CCNA Cyber Ops SECFND #210-250 Official Cert Guide

CCNA Cyber Ops SECFND #210-250 Official Cert Guide

Hardcover

$47.98 $49.99 Save 4% Current price is $47.98, Original price is $49.99. You Save 4%.
View All Available Formats & Editions
Use Express Shipping for guaranteed delivery by December 24

Product Details

ISBN-13: 9781587147029
Publisher: Cisco Press
Publication date: 04/17/2017
Series: Certification Guide Series
Pages: 672
Sales rank: 474,574
Product dimensions: 7.70(w) x 9.20(h) x 1.60(d)

About the Author

Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures.

Omar is the author of over a dozen books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities. Additional information about Omar’s current projects can be found at omarsantos.io, and you can follow Omar on Twitter @santosomar.

Joseph Muniz is an architect at Cisco Systems and security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and the U.S. government. Joseph’s current role gives him visibility into the latest trends in cyber security, from both leading vendors and customers. Examples of Joseph’s research include his RSA talk titled “Social Media Deception,” which has been quoted by many sources (search for “Emily Williams Social Engineering”), as well as his articles in PenTest Magazine regarding various security topics.

Joseph runs The Security Blogger website, a popular resource for security, hacking, and product implementation. He is the author and contributor of several publications covering various penetration testing and security topics.

You can follow Joseph at www. thesecurityblogger.com and @SecureBlogger.

Stefano De Crescenzo is a senior incident manager with the Cisco Product Security Incident Response Team (PSIRT), where he focuses on product vulnerability management and Cisco products forensics. He is the author of several blog posts and white papers about security best practices and forensics. He is an active member of the security community and has been a speaker at several security conferences.

Stefano specializes in malware detection and integrity assurance in critical infrastructure devices, and he is the author of integrity assurance guidelines for Cisco IOS, IOS-XE, and ASA.

Stefano holds a B.Sc. and M.Sc. in telecommunication engineering from Politecnico di Milano, Italy, and an M.Sc. in telecommunication from Danish Technical University, Denmark. He is currently pursuing an Executive MBA at Vlerick Business School in Belgium. He also holds a CCIE in Security #26025 and is CISSP and CISM certified.

