
Review All the Key Topics    380
Complete the Tables and Lists from Memory    381
Definition of Key Terms    381
Command Reference to Check Your Memory    382

Chapter 11    Using Cisco IOS IPS to Secure the Network  385
“Do I Know This Already?” Quiz    385
Foundation Topics    388
Examining IPS Technologies    388
IDS Versus IPS    388
IDS and IPS Device Categories    389
Detection Methods    389
Network-Based Versus Host-Based IPS    391
Deploying Network-Based and Host-Based Solutions    394
IDS and IPS Appliances    395
Cisco IDS 4215 Sensor    396
Cisco IPS 4240 Sensor    397
Cisco IPS 4255 Sensor    397
Cisco IPS 4260 Sensor    397
Signatures    398
Exploit Signatures    398
Connection Signatures    399
String Signatures    399
Denial-of-Service Signatures    399
Signature Definition Files    399
Alarms    400
Using SDM to Configure Cisco IOS IPS    401
Launching the Intrusion Prevention Wizard    401
IPS Policies Wizard    404
Creating IPS Rules    410
Manipulating Global IPS Settings   417
Signature Configuration    419
Exam Preparation Tasks    425
Review All the Key Topics    425
Complete the Tables and Lists from Memory    425
Definition of Key Terms    425

Part III  Extending Security and Availability  with Cryptography and VPNs    427

Chapter 12    Designing a Cryptographic Solution   429
“Do I Know This Already?” Quiz    429
Foundation Topics    433
Introducing Cryptographic Services    433
Understanding Cryptology    433
Cryptography Through the Ages    434
The Substitution Cipher    434
The Vigenère Cipher    435
Transposition Ciphers    436
Working with the One-Time Pad    436
The Encryption Process    437
Cryptanalysis    438
Understanding the Features of Encryption Algorithms    440
Symmetric and Asymmetric Encryption Algorithms    441
Encryption Algorithms and Keys    441
Symmetric Encryption Algorithms    441
Asymmetric Encryption Algorithms    443
The Difference Between Block and Stream Ciphers    444
Block Ciphers    444
Stream Ciphers    445
Exploring Symmetric Encryption    445
Functionality of Symmetric Encryption Algorithms    446
Key Lengths    446
Features and Functions of DES    447
Working with the DES Key    447
Modes of Operation for DES    447
Working with DES Stream Cipher Modes    449
Usage Guidelines for Working with DES    449
Understanding How 3DES Works    450
Encrypting with 3DES    450
AES    451
The Rijndael Cipher    451
Comparing AES and    3DES    451
Availability of AES in the Cisco Product Line    452
SEAL    452
SEAL Restrictions    452
The Rivest Ciphers    452
Understanding Security Algorithms   453
Selecting an Encryption Algorithm    453
Understanding Cryptographic Hashes    455
Working with Hashing    455
Designing Key Management    456
Components of Key Management    456
Understanding Keyspaces   456
Issues Related to Key Length    457
SSL VPNs    458
Establishing an SSL Tunnel    459
Exam Preparation Tasks    460
Review All the Key Topics    460
Complete the Tables and Lists from Memory    461
Definition of Key Terms    461

Chapter 13    Implementing Digital Signatures  463
“Do I Know This Already?” Quiz    463
Foundation Topics    466
Examining Hash Algorithms    466
Exploring Hash Algorithms and HMACs    466
Anatomy of a Hash Function    467    
Application of Hash Functions    467    
Cryptographic Hash Functions    468    
Application of Cryptographic Hashes    469
HMAC Explained    470    
MD5 Features and Functionality    471
Origins of MD5   472
Vulnerabilities of MD5   473
Usage of MD5    475
SHA-1 Features and Functionality    475
Overview of SHA-1    476
Vulnerabilities of SHA-1    477
Usage of SHA-1    478
Using Digital Signatures    478
Understanding Digital Signatures    480
Digital Signature Scheme    483
Authentication and Integrity   483
Examining RSA Signatures    483
Exploring the History of RSA   484
Understanding How RSA Works    484
Encrypting and Decrypting Messages with RSA    485
Signing Messages with RSA    485
Vulnerabilities of RSA    486
Exploring the Digital Signature Standard    487
Using the DSA Algorithm    487
Exam Preparation Tasks    488
Review All the Key Topics    488
Complete the Tables and Lists from Memory    489
Definition of Key Terms    489

