Chapter 8. Products in the Campus

Previous page
Table of content
Next page

Terms you'll need to understand:

  • TTY line

  • VTY line

  • Strong passwords

  • IDS

  • NIDS

  • HIDS

  • ip audit

  • CS ACS

  • Intrusion prevention

  • Zero-day attacks

  • VMS

  • IBNS

Techniques you'll need to master:

  • Creating Access Control Lists/access lists

  • Using VLAN segmentation

  • Performing NIDS/HIDS tuning

  • Performing network device access management

The largest part of any network, at least in the number of hosts present, is almost always the campus, that portion of the network inside the main interface to the outside world (the edge). However, although it has more hosts , it is a bit simpler in its security configuration needs because nothing should (not will , only should ) get in this far from the outside. Of course, you still have to protect resources from the possible intrusion from the outside, just as you must protect them from internal threats (which you can never discountremember, they are the larger number of attacks, according to some studies).

In addition, some of what you do for security reasons parallels things that you probably already do for network traffic management. That makes the campus a good place to start our look at what Cisco products are present and how they should be configured in a network designed along the SAFE Blueprint principles.

graphics/alert_icon.gif

The SAFE Blueprints do not require Cisco products; every version of the SAFE Blueprints specifically says that. So why are we looking at Cisco products and how to configure them to work in a network designed according to a SAFE Blueprint? Look again at the exam description:

"The Cisco SAFE Implementation exam tests the knowledge and skills needed to use and implement the principles and axioms presented in the SAFE Small, Midsize, and Remote (SMR) User White Paper. Candidates are tested on knowledge of how the following devices can be used to create a complete end-to-end solution: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Host IDS, and the Cisco VPN Client."

In addition, there are test questions about securing routers and switches.

The bottom line is, you are most unlikely to pass the exam if you cannot implement a SAFE Blueprint on Cisco equipment.


Inside the campus, you need to know how to implement security with routers and switches, basic IDS (both NIDS and HIDS) configuration, and basic AAA. So we'll discuss those subjects in that order.


Previous page
Table of content
Next page
CSI Exam Cram 2 (Exam 642-541)
CCSP CSI Exam Cram 2 (Exam Cram 642-541)
ISBN: 0789730243
EAN: 2147483647
Year: 2002
Pages: 177
Authors: Annlee Hines
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
WebLogic: The Definitive Guide
101 Microsoft Visual Basic .NET Applications
Mapping Hacks: Tips & Tools for Electronic Cartography
Special Edition Using Crystal Reports 10
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy