| | Copyright |
| | The SECUR Cram Sheet |
| | | NETWORK SECURITY AND CISCO IOS ROUTERS |
| | | CISCO IOS FIREWALL FEATURE SET |
| | | VIRTUAL PRIVATE NETWORKS USING CISCO IOS ROUTERS |
|
| | A Note from Series Editor Ed Tittel |
| | About the Authors |
| | | About the Technical Editors |
|
| | Acknowledgments |
| | We Want to Hear from You! |
| | Introduction |
| | | Taking a Certification Exam |
| | | Tracking Cisco Certification Status |
| | | How to Prepare for an Exam |
| | | About This Book |
|
| | Self-Assessment |
| | | Cisco Security Professionals in the Real World |
|
| | Chapter 1. Cisco Certification Exams |
| | | Assessing Exam-Readiness |
| | | The Exam Situation |
| | | Exam Layout and Design |
| | | Exam Basics |
| | | Mastering the Inner Game |
| | | Additional Resources |
|
| | Part I. Network Security and Cisco IOS Routers |
| | | Chapter 2. Fundamentals of Network Security |
| | | Introduction |
| | | Why Implement Network Security? |
| | | Classification of Network Attacks |
| | | Vulnerabilities Within Various Management Protocols |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
| | | Chapter 3. Securing Cisco Routers |
| | | Introduction |
| | | Assessing the Risk |
| | | Securing the Network Using Cisco Routers |
| | | Securing Administrative Access to a Cisco Router |
| | | Securing Routers by Disabling Unused Router Services and Interfaces |
| | | Cisco Access Lists |
| | | Mitigating Security Threats Using ACLs |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
|
| | Part II. Cisco IOS Firewall Feature Set |
| | | Chapter 4. Configuring Context-based Access Control on a Cisco Router |
| | | Introduction |
| | | Introduction to the Cisco IOS Firewall Feature Set |
| | | What Is CBAC? |
| | | CBAC Operation |
| | | What Does CBAC Inspect? |
| | | Event Tracking |
| | | Configuring Syslog |
| | | Configuring CBAC |
| | | Global Parameters |
| | | Identifying Traffic Using Inspection Rules |
| | | Guidelines for Applying CBAC and ACLs |
| | | Nonstandard Application Port Implementation |
| | | PAM |
| | | Verifying and Testing CBAC |
| | | Removing CBAC |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
| | | Chapter 5. Securing Cisco Network Routers Using AAA |
| | | Introduction |
| | | What Is AAA? |
| | | Components of AAA |
| | | Understanding AAA |
| | | Types of Authentication Methods |
| | | Implementing AAA Using Local Authentication |
| | | Implementing AAA Using External Servers |
| | | Defining AAA |
| | | TACACS+ |
| | | RADIUS |
| | | TACACS+ Versus RADIUS |
| | | Configuring Edge Routers Using AAA |
| | | Overview of CiscoSecure Access Control Server |
| | | CSACS for Windows NT/2000 |
| | | CSACS Services |
| | | Using the ACS Database |
| | | Using a Windows Database |
| | | Token Card Support |
| | | Features |
| | | CSACS Appliance |
| | | Troubleshooting CSACS for Windows |
| | | What Is Kerberos? |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
| | | Chapter 6. Configuring the Intrusion Detection System on a Cisco Router |
| | | Introduction |
| | | What Is the Cisco IOS Firewall IDS? |
| | | What Is a Signature Type? |
| | | Configuring the IDS |
| | | SpamThe Other White Meat |
| | | Creating an IDS Inspection Rule |
| | | Disabling and Excluding Signatures |
| | | Verifying and Testing the Cisco IOS Firewall IDS |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
| | | Chapter 7. Configuring Authentication Proxy on a Cisco Router |
| | | Introduction |
| | | Defining Authentication Proxy |
| | | Configuring Authentication Proxy |
| | | Configuring Authentication Proxy Rules |
| | | Applying Authentication Proxy Rules |
| | | Verifying and Testing Authentication Proxy |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
|
| | Part III. Virtual Private Networks Using Cisco IOS Routers |
| | | Chapter 8. Understanding IPSec VPNs on Cisco Routers |
| | | Overview and Objectives |
| | | What Are VPNs? |
| | | Introduction to IPSec |
| | | What Does IPSec Provide? |
| | | Types of Encryption |
| | | Symmetric Key Algorithms |
| | | Asymmetric Key Algorithms |
| | | Integrity |
| | | Hash Algorithms |
| | | Origin Authentication |
| | | Antireplay Protection |
| | | Framework of IPSec |
| | | Tunneling Protocols |
| | | AH |
| | | ESP |
| | | Tunnel Versus Transport Mode |
| | | Steps Involved in Setting Up IPSec |
| | | Tasks Involved in Configuring IPSec |
| | | Planning for IKE and IPSec |
| | | Defining IKE Phase 1 Policy |
| | | Overview of CA Support |
| | | Configuring CA Support |
| | | Maintaining and Monitoring the CA |
| | | Available Authentication Methods |
| | | Identifying IPSec Peers |
| | | Associating an ISAKMP Policy to Peers |
| | | Various Policy Parameters for IKE Phase 1 |
| | | Defining IKE Phase 2 (IPSec) Policy |
| | | Defining IPSec Peers |
| | | Checking for Compatible Policies |
| | | Ensuring Network Connectivity |
| | | Required Protocols for IPSec |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
| | | Chapter 9. Configuring IPSec VPNs on Cisco Routers |
| | | Introduction |
| | | Configuring IKE Phase 1 |
| | | Enabling IKE |
| | | Configuring ISAKMP Identity |
| | | Creating IKE Policies |
| | | Configure Preshared Keys |
| | | Digital Certificate Support Introduction |
| | | Hostname and Domain Name |
| | | Digital Certificate Support Summary |
| | | Verifying IKE Configuration |
| | | Configuring IKE Phase 2 (IPSec) |
| | | Crypto Access Lists |
| | | Symmetrical ACLs |
| | | Configuring the IPSec SA Lifetime |
| | | Transform Sets |
| | | Crypto Maps |
| | | Configuring Crypto Maps |
| | | Applying Crypto Maps to Interfaces |
| | | Verifying and Testing IPSec |
| | | IKE Show Commands |
| | | Digital Certificate Show Commands |
| | | IPSec Show Commands |
| | | Debug Commands |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
| | | Chapter 10. Cisco Easy VPN |
| | | Introduction |
| | | Understanding Cisco Easy VPN |
| | | Components of Easy VPN |
| | | Features of Easy VPN Server |
| | | Elements and Options Supported by Cisco Easy VPN Server |
| | | Elements and Options Not Supported by Cisco Easy VPN Server |
| | | Supported Easy VPN Servers |
| | | Features of Easy VPN Remote |
| | | Understanding Easy VPN Remote Phase 2 |
| | | Supported Hardware and Software Easy VPN Devices |
| | | Limitations of Easy VPN Remote Phase 2 |
| | | Establishing VPN Using Easy VPN Remote |
| | | Configuring the Easy VPN Server |
| | | Adding XAUTH to the Easy VPN Server Configuration |
| | | Overview of Cisco VPN Software Client 3.x |
| | | Accessing Cisco VPN 3.5 Client |
| | | Cisco VPN Client Log Viewer |
| | | Modifying MTU Size |
| | | VPN Client Connection Status |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
| | | Chapter 11. Management Center for VPN Routers |
| | | Introduction |
| | | Introduction to the Router Management Center |
| | | Tunneling Technology Support |
| | | Router MC Requirements |
| | | Introduction to CiscoWorks 2000 |
| | | Basic VPN Configuration |
| | | Creating an Activity |
| | | Cisco Devices Supported by Router MC |
| | | Configurable VPN Settings on Router MC |
| | | Configuring IKE Policy |
| | | Building Blocks |
| | | Configuring Tunnel Policy |
| | | Traffic Filter |
| | | Existing Configuration Management Using Router MC |
| | | Deployment Jobs |
| | | Deployment Reports |
| | | Summary |
| | | Exam Prep Questions |
| | | Need to Know More? |
|
|
| | Part IV. Practice Exams |
| | | Chapter 12. Practice Exam 1 |
| | | Questions, Questions, Questions |
| | | Picking Proper Answers |
| | | Decoding Ambiguity |
| | | Working Within the Framework |
| | | Deciding What to Memorize |
| | | Preparing for the Test |
| | | Taking the Test |
|
| | | Chapter 13. Answer Key 1 |
| | | Chapter 14. Practice Exam 2 |
| | | Chapter 15. Answer Key 2 |
|
| | Part V. Appendixes |
| | | Appendix A. Resources |
| | | Cisco Secure Access Control Server 3.2 |
| | | Overview of Authentication, Authorization, and Accounting |
| | | Authentication Servers |
| | | Configuring Context-based Access Control |
| | | Troubleshooting Context-based Access Control |
| | | Configuring Authentication Proxy |
| | | Troubleshooting Authentication Proxy |
| | | Configuring Cisco IOS Intrusion Detection System |
| | | IP Security (IPSec) |
| | | RFC for Internet Key Exchange |
| | | RFC for Encapsulating Security Payload |
| | | Cisco Easy VPN |
| | | Management Center for Virtual Private Network Routers |
|
| | | Appendix B. What's on the CD-ROM |
| | | The PrepLogic Practice Exams, Preview Edition Software |
| | | An Exclusive Electronic Version of the Text |
|
| | | Appendix C. Using the PrepLogic Practice Exams, Preview Edition Software |
| | | The Exam Simulation |
| | | Question Quality |
| | | The Interface Design |
| | | The Effective Learning Environment |
| | | Software Requirements |
| | | Installing PrepLogic Practice Exams, Preview Edition |
| | | Removing PrepLogic Practice Exams, Preview Edition from Your Computer |
| | | How to Use the Software |
| | | Contacting PrepLogic |
| | | License Agreement |
|
| | | Glossary |
|
| | Index |