Chapter 14    Exploring PKI and  Asymmetric Encryption   491
“Do I Know This Already?” Quiz    491
Foundation Topics    494
Understanding Asymmetric Algorithms    494
Exploring Asymmetric Encryption Algorithms    494
Using Public-Key Encryption to Achieve Confidentiality    495
Providing Authentication with a Public Key    496
Understanding the Features of the RSA Algorithm    497
Working with RSA Digital Signatures    498
Guidelines for Working with RSA    499
Examining the Features of the Diffie-Hellman Key Exchange Algorithm    499
Steps of the Diffie-Hellman Key Exchange Algorithm    500
Working with a PKI    500
Examining the Principles Behind a PKI    501
Understanding PKI Terminology    501
Components of a PKI    501
Classes of Certificates    502
Examining the PKI Topology of a Single Root CA    502
Examining the PKI Topology of Hierarchical CAs    503
Examining the PKI Topology of Cross-Certified CAs    505
Understanding PKI Usage and Keys    506
Working with PKI Server Offload    506
Understanding PKI Standards    507
Understanding X.509v3    507
Understanding Public Key Cryptography Standards (PKCS)    508
Understanding Simple Certificate Enrollment Protocol (SCEP)    510
Exploring the Role of Certificate Authorities and Registration Authorities in a PKI    511
Examining Identity Management    512
Retrieving the CA Certificate    513
Understanding the Certificate Enrollment Process    513
Examining Authentication Using Certificates    514
Examining Features of Digital Certificates and CAs    515
Understanding the Caveats of Using a PKI    516
Understanding How Certificates Are Employed    517
Exam Preparation Tasks    519
Review All the Key Topics    519
Complete the Tables and Lists from Memory    519
Definition of Key Terms    520

Chapter 15    Building a Site-to-Site IPsec VPN Solution  523
“Do I Know This Already?” Quiz    523
Foundation Topics    527
Exploring the Basics of IPsec    527
Introducing Site-to-Site VPNs    527
Overview of IPsec    529
IKE Modes and Phases    529
Authentication Header and Encapsulating Security Payload    531
Cisco VPN Product Offerings    533
Cisco VPN-Enabled Routers and Switches    533
Cisco VPN 3000 Series Concentrators    535
Cisco ASA 5500 Series Appliances    536
Cisco 500 Series PIX Security Appliances    538
Hardware Acceleration Modules    538
VPN Design Considerations and Recommendations    539
Best-Practice Recommendations for Identity and IPsec Access Control   540
Best-Practice Recommendations for IPsec    540
Best-Practice Recommendations for Network Address Translation    541
Best-Practice Recommendations for Selecting a Single-Purpose Versus
Multipurpose Device    541
Constructing an IPsec Site-to-Site VPN    542
The Five Steps in the Life of an IPsec Site-to-Site VPN    542
The Five Steps of Configuring an IPsec Site-to-Site VPN    543
Configuring an IKE Phase 1 Tunnel    543
Configuring an IKE Phase 2 Tunnel    545
Applying Crypto Maps    546
Using Cisco SDM to Configure IPsec on a Site-to-Site VPN    548
Introduction to the Cisco SDM VPN Wizard    548
Quick Setup    549
Step-by-Step Setup    559
Configuring Connection Settings   559
Selecting an IKE Proposal    561
Selecting a Transform Set   562
Selecting Traffic to Protect in the IPsec Tunnel    563

Part IV Final Preparation   589

Chapter 16    Final Preparation  577
Exam Engine and Questions on the CD   577
Install the Software from the CD    578
Activate and Download the Practice Exam    578
Activating Other Exams    579
Study Plan    579
Recall the Facts    580
Use the Exam Engine    580
Choosing Study or Simulation Mode    580
Passing Scores for the IINS Exam   581

Part V  Appendixes 583
Appendix A      Answers to “Do I Know This Already?” Questions  585
Appendix B       Glossary  595
Appendix C       CCNA Security Exam Updates: Version 1.0    617
Appendix D      Memory Tables    (CD only)
Appendix E       Memory Tables Answer Key    (CD only) Index    620

حجم: 13.8 مگابایت
زبان : انگلیسی
تعداد صفحات: 776

دانلود کتاب CCNA Security Official Exam Certification Guide

نظرات  (۰)

هیچ نظری هنوز ثبت نشده است

ارسال نظر

ارسال نظر آزاد است، اما اگر قبلا در بیان ثبت نام کرده اید می توانید ابتدا وارد شوید.
شما میتوانید از این تگهای html استفاده کنید:
<b> یا <strong>، <em> یا <i>، <u>، <strike> یا <s>، <sup>، <sub>، <blockquote>، <code>، <pre>، <hr>، <br>، <p>، <a href="" title="">، <span style="">، <div align="">
تجدید کد امنیتی