logo资料库

CCNA Security Course Booklet, Version 1.0 .pdf

发布时间:2022-06-17 发布人:admin 分类:说明书 资料大小:17.21M 资料格式:pdf 举报 版权申诉
第1页 / 共433页
第2页 / 共433页
第3页 / 共433页
第4页 / 共433页
第5页 / 共433页
第6页 / 共433页
第7页 / 共433页
第8页 / 共433页
资料共433页,剩余部分请下载后查看
    00_9781587132483_fm.qxd 7/13/09 1:13 PM Page i Course Booklet CCNA Security Version 1.0 ciscopress.com
    00_9781587132483_fm.qxd 7/13/09 1:13 PM Page ii ii CCNA Security Course Booklet, Version 1.0 CCNA Security Course Booklet Version 1.0 Cisco Networking Academy Copyright© 2010 Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing August 2009 Library of Congress Cataloging-in-Publication Data is available upon request. ISBN-13: 978-1-58713-248-3 ISBN-10: 1-58713-248-6 Warning and Disclaimer This book is designed to provide information about networking. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or dam- ages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. Publisher Paul Boger Associate Publisher Dave Dusthimer Cisco Representative Erik Ullanderson Cisco Press Program Manager Anand Sundaram Executive Editor Mary Beth Ray Managing Editor Patrick Kanouse Editorial Assistant Vanessa Evans Designer Louisa Adair Composition Mark Shirar
    00_9781587132483_fm.qxd 7/13/09 1:13 PM Page iii iii Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affect- ing the validity of any trademark or service mark. Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical commu- nity. Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at feedback@ciscopress.com. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)
    00_9781587132483_fm.qxd 7/13/09 1:13 PM Page iv iv CCNA Security Course Booklet, Version 1.0 Contents at a Glance Course Introduction 1 Chapter 1 Modern Network Security Threats 5 Chapter 2 Securing Network Devices 27 Chapter 3 Authentication, Authorization, and Accounting 63 Chapter 4 Implementing Firewall Technologies 87 Chapter 5 Implementing Intrusion Prevention 131 Chapter 6 Securing the Local Area Network 157 Chapter 7 Cryptographic Systems 193 Chapter 8 Implementing Virtual Private Networks 227 Chapter 9 Managing a Secure Network 263 Glossary 297
    00_9781587132483_fm.qxd 7/13/09 1:13 PM Page v v Contents Course Introduction 1 Chapter 1 Modern Network Security Threats 5 Chapter Introduction 5 1.1 Fundamental Principles of a Secure Network 5 1.1.1 Evolution of Network Security 1.1.2 Drivers for Network Security 8 1.1.3 Network Security Organizations 1.1.4 Domains of Network Security 1.1.5 Network Security Policies 12 5 9 11 1.2 Viruses, Worms, and Trojan Horses 13 13 13 1.2.1 Viruses 1.2.2 Worms 1.2.3 Trojan Horses 1.2.4 Mitigating Viruses, Worms, and Trojan Horses 15 15 1.3 Attack Methodologies 17 1.3.1 Reconnaissance Attacks 1.3.2 Access Attacks 1.3.3 Denial of Service Attacks 1.3.4 Mitigating Network Attacks 19 17 20 22 Chapter Summary 25 Chapter 2 Securing Network Devices 27 Chapter Introduction 27 2.1 Securing Device Access 28 2.1.1 Securing the Edge Router 2.1.2 Configuring Secure Administrative Access 2.1.3 Configuring Enhanced Security for Virtual Logins 2.1.4 Configure SSH 35 28 30 33 2.2 Assigning Administrative Roles 38 38 2.2.1 Configuring Privilege Levels 2.2.2 Configuring Role-Based CLI Access 41 2.3 Monitoring and Managing Devices 43 2.3.1 Securing the Cisco IOS Image and Configuration Files 2.3.2 Secure Management and Reporting 2.3.3 Using Syslog for Network Security 2.3.4 Using SNMP for Network Security 2.3.5 Using NTP 52 46 48 50 43
    00_9781587132483_fm.qxd 7/13/09 1:13 PM Page vi vi CCNA Security Course Booklet, Version 1.0 2.4 Using Automated Security Features 54 2.4.1 Performing a Security Audit 2.4.2 Locking Down a Router Using AutoSecure 56 2.4.3 Locking Down a Router Using SDM 57 54 Chapter Summary 60 Chapter 3 Authentication, