CopyrightAbout the AuthorAbout the Technical ReviewersAcknowledgmentsIcons Used in This BookCommand Syntax ConventionsFeatures of This BookForewordIntroduction: All About the Cisco Certified Security Professional CertificationExams Required for CertificationOther CertificationsCSI Exam BlueprintRecommended Training for CCSPThis Book's AudienceHow to Use This Book to Pass the ExamAre Prerequisites Required to Pass the Exam?"I've Completed All Prerequisites for the CCSP Except Taking CSI 1.0Now What?""I Have Not Taken All the PrerequisitesWill This Book Still Help Me to Pass?"Exam RegistrationBook Content UpdatesPart I. Cisco SAFE OverviewChapter 1. What Is SAFE?SAFE: A Security Blueprint for Enterprise NetworksSAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User NetworksSAFE VPN: IPSec Virtual Private Networks in DepthSAFE: Wireless LAN Security in DepthVersion 2SAFE: IP Telephony Security in DepthAdditional SAFE White PapersLooking Toward the FutureChapter 2. SAFE Design Fundamentals"Do I Know This Already?" QuizFoundation TopicsSAFE Design PhilosophySecurity ThreatsFoundation SummaryQ&AChapter 3. SAFE Design Concepts"Do I Know This Already?" QuizFoundation TopicsSAFE Architecture OverviewExamining SAFE Design FundamentalsUnderstanding SAFE AxiomsFoundation SummaryQ&AChapter 4. Understanding SAFE SMR Network Modules"Do I Know This Already?" QuizFoundation TopicsSAFE Modules OverviewUnderstanding the Campus ModuleUnderstanding the Corporate Internet ModuleUnderstanding the WAN ModuleFoundation SummaryQ&APart II. Understanding Security Risks and Mitigation TechniquesChapter 5. Defining a Security Policy"Do I Know This Already?" QuizFoundation TopicsThe Need for Network SecuritySecurity Policy Characteristics, Goals, and ComponentsThe Security WheelFoundation SummaryQ&AReferencesChapter 6. Classifying Rudimentary Network Attacks"Do I Know This Already?" QuizFoundation TopicsReconnaissance AttacksDenial of Service AttacksUnauthorized Access AttacksApplication Layer AttacksTrust Exploitation AttacksFoundation SummaryQ&AChapter 7. Classifying Sophisticated Network Attacks"Do I Know This Already?" QuizFoundation TopicsIP SpoofingPacket SniffersPassword AttacksMan-In-The-Middle AttacksPort RedirectionVirus and Trojan-Horse ApplicationsFoundation SummaryQ&AChapter 8. Mitigating Rudimentary Network Attacks"Do I Know This Already?" QuizFoundation TopicsMitigating Reconnaissance AttacksMitigating Denial of Service AttacksProtecting Against Unauthorized AccessMitigating Application Layer AttacksGuarding Against Trust ExploitationFoundation SummaryQ&AChapter 9. Mitigating Sophisticated Network Attacks"Do I Know This Already?" QuizFoundation TopicsMitigating IP Spoofing AttacksGuarding Against Packet SniffersMitigating Password AttacksMitigating Man-In-The-Middle AttacksMitigating Port Redirection AttacksGuarding Against Virus and Trojan-Horse ApplicationsFoundation SummaryQ&AChapter 10. Network Management"Do I Know This Already?" QuizFoundation TopicsNetwork Management OverviewNetwork Management ProtocolsFoundation SummaryQ&APart III. Cisco Security PortfolioChapter 11. Cisco Perimeter Security Products"Do I Know This Already?" QuizFoundation TopicsPerimeter SecurityCisco Secure Intrusion Detection SystemHost-Based IPS and the Cisco Security AgentSelecting the Right ProductFoundation SummaryQ&AChapter 12. Cisco Network Core Security Products"Do I Know This Already?" QuizFoundation TopicsSecure ConnectivityIdentity ManagementCisco Secure Access Control ServerSecurity ManagementCisco AVVIDDesign ConsiderationsFoundation SummaryQ&APart IV. Designing and Implementing SAFE NetworksChapter 13. Designing Small SAFE Networks"Do I Know This Already?" QuizFoundation TopicsComponents of SAFE Small Network DesignCorporate Internet Module in Small NetworksCampus Module in Small NetworksBranch Versus Headend/Standalone Considerations for Small NetworksFoundation SummaryQ&AReferenceChapter 14. Implementing Small SAFE Networks"Do I Know This Already?" QuizFoundation TopicsGeneral Implementation RecommendationsUsing the ISP Router in Small NetworksUsing the Cisco IOS Firewall Router in Small NetworksUsing the PIX Firewall in Small NetworksAlternative ImplementationsFoundation SummaryQ&AChapter 15. Designing Medium-Sized SAFE Networks"Do I Know This Already?" QuizFoundation TopicsComponents of SAFE Medium-Sized Network DesignCorporate Internet Module in Medium-Sized NetworksCampus Module in Medium-Sized NetworksWAN Module in Medium-Sized NetworksBranch Versus Headend/Standalone Considerations for Medium-Sized NetworksFoundation SummaryQ&AReferenceChapter 16. Implementing Medium-Sized SAFE Networks"Do I Know This Already?" QuizFoundation TopicsGeneral Implementation RecommendationsUsing the ISP Router in Medium-Sized NetworksUsing the Edge Router in Medium-Sized NetworksUsing the Cisco IOS Firewall Router in Medium-Sized NetworksUsing the PIX Firewall in Medium-Sized NetworksNetwork Intrusion Detection System OverviewHost-Based IPS OverviewVPN 3000 Series Concentrator OverviewConfiguring the Layer 3 SwitchFoundation SummaryQ&AChapter 17. Designing Remote SAFE Networks"Do I Know This Already?" QuizFoundation TopicsConfiguration Options for Remote-User Network DesignKey Devices for Remote-User NetworksMitigating Threats in Remote-User NetworksDesign Guidelines for Remote-User NetworksFoundation SummaryQ&AReferenceChapter 18. Designing Enterprise SAFE Networks"Do I Know This Already?" QuizFoundation TopicsComponents of SAFE Enterprise Network DesignThe Enterprise Campus LayerThe Enterprise Edge LayerFoundation SummaryQ&AChapter 19. SAFE IP Telephony Design"Do I Know This Already?" QuizFoundation TopicsExamining SAFE IP Telephony Design FundamentalsUnderstanding SAFE IP Telephony AxiomsUnderstanding SAFE IP Telephony Network DesignsFoundation SummaryQ&AChapter 20. SAFE Wireless LAN Design"Do I Know This Already?" QuizFoundation TopicsBasic Wireless ConceptsCisco WLAN PortfolioSAFE WLAN AxiomsWLAN Design ApproachLarge-Enterprise WLAN DesignMedium WLAN DesignSmall WLAN DesignRemote WLAN DesignFoundation SummaryQ&AReferencesPart V. ScenariosChapter 21. Scenarios for Final PreparationScenario 21-1Scenario 21-2Scenario 21-3Scenario 21-4Scenario 21-5Scenario 21-6Scenario 21-7Scenario 21-8Scenario 21-9Scenario 21-10Answers to Scenario 21-1Answers to Scenario 21-2Answers to Scenario 21-3Answers to Scenario 21-4Answers to Scenario 21-6Answers to Scenario 21-7Answers to Scenario 21-8Answers to Scenario 21-8Answers to Scenario 21-9Answers to Scenario 21-10Part VI. AppendixesAppendix A. Answers to the "Do I Know This Already?" Quizzes and Q&A SectionsChapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12Chapter 13Chapter 14Chapter 15Chapter 16Chapter 17Chapter 18Chapter 19Q&AChapter 20Appendix B. General Configuration Guidelines for Cisco Router and Switch SecurityRoutersCatOS SwitchesGLOSSARYIndex