Gift Guide

CCNA Security (640-554) Portable Command Guide


All the CCNA Security 640-554 commands in one compact, portable resource

Preparing for the latest CCNA® Security exam? Here are all the CCNA Security commands you need in one condensed, portable resource. Filled with valuable, easy-to-access information, the CCNA Security Portable Command Guide is portable enough for you to use whether you’re in the server room or the equipment closet.

Completely updated to reflect the new CCNA Security 640-554...

See more details below
$19.63 price
(Save 34%)$29.99 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Paperback)
  • All (12) from $16.44   
  • New (11) from $16.44   
  • Used (1) from $19.62   
CCNA Security (640-554) Portable Command Guide

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$13.49 price
(Save 43%)$23.99 List Price


All the CCNA Security 640-554 commands in one compact, portable resource

Preparing for the latest CCNA® Security exam? Here are all the CCNA Security commands you need in one condensed, portable resource. Filled with valuable, easy-to-access information, the CCNA Security Portable Command Guide is portable enough for you to use whether you’re in the server room or the equipment closet.

Completely updated to reflect the new CCNA Security 640-554 exam, this quick reference summarizes relevant Cisco IOS® Software commands, keywords, command arguments, and associated prompts, and offers tips and examples for applying these commands to real-world security challenges. Throughout, configuration examples provide an even deeper understanding of how to use IOS to protect networks.

Topics covered include

• Networking security fundamentals: concepts, policies, strategies, and more

• Securing network infrastructure: network foundations, CCP, management plane and access, and data planes (IPv6/IPv4)

• Secure connectivity: VPNs, cryptography, IPsec, and more

• Threat control and containment: strategies, ACL threat mitigation, zone-based firewalls, and Cisco IOS IPS

• Securing networks with ASA: ASDM, basic and advanced settings, and ASA SSL VPNs

Bob Vachon is a professor at Cambrian College. He has held CCNP certification since 2002 and has collaborated on many Cisco Networking Academy courses. He was the lead author for the Academy’s CCNA Security v1.1 curriculum that aligns to the Cisco IOS Network Security (IINS) certification exam (640-554).

· Access all CCNA Security commands: use as a quick, offline resource for research and solutions

· Logical how-to topic groupings provide one-stop research

· Great for review before CCNA Security certification exams

· Compact size makes it easy to carry with you, wherever you go

· “Create Your Own Journal” section with blank, lined pages allows you to personalize the book for your needs

· “What Do You Want to Do?” chart inside front cover helps you to quickly reference specific tasks

This book is part of the Cisco Press® Certification Self-Study Product Family, which offers readers a self-paced study routine for Cisco® certification exams. Titles in the Cisco Press Certification Self-Study Product Family are part of a recommended learning program from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press.

Read More Show Less

Product Details

  • ISBN-13: 9781587204487
  • Publisher: Cisco Press
  • Publication date: 6/1/2012
  • Edition number: 1
  • Pages: 368
  • Sales rank: 515,192
  • Product dimensions: 5.90 (w) x 8.90 (h) x 0.80 (d)

Meet the Author

Bob Vachon is a professor in the Computer Systems Technology program at Cambrian College in Sudbury, Ontario, Canada, where he teaches networking infrastructure courses. He has worked and taught in the computer networking and information technology field since 1984. He has collaborated on various CCNA, CCNA Security, and CCNP projects for the Cisco Networking Academy as team lead, lead author, and subject matter expert. He enjoys playing the guitar and being outdoors, either working in his gardens or whitewater canoe tripping.

