BN.com Gift Guide

CCNA Security 640-554 Official Cert Guide [NOOK Book]

Overview

>Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.
  • Master Cisco CCNA Security IINS 640-554 exam topics
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with exam ...
See more details below
CCNA Security 640-554 Official Cert Guide

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$22.99
BN.com price
(Save 42%)$39.99 List Price

Overview

>Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.
  • Master Cisco CCNA Security IINS 640-554 exam topics
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with exam preparation tasks

This is the eBook edition of the CCNA Security 640-554 Official Cert Guide. This eBook does not include the companion practice exam that comes with the print edition.

CCNA Security 640-554 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

CCNA Security 640-554 Official Cert Guide, focuses specifically on the objectives for the CCNA Security IINS exam. Expert networking professionals Keith Barker and Scott Morris share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

This eBook comes complete with 90 minutes of video training on CCP, NAT, object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls. See the last page of the eBook file for instructions on downloading the videos.

Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The official study guide helps you master all the topics on the CCNA Security exam, including:

  • Network security concepts
  • Security policies and strategies
  • Network foundation protection (NFP)
  • Cisco Configuration Professional (CCP)
  • Management plane security
  • AAA security
  • Layer 2 security threats
  • IPv6 security
  • Threat mitigation and containment
  • Access Control Lists (ACLs)
  • Network Address Translation (NAT)
  • Cisco IOS zone-based firewalls and ASA firewalls
  • Intrusion prevention and detection systems
  • Public Key Infrastructure (PKI) and cryptography
  • Site-to-site IPsec VPNs and SSL VPNs

CCNA Security 640-554 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit cisco.com/go/authorizedtraining.

Read More Show Less

Product Details

  • ISBN-13: 9780132966061
  • Publisher: Pearson Education
  • Publication date: 7/20/2012
  • Series: Official Cert Guide
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 700
  • Sales rank: 344,389
  • File size: 81 MB
  • Note: This product may take a few minutes to download.

Meet the Author

Keith Barker, CCIE No. 6783 (R&S and Security), is a 27-year veteran of the networking industry. He currently works as a network engineer and trainer for Copper River IT. His past experience includes EDS, Blue Cross, Paramount Pictures, and KnowledgeNet, and he has delivered CCIE-level training over the past several years. As part of the original set of Cisco VIPs for the Cisco Learning Network, he continues to give back to the community in many ways. He is CISSP and CCSI certified, loves to teach, and keeps many of his video tutorials at youtube.com/keith6783. He can be reached at Keith.Barker@CopperRiverIT.com or by visiting CopperRiverIT.com.

Scott Morris, CCIE No. 4713 (R&S, ISP/Dial, Security, and Service Provider), has more than 25 years in the industry. He also has CCDE and myriad other certifications, including nine expert-level certifications spread over four major vendors. Having traveled the world consulting for various enterprise and service provider companies, Scott currently works at Copper River IT as the chief technologist. He, too, has delivered CCIE-level training and technology training for Cisco Systems and other technology vendors.

Having spent a “past life” (early career) as a photojournalist, he brings interesting points of view from entering the IT industry from the ground up. As part of the original set of Cisco VIPs for the Cisco Learning Network, he continues to give back to the community in many ways. He can be reached at smorris@CopperRiverIT.com or by visiting CopperRiverIT.com.

Read More Show Less

Table of Contents

Introduction xxv

Part I Fundamentals of Network Security

Chapter 1 Networking Security Concepts

“Do I Know This Already?” Quiz 5

Foundation Topics 8

Understanding Network and Information Security Basics 8

Network Security Objectives 8

Confidentiality, Integrity, and Availability 8

Cost-Benefit Analysis of Security 9

Classifying Assets 10

Classifying Vulnerabilities 11

Classifying Countermeasures 12

What Do We Do with the Risk? 12

Recognizing Current Network Threats 13

Potential Attackers 13

Attack Methods 14

Attack Vectors 15

Man-in-the-Middle Attacks 15

Other Miscellaneous Attack Methods 16

Applying Fundamental Security Principles to Network Design 17

Guidelines 17

How It All Fits Together 19

Exam Preparation Tasks 20

Review All the Key Topics 20

Complete the Tables and Lists from Memory 20

Define Key Terms 20

Chapter 2 Understanding Security Policies Using a Lifecycle Approach

“Do I Know This Already?” Quiz 23

Foundation Topics 25

Risk Analysis and Management 25

Secure Network Lifecycle 25

Risk Analysis Methods 25

Security Posture Assessment 26

An Approach to Risk Management 27

Regulatory Compliance Affecting Risk 28

Security Policies 28

Who, What, and Why 28

Specific Types of Policies 29

Standards, Procedures, and Guidelines 30

Testing the Security Architecture 31

Responding to an Incident on the Network 32

Collecting Evidence 32

Reasons for Not Being an Attacker 32

Liability 33

Disaster Recovery and Business Continuity Planning 33

Exam Preparation Tasks 34

Review All the Key Topics 34

Complete the Tables and Lists from Memory 34

Define Key Terms 34

Chapter 3 Building a Security Strategy

“Do I Know This Already?” Quiz 37

Foundation Topics 40

Securing Borderless Networks 40

The Changing Nature of Networks 40

Logical Boundaries 40

SecureX and Context-Aware Security 42

Controlling and Containing Data Loss 42

An Ounce of Prevention 42

Secure Connectivity Using VPNs 43

Secure Management 43

Exam Preparation Tasks 44

Review All the Key Topics 44

Complete the Tables and Lists from Memory 44

Define Key Terms 44

Part II Protecting the Network Infrastructure

Chapter 4 Network Foundation Protection

“Do I Know This Already?” Quiz 49

Foundation Topics 52

Using Network Foundation Protection to Secure Networks 52

The Importance of the Network Infrastructure 52

The Network Foundation Protection (NFP) Framework 52

Interdependence 53

Implementing NFP 53

Understanding the Management Plane 55

First Things First 55

Best Practices for Securing the Management Plane 55

Understanding the Control Plane 56

Best Practices for Securing the Control Plane 56

Understanding the Data Plane 57

Best Practices for Protecting the Data Plane 59

Additional Data Plane Protection Mechanisms 59

Exam Preparation Tasks 60

Review All the Key Topics 60

Complete the Tables and Lists from Memory 60

Define Key Terms 60

Chapter 5 Using Cisco Configuration Professional to Protect the Network Infrastructure

“Do I Know This Already?” Quiz 63

Foundation Topics 65

Introducing Cisco Configuration Professional 65

Understanding CCP Features and the GUI 65

The Menu Bar 66

The Toolbar 67

Left Navigation Pane 68

Content Pane 69

Status Bar 69

Setting Up New Devices 69

CCP Building Blocks 70

Communities 70

Templates 74

User Profiles 78

CCP Audit Features 81

One-Step Lockdown 84

A Few Highlights 84

Exam Preparation Tasks 88

Review All the Key Topics 88

Complete the Tables and Lists from Memory 88

Define Key Terms 88

Command Reference to Check Your Memory 89

Chapter 6 Securing the Management Plane on Cisco IOS Devices

“Do I Know This Already?” Quiz 91

Foundation Topics 94

Securing Management Traffic 94

What Is Management Traffic and the Management Plane? 94

Beyond the Blue Rollover Cable 94

Management Plane Best Practices 95

Password Recommendations 97

Using AAA to Verify Users 97

AAA Components 98

Options for Storing Usernames, Passwords, and Access Rules 98

Authorizing VPN Users 99

Router Access Authentication 100

The AAA Method List 101

Role-Based Access Control 102

Custom Privilege Levels 103

Limiting the Administrator by Assigning a View 103

Encrypted Management Protocols 103

Using Logging Files 104

Understanding NTP 105

Protecting Cisco IOS Files 106

Implement Security Measures to Protect the Management Plane 106

Implementing Strong Passwords 106

User Authentication with AAA 108

Using the CLI to Troubleshoot AAA for Cisco Routers 113

RBAC Privilege Level/Parser View 118

Implementing Parser Views 120

SSH and HTTPS 122

Implementing Logging Features 125

Configuring Syslog Support 125

SNMP Features 128

Configuring NTP 131

Securing the Cisco IOS Image and Configuration Files 133

Exam Preparation Tasks 134

Review All the Key Topics 134

Complete the Tables and Lists from Memory 135

Define Key Terms 135

Command Reference to Check Your Memory 135

Chapter 7 Implementing AAA Using IOS and the ACS Server

“Do I Know This Already?” Quiz 137

Foundation Topics 140

Cisco Secure ACS, RADIUS, and TACACS 140

Why Use Cisco ACS? 140

What Platform Does ACS Run On? 141

What Is ISE? 141

Protocols Used Between the ACS and the Router 141

Protocol Choices Between the ACS Server and the Client (the Router) 142

Configuring Routers to Interoperate with an ACS Server 143

Configuring the ACS Server to Interoperate with a Router 154

Verifying and Troubleshooting Router-to-ACS Server Interactions 164

Exam Preparation Tasks 171

Review All the Key Topics 171

Complete the Tables and Lists from Memory 171

Define Key Terms 171

Command Reference to Check Your Memory 172

Chapter 8 Securing Layer 2 Technologies

“Do I Know This Already?” Quiz 175

Foundation Topics 178

VLAN and Trunking Fundamentals 178

What Is a VLAN? 178

Trunking with 802.1Q 180

Following the Frame, Step by Step 181

The Native VLAN on a Trunk 181

So, What Do You Want to Be? (Says the Port) 182

Inter-VLAN Routing 182

The Challenge of Using Physical Interfaces Only 182

Using Virtual “Sub” Interfaces 182

Spanning-Tree Fundamentals 183

Loops in Networks Are Usually Bad 184

The Life of a Loop 184

The Solution to the Layer 2 Loop 184

STP Is Wary of New Ports 187

Improving the Time Until Forwarding 187

Common Layer 2 Threats and How to Mitigate Them 188

Disrupt the Bottom of the Wall, and the Top Is Disrupted, Too 188

Layer 2 Best Practices 189

Do Not Allow Negotiations 190

Layer 2 Security Toolkit 190

Specific Layer 2 Mitigation for CCNA Security 191

BPDU Guard 191

Root Guard 192

Port Security 192

Exam Preparation Tasks 195

Review All the Key Topics 195

Complete the Tables and Lists from Memory 195

Review the Port Security Video Included with This Book 196

Define Key Terms 196

Command Reference to Check Your Memory 196

Chapter 9 Securing the Data Plane in IPv6

“Do I Know This Already?” Quiz 199

Foundation Topics 202

Understanding and Configuring IPv6 202

Why IPv6? 202

The Format of an IPv6 Address 203

Understanding the Shortcuts 205

Did We Get an Extra Address? 205

IPv6 Address Types 206

Configuring IPv6 Routing 208

Moving to IPv6 210

Developing a Security Plan for IPv6 210

Best Practices Common to Both IPv4 and IPv6 210

Threats Common to Both IPv4 and IPv6 212

The Focus on IPv6 Security 213

New Potential Risks with IPv6 213

IPv6 Best Practices 214

Exam Preparation Tasks 216

Review All the Key Topics 216

Complete the Tables and Lists from Memory 216

Define Key Terms 217

Command Reference to Check Your Memory 217

Part III Mitigating and Controlling Threats

Chapter 10 Planning a Threat Control Strategy

“Do I Know This Already?” Quiz 221

Foundation Topics 224

Designing Threat Mitigation and Containment 224

The Opportunity for the Attacker Is Real 224

Many Potential Risks 224

The Biggest Risk of All 224

Where Do We Go from Here? 225

Securing a Network via Hardware/Software/Services 226

Switches 227

Routers 228

ASA Firewall 230

Other Systems and Services 231

Exam Preparation Tasks 232

Review All the Key Topics 232

Complete the Tables and Lists from Memory 232

Define Key Terms 232

Chapter 11 Using Access Control Lists for Threat Mitigation

“Do I Know This Already?” Quiz 235

Foundation Topics 238

Access Control List Fundamentals and Benefits 238

Access Lists Aren’t Just for Breakfast Anymore 238

Stopping Malicious Traffic with an Access List 239

What Can We Protect Against? 240

The Logic in a Packet-Filtering ACL 241

Standard and Extended Access Lists 242

Line Numbers Inside an Access List 243

Wildcard Masks 244

Object Groups 244

Implementing IPv4 ACLs as Packet Filters 244

Putting the Policy in Place 244

Monitoring the Access Lists 255

To Log or Not to Log 257

Implementing IPv6 ACLs as Packet Filters 259

Exam Preparation Tasks 263

Review All the Key Topics 263

Complete the Tables and Lists from Memory 263

Review the NAT Video Included with This Book 263

Define Key Terms 264

Command Reference to Check Your Memory 264

Chapter 12 Understanding Firewall Fundamentals

“Do I Know This Already?” Quiz 267

Foundation Topics 270

Firewall Concepts and Technologies 270

Firewall Technologies 270

Objectives of a Good Firewall 270

Firewall Justifications 271

The Defense-in-Depth Approach 272

Five Basic Firewall Methodologies 273

Static Packet Filtering 274

Application Layer Gateway 275

Stateful Packet Filtering 276

Application Inspection 277

Transparent Firewalls 277

Using Network Address Translation 278

NAT Is About Hiding or Changing the Truth About Source Addresses 278

Inside, Outside, Local, Global 279

Port Address Translation 280

NAT Options 281

Creating and Deploying Firewalls 283

Firewall Technologies 283

Firewall Design Considerations 283

Firewall Access Rules 284

Packet-Filtering Access Rule Structure 285

Firewall Rule Design Guidelines 285

Rule Implementation Consistency 286

Exam Preparation Tasks 288

Review All the Key Topics 288

Complete the Tables and Lists from Memory 288

Define Key Terms 288

Chapter 13 Implementing Cisco IOS Zone-Based Firewalls

“Do I Know This Already?” Quiz 291

Foundation Topics 294

Cisco IOS Zone-Based Firewall 294

How Zone-Based Firewall Operates 294

Specific Features of Zone-Based Firewalls 294

Zones and Why We Need Pairs of Them 295

Putting the Pieces Together 296

Service Policies 297

The Self Zone 300

Configuring and Verifying Cisco IOS Zone-Based Firewall 300

First Things First 301

Using CCP to Configure the Firewall 301

Verifying the Firewall 314

Verifying the Configuration from the Command Line 315

Implementing NAT in Addition to ZBF 319

Verifying Whether NAT Is Working 322

Exam Preparation Tasks 324

Review All the Key Topics 324

Review the Video Bonus Material 324

Complete the Tables and Lists from Memory 324

Define Key Terms 325

Command Reference to Check Your Memory 325

Chapter 14 Configuring Basic Firewall Policies on Cisco ASA

“Do I Know This Already?” Quiz 327

Foundation Topics 330

The ASA Appliance Family and Features 330

Meet the ASA Family 330

ASA Features and Services 331

ASA Firewall Fundamentals 333

ASA Security Levels 333

The Default Flow of Traffic 335

Tools to Manage the ASA 336

Initial Access 337

Packet Filtering on the ASA 337

Implementing a Packet-Filtering ACL 338

Modular Policy Framework 338

Where to Apply a Policy 339

Configuring the ASA 340

Beginning the Configuration 340

Getting to the ASDM GUI 345

Configuring the Interfaces 347

IP Addresses for Clients 355

Basic Routing to the Internet 356

NAT and PAT 357

Permitting Additional Access Through the Firewall 359

Using Packet Tracer to Verify Which Packets Are Allowed 362

Verifying the Policy of No Telnet 366

Exam Preparation Tasks 368

Review All the Key Topics 368

Complete the Tables and Lists from Memory 368

Define Key Terms 369

Command Reference to Check Your Memory 369

Chapter 15 Cisco IPS/IDS Fundamentals

“Do I Know This Already?” Quiz 371

Foundation Topics 374

IPS Versus IDS 374

What Sensors Do 374

Difference Between IPS and IDS 374

Sensor Platforms 376

True/False Negatives/Positives 376

Positive/Negative Terminology 377

Identifying Malicious Traffic on the Network 377

Signature-Based IPS/IDS 377

Policy-Based IPS/IDS 378

Anomaly-Based IPS/IDS 378

Reputation-Based IPS/IDS 378

When Sensors Detect Malicious Traffic 379

Controlling Which Actions the Sensors Should Take 381

Implementing Actions Based on the Risk Rating 382

IPv6 and IPS 382

Circumventing an IPS/IDS 382

Managing Signatures 384

Signature or Severity Levels 384

Monitoring and Managing Alarms and Alerts 385

Security Intelligence 385

IPS/IDS Best Practices 386

Exam Preparation Tasks 387

Review All the Key Topics 387

Complete the Tables and Lists from Memory 387

Define Key Terms 387

Chapter 16 Implementing IOS-Based IPS

“Do I Know This Already?” Quiz 389

Foundation Topics 392

Understanding and Installing an IOS-Based IPS 392

What Can IOS IPS Do? 392

Installing the IOS IPS Feature 393

Getting to the IPS Wizard 394

Working with Signatures in an IOS-Based IPS 400

Actions That May Be Taken 405

Best Practices When Tuning IPS 412

Managing and Monitoring IPS Alarms 412

Exam Preparation Tasks 417

Review All the Key Topics 417

Complete the Tables and Lists from Memory 417

Define Key Terms 417

Command Reference to Check Your Memory 418

Part IV Using VPNs for Secure Connectivity

Chapter 17 Fundamentals of VPN Technology

“Do I Know This Already?” Quiz 423

Foundation Topics 426

Understanding VPNs and Why We Use Them 426

What Is a VPN? 426

Types of VPNs 427

Two Main Types of VPNs 427

Main Benefits of VPNs 427

Confidentiality 428

Data Integrity 428

Authentication 430

Antireplay 430

Cryptography Basic Components 430

Ciphers and Keys 430

Ciphers 430

Keys 431

Block and Stream Ciphers 431

Block Ciphers 432

Stream Ciphers 432

Symmetric and Asymmetric Algorithms 432

Symmetric 432

Asymmetric 433

Hashes 434

Hashed Message Authentication Code 434

Digital Signatures 435

Digital Signatures in Action 435

Key Management 436

IPsec and SSL 436

IPsec 436

SSL 437

Exam Preparation Tasks 439

Review All the Key Topics 439

Complete the Tables and Lists from Memory 439

Define Key Terms 439

Chapter 18 Fundamentals of the Public Key Infrastructure

“Do I Know This Already?” Quiz 441

Foundation Topics 444

Public Key Infrastructure 444

Public and Private Key Pairs 444

RSA Algorithm, the Keys, and Digital Certificates 445

Who Has Keys and a Digital Certificate? 445

How Two Parties Exchange Public Keys 445

Creating a Digital Signature 445

Certificate Authorities 446

Root and Identity Certificates 446

Root Certificate 446

Identity Certificate 448

Using the Digital Certificates to get the Peer’s Public Key 448

X.500 and X.509v3 Certificates 449

Authenticating and Enrolling with the CA 450

Public Key Cryptography Standards 450

Simple Certificate Enrollment Protocol 451

Revoked Certificates 451

Uses for Digital Certificates 452

PKI Topologies 452

Single Root CA 453

Hierarchical CA with Subordinate CAs 453

Cross-Certifying CAs 453

Putting the Pieces of PKI to Work 453

Default of the ASA 454

Viewing the Certificates in ASDM 455

Adding a New Root Certificate 455

Easier Method for Installing Both Root and Identity certificates 457

Exam Preparation Tasks 462

Review All the Key Topics 462

Complete the Tables and Lists from Memory 462

Define Key Terms 463

Command Reference to Check Your Memory 463

Chapter 19 Fundamentals of IP Security

“Do I Know This Already?” Quiz 465

Foundation Topics 468

IPsec Concepts, Components, and Operations 468

The Goal of IPsec 468

The Play by Play for IPsec 469

Step 1: Negotiate the IKE Phase 1 Tunnel 469

Step 2: Run the DH Key Exchange 471

Step 3: Authenticate the Peer 471

What About the User’s Original Packet? 471

Leveraging What They Have Already Built 471

Now IPsec Can Protect the User’s Packets 472

Traffic Before IPsec 472

Traffic After IPsec 473

Summary of the IPsec Story 474

Configuring and Verifying IPsec 475

Tools to Configure the Tunnels 475

Start with a Plan 475

Applying the Configuration 475

Viewing the CLI Equivalent at the Router 482

Completing and Verifying IPsec 484

Exam Preparation Tasks 491

Review All the Key Topics 491

Complete the Tables and Lists from Memory 491

Define Key Terms 492

Command Reference to Check Your Memory 492

Chapter 20 Implementing IPsec Site-to-Site VPNs

“Do I Know This Already?” Quiz 495

Foundation Topics 498

Planning and Preparing an IPsec Site-to-Site VPN 498

Customer Needs 498

Planning IKE Phase 1 500

Planning IKE Phase 2 501

Implementing and Verifying an IPsec Site-to-Site VPN 502

Troubleshooting IPsec Site-to-Site VPNs 511

Exam Preparation Tasks 526

Review All the Key Topics 526

Complete the Tables and Lists from Memory 526

Define Key Terms 526

Command Reference to Check Your Memory 526

Chapter 21 Implementing SSL VPNs Using Cisco ASA

“Do I Know This Already?” Quiz 529

Foundation Topics 532

Functions and Use of SSL for VPNs 532

Is IPsec Out of the Picture? 532

