The first part is to configure on the ACS server information about the users and their passwords and what those users are allowed to do. The second part is to tell the router that it should refer any of its decisions about authentication or authorization to the ACS server.
One other note about the wordusers. Also be aware that end users will not need CLI access, but will need access to network services and to have their packets allowed through the router. You can use the ACS server to authenticate either type of user, and you can call on it for authorization for these users. In addition, you can use the ACS server as a destination for logging called accounting , noting which users access the system and what they do while there.
An easy way to remember is that the S means secure. To the end user such as you or I, it represents a secure connection to the server, and to the correct server. Once there, the browser requests that the web server identify itself. We would like to thank the Cisco Press team, especially Denise Lincoln and Christopher Cleveland, for their patience, guidance, and consideration.
Their efforts are greatly appreciated. Finally, we would like to acknowledge the Cisco Security Research and Operations teams. Several leaders in the network security industry work there, supporting our Cisco customers under often very stressful conditions and working miracles daily. They are truly unsung heroes, and we are all honored to have had the privilege of working side by side with them in the trenches when protecting customers and Cisco.
In actual configuration examples and output not general command syntax , boldface indicates commands that are manually input by the user such as a show command. By focusing on both covering the objectives for the CCNA Security exam and integrating that with real-world best practices and examples, we created this content with the intention of being your personal tour guides as we take you on a journey through the world of network security.
The CCNA Security exam tests your knowledge of securing Cisco routers and switches and their associated net- works, and this book prepares you for that exam.
Of course, the CD included with the printed book also includes several practice questions to help you prepare for the exam. Compare and contrast the strengths and weak- nesses of the various firewall technologies. You can take the exam at Pearson VUE testing centers.
BYOD 2. VPN 3. VPN Concepts 3. Remote Access VPN 3. Stateless Firewalls 5. Objectives and Methods This book uses several key methodologies to help you discover the exam topics for which you need more review, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics.
So, this book does not try to help you pass the exams only by memorization, but by truly learning and understanding the topics. They explain the con- cepts for the topics in that chapter. Although the contents of the entire chapter could be on the exam, you should defi- nitely know the information listed in each key topic, so you should review these. This document lists only partial information, allowing you to complete the table or list.
This section lists the most important terms from the chapter, asking you to write a short definition and compare your answer to the glossary at the end of the book. Use these to prepare with a sample exam and to pinpoint topics where you need more study. Chapter 20 includes some preparation tips and sug- gestions for how to approach the exam.
The core chapters are organized into parts. It provides coverage of different threat landscape topics and common attacks such as distributed denial-of-service DDoS attacks, social engineering, malware identi- fication tools, data loss, and exfiltration. It also covers configuration of a router to interoperate with an ACS server and configuration of the ACS server to inter- operate with a router. The chapter also covers router tools to verify and troubleshoot router-to-ACS server interactions.
This chapter covers the fundamentals of mobile device management MDM , its function, and the deployment options. This chapter also covers the concepts, components, and operations of the public key infrastructure PKI and includes an example of putting the pieces of PKI to work.
It provides details on how to secure the control plane of network infrastructure devices. Cisco has added advanced malware protection AMP to the ESA and WSA to enable security adminis- trators to detect and block malware and perform continuous analysis and retrospective alerting.
This chapter covers these technologies and solu- tions in detail. It details mitigation technologies such as spam and antimalware filtering, data loss prevention DLP , blacklisting, e-mail encryption, and web application filtering. It covers introductory concepts of endpoint threats to advanced malware protection capabilities provided by Cisco security products. This chapter covers the different antivirus and antimalware solutions, personal firewalls and host intrusion prevention systems HIPS , Cisco AMP for endpoints, and hardware and software encryption of endpoint data.
You can print this appendix and, as a memory exercise, complete the tables and lists. The goal is to help you memo- rize facts that can be useful on the exams. You also get an enhanced practice test that contains an addi- tional two full practice tests of unique questions. In addition, all the practice test questions are linked to the PDF eBook, allowing you to get more detailed feedback on each ques- tion instantly. To take advantage of this offer, you need the coupon code included on the paper in the CD sleeve.
Just follow the purchasing instructions that accompany the code to download and start using your Premium Edition today. Cisco has added advanced malware protection AMP to the ESA and WSA to allow security administra- tors to detect and block malware and perform continuous analysis and retrospective alerting. This chapter covers these technologies and solutions in detail.
You will learn mitigation technologies such as spam and antimalware filtering, data loss pre- vention DLP , blacklisting, e-mail encryption, and web application filtering.
Table details the major topics discussed in this chap- ter and their corresponding quiz questions. Which of the following features does the Cisco ESA provide? Choose all that apply. Network antivirus capabilities b. E-mail encryption c. Threat outbreak prevention d. Which of the following Cisco ESA models are designed for mid-sized organizations? Cisco C b. Cisco C c. Cisco C d. What is a spear phishing attack? Unsolicited e-mails sent to an attacker. A denial-of-service DoS attack against an e-mail server.
E-mails that are directed to specific individuals or organizations. An attacker may obtain information about the targeted individual or organization from social media sites and other sources. Spam e-mails sent to numerous victims with the purpose of making money.
Which of the following e-mail authentication mechanisms are supported by the Cisco ESA? Which of the following is the operating system used by the Cisco WSA? Cisco AsyncOS operating system b. Cisco IOS Software e. Cisco ASA Software 6. Which of the following connectors are supported by the Cisco CWS service? Cisco ASA c.
Cisco ISR G2 routers d. Cisco WSA 7. Which of the following features are supported by the Cisco WSA? File reputation b. File sandboxing c. Packed with concise explanations of core security concepts, this book is designed to help you successfully prepare for the exam. Expert instruction guides you through critical concepts relating to secure network infrastructure, access management, VPN encryption, Firewalls, intrusion prevention and more, with complete coverage of the CCNA exam objectives.
Practical examples allow you to apply your skills in real-world scenarios, helping you transition effectively from "learning" to "doing". You also get access to the Sybex online learning environment, featuring the tools you need to maximize your study time: key terminology and flash cards allow you to study anytime, anywhere, while chapter tests and practice exams help you track your progress and gauge your readiness along the way.
The CCNA Security certification tests your knowledge of secure network installation, monitoring, and troubleshooting using Cisco security hardware and software solutions. When you're ready to get serious about preparing for the exam, this book gives you the advantage of complete coverage, real-world application, and extensive learning aids to help you pass with confidence.
0コメント