Read More Show Less

Table of Contents

Introduction xvii

Part I: Networking Security Fundamentals

CHAPTER 1 Networking Security Concepts 1

Basic Security Concepts 2

Assets, Vulnerabilities, Threats, and Countermeasures 2

Confidentiality, Integrity, and Availability 2

Data Classification Criteria 2

Data Classification Levels 2

Classification Roles 3

Threat Classification 3

Preventive, Detective, and Corrective Controls 3

Risk Avoidance, Transfer, and Retention 4

Drivers for Network Security 4

Evolution of Threats 4

Tracking Threats 5

Malicious Code: Viruses, Worms, and Trojan Horses 5

Anatomy of a Worm 6

Mitigating Malware and Worms 6

Threats in Borderless Networks 7

Hacker Titles 7

Thinking Like a Hacker 8

Reconnaissance Attacks 8

Access Attacks 9

Password Cracking 10

Denial-of-Service Attacks 10

Principles of Secure Network Design 11

Defense in Depth 11

CHAPTER 2 Implementing Security Policies Using a Lifecycle Approach 13

Risk Analysis 13

Quantitative Risk Analysis Formula 14

Quantitative Risk Analysis Example 15

Regulatory Compliance 15

Security Policy 17

Standards, Guidelines, and Procedures 18

Security Policy Audience Responsibilities 19

Security Awareness 19

Secure Network Lifecycle Management 19

Models and Frameworks 21

Assessing and Monitoring the Network Security Posture 21

Testing the Security Architecture 22

Incident Response 22

Incident Response Phases 22

Computer Crime Investigation 23

Collection of Evidence and Forensics 23

Law Enforcement and Liability 23

Ethics 23

Disaster-Recovery and Business-Continuity Planning 23

CHAPTER 3 Building a Security Strategy for Borderless Networks 25

Cisco Borderless Network Architecture 25

Borderless Security Products 26

Cisco SecureX Architecture and Context-Aware Security 26

Cisco TrustSec 28

TrustSec Confidentiality 28

Cisco AnyConnect 29

Cisco Security Intelligence Operations 29

Threat Control and Containment 29

Cloud Security and Data-Loss Prevention 30

Secure Connectivity Through VPNs 31

Security Management 31

Part II: Protecting the Network Infrastructure

CHAPTER 4 Network Foundation Protection 33

Threats Against the Network Infrastructure 33

Cisco Network Foundation Protection Framework 34

Control Plane Security 35

Control Plane Policing 36

Management Plane Security 36

Role-Based Access Control 37

Secure Management and Reporting 37

Data Plane Security 37

ACLs 37

Antispoofing 38

Layer 2 Data Plane Protection 38

CHAPTER 5 Protecting the Network Infrastructure Using CCP 39

Cisco Configuration Professional 39

Cisco Configuration Professional Express 40

Connecting to Cisco CP Express Using the GUI 41

Cisco Configuration Professional 44

Configuring an ISR for CCP Support 44

Installing CCP on a Windows PC 45

Connecting to an ISR Using CCP 45

CCP Features and User Interface 47

Application Menu Options 48

Toolbar Menu Options 48

Toolbar Configure Options 49

Toolbar Monitor Options 49

Using CCP to Configure IOS Device-Hardening Features 49

CCP Security Audit 49

CCP One-Step Lockdown 50

Using the Cisco IOS AutoSecure CLI Feature 51

Configuring AutoSecure via the CLI 51

CHAPTER 6 Securing the Management Plane 53

Planning a Secure Management and Reporting Strategy 54

Securing the Management Plane 54

Securing Passwords 55

Securing the Console Line and Disabling the Auxiliary Line 55

Securing VTY Access with SSH 56

Securing VTY Access with SSH Example 57

Securing VTY Access with SSH Using CCP Example 58

Securing Configuration and IOS Files 60

Restoring Bootset Files 61

Implementing Role-Based Access Control on Cisco Routers 62

Configuring Privilege Levels 62

Configuring Privilege Levels Example 62

Configuring RBAC via the CLI 62

Configuring RBAC via the CLI Example 63

Configuring Superviews 63

Configuring a Superview Example 64

Configuring RBAC Using CCP Example 64

Network Monitoring 67

Configuring a Network Time Protocol Master Clock 67

Configuring an NTP Client 67

Configuring an NTP Master and Client Example 67

Configuring an NTP Client Using CCP Example 68

Configuring Syslog 69

Configuring Syslog Example 71

Configuring Syslog Using CCP Example 71

Configuring SNMP 74

Configuring SNMP Using CCP 74

CHAPTER 7 Securing Management Access with AAA 77

Authenticating Administrative Access 78

Local Authentication 78

Server-Based Authentication 78

Authentication, Authorization, and Accounting Framework 79

Local AAA Authentication 79

Configuring Local AAA Authentication Example 80

Configuring Local AAA Authentication Using CCP Example 81

Server-Based AAA Authentication 86


Configuring Server-Based AAA Authentication 87

Configuring Server-Based AAA Authentication Example 88

Configuring Server-Based AAA Authentication Using CCP Example 89

AAA Authorization 94

Configuring AAA Authorization Example 94

Configuring AAA Authorization Using CCP 94

AAA Accounting 98

Configuring AAA Accounting Example 98

Cisco Secure ACS 98

Adding a Router as a AAA Client 99

Configuring Identity Groups and an Identity Store 99

Configuring Access Service to Process Requests 100

Creating Identity and Authorization Policies 101

CHAPTER 8 Securing the Data Plane on Catalyst Switches 103

Common Threats to the Switching Infrastructure 104

Layer 2 Attacks 104

Layer 2 Security Guidelines 104

MAC Address Attacks 105

Configuring Port Security 105

Fine-Tuning Port Security 106

Configuring Optional Port Security Settings 107

Configuring Port Security Example 108

Spanning Tree Protocol Attacks 109

STP Enhancement Features 109

Configuring STP Enhancement Features 110

Configuring STP Enhancements Example 111

LAN Storm Attacks 112

Configuring Storm Control 112

Configuring Storm Control Example 113

VLAN Hopping Attacks 113

Mitigating VLAN Attacks 114

Mitigating VLAN Attacks Example 114

Advanced Layer 2 Security Features 115

ACLs and Private VLANs 116

Cisco Integrated Security Features 116

Secure the Switch Management Plane 117

CHAPTER 9 Securing the Data Plane in IPv6 Environments 119

Overview of IPv6 119

Comparison Between IPv4 and IPv6 119

The IPv6 Header 120

ICMPv6 121

Stateless Autoconfiguration 122

IPv4-to-IPv6 Transition Solutions 122

IPv6 Routing Solutions 122

IPv6 Threats 123

IPv6 Vulnerabilities 124

IPv6 Security Strategy 124

Configuring Ingress Filtering 124

Secure Transition Mechanisms 125

Future Security Enhancements 125

Part III: Threat Control and Containment

CHAPTER 10 Planning a Threat Control Strategy 127

Threats 127

Trends in Information Security Threats 127

Threat Control Guidelines 128

Threat Control Design Guidelines 128

Integrated Threat Control Strategy 129

Cisco Security Intelligence Operations 130

CHAPTER 11 Confi guring ACLs for Threat Mitigation 131

Access Control List 131

Mitigating Threats Using ACLs 132

ACL Design Guidelines 132

ACL Operation 132

Configuring ACLs 134

ACL Configuration Guidelines 134

Filtering with Numbered Extended ACLs 134

Configuring a Numbered Extended ACL Example 135

Filtering with Named Extended ACLs 135

Configuring a Named Extended ACL Example 136

Configuring an Extended ACL Using CCP Example 136

Enhancing ACL Protection with Object Groups 140

Network Object Groups 140

Service Object Groups 140

Using Object Groups in Extended ACLs 141

Configuring Object Groups in ACLs Example 142

Configuring Object Groups in ACLs Using CCP Example 144

ACLs in IPv6 149

Mitigating IPv6 Attacks Using ACLs 149

IPv6 ACLs Implicit Entries 149

Filtering with IPv6 ACLs 149

Configuring an IPv6 ACL Example 151

CHAPTER 12 Confi guring Zone-Based Firewalls 153

Firewall Fundamentals 153

Types of Firewalls 154

Firewall Design 154

Firewall Policies 154

Firewall Rule Design Guidelines 155

Cisco IOS Firewall Evolution 155

Cisco IOS Zone-Based Policy Firewall 156

Cisco Common Classification Policy Language 156

ZFW Design Considerations 156

Default Policies, Traffic Flows, and Zone Interaction 157

Configuring an IOS ZFW 157

Configuring an IOS ZFW Using the CLI Example 160

Configuring an IOS ZFW Using CCP Example 161

Configuring NAT Services for ZFWs Using CCP Example 167

CHAPTER 13 Confi guring Cisco IOS IPS 171

IDS and IPS Fundamentals 171

Types of IPS Sensors 172

Types of Signatures 172

Types of Alarms 172

Intrusion Prevention Technologies 173

IPS Attack Responses 174

IPS Anti-Evasion Techniques 175

Managing Signatures 175

Cisco IOS IPS Signature Files 176

Implementing Alarms in Signatures 176

IOS IPS Severity Levels 177

Event Monitoring and Management 177

IPS Recommended Practices 178

Configuring IOS IPS 178

Creating an IOS IPS Rule and Specifying the IPS Signature File Location 179

Tuning Signatures per Category 180

Configuring IOS IPS Example 183

Configuring IOS IPS Using CCP Example 185

Signature Tuning Using CCP 193

Part IV: Secure Connectivity

CHAPTER 14 VPNs and Cryptology 195

Virtual Private Networks 195

VPN Deployment Modes 196

Cryptology = Cryptography + Cryptanalysis 197

Historical Cryptographic Ciphers 197

Modern Substitution Ciphers 198

Encryption Algorithms 198

Cryptanalysis 199

Cryptographic Processes in VPNs 200

Classes of Encryption Algorithms 201

Symmetric Encryption Algorithms 201

Asymmetric Encryption Algorithm 202

Choosing an Encryption Algorithm 202

Choosing an Adequate Keyspace 202

Cryptographic Hashes 203

Well-Known Hashing Algorithms 203

Hash-Based Message Authentication Codes 203

Digital Signatures 204

CHAPTER 15 Asymmetric Encryption and PKI 207

Asymmetric Encryption 207

Public Key Confidentiality and Authentication 207

RSA Functions 208

Public Key Infrastructure 208

PKI Terminology 209

PKI Standards 209

PKI Topologies 210

PKI Characteristics 211

CHAPTER 16 IPsec VPNs 213

IPsec Protocol 213

IPsec Protocol Framework 214

Encapsulating IPsec Packets 215

Transport Versus Tunnel Mode 215

Confidentiality Using Encryption Algorithms 216

Data Integrity Using Hashing Algorithms 216

Peer Authentication Methods 217

Key Exchange Algorithms 217

NSA Suite B Standard 218

Internet Key Exchange 218

IKE Negotiation Phases 219

IKEv1 Phase 1 (Main Mode and Aggressive Mode) 219

IKEv1 Phase 2 (Quick Mode) 220

IKEv2 Phase 1 and 2 220

IKEv1 Versus IKEv2 221

IPv6 VPNs 221

CHAPTER 17 Confi guring Site-to-Site VPNs 223

Site-to-Site IPsec VPNs 223

IPsec VPN Negotiation Steps 223

Planning an IPsec VPN 224

Cipher Suite Options 225

Configuring IOS Site-to-Site VPNs 225

Verifying the VPN Tunnel 229

Configuring a Site-to-Site IPsec VPN Using IOS Example 230

Configuring a Site-to-Site IPsec VPN Using CCP Example 232

Generating a Mirror Configuration Using CCP 241

Testing and Monitoring IPsec VPNs 242

Monitoring Established IPsec VPN Connections Using CCP 244

Part V: Securing the Network Using the ASA

CHAPTER 18 Introduction to the ASA 247

Adaptive Security Appliance 247

ASA Models 248

Routed and Transparent Firewall Modes 249

ASA Licensing 249

Basic ASA Configuration 251

ASA 5505 Front and Back Panel 251

ASA 5510 Front and Back Panel 252

ASA Security Levels 253

ASA 5505 Port Configuration 255

ASA 5505 Deployment Scenarios 255

ASA 5505 Configuration Options 255

CHAPTER 19 Introduction to ASDM 257

Adaptive Security Device Manager 257

Accessing ASDM 258

Factory Default Settings 258

Resetting the ASA 5505 to Factory Default Settings 259

Erasing the Factory Default Settings 259

Setup Initialization Wizard 259

Installing and Running ASDM 260

Running ASDM 262

ASDM Wizards 264

The Startup Wizard 264

VPN Wizards 265

Advanced Wizards 266

CHAPTER 20 Confi guring Cisco ASA Basic Settings 267

ASA Command-Line Interface 267

Differences Between IOS and ASA OS 268

Configuring Basic Settings 268

Configuring Basic Management Settings 269

Enabling the Master Passphrase 269

Configuring Interfaces 270

Configuring the Inside and Outside SVIs 270

Assigning Layer 2 Ports to VLANs 271

Configuring a Third SVI 272

Configuring the Management Plane 272

Enabling Telnet, SSH, and HTTPS Access 272

Configuring Time Services 274

Configuring the Control Plane 274

Configuring a Default Route 274

Basic Settings Example 274

Configuring Basic Settings Example Using the CLI 275

Configuring Basic Settings Example Using ASDM 277

CHAPTER 21 Confi guring Cisco ASA Advanced Settings 283

ASA DHCP Services 284

DHCP Client 284

DHCP Server Services 284

Configuring DHCP Server Example Using the CLI 285

Configuring DHCP Server Example Using ASDM 287

ASA Objects and Object Groups 289

Network and Service Objects 289

Network, Protocol, ICMP, and Service Object Groups 291

Configuring Objects and Object Groups Example Using ASDM 293

ASA ACLs 295

ACL Syntax 296

Configuring ACLs Example Using the CLI 297

Configuring ACLs with Object Groups Example Using the CLI 299

Configuring ACLs with Object Groups Example Using ASDM 300

ASA NAT Services 301

Auto-NAT 302

Dynamic NAT, Dynamic PAT, and Static NAT 302

Configuring Dynamic and Static NAT Example Using the CLI 304

Configuring Dynamic NAT Example Using ASDM 306

AAA Access Control 308

Local AAA Authentication 308

Server-Based AAA Authentication 309

Configuring AAA Server-Based Authentication Example Using the CLI 309

Configuring AAA Server-Based Authentication Example Using ASDM 310

Modular Policy Framework Service Policies 313

Class Maps, Policy Maps, and Service Policies 314

Default Global Policies 317

Configure Service Policy Example Using ASDM 318

CHAPTER 22 Confi guring Cisco ASA SSL VPNs 319

Remote-Access VPNs 319

Types of Remote-Access VPNs 319


Client-Based SSL VPN Example Using ASDM 321

Clientless SSL VPN Example Using ASDM 328

APPENDIX Create Your Own Journal Here 335

TOC, 9781587204487, 5/1/2012

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)