How to Use This Book

The book consists of 24 chapters. Each chapter tends to build upon the chapter that precedes it. The chapters that cover specific commands and configurations include case studies or practice configurations.

The chapters of the book cover the following topics:

• Chapter 1, "Network Security Essentials" Chapter 1 is an overview of network security in general terms. This chapter defines the scope of network security and discusses the delicate "balancing act" required to ensure that you fulfill the business need without compromising the security of the organization. Network security is a continuous process that should be driven by a predefined organizational security policy.

• Chapter 2, "Defining and Detailing Attack Threats" Chapter 2 discusses the potential network vulnerabilities and attacks that pose a threat to the network. This chapter provides you with a better understanding of the need for an effective network security policy.

• Chapter 3, "Defense in Depth" Until recently, a network was considered secure if it had a strong perimeter defense. Network attacks are becoming much more dynamic and require a security posture that provides defense at many levels. Chapter 3 discusses the concepts that integrate all the security components into a single, effective security strategy.

• Chapter 4, "Basic Router Management" This chapter details the administration of the Cisco IOS router and discusses the Cisco IOS Firewall feature set. This chapter focuses on the basic tasks that are required to manage an individual Cisco IOS router.

• Chapter 5, "Secure Router Administration" This chapter explains how to secure the administrative access to the Cisco IOS router. It is important to secure this access to prevent unauthorized changes to the router.

• Chapter 6, "Authentication" This chapter discusses the many different types of authentication and the advantages and disadvantages of each type.

• Chapter 7, "Authentication, Authorization, and Accounting" AAA has become a key component of any security policy. AAA is used to verify which users are connecting to a specific resource, ensure that they are authorized to perform requested functions, and track which actions were performed, by whom, and at what time. Chapter 7 discusses the integration of AAA services into a Cisco IOS environment and how AAA can significantly impact the security posture of a network.

• Chapter 8, "Configuring RADIUS and TACACS+ on Cisco IOS Software" TACACS+ and RADIUS are two key AAA technologies supported by Cisco IOS Software. Chapter 8 discusses the steps for configuring TACACS+ and RADIUS to communicate with Cisco IOS routers.

• Chapter 9, "Cisco Secure Access Control Server" This chapter describes the features and architectural components of the Cisco Secure Access Control Server.

• Chapter 10, "Administration of Cisco Secure Access Control Server for Windows" This chapter discusses the installation and configuration of the Cisco Secure Access Control Server on a Microsoft Windows 2000 Server.

• Chapter 11, "Securing Networks with Cisco Routers" It is important to restrict access to your Cisco IOS router to ensure that only authorized administrators are performing configuration changes. There are many different ways to access the Cisco IOS router. Chapter 11 describes how to ensure that all nonessential services have been disabled to reduce any chances of accessing the router by exploiting open ports or running services.

• Chapter 12, "The Cisco IOS Firewall and Advanced Security Feature Set" The Cisco IOS Firewall and Advanced Security feature set is a set of additional features available for Cisco IOS that provides security functionality on a router platform. These features are discussed in Chapter 12.

• Chapter 13, "Cisco IOS Intrusion Prevention System" The Cisco IOS Intrusion Prevention System (IPS) feature set is the evolution of the Cisco IOS Intrusion Detection System (IDS). Cisco IPS products go beyond the IDS signature matching by incorporating features such as stateful pattern recognition, protocol analysis, traffic anomaly detection, and protocol anomaly detection. This chapter discusses the security features of the Cisco IOS IPS.

• Chapter 14, "Mitigating Layer 2 Attacks" As the popularity of Ethernet switching and wireless local-area networks (WLANs) grow, the emphasis on Layer 2 security has become more important. This chapter discusses Layer 2 attacks, mitigations, and best practices and functionality.

• Chapter 15, "Context-Based Access Control" CBAC is a Cisco IOS security feature that enables you to filter data based on an inspection of the data packet. This is incorporated as part of the Cisco IOS Security feature set and is used to greatly increase the security of the network perimeter.

• Chapter 16, "Authentication Proxy and the Cisco IOS Firewall" Authentication proxy is a function that enables users to authenticate when accessing specific resources. The Cisco IOS Firewall is designed to interface with AAA servers using standard authentication protocols to perform this function. This functionality enables administrators to create a granular and dynamic per-user security policy.

• Chapter 17, "Identity-Based Networking Services" Cisco Identity-Based Networking Services (IBNS) is a technology framework for delivering logical and physical network access authentication. IBNS combines several Cisco products that offer authentication, user policies, and access control to provide a comprehensive solution for increasing network access security. IBNS incorporates capabilities defined in the IEEE 802.1x standard. This chapter discusses IBNS and 802.1x features and functionality.

• Chapter 18, "Configuring 802.1x Port-Based Authentication" This chapter describes how to configure 802.1x port-based authentication on a Catalyst switch to prevent unauthorized clients (supplicants) from gaining access to the network.

• Chapter 19, "Building a VPN Using IPsec" Prior to the creation of VPN technology, the only way to secure communications between two locations was to purchase a "dedicated circuit." To secure communications across an enterprise would be tremendously expensive, and securing communications with remote users was simply cost-prohibitive. VPN technology enables you to secure communications that travel across the public infrastructure (that is, the Internet). VPN technology allows organizations to interconnect their different locations without having to purchase dedicated lines, greatly reducing the cost of the network infrastructure.

• Chapter 20, "Scaling a VPN Using IPsec with a Certificate Authority" Cisco IOS devices are designed with a feature called CA interoperability support, which allows them to interact with a certificate authority (CA) when deploying IPsec. This functionality allows for a scalable and manageable enterprise VPN solution.

• Chapter 21, "Troubleshooting the VPN Configuration on a Cisco Router" This chapter describes the numerous commands used to troubleshoot the configuration of VPNs using Cisco IOS and IPsec.

• Chapter 22, "Configuring Remote Access Using Easy VPN" Cisco Easy VPN is a client/server application that allows for VPN security parameters to be "pushed out" to the remote locations that connect using a growing array of Cisco products.

• Chapter 23, "Security Device Manager" The Cisco Security Device Manager (SDM) is a Java-based web management tool used for configuration and monitoring of Cisco IOS Software based routers. Cisco SDM is supported on a wide range of Cisco routers and Cisco IOS Software releases. This chapter provides general installation and configuration guidance for SDM.

• Chapter 24, "Final Scenarios" This chapter provides a practical overview of topics discussed throughout the book. It consists of a scenario for an organization that requires your expertise with Cisco products to meet its constantly evolving business needs.

• Appendix, "Answers to the "Do I Know This Already?" Quizzes and Q&A Sections"

Each chapter follows the same format and incorporates the following tools to assist you by assessing your current knowledge and emphasizing specific areas of interest within the chapter:

• Do I Already Know This Quiz? Each chapter begins with a quiz to help you assess your current knowledge of the subject. The quiz is divided into specific areas of emphasis that enable you to best determine where to focus your efforts when working through the chapter.

• Foundation Topics The foundation topics are the core sections of each chapter. They focus on the specific protocols, concepts, or skills that you must master to successfully prepare for the examination.

• Foundation Summary Near the end of each chapter, the foundation topics are summarized into important highlights from the chapter. In many cases, the foundation summaries are divided into charts, but in some cases, the important portions from each chapter are just restated to emphasize their importance within the subject matter. Remember that the foundation portions are in the book to assist you with your exam preparation. It is unlikely that you will be able to successfully complete the certification exam by just studying the foundation topics and foundation summaries, although they are a good tool for last-minute preparation just before taking the exam.

• Q&A Each chapter ends with a series of review questions to test your understanding of the material covered. These questions are a great way to ensure that you not only understand the material, but that you also exercise your ability to recall facts.

• CD-ROM-based practice exam This book includes a CD-ROM containing several interactive practice exams. It is recommended that you continue to test your knowledge and test-taking skills by using these exams. You will find that your test-taking skills will improve by continued exposure to the test format. Remember that the potential range of exam questions is limitless. Therefore, your goal should not be to "know" every possible answer but to have a sufficient understanding of the subject matter so that you can figure out the correct answer with the information provided.

Figure I-1 depicts the best way to navigate through the book. If you think that you already have a sufficient understanding of the subject matter in a chapter, test yourself with the "Do I Know This Already?" quiz. Based on you score, you should determine whether to complete the entire chapter or to move on to the "Foundation Summary" and then on to the "Q&A" sections.

Figure I-1. Completing the Chapter Material


0 0

Post a comment