Greg Bastien, Christian Degu1587200724, 9781587200724
Table of contents :
“Do I Know This Already?” Quiz……Page 39
Security Policies……Page 43
Security Policy Goals……Page 46
The Policy Must Be Consistent……Page 47
The Policy Must Be Implemented Globally Throughout the Organization……Page 48
The Policy Must Be Understandable……Page 49
The Policy Must Include an Incident Response Plan for Security Breaches@……Page 50
Network Security as a Process……Page 51
Network Security as a Legal Issue……Page 52
Security Policy Goals……Page 53
Network Security as a Process……Page 54
Q&A……Page 55
“Do I Know This Already?” Quiz……Page 57
Self-Imposed Vulnerabilities……Page 61
Lack of Effective Policy……Page 62
Configuration Weakness……Page 63
Technology Weakness……Page 64
Lack of Understanding of Computers or Networks……Page 65
Intruding for Profit……Page 66
Types of Attacks……Page 67
Access Attacks……Page 68
DoS Attacks……Page 70
Self-Imposed Vulnerabilities……Page 71
Intruder Motivation……Page 72
Types of Attacks……Page 73
Q&A……Page 74
“Do I Know This Already?” Quiz……Page 77
Overview of Defense in Depth……Page 80
Components Used for Defense in Depth……Page 81
Physical Security……Page 85
Foundation Summary……Page 86
Q&A……Page 88
“Do I Know This Already?” Quiz……Page 93
Router Configuration Modes……Page 97
Accessing the Cisco Router CLI……Page 100
Configuring CLI Access……Page 102
Cisco IOS Firewall Features……Page 103
Router Configuration Modes……Page 105
Cisco IOS Firewall Features……Page 106
Q&A……Page 109
“Do I Know This Already?” Quiz……Page 113
Privilege Levels……Page 117
Configuring the Enable Password……Page 118
enable secret……Page 120
Configuring Multiple Privilege Levels……Page 121
Warning Banners……Page 123
Securing vty Access……Page 124
Setting Up a Cisco IOS Router or Switch as an SSH Client……Page 125
Port Security for Ethernet Switches……Page 126
Configuring Port Security……Page 127
Foundation Summary……Page 129
Q&A……Page 130
“Do I Know This Already?” Quiz……Page 135
Configuring Line Password Authentication……Page 138
Remote Security Servers……Page 139
TACACS Overview……Page 140
RADIUS Overview……Page 141
PAP and CHAP Authentication……Page 143
CHAP……Page 144
MS-CHAP……Page 145
Foundation Summary……Page 146
Q&A……Page 147
“Do I Know This Already?” Quiz……Page 149
Authentication……Page 153
Configuring AAA Services……Page 154
Configuring AAA Authentication……Page 155
Configuring Login Authentication Using AAA……Page 156
Enabling Password Protection at the Privileged Level……Page 157
Configuring PPP Authentication Using AAA……Page 158
Configuring AAA Authorization……Page 159
Configuring AAA Accounting……Page 162
Troubleshooting AAA……Page 164
Foundation Summary……Page 167
Q&A……Page 168
“Do I Know This Already?” Quiz……Page 171
Configuring TACACS+ on Cisco IOS……Page 174
TACACS+ Authentication Examples……Page 175
TACACS+ Accounting Example……Page 177
debug aaa authentication……Page 178
debug tacacs events……Page 179
Configuring RADIUS on Cisco IOS……Page 180
RADIUS Authentication, Authorization, and Accounting Example……Page 182
Testing and Troubleshooting RADIUS Configuration……Page 184
Foundation Summary……Page 187
Q&A……Page 188
“Do I Know This Already?” Quiz……Page 191
Cisco Secure ACS for Windows……Page 195
Authentication……Page 196
Authorization……Page 198
Administration……Page 199
Cisco Secure ACS for Windows Architecture……Page 200
CSAuth……Page 201
CSTacacs and CSRadius……Page 202
Cisco ACS for UNIX……Page 203
Foundation Summary……Page 205
Q&A……Page 206
“Do I Know This Already?” Quiz……Page 209
Operating System Requirements……Page 212
Installing Cisco Secure ACS……Page 213
Suggested Deployment Sequence……Page 215
Troubleshooting Cisco Secure ACS for Windows……Page 216
Administration Issues……Page 217
Foundation Summary……Page 219
Q&A……Page 220
“Do I Know This Already?” Quiz……Page 225
Simple Network Management Protocol (SNMP)……Page 228
Controlling Interactive Access Through a Browser……Page 229
Disabling Directed Broadcasts……Page 230
Routing Protocol Authentication……Page 231
Disabling Finger Services……Page 232
Disabling Cisco Discovery Protocol (CDP)……Page 233
Foundation Summary……Page 234
Q&A……Page 235
“Do I Know This Already?” Quiz……Page 237
What Are Access Lists……Page 241
Standard IP ACLs……Page 242
Reflexive ACLs……Page 246
Time-Based ACLs……Page 247
Configuring ACLs on a Router……Page 248
Foundation Summary……Page 250
Q&A……Page 251
“Do I Know This Already?” Quiz……Page 253
The Cisco IOS Firewall Feature Set……Page 256
Authentication Proxy……Page 257
Intrusion Detection……Page 258
System-Defined Port Mapping……Page 259
Host-Specific Port Mapping……Page 261
Foundation Summary……Page 262
Q&A……Page 263
“Do I Know This Already?” Quiz……Page 265
DoS Detection and Protection……Page 269
How CBAC Works……Page 270
UDP Sessions……Page 271
Supported Protocols……Page 272
Select an Interface……Page 273
Configure Global Timeouts and Thresholds……Page 274
Define an Inspection Rule……Page 275
Configure Java Inspection……Page 277
Debugging Context-Based Access Control……Page 278
CBAC Configuration Example……Page 279
Foundation Summary……Page 281
Q&A……Page 282
“Do I Know This Already?” Quiz……Page 285
How Authentication Proxy Works……Page 289
What Authentication Proxy Looks Like……Page 290
Configuring Authentication Proxy on the Cisco IOS Firewall……Page 292
Authentication Proxy Configuration Steps……Page 293
Step 1: Configure AAA……Page 294
Step 3: Configure the Authentication Proxy……Page 295
Step 4: Verify the Authentication Proxy Configuration……Page 296
Authentication Proxy Configuration Examples……Page 297
Using Authentication Proxy with TACACS+……Page 300
Step 1: Complete the Network Configuration……Page 301
Step 2: Complete the Interface Configuration……Page 302
Step 3: Complete the Group Setup……Page 303
Using Authentication Proxy with RADIUS……Page 304
Limitations of Authentication Proxy……Page 306
Foundation Summary……Page 308
Q&A……Page 310
“Do I Know This Already?” Quiz……Page 313
Cisco IOS Firewall IDS Features……Page 317
Compatibility with the CSIDS……Page 318
Cisco IOS Firewall IDS Configuration……Page 319
Configure the IOS Firewall IDS and Central Management Post Office ParameŒPŁ|%……Page 320
Configure Info and Attack Signatures……Page 322
Configure the Default Actions……Page 324
Create the IDS Audit Exclusions……Page 325
Verifying the Cisco IOS Firewall IDS Configuration……Page 326
Cisco IOS Firewall IDS Deployment Strategies……Page 329
Foundation Summary……Page 330
Q&A……Page 332
“Do I Know This Already?” Quiz……Page 337
Foundation Topics……Page 341
How IPSec Works……Page 343
Step 1: Select the IKE and IPSec Parameters……Page 344
Define the IKE (Phase 1) Policy……Page 345
Define the IPSec Policies……Page 347
Verify Connectivity……Page 351
Step 2: Configure IKE……Page 352
Configure Preshared Key……Page 353
Verify the IKE Configuration……Page 354
Step 3: Configure IPSec……Page 355
Create the IPSec Transform Set……Page 356
Create the Crypto ACLs……Page 357
Create the Crypto Map……Page 358
Apply the Crypto Map to the Correct Interface……Page 359
Step 4: Test and Verify the IPSec Configuration……Page 360
Configuring IPSec Using RSA Encrypted Nonces……Page 362
Plan the Implementation Using RSA Keys……Page 363
Enter Your Peer RSA Public Keys……Page 364
Verify the Key Configuration……Page 365
Manage the RSA Keys……Page 366
Configure a Cisco Router for IPSec Using Preshared Keys……Page 367
Verifying the IKE and IPSec Configuration……Page 368
Explain the Issues Regarding Configuring IPSec Manually and Using RSA EnÀ®N£¾‡ñLH_Fž&¹……Page 369
Q&A……Page 370
“Do I Know This Already?” Quiz……Page 373
Overview of Cisco Router CA Support……Page 377
Step 1: Select the IKE and IPSec Parameters……Page 379
Step 2: Configure the Router CA Support……Page 380
Step 3: Configure IKE Using RSA Signatures……Page 387
Step 4: Configure IPSec……Page 388
Step 5: Test and Verify the Configuration……Page 389
Advanced IPSec VPNs Using Cisco Routers and CAs……Page 390
Q&A……Page 391
“Do I Know This Already?” Quiz……Page 393
Describe the Easy VPN Server……Page 396
Easy VPN Server Functionality……Page 397
Configuring the Easy VPN Server……Page 398
Prepare the Router for Easy VPN Server……Page 399
Create the ISAKMP Policy for the Remote VPN Clients……Page 400
Define a Group Policy for a Mode Configuration Push……Page 401
Create the Dynamic Crypto Maps with Reverse Route Injection (RRI)……Page 402
Apply the Dynamic Crypto Map to the Interface……Page 403
Configure xauth……Page 404
Easy VPN Modes of Operation……Page 405
Configuring the Easy VPN Server……Page 406
Easy VPN Modes of Operation……Page 409
Q&A……Page 410
“Do I Know This Already?” Quiz……Page 413
CiscoWorks 2000……Page 417
Management Center for VPN Routers (Router MC)……Page 419
Concepts of the Router MC……Page 420
Supported Tunneling Technologies……Page 422
Installation and Login to Router MC……Page 423
Router MC Workflow……Page 426
Managing Enterprise VPN Routers……Page 429
Q&A……Page 432
Final Scenarios……Page 437
Task 1: Secure the Routers at All Locations……Page 438
Change All Administrative Access on All the Routers……Page 439
Configure a Secure Method for Remote Access of the Routers……Page 440
Disable Unnecessary Services……Page 441
Implement ACLs for Antispoofing Purposes……Page 442
Define VPN Configuration Parameters……Page 443
Configure the IKE Parameters……Page 445
Configure the IPSec Parameters……Page 447
Create and Apply Crypto Maps……Page 448
Configure Host Name and Domain Name……Page 450
Configure NTP……Page 451
Enroll with the CA……Page 452
Task 4: Secure Remote Access……Page 453
Implement the Cisco IOS Firewall IDS……Page 454
Implement Authentication Proxy……Page 457
Implement CBAC……Page 458
Q&A……Page 461
“Do I Know This Already?” Quiz……Page 463
Q&A……Page 464
Q&A……Page 466
Q&A……Page 467
Q&A……Page 469
Q&A……Page 471
Q&A……Page 472
Q&A……Page 474
“Do I Know This Already?” Quiz……Page 475
Q&A……Page 476
Q&A……Page 477
“Do I Know This Already?” Quiz……Page 478
Q&A……Page 479
Q&A……Page 480
Q&A……Page 482
Q&A……Page 483
Q&A……Page 485
“Do I Know This Already?” Quiz……Page 486
Q&A……Page 487
Q&A……Page 488
Q&A……Page 490
Q&A……Page 491
“Do I Know This Already?” Quiz……Page 492
Q&A……Page 493
Reviews
There are no reviews yet.