CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا

➟

جستجو در لغت نامه

بیشتر

کتابخانه شخصی پرسش از کتابدار ارسال منبع

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| ،

افزودن به کتابخانه شخصی

میخواهم بخوانم

درحال خواندن

خوانده شده

ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال

جستجو در متن کتاب

بیشتر

تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب

➟

جستجو در لغت نامه

بیشتر

لیست موضوعات

About the Author

About the Technical Reviewers

Acknowledgments

Icons Used in This Book

Command Syntax Conventions

Features of This Book

Introduction: All About the Cisco Certified Security Professional Certification

Exams Required for Certification

Other Certifications

CSI Exam Blueprint

Recommended Training for CCSP

This Book's Audience

How to Use This Book to Pass the Exam

Are Prerequisites Required to Pass the Exam?

"I've Completed All Prerequisites for the CCSP Except Taking CSI 1.0Now What?"

"I Have Not Taken All the PrerequisitesWill This Book Still Help Me to Pass?"

Exam Registration

Book Content Updates

Part I. Cisco SAFE Overview

Chapter 1. What Is SAFE?

SAFE: A Security Blueprint for Enterprise Networks

SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks

SAFE VPN: IPSec Virtual Private Networks in Depth

SAFE: Wireless LAN Security in DepthVersion 2

SAFE: IP Telephony Security in Depth

Additional SAFE White Papers

Looking Toward the Future

Chapter 2. SAFE Design Fundamentals

"Do I Know This Already?" Quiz

Foundation Topics

SAFE Design Philosophy

Security Threats

Foundation Summary

Chapter 3. SAFE Design Concepts

"Do I Know This Already?" Quiz

Foundation Topics

SAFE Architecture Overview

Examining SAFE Design Fundamentals

Understanding SAFE Axioms

Foundation Summary

Chapter 4. Understanding SAFE SMR Network Modules

"Do I Know This Already?" Quiz

Foundation Topics

SAFE Modules Overview

Understanding the Campus Module

Understanding the Corporate Internet Module

Understanding the WAN Module

Foundation Summary

Part II. Understanding Security Risks and Mitigation Techniques

Chapter 5. Defining a Security Policy

"Do I Know This Already?" Quiz

Foundation Topics

The Need for Network Security

Security Policy Characteristics, Goals, and Components

The Security Wheel

Foundation Summary

Chapter 6. Classifying Rudimentary Network Attacks

"Do I Know This Already?" Quiz

Foundation Topics

Reconnaissance Attacks

Denial of Service Attacks

Unauthorized Access Attacks

Application Layer Attacks

Trust Exploitation Attacks

Foundation Summary

Chapter 7. Classifying Sophisticated Network Attacks

"Do I Know This Already?" Quiz

Foundation Topics

Packet Sniffers

Password Attacks

Man-In-The-Middle Attacks

Port Redirection

Virus and Trojan-Horse Applications

Foundation Summary

Chapter 8. Mitigating Rudimentary Network Attacks

"Do I Know This Already?" Quiz

Foundation Topics

Mitigating Reconnaissance Attacks

Mitigating Denial of Service Attacks

Protecting Against Unauthorized Access

Mitigating Application Layer Attacks

Guarding Against Trust Exploitation

Foundation Summary

Chapter 9. Mitigating Sophisticated Network Attacks

"Do I Know This Already?" Quiz

Foundation Topics

Mitigating IP Spoofing Attacks

Guarding Against Packet Sniffers

Mitigating Password Attacks

Mitigating Man-In-The-Middle Attacks

Mitigating Port Redirection Attacks

Guarding Against Virus and Trojan-Horse Applications

Foundation Summary

Chapter 10. Network Management

"Do I Know This Already?" Quiz

Foundation Topics

Network Management Overview

Network Management Protocols

Foundation Summary

Part III. Cisco Security Portfolio

Chapter 11. Cisco Perimeter Security Products

"Do I Know This Already?" Quiz

Foundation Topics

Perimeter Security

Cisco Secure Intrusion Detection System

Host-Based IPS and the Cisco Security Agent

Selecting the Right Product

Foundation Summary

Chapter 12. Cisco Network Core Security Products

"Do I Know This Already?" Quiz

Foundation Topics

Secure Connectivity

Identity ManagementCisco Secure Access Control Server

Security Management

Design Considerations

Foundation Summary

Part IV. Designing and Implementing SAFE Networks

