CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

  • Copyright

    About the Author

    About the Technical Reviewers

    Acknowledgments

    Icons Used in This Book

    Command Syntax Conventions

    Features of This Book

    Foreword

    Introduction: All About the Cisco Certified Security Professional Certification

    Exams Required for Certification

    Other Certifications

    CSI Exam Blueprint

    Recommended Training for CCSP

    This Book's Audience

    How to Use This Book to Pass the Exam

    Are Prerequisites Required to Pass the Exam?

    "I've Completed All Prerequisites for the CCSP Except Taking CSI 1.0Now What?"

    "I Have Not Taken All the PrerequisitesWill This Book Still Help Me to Pass?"

    Exam Registration

    Book Content Updates

    Part I. Cisco SAFE Overview

    Chapter 1. What Is SAFE?

    SAFE: A Security Blueprint for Enterprise Networks

    SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks

    SAFE VPN: IPSec Virtual Private Networks in Depth

    SAFE: Wireless LAN Security in DepthVersion 2

    SAFE: IP Telephony Security in Depth

    Additional SAFE White Papers

    Looking Toward the Future

    Chapter 2. SAFE Design Fundamentals

    "Do I Know This Already?" Quiz

    Foundation Topics

    SAFE Design Philosophy

    Security Threats

    Foundation Summary

    Q&A

    Chapter 3. SAFE Design Concepts

    "Do I Know This Already?" Quiz

    Foundation Topics

    SAFE Architecture Overview

    Examining SAFE Design Fundamentals

    Understanding SAFE Axioms

    Foundation Summary

    Q&A

    Chapter 4. Understanding SAFE SMR Network Modules

    "Do I Know This Already?" Quiz

    Foundation Topics

    SAFE Modules Overview

    Understanding the Campus Module

    Understanding the Corporate Internet Module

    Understanding the WAN Module

    Foundation Summary

    Q&A

    Part II. Understanding Security Risks and Mitigation Techniques

    Chapter 5. Defining a Security Policy

    "Do I Know This Already?" Quiz

    Foundation Topics

    The Need for Network Security

    Security Policy Characteristics, Goals, and Components

    The Security Wheel

    Foundation Summary

    Q&A

    References

    Chapter 6. Classifying Rudimentary Network Attacks

    "Do I Know This Already?" Quiz

    Foundation Topics

    Reconnaissance Attacks

    Denial of Service Attacks

    Unauthorized Access Attacks

    Application Layer Attacks

    Trust Exploitation Attacks

    Foundation Summary

    Q&A

    Chapter 7. Classifying Sophisticated Network Attacks

    "Do I Know This Already?" Quiz

    Foundation Topics

    IP Spoofing

    Packet Sniffers

    Password Attacks

    Man-In-The-Middle Attacks

    Port Redirection

    Virus and Trojan-Horse Applications

    Foundation Summary

    Q&A

    Chapter 8. Mitigating Rudimentary Network Attacks

    "Do I Know This Already?" Quiz

    Foundation Topics

    Mitigating Reconnaissance Attacks

    Mitigating Denial of Service Attacks

    Protecting Against Unauthorized Access

    Mitigating Application Layer Attacks

    Guarding Against Trust Exploitation

    Foundation Summary

    Q&A

    Chapter 9. Mitigating Sophisticated Network Attacks

    "Do I Know This Already?" Quiz

    Foundation Topics

    Mitigating IP Spoofing Attacks

    Guarding Against Packet Sniffers

    Mitigating Password Attacks

    Mitigating Man-In-The-Middle Attacks

    Mitigating Port Redirection Attacks

    Guarding Against Virus and Trojan-Horse Applications

    Foundation Summary

    Q&A

    Chapter 10. Network Management

    "Do I Know This Already?" Quiz

    Foundation Topics

    Network Management Overview

    Network Management Protocols

    Foundation Summary

    Q&A

    Part III. Cisco Security Portfolio

    Chapter 11. Cisco Perimeter Security Products

    "Do I Know This Already?" Quiz

    Foundation Topics

    Perimeter Security

    Cisco Secure Intrusion Detection System

    Host-Based IPS and the Cisco Security Agent

    Selecting the Right Product

    Foundation Summary

    Q&A

    Chapter 12. Cisco Network Core Security Products

    "Do I Know This Already?" Quiz

    Foundation Topics

    Secure Connectivity

    Identity ManagementCisco Secure Access Control Server

    Security Management

    Cisco AVVID

    Design Considerations

    Foundation Summary

    Q&A

    Part IV. Designing and Implementing SAFE Networks

    Chapter 13. Designing Small SAFE Networks

    "Do I Know This Already?" Quiz

    Foundation Topics

    Components of SAFE Small Network Design

    Corporate Internet Module in Small Networks

    Campus Module in Small Networks

    Branch Versus Headend/Standalone Considerations for Small Networks

    Foundation Summary

    Q&A

    Reference

