P

packet filtering, 353

CBAC, 378

configuring, 380-382 extended access lists, 196-198 standard access lists, 190-195

packets

EIGRP, Hello, 58 IP

debugging, 179-180 fields, 28-29 rerouting, 418 TCP, 34-35 partitioning System Flash, 157 Passive FTP, 118 passive IDS modules, 387 passwords authentication, 230

method lists, 238 enable passwords, setting, 188 recovering, 182-187 virtual terminal passwords, setting, 190 PAT (Port Address Translation), 355 path vector protocols, BGP, 71-75 pattern matching, 386

PEAP (Protected EAP), 272-276 peer-to-peer communication, 19 perimeter routers, 353 physical layer (OSI model), 14 ping of death attacks, 419 ping requests, test characters, 46-47 PIX (Private Internet Exchange), 361 commands, 371-373 configuring, 364-368 DMZs, 361

software features, 376-377 stateful packet screening, 362-363 static routing, 368-369 PIX Firewall log files, troubleshooting, 374-375 NAT support, 363 PKI (Public Key Infrastructure), 382-383 placement of IDS systems, 305-307 Poison Reverse updates, 53 policy routes, displaying, 174 PortFast, enabling, 25 PPP (Point-to-Point Protocol), 77 preparing for exam, 631 FAQs, 633 objectives, 627 sample lab, 639-664

preparing for qualification exam, 629-630 presentation layer (OSI model), 17-18 preshared keys, comparing with manual keys, 268, 506

preventing Cisco IOS from attacks disabling default services, 429 disabling DHCP, 427 disabling TCP/UDP small servers, 427 enabling sequence numbering, 428 enabling TCP intercept, 429 Nagle algorithm, 425-426 performing core dumps, 430

PRI, 75

privilege levels, authorization, 230-231 Privileged EXEC mode (IOS), 164 protocol decode-based analysis, 386 proxy ARP, disabling, 431 proxy servers, 352

qualification exam

FAQs, 632-633 preparing for, 629-630 study tips, 626-627

decoding ambiguity, 628-629 QUIT command (SMTP), 129

RADIUS, 232

attributes, 234-235 configuring, 236-238 features, 235

security protocol support, 234 versus TACACAS+, 245-246

RAM, 157

NVRAM, 157 System Flash, 157-158 RARP, 39

RCPT command (SMTP), 129

RDEP (Remote Data Exchange Protocol),

138-139 read command (SNMP), 125 recovering lost or unknown passwords,

182-187 redundancy, HSRP, 41-45 remote access VPDNs, 276-277

configuring, 278-281

remote router access, 187 reporting security breaches, Internet newsgroups, 416-417 rerouting packets, 418 resolving IP addresses to MAC addresses,

ARP, 38-39 Rijmen, Vincent, 250 ROM (read-only memory), 159-160 ROM boot mode (IOS), 164 root bridge elections, 24 root bridges, 24 router hardware configuration registers, 160-161 CPU, 158 interfaces, 163 NVRAM, 157

RAM, 157 ROM, 159-160 System Flash, 157 routers, remote access, 187 routing protocols, 48 BGP, 71

attributes, 72-74 configuring, 74-75 messages, 71 default administrative distances, 51 EIGRP, 57-58

example configuration, 59-61 OSPF, 61-63

example configuration, 66-70 multiple area configuration, 64-65 single area configuration, 62-64 virtual links, 66 RIP, 52-53

configuring, 54-56 routing tables, viewing, 48-50 RSET command (SMTP), 129 RTO (Retransmission Timeout), 58

0 0

Post a comment