Table of Contents

Introduction xxv
Part I Network Concepts
Chapter 1 Fundamentals of Networking Protocols and Networking Devices 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
TCP/IP and OSI Model 6
TCP/IP Model 6
Open System Interconnection Model 12
Layer 2 Fundamentals and Technologies 16
Ethernet LAN Fundamentals and Technologies 16
Ethernet Devices and Frame-Forwarding Behavior 20
Wireless LAN Fundamentals and Technologies 35
Internet Protocol and Layer 3 Technologies 43
IPv4 Header 45
IPv4 Fragmentation 47
IPv4 Addresses and Addressing Architecture 48
IP Addresses Assignment and DHCP 57
IP Communication Within a Subnet and Address Resolution Protocol (ARP) 60
Intersubnet IP Packet Routing 61
Routing Tables and IP Routing Protocols 64
Internet Control Message Protocol (ICMP) 69
Domain Name System (DNS) 71
IPv6 Fundamentals 75
IPv6 Header 78
IPv6 Addressing and Subnets 79
Special and Reserved IPv6 Addresses 82
IPv6 Addresses Assignment, Neighbor Discovery Protocol, and
DHCPv6 83
Transport Layer Technologies and Protocols 89
Transmission Control Protocol (TCP) 90
User Datagram Protocol (UDP) 98
Exam Preparation Tasks 100
Review All Key Topics 100
Complete Tables and Lists from Memory 103
Define Key Terms 103
Q&A 103
References and Further Reading 106
Chapter 2 Network Security Devices and Cloud Services 109
“Do I Know This Already?” Quiz 109
Foundation Topics 112
Network Security Systems 112
Traditional Firewalls 112
Application Proxies 117
Network Address Translation 117
Stateful Inspection Firewalls 120
Next-Generation Firewalls 126
Personal Firewalls 128
Intrusion Detection Systems and Intrusion Prevention Systems 128
Next-Generation Intrusion Prevention Systems 133
Advance Malware Protection 133
Web Security Appliance 137
Email Security Appliance 140
Cisco Security Management Appliance 142
Cisco Identity Services Engine 143
Security Cloud-based Solutions 144
Cisco Cloud Web Security 145
Cisco Cloud Email Security 146
Cisco AMP Threat Grid 147
Cisco Threat Awareness Service 147
OpenDNS 148
CloudLock 148
Cisco NetFlow 149
What Is the Flow in NetFlow? 149
NetFlow vs. Full Packet Capture 151
The NetFlow Cache 151
Data Loss Prevention 152
Exam Preparation Tasks 153
Review All Key Topics 153
Complete Tables and Lists from Memory 154
Define Key Terms 154
Q&A 154
Part II Security Concepts
Chapter 3 Security Principles 159
“Do I Know This Already?” Quiz 159
Foundation Topics 162
The Principles of the Defense-in-Depth Strategy 162
What Are Threats, Vulnerabilities, and Exploits? 166
Vulnerabilities 166
Threats 167
Exploits 170
Confidentiality, Integrity, and Availability: The CIA Triad 171
Confidentiality 171
Integrity 171
Availability 171
Risk and Risk Analysis 171
Personally Identifiable Information and Protected Health Information 173
PII 173
PHI 174
Principle of Least Privilege and Separation of Duties 174
Principle of Least Privilege 174
Separation of Duties 175
Security Operation Centers 175
Runbook Automation 176
Forensics 177
Evidentiary Chain of Custody 177
Reverse Engineering 178
Exam Preparation Tasks 180
Review All Key Topics 180
Define Key Terms 180
Q&A 181
Chapter 4 Introduction to Access Controls 185
“Do I Know This Already?” Quiz 185
Foundation Topics 189
Information Security Principles 189
Subject and Object Definition 189
Access Control Fundamentals 190
Identification 190
Authentication 191
Authorization 193
Accounting 193
Access Control Fundamentals: Summary 194
Access Control Process 195
Asset Classification 195
Asset Marking 196
Access Control Policy 197
Data Disposal 197
Information Security Roles and Responsibilities 197
Access Control Types 199
Access Control Models 201
Discretionary Access Control 203
Mandatory Access Control 204
Role-Based Access Control 205
Attribute-Based Access Control 207
Access Control Mechanisms 210
Identity and Access Control Implementation 212
Authentication, Authorization, and Accounting Protocols 212
Port-Based Access Control 218
Network Access Control List and Firewalling 221
Identity Management and Profiling 223
Network Segmentation 223
Intrusion Detection and Prevention 227
Antivirus and Antimalware 231
Exam Preparation Tasks 233
Review All Key Topics 233
Complete Tables and Lists from Memory 234
Define Key Terms 234
Q&A 234
References and Additional Reading 237
Chapter 5 Introduction to Security Operations Management 241
“Do I Know This Already?” Quiz 241
Foundation Topics 244
Introduction to Identity and Access Management 244
Phases of the Identity and Access Lifecycle 244
Password Management 246
Directory Management 250
Single Sign-On 252
Federated SSO 255
Security Events and Logs Management 260
Logs Collection, Analysis, and Disposal 260
Security Information and Event Manager 264
Assets Management 265
Assets Inventory 266
Assets Ownership 267
Assets Acceptable Use and Return Policies 267
Assets Classification 268
Assets Labeling 268
Assets and Information Handling 268
Media Management 269
Introduction to Enterprise Mobility Management 269
Mobile Device Management 271
Configuration and Change Management 276
Configuration Management 276
Change Management 278
Vulnerability Management 281
Vulnerability Identification 281
Vulnerability Analysis and Prioritization 290
Vulnerability Remediation 294
Patch Management 295
References and Additional Readings 299
Exam Preparation Tasks 302
Review All Key Topics 302
Complete Tables and Lists from Memory 303
Define Key Terms 303
Q&A 303
Part III Cryptography
Chapter 6 Fundamentals of Cryptography and Public Key Infrastructure (PKI) 309
“Do I Know This Already?” Quiz 309
Foundation Topics 311
Cryptography 311
Ciphers and Keys 311
Symmetric and Asymmetric Algorithms 313
Hashes 314
Hashed Message Authentication Code 316
Digital Signatures 317
Key Management 320
Next-Generation Encryption Protocols 321
IPsec and SSL 321
Fundamentals of PKI 323
Public and Private Key Pairs 323
RSA Algorithm, the Keys, and Digital Certificates 324
Certificate Authorities 324
Root and Identity Certificates 326
Authenticating and Enrolling with the CA 328
Public Key Cryptography Standards 330
Simple Certificate Enrollment Protocol 330
Revoking Digital Certificates 330
Using Digital Certificates 331
PKI Topologies 331
Exam Preparation Tasks 334
Review All Key Topics 334
Complete Tables and Lists from Memory 334
Define Key Terms 335
Q&A 335
Chapter 7 Introduction to Virtual Private Networks (VPNs) 339
“Do I Know This Already?” Quiz 339
Foundation Topics 341
What Are VPNs? 341
Site-to-site vs. Remote-Access VPNs 341
An Overview of IPsec 343
IKEv1 Phase 1 343
IKEv1 Phase 2 345
IKEv2 348
SSL VPNs 348
SSL VPN Design Considerations 351
Exam Preparation Tasks 353
Review All Key Topics 353
Complete Tables and Lists from Memory 353
Define Key Terms 353
Q&A 353
Part IV Host-Based Analysis
Chapter 8 Windows-Based Analysis 357
“Do I Know This Already?” Quiz 357
Foundation Topics 360
Process and Threads 360
Memory Allocation 362
Windows Registration 364
Windows Management Instrumentation 366
Handles 368
Services 369
Windows Event Logs 372
Exam Preparation Tasks 375
Review All Key Topics 375
Define Key Terms 375
Q&A 375
References and Further Reading 377
Chapter 9 Linux- and Mac OS X—Based Analysis 379
“Do I Know This Already?” Quiz 379
Foundation Topics 382
Processes 382
Forks 384
Permissions 385
Symlinks 390
Daemons 391
UNIX-Based Syslog 392
Apache Access Logs 396
Exam Preparation Tasks 398
Review All Key Topics 398
Complete Tables and Lists from Memory 398
Define Key Terms 398
Q&A 399
References and Further Reading 400
Chapter 10 Endpoint Security Technologies 403
“Do I Know This Already?” Quiz 403
Foundation Topics 406
Antimalware and Antivirus Software 406
Host-Based Firewalls and Host-Based Intrusion Prevention 408
Application-Level Whitelisting and Blacklisting 410
System-Based Sandboxing 411
Exam Preparation Tasks 414
Review All Key Topics 414
Complete Tables and Lists from Memory 414
Define Key Terms 414
Q&A 414
Part V Security Monitoring and Attack Methods
Chapter 11 Network and Host Telemetry 419
“Do I Know This Already?” Quiz 419
Foundation Topics 422
Network Telemetry 422
Network Infrastructure Logs 422
Traditional Firewall Logs 426
Syslog in Large Scale Environments 430
Next-Generation Firewall and Next-Generation IPS Logs 437
NetFlow Analysis 445
Cisco Application Visibility and Control (AVC) 469
Network Packet Capture 470
Wireshark 473
Cisco Prime Infrastructure 474
Host Telemetry 477
Logs from User Endpoints 477
Logs from Servers 481
Exam Preparation Tasks 483
Review All Key Topics 483
Complete Tables and Lists from Memory 483
Define Key Terms 483
Q&A 484
Chapter 12 Security Monitoring Operational Challenges 487
“Do I Know This Already?” Quiz 487
Foundation Topics 490
Security Monitoring and Encryption 490
Security Monitoring and Network Address Translation 491
Security Monitoring and Event Correlation Time Synchronization 491
DNS Tunneling and Other Exfiltration Methods 491
Security Monitoring and Tor 493
Security Monitoring and Peer-to-Peer Communication 494
Exam Preparation Tasks 495
Review All Key Topics 495
Define Key Terms 495
Q&A 495
Chapter 13 Types of Attacks and Vulnerabilities 499
“Do I Know This Already?” Quiz 499
Foundation Topics 502
Types of Attacks 502
Reconnaissance Attacks 502
Social Engineering 504
Privilege Escalation Attacks 506
Backdoors 506
Code Execution 506
Man-in-the Middle Attacks 506
Denial-of-Service Attacks 507
Attack Methods for Data Exfiltration 510
ARP Cache Poisoning 511
Spoofing Attacks 512
Route Manipulation Attacks 513
Password Attacks 513
Wireless Attacks 514
Types of Vulnerabilities 514
Exam Preparation Tasks 518
Review All Key Topics 518
Define Key Terms 518
Q&A 518
Chapter 14 Security Evasion Techniques 523
“Do I Know This Already?” Quiz 523
Foundation Topics 526
Encryption and Tunneling 526
Key Encryption and Tunneling Concepts 531
Resource Exhaustion 531
Traffic Fragmentation 532
Protocol-Level Misinterpretation 533
Traffic Timing, Substitution, and Insertion 535
Pivoting 536
Exam Preparation Tasks 541
Review All Key Topics 541
Complete Tables and Lists from Memory 541
Define Key Terms 541
Q&A 541
References and Further Reading 543
Part VI Final Preparation
Chapter 15 Final Preparation 545
Tools for Final Preparation 545
Pearson Cert Practice Test Engine and Questions on the Website 545
Customizing Your Exams 547
Updating Your Exams 547
The Cisco Learning Network 548
Memory Tables 548
Chapter-Ending Review Tools 549
Suggested Plan for Final Review/Study 549
Summary 549
Part VII Appendixes
Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A
Questions 551
Glossary 571
Elements Available on the Book Website
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
9781587147029, TOC, 3/9/2017

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews