CCNP Security VPN 642-648 Official Cert Guide

( 2 )

Overview

The official study guide helps you master all the topics on the CCNP Security VPN exam, including

Configuring policies, inheritance, and attributes

· AnyConnect Remote Access VPN solutions

· AAA and Dynamic Access Policies (DAP)

· High availability and performance

· Clientless VPN solutions

· SSL VPN with Cisco Secure Desktop

· Easy VPN solutions

· IPsec VPN clients and ...

See more details below
Hardcover (New Edition)
$53.87
BN.com price
(Save 26%)$72.99 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Hardcover)
  • All (13) from $13.54   
  • New (9) from $46.92   
  • Used (4) from $13.54   
CCNP Security VPN 642-648 Official Cert Guide

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$33.99
BN.com price
(Save 42%)$58.99 List Price

Overview

The official study guide helps you master all the topics on the CCNP Security VPN exam, including

Configuring policies, inheritance, and attributes

· AnyConnect Remote Access VPN solutions

· AAA and Dynamic Access Policies (DAP)

· High availability and performance

· Clientless VPN solutions

· SSL VPN with Cisco Secure Desktop

· Easy VPN solutions

· IPsec VPN clients and site-to-site VPNs

The CD-ROM contains a free, complete practice exam.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent);
512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam

This volume is part of the Official Cert Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

CCNP Security VPN 642-648 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security VPN exam. Cisco Certified Internetwork Expert (CCIE) Howard Hooper shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security VPN 642-648 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

The companion CD-ROM contains a powerful testing engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNP Security VPN 642-648 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

Read More Show Less

Product Details

  • ISBN-13: 9781587204470
  • Publisher: Cisco Press
  • Publication date: 7/6/2012
  • Edition description: New Edition
  • Edition number: 2
  • Pages: 832
  • Sales rank: 1,386,635
  • Product dimensions: 7.60 (w) x 9.20 (h) x 1.90 (d)

Meet the Author

Howard Hooper, CCIE No. 23470, CCNP, CCNA, CCDA, JNCIA, works as a network consultant and trainer for Transcend Networks Ltd., specializing in network design, installation, and automation for enterprise and government clients. He has worked in the network industry for 10 years, starting his career in the service provider field as a support engineer, before moving on to installations engineer and network architect roles, working on small, medium, enterprise, and service provider networks. In his spare time, Howard is a professional skydiver and Cisco Academy instructor. When he is not freefalling from more than 13,500 feet at his local drop zone, he is teaching the CCNA syllabus at his local Cisco Academy.

Read More Show Less

Table of Contents

Introduction

Part I ASA Architecture and Technologies Overview

Chapter 1 Examining the Role of VPNs and the Technologies Supported by the ASA

“Do I Know This Already?” Quiz

Foundation Topics

Introducing the Virtual Private Network

VPN Termination Device (ASA) Placement

Meet the Protocols

Symmetric and Asymmetric Key Algorithms

IPsec

IKEv1

Authentication Header and Encapsulating Security Payload

IKEv2

SSL/TLS

SSL Tunnel Negotiation

Handshake

DTLS

ASA Packet Processing

The Good, the Bad, and the Licensing

Time-Based Licenses

When Time-Based and Permanent Licenses Combine

Shared SSL VPN Licenses

Failover Licensing

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 2 Configuring Policies, Inheritance, and Attributes

“Do I Know This Already?” Quiz

Foundation Topics

Policies and Their Relationships

Understanding Connection Profiles

Group URL

Group Alias

Certificate-to-Connection Profile Mapping

Per-User Connection Profile Lock

Default Connection Profiles

Understanding Group Policies

Configure User Attributes

Using External Servers for AAA and Policies

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part II Cisco Clientless Remote-Access VPN Solutions

Chapter 3 Deploying a Clientless SSL VPN Solution

“Do I Know This Already?” Quiz

Foundation Topics

Clientless SSL VPN Overview

Deployment Procedures and Strategies

Deploying Your First Clientless SSL VPN Solution

IP Addressing

Hostname, Domain Name, and DNS

Become a Member of a Public Key Infrastructure

Adding a CA Root Certificate

Certificate Revocation List

Revocation Check

CRL Retrieval Policy

CRL Retrieval Method

OCSP Rules

Advanced

Enable the Relevant Interfaces for SSL

Create Local User Accounts for Authentication

Create a Connection Profile (Optional)