SSL and TLS Protocol Framework 533

The Play by Play of SSL for VPNs 534

SSL VPN Flavors 534

Configuring SSL Clientless VPNs on ASA 535

Using the SSL VPN Wizard 536

Digital Certificates 537

Authenticating Users 538

Logging In 541

Seeing the VPN Activity from the Server 543

Configuring the Full SSL AnyConnect VPN on the ASA 544

Types of SSL VPNs 545

Configuring Server to Support the AnyConnect Client 545

Groups, Connection Profiles, and Defaults 552

One Item with Three Different Names 553

Split Tunneling 554

Exam Preparation Tasks 556

Review All the Key Topics 556

Complete the Tables and Lists from Memory 556

Define Key Terms 556

Chapter 22 Final Preparation

Tools for Final Preparation 559

Pearson IT Certification Practice Test Engine and Questions on the CD 559

Installing the Software from the CD 560

Activating and Downloading the Practice Exam 560

Activating Other Exams 560

Premium Edition 561

The Cisco Learning Network 561

Memory Tables 561

Chapter-Ending Review Tools 561

Videos 562

Suggested Plan for Final Review/Study 562

Using the Exam Engine 562

Summary 563

Part V Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes 567

Appendix B CCNA Security 640-554 (IINSv2) Exam Updates 573

Glossary 577

On the CD

Appendix C Memory Tables

Appendix D Memory Tables Answer Key

9781587204463 TOC 6/5/2012

Read More Show Less

Customer Reviews

Average Rating 4
( 5 )
Rating Distribution

5 Star

(2)

4 Star

(1)

3 Star

(2)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 5 Customer Reviews
  • Posted August 15, 2012

    The CCNA Security 640-554 Official Cert Guide, by Keith Barker a

    The CCNA Security 640-554 Official Cert Guide, by Keith Barker and Scott
    Morris, provides an overview of the security and network terminology
    utilized in today’s enterprise environment to secure the network
    perimeter, specifically utilizing Cisco routers and switches. The exam
    candidate and network practitioner alike can use this resource to master
    the information needed to pass the exam. The CCNA Security 640-554
    certification exam is a 90 minute (55-65 question) exam that tests a
    candidate’s knowledge of securing Cisco routers and switches on their
    associated networks. By obtaining this certification, the network
    practitioner can validate their skills for installing, configuring and
    maintaining Cisco network equipment. The CCNA Security 640-554
    Official Cert Guide can assist the candidate in obtaining this
    certification. Although the reference material is not necessary as
    comprehensive as other certification guides and reference materials, the
    book explains in plain terms the basics that a network administrator /
    CCNA level candidate must know to pass the exam. The book generally
    explains the concepts behind network security and some of the
    vulnerabilities can affect the network security boundaries, but it is
    not as detailed and comprehensive as other certifications can attest too
    (example: CISSP). The certification guide includes a CD that
    contains a premium edition of the book (eBook), as well as a generic
    practice test. The CD also has links to book updates (when applicable),
    as well as printable appendixes that can help reinforce the content.
    However, I do wish that the reference material did contain additional
    information and test questions to enhance the content. There are some
    configuration examples for applying configuration parameters (i.e., AAA,
    ACL’s, IPv6, etc.), but by no means is it a comprehensive cookbook of
    router / switch configurations. The reader and exam candidate can
    benefit from this resource, but I would definitely suggest that this
    would not be the only resource that is utilized to support configure,
    manage and support the infrastructure. I give this book 3 out 5 stars.

    1 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Posted August 4, 2012

    more from this reviewer

    extensive discussion of IPv6

    One nice feature of the book is the ample coverage of IPv6. Finally after over 10 years, IPv6 subnets are becoming common, if only because of the impending exhaustion of IPv4 addresses. This CERT guide goes into a new focus on IPv6 security, while also delineating existing commonalities with IPv4.

    Maybe the quickest advantage of IPv6 is that an attacker who gets access to your v6 subnet cannot simply do an exhaustive ping sweep to find all active devices. Whereas typically a v4 subnet might have 8 bits of addressing, which means 254 maximum addresses to ping. Of all the differences between v4 and v6, this advantage is the easiest to understand.

    But the book warns against complacency. It suggests that scanners and worms built for v4 will likely run in v6. While another and ironic danger is that you might have v6 running on your v4 network unawares to you. Then a newly discovered v6 bug might be exploited by an attacker, because you are unlikely to check for it if you do not even expect to be running v6 anywhere on your network. By the way, this brings up the very real possibility that newly coded v6 firmware might be vulnerable to bugs unlike a thoroughly tested and heavily used existing v4 package.

    The discussion in chapter 12 on firewall fundamentals is quite understandable and generally applicable to any type of firewall hardware (or software) you choose to run. The differing properties of firewalls is explained, where this can translate to very different hardware costs. Another useful section of the chapter delves into Network Address Translation. Sometimes used to conserve addresses in the larger v4 Internet, but also to improve protection to computers behind a firewall.

    The book also has very specific explanations of Cisco hardware and software to implement firewalls. Something you can expect to be tested on in the exam. You can also see from the screen captures in the book that much of the administration is via a GUI that tries to make the tasks easy to understand.

    1 out of 1 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted September 24, 2012

    This book has excellent information and is well written. I HIGH

    This book has excellent information and is well written. I HIGHLY recommend the physical book. For the Nook Book, a large amount of the book is using CCP and ASDM which comes with screenshots of the interface and how to configure things through them.

    In the Nook book, these screen shots are essentially illegible. This is using a nook, using an android tablet with the nook app and on the PC Nook application. In all 3 instances, the ASDM and CCP screenshots are practically useless.

    Again, I wholeheartedly recommend the book, the information is excellent, but the Nook version leaves a lot to be desired.

    Was this review helpful? Yes  No   Report this review
  • Posted August 12, 2012

    Highly Recommended FOR THE CCNA SECURITY EXAM!!

    Are you preparing for the 640-554 Implementing Cisco IOS Network Security exam? If you are, then this book is for you! Authors Keith Barker and Scott Morris, have done an outstanding job of writing book that improves your awareness and knowledge of network security. Barker and Morris, begin by covering the need for the building blocks of network and information security, threats to our networks today, and the fundamental principles of secure network design. Then, the authors review risk analysis, management and security policies. The authors also cover the securing of borderless networks, controlling and containing data loss. They continue by covering the securing of the network using the network foundation protection approach, the management plane, the control plane, and the data plane. Next, the authors review the Cisco Configuration Professional features and the GUI, setting up new devices, CCP building blocks, and CCP audit features. Then, they describe management traffic and how to make it more secure and the implementation of security measures to protect the management plane. The authors also describe the role of Cisco Secure ACS and the two primary protocols used with it, RADIUS and TACACS. They continue by reviewing VLANs and trunking fundamentals, spanning-tree fundamentals, and common Layer 2 threats and how to mitigate them. Next, the authors cover the Ipv6. Then, they discuss the design considerations for threat mitigation and containment; and, the hardware, software, and services used to implement a secure network. The authors also cover the benefits and fundamentals for access control lists, implementing Ipv4 ACLs a packet filters, and implementing Ipv6 ACLs as packet filters. They continue by reviewing the firewall concepts and the technologies used by them, the function of Network Address Translations, including its building blocks, and the guidelines and considerations for creating and deploying firewalls. Next, the authors discuss the operational and functional components of the IOS Zone-Based Firewall and how to configure and verify the IOS Zone-Based Firewall. Then, they cover the Adaptive Security Appliance family and features, ASA firewall fundamentals, and configuring the ASA. The authors also compare intrusion prevention systems to intrusion detection systems and cover how to identify malicious traffic on the network, manage signatures, and monitor and manage alarms and alerts. Next, they cover the features included in the IOS-based IPS and the installing of the IPS feature; working with signatures in IOS-based IPS; and, managing and monitoring IPS alarms. The authors continue by covering what VPNs are, why they are used and the basic ingredients of cryptography. Then, they cover the concepts, components, and operations of the public key infrastructure and include an example of putting the pieces of PKI to work. The authors also cover the concepts, components, and operations of IPsec and how to configure and verify IPsec. Next, they cover the planning and preparation that is needed to implement an IPsec site-to-site VPN, implementing and verifying the IPsec site-to-site VPN. The authors continue by covering the functions and use of SSL for VPNs, configuring SSL clientless VPN on the ASA, and configuring the full SSL AnyConnect VPN on the ASA. Finally, they identify the tools that are needed for the final exam preparation to help you develop an effective study plan. The goal of this most excellent book is

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted May 1, 2014

    No text was provided for this review.

Sort by: Showing all of 5 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)