Organization of this Book

Each chapter starts by testing your current knowledge on the chapter's topics with a "Do I Know This Already?" quiz. This quiz is aimed at helping you decide whether you need to cover the whole chapter, read only parts of the chapter, or just skip the chapter altogether. See the introduction to each "Do I Know This Already?" quiz for more details.

Each chapter then contains a "Foundation Topics" section with extensive coverage of the CCIE Security exam topics covered in that chapter. This is followed by a "Foundation Summary" section that provides more-condensed coverage of the topics and is ideal for review and study later. Each chapter ends with "Q & A" and "Scenarios" sections to help you assess how well you mastered the topics covered in the chapter. Finally, the book includes a CD-ROM with sample exam questions and other preparation resources. All of these tools are designed to help you assess your preparedness level and then teach you. Once you identify deficiencies, you should concentrate your studies on those areas until you feel comfortable with them.

The following list summarizes the individual elements of this book:

• Chapter 1, "General Networking Topics"—This chapter covers general networking technologies, including an overview of the OSI model, switching concepts, and routing protocols. The TCP/IP model is presented and explained with common applications used in today's IP networks. Routing protocols and sample configurations are presented to ensure that you have a good understanding of how Cisco IOS routes IP datagrams. Concluding this chapter is a discussion of some of today's most widely used WAN protocols, namely PPP, ISDN, and Frame Relay. Keep in mind that the CCIE Security exam covers Routing and Switching topics as well as Security topics. Telephony and wireless best practices round off this chapter.

• Chapter 2, "Application Protocols"—This chapter covers the principles of Domain Name System and TFTP file transfers. The most widely used applications such as FTP and HTTP are covered along with some of the more secure methods used to download information from the web, such as Secure Shell and the Secure Sockets Layer protocol. SSH and Remote Data Exchange Protocol (RDEP) are new topics covered for the latest exam. A challenging scenario is included to ensure that you have the IOS skill set to configure DNS, TFTP, NTP, and SNMP.

• Chapter 3, "Cisco IOS Specifics and Security"—This chapter covers the more advanced topics available to Cisco IOS routers. It covers in detail the hardware components of a Cisco router and how to manage Cisco routers. Common Cisco device operational commands are described, and examples show how to manage Cisco IOS in today's large IP networks. Cisco password recovery techniques and basic password security are detailed to ensure that you have a solid grasp of Cisco device operation. Coverage of standard and extended access lists and examples conclude this chapter. Chapter 3 contains a wealth of new material covering the new exam objectives, such as new routing and switching features, access layer controls, port security, DHCP snoop, and security policy best practices.

• Chapter 4, "Security Protocols"—This chapter focuses on security protocols developed and supported by Cisco Systems and refined in RFCs, namely TACACS+ and RADIUS. Following sample configurations, the chapter covers encryption technologies and their use in today's vulnerable IP networks. Additionally, to ensure that you have all the bases covered, Advanced Encryption Standard (AES) and securing wireless networks are covered.

• Chapter 5, "Cisco Security Applications"—This chapter required a large overhaul from the first edition. It covers new topics such as Cisco IDS, the VPN 3000 Concentrator, VPN Client software, and new Catalyst security modules. Cisco Secure ACS and Security Information Monitoring System round off this chapter.

• Chapter 6, "Security Technologies"—This chapter describes the basic security methods and evolution of new secure networks including packet filtering and proxies. The IP address depletion rates with IPv4 have led to NAT/PAT becoming increasingly popular; this chapter covers these topics along with sample IOS configurations. The Cisco PIX Firewall is Cisco's trademark security device, and this chapter teaches you the architecture and configuration of these unique security devices. The Cisco IOS Firewall feature set and VPN are covered. Network-based IDS, host-based IDS, and Cisco Threat Response are covered in detail as well.

• Chapter 7, "Network Security Policies, Vulnerabilities, and Protection"—This chapter reviews today's most common Cisco security policies and mechanisms available to the Internet community used to combat cyber attacks. The security standards body CERT/CC is covered along with descriptions of Cisco IOS-based security methods used to ensure that all attacks are reported and acted upon. Cisco security applications such as Intrusion Detections System are covered to lay the foundation you will need to master the topics covered on the CCIE Security written exam.

• Chapter 8, "CCIE Security Self-Study Lab"—This chapter is designed to assist you in your final preparation for CCIE Security certification. This rare sample lab was put together by one former (Sydney CCIE lab) and one current (Brussels CCIE lab) CCIE proctor from the CCIE team. It is a sample CCIE Security lab with working solutions to ensure that you are fully prepared for the final hurdle, the CCIE Security lab exam. In my view and experience (including writing numerous CCIE lab exams) this sample exam is more challenging than most Cisco exams. Please enjoy and study this sample CCIE Security lab. Many readers have e-mailed me in the past to ask what is their next step after passing the written exam. An excellent start is Chapter 8 of this book. When the CCIE program first started, there were no sample lab questions. Now in your hands you have a sample Security lab exam and bonus sample Routing and Switching lab exams (Appendixes C and D).

• Appendix A, "Answers to Quiz Questions"—Appendix A provides the answers to the "Do I Know This Already?" and "Q & A" quiz questions in each chapter. Explanations are included where appropriate.

• Appendix B, "Study Tips for CCIE Security Examinations"—Appendix B describes some of the study tips and preparation steps you should consider before embarking on the long hard road to CCIE Security certification. There are also answers to frequently asked question about the written exam and CCIE Security certification.

• Appendix C, "Sample CCIE Routing and Switching Lab I"—Appendix C is a bonus appendix designed to assist you in your final preparation for the CCIE Routing and Switching lab exam and help you appreciate the level of difficulty found in any CCIE lab exam.

• Appendix D, "Sample CCIE Routing and Switching Lab II"—Appendix D is a second bonus appendix designed to assist you in your final preparation for the CCIE Routing and Switching lab exam and help you appreciate the level of difficulty found in any CCIE lab exam. This second bonus version of the R&S lab exam contains only four routers, for those readers who do not have access to a large number of routers.

• CD-ROM—The CD-ROM provides you with a testing engine that simulates the written exam with a database of over 500 questions. Take several sample CD-ROM exams and ensure that you review all the answers and results so that you can fully prepare for the exam by identifying areas where you need extra preparation.

0 0

Post a comment