Basic Access Control

Bookmarks

HTTP and HTTPS

CIFS

FTP

Group Policies

Content Transformation

Gateway Content Rewriting

Application Helper Profiles

Java Code Signing

Troubleshooting a Basic Clientless SSL VPN

Troubleshooting Session Establishment

Troubleshooting Certificate Errors

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 4 Advanced Clientless SSL VPN Settings

“Do I Know This Already?” Quiz

Foundation Topics

Overview of Advanced Clientless SSL VPN Settings

Application Access Through Port Forwarding

Configuring Port Forwarding

Application Access Using Client-Server Plug-Ins

Configuring Client-Server Plug-In Access

Application Access Through Smart Tunnels

Configuring Smart Tunnel Access

Configuring SSL/TLS Proxies

Email Proxy

Internal HTTP and HTTPS Proxy

Troubleshooting Advanced Application Access

Troubleshooting Application Access

Client

ASA/VPN Termination Appliance

Application/Web Server

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 5 Customizing the Clientless Portal

“Do I Know This Already?” Quiz

Foundation Topics

Basic Portal Layout Configuration

Logon Page Customization

Portal Page Customization

Logout Page Customization

Outside-the-Box Portal Configuration

Portal Language Localization

Getting Portal Help

AnyConnect Portal Integration

Clientless SSL VPN Advanced Authentication

Using an External and Internal CA for Clientless Access

Clientless SSL VPN Double Authentication

Deploying Clientless SSL VPN Single Signon

Troubleshooting PKI and SSO Integration

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 6 Clientless SSL VPN Advanced Authentication and Authorization

“Do I Know This Already?” Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

Create a DAP

Specify User AAA Attributes

Specify Endpoint Attributes

Configure Authorization Parameters

Configure Authorization Parameters for the Default DAP

DAP Record Aggregation

Troubleshooting DAP Deployment

ASDM Test Feature

ASA Logging

DAP Debugging

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 7 Clientless SSL High Availability and Performance

“Do I Know This Already?” Quiz

Foundation Topics

High-Availability Deployment Information and Common Strategies

Failover

Active/Active

Active/Standby

VPN Load Balancing (Clustering)

External Load Balancing

Redundant VPN Peering

Content Caching for Optimization

Clientless SSL VPN Load Sharing Using an External Load Balancer

Clustering Configuration for Clientless SSL VPN

Troubleshooting Load Balancing and Clustering

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part III Cisco AnyConnect Remote-Access VPN Solutions

Chapter 8 Deploying an AnyConnect Remote-Access VPN Solution

“Do I Know This Already?” Quiz

Foundation Topics

AnyConnect Full-Tunnel SSL VPN Overview

Configuration Procedures, Deployment Strategies, and Information Gathering

AnyConnect Secure Mobility Client Installation

Deploying Your First Full-Tunnel AnyConnect SSL VPN Solution

IP Addressing

Enable IPv6 Access

Hostname, Domain Name, and DNS

Enroll with a CA and Become a Member of a PKI

Add an Identity Certificate

Add the Signing Root CA Certificate

Enable the Interfaces for SSL/DTLS and AnyConnect Client Connections

Create a Connection Profile

Deploying Your First AnyConnect IKEv2 VPN Solution

Enable the Relevant Interfaces for IKEv2 and AnyConnect Client Access

Create Your IKEv2 Policies

Create a Connection Profile

Client IP Address Allocation

Connection Profile Address Assignment

Group Policy Address Assignment

Direct User Address Assignment

Advanced Controls for Your Environment

ACLs and Downloadable ACLs

Split Tunneling

Access Hours/Time Range

Troubleshooting the AnyConnect Secure Mobility Client

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 9 Advanced Authentication and Authorization of AnyConnect VPNs

“Do I Know This Already?” Quiz

Foundation Topics

Authentication Options and Strategies

Provisioning Certificates as a Local CA

Configuring Certificate Mappings

Certificate-to-Connection Profile Maps

Mapping Criteria

Provisioning Certificates from a Third-Party CA

Configure an XML Profile for Use by the AnyConnect Client

Configure a Dedicated Connection Profile for Enrollment

Enroll the AnyConnect Client into a PKI

Optionally, Configure Client Certificate Selection

Import the Issuing CA’s Certificate into the ASA

Create a Connection Profile Using Certificate-Based Authentication

Advanced PKI Deployment Strategies

Doubling Up on Client Authentication

Troubleshooting Your Advanced Configuration

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 10 Advanced Deployment and Management of the AnyConnect Client

“Do I Know This Already?” Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

AnyConnect Installation Options

Manual Predeployment

Automatic Web Deployment

Managing AnyConnect Client Profiles

Advanced Profile Features

Start Before Login

Trusted Network Detection

Advanced AnyConnect Customization and Management

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 11 AnyConnect Advanced Authorization Using AAA and DAPs

“Do I Know This Already?” Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

Configuring Local and Remote Group Policies

Full SSL VPN Accountability

Authorization Through Dynamic Access Policies

Troubleshooting Advanced Authorization Settings

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 12 AnyConnect High Availability and Performance

“Do I Know This Already?” Quiz

Foundation Topics

Overview of High Availability and Redundancy Methods

Hardware-Based Failover

VPN Clustering (VPN Load Balancing)

Redundant VPN Peering

External Load Balancing

Deploying DTLS

Performance Assurance with QOS

Basic ASDM QoS Configuration

Basic CLI QoS Configuration

AnyConnect Redundant Peering and Failover

Hardware-Based Failover with VPNs

Configure LAN Failover Interfaces

Configure Standby Addresses on Interfaces Used for Traffic Forwarding

Define Failover Criteria

Configure Nondefault MAC Addresses

Redundancy in the VPN Core

VPN Clustering

Load Balancing Using an External Load Balancer

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part IV Cisco Secure Desktop

Chapter 13 Cisco Secure Desktop

“Do I Know This Already?” Quiz

Foundation Topics

Cisco Secure Desktop Overview and Configuration

Prelogin Assessment

Host Scan

Secure Desktop (Vault)

Cache Cleaner

Keystroke Logger

Integration with DAP

Host Emulation Detection

Windows Mobile Device Management

Standalone Installation Packages

CSD Manual Launch

CSD Order of Operations

Prelogin Phase

Post-Login Phase

Session-Termination Phase

CSD Supported Browsers, Operating Systems, and Credentials

Enabling Cisco Secure Desktop on the ASA

Configure Prelogin Criteria

Keystroke Logger and Safety Checks

Cache Cleaner

Secure Desktop (Vault) General

Secure Desktop (Vault) Settings

Secure Desktop (Vault) Browser

Host Endpoint Assessment

Authorization Using DAPs

Troubleshooting Cisco Secure Desktop

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part V Cisco IPsec Remote-Access Client Solutions

Chapter 14 Deploying and Managing the Cisco VPN Client

“Do I Know This Already?” Quiz

Foundation Topics

Cisco IPsec VPN Client Features

Cisco ASA Basic Remote IPsec Client Configuration

IPsec Client Software Installation and Basic Configuration

Create New VPN Connection Entry, Main Window

Authentication Tab

Transport Tab

Backup Servers Tab

Dial-Up Tab

Advanced Profile Settings

VPN Client Software GUI Customization

Troubleshooting VPN Client Connectivity

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part VI Cisco Easy VPN Solutions

Chapter 15 Deploying Easy VPN Solutions

“Do I Know This Already?” Quiz

Foundation Topics

Configuration Procedures, Deployment Procedures, and Information Gathering

Easy VPN Basic Configuration

ASA IP Addresses

Configure Required Routing

Enable IPsec Connectivity

Configure Preferred IKEv1 and IPsec Policies

Client IP Address Assignment

VPN Client Authentication Using Pre-Shared Keys

Using XAUTH for VPN Client Access

IP Address Allocation Using the VPN Client

DHCP Configuration

Controlling Your Environment with Advanced Features

ACL Bypass Configuration

Basic Interface ACL Configuration

Per-Group ACL Configuration

Per-User ACL Configuration

Split-Tunneling Configuration

Troubleshooting a Basic Easy VPN

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 16 Advanced Authentication and Authorization Using Easy VPN

