Read an Excerpt
Implementing Cisco IOS Network Security (IINS)Implementing Cisco IOS Network Security (IINS)Introduction
Network security is a complex and growing area of IT. As the premier provider of network security devices, Cisco Systems is committed to supporting this growing segment of the industry.
This book teaches you how to design, configure, maintain, and audit network security. It focuses on using Cisco IOS routers for protecting the network by capitalizing on its advanced features as a perimeter router, as a firewall, as an intrusion prevention system, and as a VPN device. By the end of this book, you will be able to select and implement the appropriate Cisco IOS services required to build flexible and secure networks. This book also introduces you to the concept of endpoint security.
This book provides you with the knowledge necessary to pass your CCNA Security certification because it provides in-depth information to help you prepare for the IINS exam. It also starts you on the path toward attaining your Cisco Certified Security Professional (CCSP) certification.
The commands and configuration examples presented in this book are based on Cisco IOS Releases 12.3.
Goals and Methods
The most important and somewhat obvious goal of this book is to help you pass the IINS exam (640-553). In fact, if the primary objective of this book were different, the book’s title would be misleading; however, the methods used in this book to help you pass the CCNA Security exam are designed to also make you much more knowledgeable about how to do your job.
Although this book has more than enough questions to help you prepare for the actual exam, the method in which they are used is not to simply make you memorize as many questions and answers as you possibly can. One key methodology used in this book is to help you discover the exam topics that you need to review in more depth, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. So, this book does not try to help you pass by memorization, but helps you truly learn and understand the topics. The CCNA Security exam (640-553) is just one of the foundation topics in the CCSP certification, and the knowledge contained within is vitally important to consider yourself a truly skilled security specialist. This book would do you a disservice if it didn’t attempt to help you learn the material. To that end, the book will help you pass the CCNA Security exam by using the following methods:
- Helping you discover which test topics you have not mastered
- Providing explanations and information to fill in your knowledge gaps
- Providing practice questions on the topics
This book is not designed to be a general security topics book, although it can be used for that purpose. This book is intended to tremendously increase your chances of passing the CCNA Security exam. Although other objectives can be achieved from using this book, the book is written with two goals in mind: to improve your knowledge of Cisco IOS security and to help you pass the CCNA Security exam.
So why should you want to pass the CCNA Security exam? Because it is one of the milestones toward getting the CCSP certification; no small feat in itself. What would getting the CCSP mean to you? A raise, a promotion, recognition? How about to enhance your resumé? To demonstrate that you are serious about continuing the learning process and that you are not content to rest on your laurels? To have a chance of working in one of the most thrilling and fastest growing sectors of IT, network security? To please your reseller-employer, who needs more certified employees for a higher discount from Cisco? Or one of many other reasons.
Strategies for Exam Preparation
The strategy you use for CCNA Security might be slightly different from strategies used by other readers, mainly based on the skills, knowledge, and experience you already have obtained. For instance, if you have attended the IINS course, you might take a different approach than someone who learned firewalling via on-the-job training.
How This Book Is Organized
Although this book could be read cover to cover, it is designed to be flexible and allow you to move between chapters. However, if you do intend to read every chapter, the order in the book is an excellent sequence to use. Chapters 1 to 7 cover the following topics:
- Chapter 1, “Introduction to Network Security Principles”: This chapter discusses how to develop a comprehensive network security policy to counter threats against information security. It also teaches you about possible threats and how to describe and implement the process of developing a security policy.
- Chapter 2, “Perimeter Security”: This chapter discusses the concept of perimeter security and covers more precisely the physical installation of and administrative access to Cisco routers, the use of Cisco Security Device Manager (SDM), the use of Cisco routers to perform authentication, authorization, and accounting (AAA), the secure implementation of the management and reporting features of syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), Network Time Protocol (NTP), and it examines how to secure a Cisco router with the Security Audit and One-Step Lockdown features of Cisco SDM.
- Chapter 3, “Network Security Using Cisco IOS Firewalls”: This chapter teaches you how to configure firewall features, including access control lists (ACL) and Cisco IOS zone-based policy firewalls to perform basic security operations on a network. It explains the operations of the different types of firewall technologies and especially the technology used by Cisco routers and Cisco security appliances. The chapter provides thorough explanations on how to create static packet filters using ACLs and how to configure a Cisco IOS zone-based policy firewall.
- Chapter 4, “Fundamentals of Cryptography”: This chapter introduces the concepts of cryptography and covers encryption, hashing, and digital signatures and how these techniques provide confidentiality, integrity, authenticity, and nonrepudiation. You will learn about algorithms, symmetric and asymmetrical encryption, digital signatures, and Public Key Infrastructure (PKI).
- Chapter 5, “Site-to-Site VPNs”: This chapter introduces the concepts of site-to-site virtual private networks (VPN) using Cisco IOS. It covers topics such as concepts, technologies, and terms that IP Security (IPsec) VPNs use, Site-to-site IPsec VPN configuration using the command-line interface (CLI), and using Cisco SDM.
- Chapter 6, “Network Security Using Cisco IOS IPS”: This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). It explains the underlying IDS and IPS technology embedded in the Cisco host- and network-based IDS and IPS solutions. Through this chapter, you will learn to configure Cisco IOS IPS using Cisco SDM.
- Chapter 7, “LAN, SAN, Voice, and Endpoint Security Overview”: This chapter focuses on several additional aspects of network security: LANs, storage-area networks (SAN), voice, and endpoints. This chapter emphasizes Layer 2 and host security to provide much more comprehensive coverage of the important issues involved in securing an enterprise. In this chapter, you learn about current endpoint protection methods, risks, and countermeasures for SANs security and for IP telephony. You will also read about how to protect your network against Layer 2 attacks.
© Copyright Pearson Education. All rights reserved.