Chapter 13. Designing Small SAFE Networks

"Do I Know This Already?" Quiz

Foundation Topics

Components of SAFE Small Network Design

Corporate Internet Module in Small Networks

Campus Module in Small Networks

Branch Versus Headend/Standalone Considerations for Small Networks

Foundation Summary

Chapter 14. Implementing Small SAFE Networks

"Do I Know This Already?" Quiz

Foundation Topics

General Implementation Recommendations

Using the ISP Router in Small Networks

Using the Cisco IOS Firewall Router in Small Networks

Using the PIX Firewall in Small Networks

Alternative Implementations

Foundation Summary

Chapter 15. Designing Medium-Sized SAFE Networks

"Do I Know This Already?" Quiz

Foundation Topics

Components of SAFE Medium-Sized Network Design

Corporate Internet Module in Medium-Sized Networks

Campus Module in Medium-Sized Networks

WAN Module in Medium-Sized Networks

Branch Versus Headend/Standalone Considerations for Medium-Sized Networks

Foundation Summary

Chapter 16. Implementing Medium-Sized SAFE Networks

"Do I Know This Already?" Quiz

Foundation Topics

General Implementation Recommendations

Using the ISP Router in Medium-Sized Networks

Using the Edge Router in Medium-Sized Networks

Using the Cisco IOS Firewall Router in Medium-Sized Networks

Using the PIX Firewall in Medium-Sized Networks

Network Intrusion Detection System Overview

Host-Based IPS Overview

VPN 3000 Series Concentrator Overview

Configuring the Layer 3 Switch

Foundation Summary

Chapter 17. Designing Remote SAFE Networks

"Do I Know This Already?" Quiz

Foundation Topics

Configuration Options for Remote-User Network Design

Key Devices for Remote-User Networks

Mitigating Threats in Remote-User Networks

Design Guidelines for Remote-User Networks

Foundation Summary

Chapter 18. Designing Enterprise SAFE Networks

"Do I Know This Already?" Quiz

Foundation Topics

Components of SAFE Enterprise Network Design

The Enterprise Campus Layer

The Enterprise Edge Layer

Foundation Summary

Chapter 19. SAFE IP Telephony Design

"Do I Know This Already?" Quiz

Foundation Topics

Examining SAFE IP Telephony Design Fundamentals

Understanding SAFE IP Telephony Axioms

Understanding SAFE IP Telephony Network Designs

Foundation Summary

Chapter 20. SAFE Wireless LAN Design

"Do I Know This Already?" Quiz

Foundation Topics

Basic Wireless Concepts

Cisco WLAN Portfolio

SAFE WLAN Axioms

WLAN Design Approach

Large-Enterprise WLAN Design

Medium WLAN Design

Small WLAN Design

Remote WLAN Design

Foundation Summary

Part V. Scenarios

Chapter 21. Scenarios for Final Preparation

Answers to Scenario 21-1

Answers to Scenario 21-2

Answers to Scenario 21-3

Answers to Scenario 21-4

Answers to Scenario 21-6

Answers to Scenario 21-7

Answers to Scenario 21-8

Answers to Scenario 21-8

Answers to Scenario 21-9

Answers to Scenario 21-10

Part VI. Appendixes

Appendix A. Answers to the "Do I Know This Already?" Quizzes and Q&A Sections

Appendix B. General Configuration Guidelines for Cisco Router and Switch Security

توضیحات

افزودن یادداشت جدید

Mitigating Port Redirection Attacks

Mitigating port redirection requires the use of good trust models. Trust models can be implemented by proper access restrictions between hosts. As long as there is an implicit trust between hosts that is based on IP addresses, the problem of port redirection will not be solved. A host-based IPS can be used to detect and possibly prevent an attacker who is trying to install port redirection software, such as HTTPtunnel or NetCat, for use in a port redirection attack.

In Figure 9-3, the firewall permits any machine on the Internet to connect to the web server on the DMZ. Additionally, the firewall permits all traffic from the DMZ into the internal LAN and permits all traffic from the DMZ to the Internet. Finally, the firewall permits all traffic from the internal LAN going out.

Figure 9-3. Port Redirection Attack

An attacker can exploit a vulnerability in the web server to gain access to that host. Once access to the web server in the DMZ is obtained, the attacker can set up port redirection software to redirect traffic so that the traffic connects to the system on the internal LAN. In