“Do I Know This Already?” Quiz

Foundation Topics

Authentication Options and Strategies

Configuring PKI for Use with Easy VPN

Configuring Mutual/Hybrid Authentication

Configuring Digital Certificate Mappings

Provisioning Certificates from a Third-Party CA

Advanced PKI Deployment Strategies

CRLs

OCSP

AAA

Troubleshooting Advanced Authentication for Easy VPN

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 17 Advanced Easy VPN Authorization

“Do I Know This Already?” Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

Configuring Local and Remote Group Policies

Assigning a Group Policy to a Local User Account

Assigning a Group Policy to a Connection Profile

Accounting Methods for Operational Information

NetFlow 9

RADIUS VPN Accounting

SNMP

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 18 High Availability and Performance for Easy VPN

“Do I Know This Already?” Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

VPN Client HA and Failover

Hardware-Based Failover with VPNs

Configure Optional Active/Standby Failover Settings

Clustering Configuration for Easy VPN

Troubleshooting Device Failover and Clustering

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 19 Easy VPN Operation Using the ASA 5505 as a Hardware Client

“Do I Know This Already?” Quiz

Foundation Topics

Easy VPN Remote Hardware Client Overview

Client Mode

Network Extension Mode

Configuring a Basic Easy VPN Remote Client Using the ASA 5505

Configuring Advanced Easy VPN Remote Client Settings for the ASA 5505

X-Auth and Device Authentication

Remote Management

Tunneled Management

Clear Tunneled Management

NAT Traversal

Device Pass-Through

Troubleshooting the ASA 5505 Easy VPN Remote Hardware Client

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part VII Cisco IPsec Site-to-Site VPN Solutions

Chapter 20 Deploying IPsec Site-to-Site VPNs

“Do I Know This Already?” Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

IKEv1

Phase 1

Phase 2 (Quick Mode)

IKEv2

Phase 1

Phase 2

Configuring a Basic IKEv1 IPsec Site-to-Site VPN

Configure Basic Peer Authentication

Enable IKEv1 on the Interface

Configure IKEv1 Policies

Configure Pre-Shared Keys

Configure Transmission Protection

Select Transform Set and VPN Peer

Define Interesting Traffic

Configuring a Basic IKEv2 IPsec Site-to-Site VPN

Configure Advanced Authentication for IKEv1 IPsec Site-to-Site VPNs

Troubleshooting an IPsec Site-to-Site VPN Connection

Tunnel Not Establishing: Phase 1

Tunnel Not Establishing: Phase 2

Traffic Not Passing Through Your Tunnel

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Chapter 21 High Availability and Performance Strategies for IPsec Site-to-Site VPNs

“Do I Know This Already?” Quiz

Foundation Topics

Configuration Procedures, Deployment Strategies, and Information Gathering

High Assurance with QoS

Basic QoS Configuration

Deploying Redundant Peering for Site-to-Site VPNs

Site-to-Site VPN Redundancy Using Routing

Hardware-Based Failover with VPNs

Configure LAN Failover Interfaces

Configure Standby Addresses on Interfaces Used for Traffic Forwarding

Define Failover Criteria

Configure Nondefault Mac Addresses

Troubleshooting HA Deployment

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

Part VIII Exam Preparation

Chapter 22 Final Exam Preparation

Tools for Final Preparation

Pearson Cert Practice Test Engine and Questions on the CD

Install the Software from the CD

Activate and Download the Practice Exam

Activating Other Exams

Premium Edition

The Cisco Learning Network

Memory Tables

Suggested Plan for Final Review/Study

Using the Exam Engine

Summary

Part IX Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes

Appendix B 642-648 CCNP Security VPN Exam Updates, Version 1.0

Appendix C Memory Tables (CD-only) 3

Appendix D Memory Tables Answer Key (CD-only) 19

Glossary

9781587204470 TOC 5/21/2012

Read More Show Less

Customer Reviews

Average Rating 4.5
( 2 )
Rating Distribution

5 Star

(1)

4 Star

(1)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Posted August 4, 2012

    more from this reviewer

    detecting a keystroke logger !

    Given the sheer length of this book, Hooper (and perhaps his editor also) is to be commended for including a "Do I Know This Already" quiz at the start of each chapter. It can greatly help you either prepare for the Cisco Security VPN exam or simply to efficiently study this topic for your own needs. The latter could arise in the context of you being a network administrator who has to setup a VPN using Cisco hardware and firmware. The book is suitable in this dual role.

    The early chapters provide an overview of how a VPN works that is a fairly general discussion, largely independent of Cisco hardware. You get a good idea of the state of VPN usage. One example is the recent deprecation of port forwarding. Mostly because it needs root (superuser) access on the remote client, and because an application needs to be installed there and only rudimentary TCP applications are usually supported.

    Instead, smart tunnels are the recommended alternative. The local user no longer needs root access on her machine, there are more supported applications and she does not have to reconfigure her local application settings. The text relates that smart tunnels are faster than client server plug-ins.

    What else looks interesting in the book? There is a mass of material. But the Cisco Secure Desktop seems a nifty package. The idea is to pre-check the machine that the user uses, and to do a clean up operation after she finishes. The latter is to remove any settings (like in the registry of a Microsoft machine) that she made that could be used later by a rogue. For example, in a replay attack. While the pre-check attempts tests like looking for a keystroke logger. The logger is an insidious malware attack vector, which can be instantiated as hardware or software. Unfortunately I cannot tell from the text whether the attempted detection of the logger is for only a hardware logger, only a software logger or both. Nor does the book say what its efficacy is.

    A pity. From my background in antispam and antiphishing, how the logger detector works was the most interesting part of the book. Now granted, Cisco might well want to keep its details as a trade secret, in part to avoid crackers trying to circumvent.

    Was this review helpful? Yes  No   Report this review
  • Posted July 25, 2012

    VERY HELPFUL IN MASTERING THE CERTIFICATION EXAM!!!

    Do you need help in trying to pass the CCNP Security VPN certification exam (642-648)? If you do, then this book is for you! Author Howard Hooper, has done an outstanding job of writing a second edition of a book that focuses on the application of security principles, with regard to Cisco IOS routers, switches, and virtual private network devices. Author Hooper, begins with a discussion of the ASA operation and architecture. Then, the author focuses on the different methods that are used to apply policies and their contained attributes for controlling and ultimately securing remote servers. Next, he introduces you to the Cisco clientless Secure Sockets Layer VPN implementation. The author also covers the advanced settings that are available for the clientless SSL VPN deployment and the available application access methods and their configuration. He continues by focusing on the available customization options when approaching the task of customizing the clientless SSL VPN environment for remote users. Then, the author examines the implementation and configuration of group policies and the available attributes contained within. Next, he examines the available HA and performance enhancements that can be deployed when working with clientless SSL VPN solutions. The author also introduces you to the Cisco AnyConnect remote-access VPN configuration and client software. He continues by discussing the available mechanisms that can be configured to successfully authenticate your remote users. Then, the author reviews the various methods of the AnyConnect client deployment and installation available. Next, he describes the role and implementation of advanced authorization, which enables you to maintain complete control over the resources of remote users that can or cannot access before and during their connection to the VPN deployment. The author also reviews the different types of redundancy and high availability that you can deploy on the ASA device through configuration of the AnyConnect client or with external hardware. He continues by reviewing the Cisco Secure Desktop environment and associated modules for use with both the AnyConnect client and the clientless SSL VPN. Next, he introduces you to the Cisco IPSec VPN Client and its available methods of installation, configuration, and advanced customization. The author also introduces you to the Cisco Easy VPN client and server architecture. He continues by reviewing the configuration of PKI and its subsequent implementation with Easy VPN deployments. Then, the author describes the implementation of group policies and the attributes that can be included to provide advanced authorization of remote users. Next, he shows you how to put the mechanisms in place to provide a high-availability solution that will protect an organization form outages alongside an Easy VPN deployment. The author also introduces you to the Easy VPN hardware client capabilities of the ASA 5505 device and the configuration required for successful deployment. Finally, he lists the exam preparation tools that are useful at this point in the study process, and provides a suggested study plan.This most excellent book has been written with the same format and incorporates tools to assist you by assessing your current knowledge and emphasizing specific areas of interest. Perhaps more importantly, as you read through this great book, you will find that your test-taking skills will improve by continued exposure to the test format

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)