| |  | Copyright |
| | | The SECUR Cram Sheet |
| | | | NETWORK SECURITY AND CISCO IOS ROUTERS |
| | | | CISCO IOS FIREWALL FEATURE SET |
| | | | VIRTUAL PRIVATE NETWORKS USING CISCO IOS ROUTERS |
| |
| | | A Note from Series Editor Ed Tittel |
| | | About the Authors |
| | | | About the Technical Editors |
| |
| | | Acknowledgments |
| | | We Want to Hear from You! |
| | | Introduction |
| | | | Taking a Certification Exam |
| | | | Tracking Cisco Certification Status |
| | | | How to Prepare for an Exam |
| | | | About This Book |
| |
| | | Self-Assessment |
| | | | Cisco Security Professionals in the Real World |
| |
| | | Chapter 1. Cisco Certification Exams |
| | | | Assessing Exam-Readiness |
| | | | The Exam Situation |
| | | | Exam Layout and Design |
| | | | Exam Basics |
| | | | Mastering the Inner Game |
| | | | Additional Resources |
| |
| | | Part I. Network Security and Cisco IOS Routers |
| | | | Chapter 2. Fundamentals of Network Security |
| | | | Introduction |
| | | | Why Implement Network Security? |
| | | | Classification of Network Attacks |
| | | | Vulnerabilities Within Various Management Protocols |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| | | | Chapter 3. Securing Cisco Routers |
| | | | Introduction |
| | | | Assessing the Risk |
| | | | Securing the Network Using Cisco Routers |
| | | | Securing Administrative Access to a Cisco Router |
| | | | Securing Routers by Disabling Unused Router Services and Interfaces |
| | | | Cisco Access Lists |
| | | | Mitigating Security Threats Using ACLs |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| |
| | | Part II. Cisco IOS Firewall Feature Set |
| | | | Chapter 4. Configuring Context-based Access Control on a Cisco Router |
| | | | Introduction |
| | | | Introduction to the Cisco IOS Firewall Feature Set |
| | | | What Is CBAC? |
| | | | CBAC Operation |
| | | | What Does CBAC Inspect? |
| | | | Event Tracking |
| | | | Configuring Syslog |
| | | | Configuring CBAC |
| | | | Global Parameters |
| | | | Identifying Traffic Using Inspection Rules |
| | | | Guidelines for Applying CBAC and ACLs |
| | | | Nonstandard Application Port Implementation |
| | | | PAM |
| | | | Verifying and Testing CBAC |
| | | | Removing CBAC |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| | | | Chapter 5. Securing Cisco Network Routers Using AAA |
| | | | Introduction |
| | | | What Is AAA? |
| | | | Components of AAA |
| | | | Understanding AAA |
| | | | Types of Authentication Methods |
| | | | Implementing AAA Using Local Authentication |
| | | | Implementing AAA Using External Servers |
| | | | Defining AAA |
| | | | TACACS+ |
| | | | RADIUS |
| | | | TACACS+ Versus RADIUS |
| | | | Configuring Edge Routers Using AAA |
| | | | Overview of CiscoSecure Access Control Server |
| | | | CSACS for Windows NT/2000 |
| | | | CSACS Services |
| | | | Using the ACS Database |
| | | | Using a Windows Database |
| | | | Token Card Support |
| | | | Features |
| | | | CSACS Appliance |
| | | | Troubleshooting CSACS for Windows |
| | | | What Is Kerberos? |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| | | | Chapter 6. Configuring the Intrusion Detection System on a Cisco Router |
| | | | Introduction |
| | | | What Is the Cisco IOS Firewall IDS? |
| | | | What Is a Signature Type? |
| | | | Configuring the IDS |
| | | | SpamThe Other White Meat |
| | | | Creating an IDS Inspection Rule |
| | | | Disabling and Excluding Signatures |
| | | | Verifying and Testing the Cisco IOS Firewall IDS |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| | | | Chapter 7. Configuring Authentication Proxy on a Cisco Router |
| | | | Introduction |
| | | | Defining Authentication Proxy |
| | | | Configuring Authentication Proxy |
| | | | Configuring Authentication Proxy Rules |
| | | | Applying Authentication Proxy Rules |
| | | | Verifying and Testing Authentication Proxy |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| |
| | | Part III. Virtual Private Networks Using Cisco IOS Routers |
| | | | Chapter 8. Understanding IPSec VPNs on Cisco Routers |
| | | | Overview and Objectives |
| | | | What Are VPNs? |
| | | | Introduction to IPSec |
| | | | What Does IPSec Provide? |
| | | | Types of Encryption |
| | | | Symmetric Key Algorithms |
| | | | Asymmetric Key Algorithms |
| | | | Integrity |
| | | | Hash Algorithms |
| | | | Origin Authentication |
| | | | Antireplay Protection |
| | | | Framework of IPSec |
| | | | Tunneling Protocols |
| | | | AH |
| | | | ESP |
| | | | Tunnel Versus Transport Mode |
| | | | Steps Involved in Setting Up IPSec |
| | | | Tasks Involved in Configuring IPSec |
| | | | Planning for IKE and IPSec |
| | | | Defining IKE Phase 1 Policy |
| | | | Overview of CA Support |
| | | | Configuring CA Support |
| | | | Maintaining and Monitoring the CA |
| | | | Available Authentication Methods |
| | | | Identifying IPSec Peers |
| | | | Associating an ISAKMP Policy to Peers |
| | | | Various Policy Parameters for IKE Phase 1 |
| | | | Defining IKE Phase 2 (IPSec) Policy |
| | | | Defining IPSec Peers |
| | | | Checking for Compatible Policies |
| | | | Ensuring Network Connectivity |
| | | | Required Protocols for IPSec |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| | | | Chapter 9. Configuring IPSec VPNs on Cisco Routers |
| | | | Introduction |
| | | | Configuring IKE Phase 1 |
| | | | Enabling IKE |
| | | | Configuring ISAKMP Identity |
| | | | Creating IKE Policies |
| | | | Configure Preshared Keys |
| | | | Digital Certificate Support Introduction |
| | | | Hostname and Domain Name |
| | | | Digital Certificate Support Summary |
| | | | Verifying IKE Configuration |
| | | | Configuring IKE Phase 2 (IPSec) |
| | | | Crypto Access Lists |
| | | | Symmetrical ACLs |
| | | | Configuring the IPSec SA Lifetime |
| | | | Transform Sets |
| | | | Crypto Maps |
| | | | Configuring Crypto Maps |
| | | | Applying Crypto Maps to Interfaces |
| | | | Verifying and Testing IPSec |
| | | | IKE Show Commands |
| | | | Digital Certificate Show Commands |
| | | | IPSec Show Commands |
| | | | Debug Commands |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| | | | Chapter 10. Cisco Easy VPN |
| | | | Introduction |
| | | | Understanding Cisco Easy VPN |
| | | | Components of Easy VPN |
| | | | Features of Easy VPN Server |
| | | | Elements and Options Supported by Cisco Easy VPN Server |
| | | | Elements and Options Not Supported by Cisco Easy VPN Server |
| | | | Supported Easy VPN Servers |
| | | | Features of Easy VPN Remote |
| | | | Understanding Easy VPN Remote Phase 2 |
| | | | Supported Hardware and Software Easy VPN Devices |
| | | | Limitations of Easy VPN Remote Phase 2 |
| | | | Establishing VPN Using Easy VPN Remote |
| | | | Configuring the Easy VPN Server |
| | | | Adding XAUTH to the Easy VPN Server Configuration |
| | | | Overview of Cisco VPN Software Client 3.x |
| | | | Accessing Cisco VPN 3.5 Client |
| | | | Cisco VPN Client Log Viewer |
| | | | Modifying MTU Size |
| | | | VPN Client Connection Status |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| | | | Chapter 11. Management Center for VPN Routers |
| | | | Introduction |
| | | | Introduction to the Router Management Center |
| | | | Tunneling Technology Support |
| | | | Router MC Requirements |
| | | | Introduction to CiscoWorks 2000 |
| | | | Basic VPN Configuration |
| | | | Creating an Activity |
| | | | Cisco Devices Supported by Router MC |
| | | | Configurable VPN Settings on Router MC |
| | | | Configuring IKE Policy |
| | | | Building Blocks |
| | | | Configuring Tunnel Policy |
| | | | Traffic Filter |
| | | | Existing Configuration Management Using Router MC |
| | | | Deployment Jobs |
| | | | Deployment Reports |
| | | | Summary |
| | | | Exam Prep Questions |
| | | | Need to Know More? |
| |
| |
| | | Part IV. Practice Exams |
| | | | Chapter 12. Practice Exam 1 |
| | | | Questions, Questions, Questions |
| | | | Picking Proper Answers |
| | | | Decoding Ambiguity |
| | | | Working Within the Framework |
| | | | Deciding What to Memorize |
| | | | Preparing for the Test |
| | | | Taking the Test |
| |
| | | | Chapter 13. Answer Key 1 |
| | | | Chapter 14. Practice Exam 2 |
| | | | Chapter 15. Answer Key 2 |
| |
| | | Part V. Appendixes |
| | | | Appendix A. Resources |
| | | | Cisco Secure Access Control Server 3.2 |
| | | | Overview of Authentication, Authorization, and Accounting |
| | | | Authentication Servers |
| | | | Configuring Context-based Access Control |
| | | | Troubleshooting Context-based Access Control |
| | | | Configuring Authentication Proxy |
| | | | Troubleshooting Authentication Proxy |
| | | | Configuring Cisco IOS Intrusion Detection System |
| | | | IP Security (IPSec) |
| | | | RFC for Internet Key Exchange |
| | | | RFC for Encapsulating Security Payload |
| | | | Cisco Easy VPN |
| | | | Management Center for Virtual Private Network Routers |
| |
| | | | Appendix B. What's on the CD-ROM |
| | | | The PrepLogic Practice Exams, Preview Edition Software |
| | | | An Exclusive Electronic Version of the Text |
| |
| | | | Appendix C. Using the PrepLogic Practice Exams, Preview Edition Software |
| | | | The Exam Simulation |
| | | | Question Quality |
| | | | The Interface Design |
| | | | The Effective Learning Environment |
| | | | Software Requirements |
| | | | Installing PrepLogic Practice Exams, Preview Edition |
| | | | Removing PrepLogic Practice Exams, Preview Edition from Your Computer |
| | | | How to Use the Software |
| | | | Contacting PrepLogic |
| | | | License Agreement |
| |
| | | | Glossary |
| |
| | | Index |
