Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide)

3.3 3
by Catherine Paquet

View All Available Formats & Editions

Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA® Security foundation learning. This book provides you with the knowledge needed to secure Cisco® routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor

…  See more details below


Implementing Cisco IOS Network Security (IINS) is a Cisco-authorized, self-paced learning tool for CCNA® Security foundation learning. This book provides you with the knowledge needed to secure Cisco® routers and switches and their associated networks. By reading this book, you will gain a thorough understanding of how to troubleshoot and monitor network devices to maintain integrity, confidentiality, and availability of data and devices, as well as the technologies that Cisco uses in its security infrastructure.


This book focuses on the necessity of a comprehensive security policy and how it affects the posture of the network. You will learn how to perform basic tasks to secure a small branch type office network using Cisco IOS® security features available through the Cisco Router and Security Device Manager (SDM) web-based graphical user interface (GUI) and through the command-line interface (CLI) on Cisco routers and switches. The author also provides, when appropriate, parallels with Cisco ASA appliances.


Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book.


Implementing Cisco IOS Network Security (IINS) is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit

• Develop a comprehensive network security policy to counter threats against information security • Configure routers on the network perimeter with Cisco IOS Software security features • Configure firewall features including ACLs and Cisco IOS zone-based policy firewalls to perform basic security operations on a network • Configure site-to-site VPNs using Cisco IOS features • Configure IPS on Cisco network routers • Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic


This volume is in the Certification Self-Study Series offered by Cisco Press®. Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations. 


Read More

Product Details

Pearson Education
Publication date:
Self-Study Guide
Sold by:
Barnes & Noble
File size:
17 MB
This product may take a few minutes to download.

Related Subjects

Read an Excerpt

Implementing Cisco IOS Network Security (IINS)Implementing Cisco IOS Network Security (IINS)Introduction

Network security is a complex and growing area of IT. As the premier provider of network security devices, Cisco Systems is committed to supporting this growing segment of the industry.

This book teaches you how to design, configure, maintain, and audit network security. It focuses on using Cisco IOS routers for protecting the network by capitalizing on its advanced features as a perimeter router, as a firewall, as an intrusion prevention system, and as a VPN device. By the end of this book, you will be able to select and implement the appropriate Cisco IOS services required to build flexible and secure networks. This book also introduces you to the concept of endpoint security.

This book provides you with the knowledge necessary to pass your CCNA Security certification because it provides in-depth information to help you prepare for the IINS exam. It also starts you on the path toward attaining your Cisco Certified Security Professional (CCSP) certification.

The commands and configuration examples presented in this book are based on Cisco IOS Releases 12.3.

Goals and Methods

The most important and somewhat obvious goal of this book is to help you pass the IINS exam (640-553). In fact, if the primary objective of this book were different, the book’s title would be misleading; however, the methods used in this book to help you pass the CCNA Security exam are designed to also make you much more knowledgeable about how to do your job.

Although this book has more than enough questions to help you prepare for the actual exam, the method in which they are used is not to simply make you memorize as many questions and answers as you possibly can. One key methodology used in this book is to help you discover the exam topics that you need to review in more depth, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. So, this book does not try to help you pass by memorization, but helps you truly learn and understand the topics. The CCNA Security exam (640-553) is just one of the foundation topics in the CCSP certification, and the knowledge contained within is vitally important to consider yourself a truly skilled security specialist. This book would do you a disservice if it didn’t attempt to help you learn the material. To that end, the book will help you pass the CCNA Security exam by using the following methods:

  • Helping you discover which test topics you have not mastered
  • Providing explanations and information to fill in your knowledge gaps
  • Providing practice questions on the topics
Who Should Read This Book?

This book is not designed to be a general security topics book, although it can be used for that purpose. This book is intended to tremendously increase your chances of passing the CCNA Security exam. Although other objectives can be achieved from using this book, the book is written with two goals in mind: to improve your knowledge of Cisco IOS security and to help you pass the CCNA Security exam.

So why should you want to pass the CCNA Security exam? Because it is one of the milestones toward getting the CCSP certification; no small feat in itself. What would getting the CCSP mean to you? A raise, a promotion, recognition? How about to enhance your resumé? To demonstrate that you are serious about continuing the learning process and that you are not content to rest on your laurels? To have a chance of working in one of the most thrilling and fastest growing sectors of IT, network security? To please your reseller-employer, who needs more certified employees for a higher discount from Cisco? Or one of many other reasons.

Strategies for Exam Preparation

The strategy you use for CCNA Security might be slightly different from strategies used by other readers, mainly based on the skills, knowledge, and experience you already have obtained. For instance, if you have attended the IINS course, you might take a different approach than someone who learned firewalling via on-the-job training.

How This Book Is Organized

Although this book could be read cover to cover, it is designed to be flexible and allow you to move between chapters. However, if you do intend to read every chapter, the order in the book is an excellent sequence to use. Chapters 1 to 7 cover the following topics:

  • Chapter 1, “Introduction to Network Security Principles”: This chapter discusses how to develop a comprehensive network security policy to counter threats against information security. It also teaches you about possible threats and how to describe and implement the process of developing a security policy.
  • Chapter 2, “Perimeter Security”: This chapter discusses the concept of perimeter security and covers more precisely the physical installation of and administrative access to Cisco routers, the use of Cisco Security Device Manager (SDM), the use of Cisco routers to perform authentication, authorization, and accounting (AAA), the secure implementation of the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), Network Time Protocol (NTP), and it examines how to secure a Cisco router with the Security Audit and One-Step Lockdown features of Cisco SDM.
  • Chapter 3, “Network Security Using Cisco IOS Firewalls”: This chapter teaches you how to configure firewall features, including access control lists (ACL) and Cisco IOS zone-based policy firewalls to perform basic security operations on a network. It explains the operations of the different types of firewall technologies and especially the technology used by Cisco routers and Cisco security appliances. The chapter provides thorough explanations on how to create static packet filters using ACLs and how to configure a Cisco IOS zone-based policy firewall.
  • Chapter 4, “Fundamentals of Cryptography”: This chapter introduces the concepts of cryptography and covers encryption, hashing, and digital signatures and how these techniques provide confidentiality, integrity, authenticity, and nonrepudiation. You will learn about algorithms, symmetric and asymmetrical encryption, digital signatures, and Public Key Infrastructure (PKI).
  • Chapter 5, “Site-to-Site VPNs”: This chapter introduces the concepts of site-to-site virtual private networks (VPN) using Cisco IOS. It covers topics such as concepts, technologies, and terms that IP Security (IPsec) VPNs use, Site-to-site IPsec VPN configuration using the command-line interface (CLI), and using Cisco SDM.
  • Chapter 6, “Network Security Using Cisco IOS IPS”: This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). It explains the underlying IDS and IPS technology embedded in the Cisco host- and network-based IDS and IPS solutions. Through this chapter, you will learn to configure Cisco IOS IPS using Cisco SDM.
  • Chapter 7, “LAN, SAN, Voice, and Endpoint Security Overview”: This chapter focuses on several additional aspects of network security: LANs, storage-area networks (SAN), voice, and endpoints. This chapter emphasizes Layer 2 and host security to provide much more comprehensive coverage of the important issues involved in securing an enterprise. In this chapter, you learn about current endpoint protection methods, risks, and countermeasures for SANs security and for IP telephony. You will also read about how to protect your network against Layer 2 attacks.

© Copyright Pearson Education. All rights reserved.

Read More

Meet the Author

Catherine Paquet is a practitioner in the field of internetworking, network security, and security financials. She has authored or contributed to eight books thus far with Cisco Press. Catherine has in-depth knowledge of security systems, remote access, and routing technology. She is a Cisco Certified Security Professional (CCSP) and a Cisco Certified Network Professional (CCNP). Catherine is also a certified Cisco instructor with Cisco’s largest training partner, Global Knowledge, Inc. She also works on IT security projects for different organizations on a part-time basis. Following her university graduation from the Collège Militaire Royal de St-Jean (Canada), she worked as a system analyst, LAN manager, MAN manager, and eventually as a WAN manager. In 1994, she received a master’s degree in business administration (MBA) with a specialty in management information systems (MIS) from York University. Recently, she has been presenting a seminar on behalf of Cisco Systems (Emerging Markets) on the topic of the business case for network security in 22 countries. In 2002 and 2003, Catherine volunteered with the U.N. mission in Kabul, Afghanistan, to train Afghan public servants in the area of networking. Catherine lives in Toronto with her husband. They have two children, who are both attending university.

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network


Most Helpful Customer Reviews

See all customer reviews >

Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide) 3.3 out of 5 based on 0 ratings. 3 reviews.
Anonymous More than 1 year ago
Afaq More than 1 year ago
When you're taking a Cisco exam, the basic requirements are: a)knowing the subject matter, b)knowing the test/exam taking strategies, c)and one of the most important, the hands on! This goes over all three topics. Subject matter is covered in detail, apparently beyond what is included in the exam itself. So, although the book is written for preparing for the CCNA Security exam, it will help you build your basic security toolkit for designing, configuring, maintaining, and auditing networks. I particularly liked the Review Questions at the end of each chapter, they may look simplistic but will surely be effective in order to pass the real exam! "Key Topics" designation also come very handy to highlight an important concept for exam preparation. This should help you build your strategy on what to expect on the exam, both difficulty level and the subject matter. Book contains a ton of full length configuration examples which can easily be used for the hands-on needed. Overall, a very good effort once again by Catherine!
Boudville More than 1 year ago
The book is an authoritative way to learn how to configure and control various Cisco routers and switches. Perhaps most importantly from the standpoint of security, you see how routers can be used to maintain a firewall. For most companies that are connected to the Internet, a firewall is often a necessity. Some background in understanding the basics of TCP/IP is needed. But the book explains the relevant details. If you are wondering how to configure your internal network behind a firewall, the text has common setup examples that you can copy. There are also candid discussions about the advantages and disadvantages of various filtering methods. For example, firewalls that do packet filtering are often used. This involves maintaining a policy table with conditions for allowing or denying traffic based on parameters like source IP address, destination IP address and the port numbers. The Cisco routers that do this are very fast, because inspecting the packet headers is simple to do in silicon. But the book also explains the limitations. Notably, the analysis is stateless, so a connection that uses a multipacket handshake cannot be checked, assuming it passes the above tests. Still, packet filtering is so simple and fast that you should probably do it. The book also delves into how to make a VPN across the Internet. A powerful and popular way to have more secure communications. The questions at the end of each chapter are fairly straightforward. Nothing that is too complicated. Strictly, the book is meant for those studying for a Cisco network certificate. But potentially, the scope is broader. It's a good overall explanation of routing and switching, and especially about setting up firewalls and VPNs. Not necessarily restricted to Cisco hardware. But even for the latter, the book might read better than a typical manual for a specific device.