S

SA (Security Association), 242 sacrificial hosts, 370 SAM (Security Accounts Manager), 293 SAML command (SMTP), 128 sample lab exam, 583-597 saving configuration files, 158 scalability, Windows NT, 292 secret passwords, hiding, 181 security, 321

AAA, 208-209

accounting, 211-212 authentication, 210 authorization, 210-211 CBAC, configuring, 346-347 encryption technologies, 235 3DES, 238 DES, 237-238 Diffie-Hellman, 240-241 DSS, 238-239 IPSec, 242-246 MD5, 239-240 principles of, 235-237 firewalls, 320

Cisco IOS features, 344-345 HTTP, 118

authentication, 119 IKE, 246

configuring, 252-259 phase I, 247 phase II, 248- 252 Kerberos, 225

configuring, 228-229 NAT, 324

configuring Dynamic NAT, 326 deploying, 325 monitoring, 327 operation on Cisco routers, 326 packet filtering, TCP services, 322-324 PAT, 324 PIX, 328

commands, 339-341 configuring, 332-337 DMZs, 330

software features, 342-344 stateful packet screening, 330-331 static routing, 337-338 PKI, 348 RADIUS, 212

attributes, 214 configuring, 215-217 features, 215

security protocol support, 214 SSH, 132-133 SSL, 121 TACACS+, 218

authentication, 219 authorization, 219-220 configuring, 220-223 features, 220 versus RADIUS, 224-225 VPDNs, 229-231

configuring, 231-235 VPNs, 349

configuring, 350-351 security server protocols, 212 Security Wheel, 304 self-study lab

ACS configuration, 461--470 advanced PIX configuration, 458-460 BGP routing configuration, 438-442 Catalyst Ethernet switch setup, 403-413 DHCP configuration, 438

dynamic ACL/lock and key feature configuration, 448-449 final configurations, 470-485 Frame Relay setup, 397-402 IGP routing, 419-423

OSPF configuration, 423-432 IOS Firewall configuration, 450-451 IP access list configuration, 442-444 IPSec configuration, 452-457 ISDN configuration, 432-437 local IP host address configuration, 414 physical connectivity, 403 PIX configuration, 414-418 setup, 393-395

communications server, 396-397 TCP intercept configuration, 444-446 time-based access list configuration, 446-448 SEND command (SMTP), 128 Sendmail, 127 sensors, Cisco IDSs, 373 sequence numbering, enabling, 378 servers, RADIUS, 212 service password-encryption command, 181 service tcp keepalive command, enabling Nagle algorithm, 376 service tcp-keepalives-in command, 376 session hijacking, 369 session layer (OSI model), 24 session replay, 369 set vlan command, 30

SGBP (Stack Group Bidding Protocol), 85-86

SHA (Secure Hash Algorithm), 239-240

shadow file (UNIX), 290

show accounting command, 211-212

show commands, 160-161

show debugging command, 163

show interface command, 156

show interfaces command, 163-165

show ip access-lists command, 163

show ip arp command, 46

show ip route command, 55-56, 162-163

show logging command, 166

show process command, 153

show route-map command, 166

show startup-config command, 178

show version command, 155-156, 166

SIA (Stuck in Active), 63

Signature Engines, 373-374

single domain model, 293

single logon, 226

sliding windows, 44

SMTP (Simple Mail Transfer Protocol), 127

commands, 127-128 smurf attacks, 372 SNMP, 121

community access strings, configuring on Cisco routers, 121 configuring on Cisco routers, 124 examples of, 126 managed devices, 123 MIBs, 122, 124 notifications, 122, 124 snmp-server community command (SNMP), 124 snmp-server enable traps config command, 124 snmp-server host command, 124-126 social engineering, 367 software

Cisco Secure, 297, 299 AAA features, 298 features, 297 test topics, 297 NetSonar, 302, 304 software features of PIX, 342-344 SOML command (SMTP), 128 spanning tree, 30

bridge port states, 31 special files, 289

SPI (Security Parameters Index), 243

split horizon, 58 spoof attacks, 372

SRTT (Smooth Route Trip Time), 63 SSH (Secure Shell), 132-133 SSL (Secure Socket Layer), 121 standard access lists, 182-187 standard IP access lists, 183

wildcard masks, 184 standards bodies, CERT/CC, 366 startup config, viewing, 178 stateful packet screening, PIX, 330-331 stateful security, 330 states of Ethernet interfaces, 165 static NAT, 327

static routing, PIX configuration, 337-338 store and forward switching, 30 stratum, 128-129

configuring NTP time sources, 130-131 stubby areas, 70

study tips for exam, 569-570, 575 study tips for qualification exam, 570-571

decoding ambiguity, 572-573 subnetting, 36

calculating host per subnet, 37-38 CIDR, 39-40 VLSM, 38-39 successors (EIGRP), 63 summary links, 68 switching, 28-29 CAM tables, 29 cut through, 30 portfast, enabling, 31 store and forward, 30 trunks, 31 System Flash, 151 system log, displaying, 166

Was this article helpful?

0 0

Post a comment