    Chapter 14. Implementing Small SAFE Networks

    "Do I Know This Already?" Quiz

    Foundation Topics

    General Implementation Recommendations

    Using the ISP Router in Small Networks

    Using the Cisco IOS Firewall Router in Small Networks

    Using the PIX Firewall in Small Networks

    Alternative Implementations

    Foundation Summary

    Q&A

    Chapter 15. Designing Medium-Sized SAFE Networks

    "Do I Know This Already?" Quiz

    Foundation Topics

    Components of SAFE Medium-Sized Network Design

    Corporate Internet Module in Medium-Sized Networks

    Campus Module in Medium-Sized Networks

    WAN Module in Medium-Sized Networks

    Branch Versus Headend/Standalone Considerations for Medium-Sized Networks

    Foundation Summary

    Q&A

    Reference

    Chapter 16. Implementing Medium-Sized SAFE Networks

    "Do I Know This Already?" Quiz

    Foundation Topics

    General Implementation Recommendations

    Using the ISP Router in Medium-Sized Networks

    Using the Edge Router in Medium-Sized Networks

    Using the Cisco IOS Firewall Router in Medium-Sized Networks

    Using the PIX Firewall in Medium-Sized Networks

    Network Intrusion Detection System Overview

    Host-Based IPS Overview

    VPN 3000 Series Concentrator Overview

    Configuring the Layer 3 Switch

    Foundation Summary

    Q&A

    Chapter 17. Designing Remote SAFE Networks

    "Do I Know This Already?" Quiz

    Foundation Topics

    Configuration Options for Remote-User Network Design

    Key Devices for Remote-User Networks

    Mitigating Threats in Remote-User Networks

    Design Guidelines for Remote-User Networks

    Foundation Summary

    Q&A

    Reference

    Chapter 18. Designing Enterprise SAFE Networks

    "Do I Know This Already?" Quiz

    Foundation Topics

    Components of SAFE Enterprise Network Design

    The Enterprise Campus Layer

    The Enterprise Edge Layer

    Foundation Summary

    Q&A

    Chapter 19. SAFE IP Telephony Design

    "Do I Know This Already?" Quiz

    Foundation Topics

    Examining SAFE IP Telephony Design Fundamentals

    Understanding SAFE IP Telephony Axioms

    Understanding SAFE IP Telephony Network Designs

    Foundation Summary

    Q&A

    Chapter 20. SAFE Wireless LAN Design

    "Do I Know This Already?" Quiz

    Foundation Topics

    Basic Wireless Concepts

    Cisco WLAN Portfolio

    SAFE WLAN Axioms

    WLAN Design Approach

    Large-Enterprise WLAN Design

    Medium WLAN Design

    Small WLAN Design

    Remote WLAN Design

    Foundation Summary

    Q&A

    References

    Part V. Scenarios

    Chapter 21. Scenarios for Final Preparation

    Scenario 21-1

    Scenario 21-2

    Scenario 21-3

    Scenario 21-4

    Scenario 21-5

    Scenario 21-6

    Scenario 21-7

    Scenario 21-8

    Scenario 21-9

    Scenario 21-10

    Answers to Scenario 21-1

    Answers to Scenario 21-2

    Answers to Scenario 21-3

    Answers to Scenario 21-4

    Answers to Scenario 21-6

    Answers to Scenario 21-7

    Answers to Scenario 21-8

    Answers to Scenario 21-8

    Answers to Scenario 21-9

    Answers to Scenario 21-10

    Part VI. Appendixes

    Appendix A. Answers to the "Do I Know This Already?" Quizzes and Q&A Sections

    Chapter 2

    Chapter 3

    Chapter 4

    Chapter 5

    Chapter 6

    Chapter 7

    Chapter 8

    Chapter 9

    Chapter 10

    Chapter 11

    Chapter 12

    Chapter 13

    Chapter 14

    Chapter 15

    Chapter 16

    Chapter 17

    Chapter 18

    Chapter 19

    Q&A

    Chapter 20

    Appendix B. General Configuration Guidelines for Cisco Router and Switch Security

    Routers

    CatOS Switches

    GLOSSARY

    Index

    •
    توضیحات
    افزودن یادداشت جدید











  • Foundation Summary


    The "Foundation Summary" section of each chapter lists the most important facts from the chapter. While this section does not list every fact from the chapter that will be on your CCSP exam, a well-prepared CCSP candidate should, at a minimum, know all the details in each "Foundation Summary" before going to take the exam.

    The SAFE Enterprise network consists of various modules organized into three primary layers:

    • The enterprise campus

    • The enterprise edge

    • The service provider (SP) edge


    The enterprise campus layer consists of the following modules:

    • The Management module

    • The Server module

    • The Building module

    • The Building Distribution module

    • The Core module

    • The Edge Distribution module


    The enterprise edge layer is made up of the following modules:

    • The E-Commerce module

    • The VPN and Remote Access module

    • The Corporate Internet module

    • The WAN module


    Table 18-17 shows the key devices in the Management module.

    Table 18-17. Key Devices in Management Module

    Key Device

    Functions

    Cisco IOS router/firewall

    Provides encrypted network access to the end devices. Also filters traffic inbound to the Management module.

    OTP server

    Authorizes OTP information relayed from the access-control server.

    Access-control server

    Provides one-time, two-factor authentication services to the network devices.

    Syslog hosts

    Aggregates log information for the firewall and the NIDS devices.

    Management host(s)

    Provides for configuration, software, and content changes on network devices and IPS on other network-management hosts.

    NIDS Director

    Provides alarm aggregation and analysis for all NIDS appliances throughout the Campus and Corporate Internet modules.

    Layer 2 switches

    Include support for private VLANs.

    NIDS appliance

    Provides deep packet inspection of traffic within the module.

    Terminal server

    Provides access to the console port of other network devices.

    Network-monitoring host

    Provides SNMP management and monitoring of network devices.

    Table 18-18 shows the key devices in the Building module.

    Table 18-18. Key Devices in Building Module

    Key Device

    Functions

    Layer 2 switches

    Provide for Layer 2 connectivity to end-user systems and IP telephones.

    IP phones

    Provide IP telephony services to end users.

    User workstations

    Provide data services to users.

    Table 18-19 shows the key device in the Building Distribution module.

    Table 18-19. Key Device in Building Distribution Module

    Key Device

    Functions

    Layer 3 switches

    Provide for Layer 2 switch aggregation before the core, along with services such as filtering, routing QoS, CAR, and VLAN definition.

    Table 18-20 shows the key device in the Core module.

    Table 18-20. Key Device in Core Module

    Key Device

    Functions

    Layer 3 switches

    Route and switch traffic from one network module to another

    Table 18-21 shows the key devices in the Server module.

    Table 18-21. Key Devices in Server Module

    Key Device

    Functions

    Layer 3 switches

    Provide Layer 3 services such as filters, QoS, VLANs, and private VLANs to the servers. Also provides for traffic inspection through the use of integrated NIDS.

    CallManager

    Provides IP telephony services and call routing.

    Corporate and departmental servers

    Provide services such as SMTP, WWW, POP, file and print services, and DNS to corporate users.

    Table 18-22 shows the key device in the Edge Distribution module.

    Table 18-22. Key Device in Edge Distribution Module

    Key Device

    Functions

    Layer 3 switches

    Provide for traffic aggregation before the enterprise edge layer, along with advanced services.

    Table 18-23 shows the key devices in the E-Commerce module.

    Table 18-23. Key Devices in E-Commerce Module

    Key Device

    Functions

    Web server

    Serves as the primary user interface for the e-commerce store.

    Application server

    Provides application services required by the e-commerce design and communication with the database server.

    Database server

    Stores transactions, customer information, and other business-critical data required by the e-commerce design.

    Firewalls

    Provide network-level protection of resources through stateful filtering of traffic. Provides traffic negotiation and control among the various layers of the e-commerce design.

    NIDS appliance

    Provides traffic monitoring and attack identification and mitigation.

    Layer 3 switch with IDS module

    Provides stable traffic routing and control, along with up-front attack identification and mitigation.

    Table 18-24 shows the key devices in the VPN and Remote Access module.

    Table 18-24. Key Devices in VPN and Remote Access Module

    Key Device

    Functions

    VPN concentrator

    Authenticates remote-access users and terminates IPSec VPN tunnels.

    VPN router

    Authenticates and terminates site-to-site GRE/IPSec VPN tunnels.

    Firewall

    Provides network-level protection of resources through stateful filtering of traffic. Provides differentiation of traffic from remote users and sites.

    Dial-in server

    Authenticates remote analog dial-in users using TACACS+/OTPs and terminates connections.

    NIDS appliance

    Provides traffic monitoring, attack identification, and attack mitigation for traffic from remote users and sites.

    Table 18-25 shows the key devices in the Corporate Internet module.

    Table 18-25. Key Devices in Corporate Internet Module

    Key Device

    Functions

    DNS server

    Serves as the authoritative external DNS server; relays internal requests to the Internet.

    FTP server

    Provides a public interface for file exchange between Internet users and the corporate network. Can be combined with the HTTP server to reduce cost.

    Firewall

    Provides network-level protection of resources through stateful filtering of traffic. Can provide remote IPSec tunnel termination for users and remote sites. Also provides differentiated access for remote-access users.

    HTTP server

    Provides public information about the enterprise or the organization. Can be combined with the FTP server to reduce cost.

    SMTP server

    Provides e-mail service for the enterprise by relaying internal e-mail bound for external addresses; also can inspect content.

    Layer 2 switches

    Provides for Layer 2 connectivity within the Corporate Internet module. Also provides support for private VLANs.

    NIDS appliance

    Provides for deep packet inspection of traffic traversing various segments of the network.

    URL filtering server

    Provides for URL-filtering services to the enterprise.


    • / 290