S

sacrificial hosts, 419

SAFE blueprints, security best practices,

208-209 SAML command (SMTP), 129 sample lab. See self-study lab SAs (security associations), 254-259 saving configuration files, 165 sCSA ( Cisco Security Agent), 387 SDM (Security Device Manager), 328-330 secret passwords, hiding, 189 security, 353, 380-382 AAA, 228-229

accounting, 231-232 authentication, 230 authorization, 230-231 Cisco IOS SSH, 135-138 encryption technologies, 246-247 3DES, 250 AES, 250-251 DES, 248-250 Diffie-Hellman, 252-253 IPSec, 254-258 MD5, 251-252 principles of, 247-248

firewalls, 352

Cisco IOS features, 377-379 HTTP, 119-120 IKE

configuring, 264-272 phase II, 264 NAT, 355-356

configuring Dynamic NAT, 359 deploying, 357 monitoring, 360 operation on Cisco routers, 358 packet filtering, TCP services, 353-355 PAT, 355 PIX, 361

commands, 371-373 configuring, 364-368 DMZs, 361

software features, 376-377 stateful packet screening, 362-363 static routing, 368-369 PKI, 382-383 RADIUS, 232

attributes, 234-235 configuring, 236-238 features, 235

security protocol support, 234 SSH, 133-135 SSL, 121 TACACS+, 239

authentication, 240 authorization, 240-241 configuring, 241-244 features, 241 versus RADIUS, 245-246 VPDNs, 276-277

configuring, 278-281 VPNs, 383

configuring, 385 security server protocols, 232 self-study lab

ACS configuration, 514-524 advanced PIX configuration, 511-514 BGP routing configuration, 491-495 Catalyst Ethernet switch setup, 457-464 DHCP configuration, 490 dynamic ACL/lock and key feature configuration, 501-502 final configurations, 538-558 Frame Relay setup, 450-456

IDS configuration, 525, 530, 538 IGP routing, 470-475

OSPF configuration, 475-484 IOS firewall configuration, 505 IP access list configuration, 495-497 IPSec configuration, 505-511 ISDN configuration, 484-490 local IP host address configuration,

464-466 physical connectivity, 456 PIX configuration, 465-470 setup, 445-448

communications server, 448-449 TCP intercept configuration, 497-499 time-based access list configuration, 499-500 SEND command (SMTP), 129 Sendmail, 129

sensors, Cisco IDSs, 309-310, 423 sequence numbering, enabling, 428 servers, RADIUS, 232 service password-encryption command, 189 service tcp keepalive command, enabling

Nagle algorithm, 426 service tcp-keepalives-in command, 426 session hijacking, 418 session layer (OSI model), 17 session replay, 418 set vlan command, 24 SGBP (Stack Group Bidding Protocol), 81 SHA (Secure Hash Algorithm), 251-252 show accounting command, 231-232 show commands, 166-168 show debugging command, 170 show interface command, 163 show interfaces command, 171-172 show ip access-lists command, 170 show ip arp command, 39 show ip route command, 48, 50, 169-170 show logging command, 173 show process command, 158-159 show route-map command, 174 show startup-config command, 185 show version command, 162-163, 174 SIA (Stuck in Active), 58 Signature Engines, 423-424 signature-based IDS systems, 304 signatures, 386 sliding windows, 37

SMTP (Simple Mail Transfer Protocol),

128-129 smurf attacks, 421

SNMP (Simple Network Management Protocol), 122

community access strings, configuring on

Cisco routers, 122 configuring on Cisco routers, 125 examples of, 128 managed devices, 124 MIBs, 123-125 notifications, 123-126 snmp-server enable traps config command, 126 snmp-server host command, 126-127 social engineering, 414 software

Cisco Secure, 301

AAA features, 302 features, 301 test topics, 301 PIX, features of, 376-377 SOML command (SMTP), 129 spanning tree, 23-24 SPI (Security Parameters Index), 256 split horizon, 53 spoof attacks, 421 spoofing, 203

MAC spoofing attacks, 205-207 SRTT (Smooth Route Trip Time), 58 SSH (Secure Shell), 133-135 SSL (Secure Socket Layer), 121 standard access lists, 190-195 standard IP access lists, 191-192 standards bodies, CERT/CC, 413-414 startup config, viewing, 185 stateful pattern matching, 386 stateful security, 362 states of Ethernet interfaces, 173 static command, 371 static NAT, 360

store and forward switching, 23

STP manipulation attacks, 204

stratum, 130-132

stubby areas, 65

study tips for exam, 625-631

subnetting calculating host per subnet, 30-31 CIDR, 32-33 VLSM, 31-32

virtual terminal passwords, setting

successors (EIGRP), 58 summary links, 63 switching, enabling PortFast, 25 synchronous logging, 178 System Flash, 157-158 system log, displaying, 173

Was this article helpful?

0 0

Post a comment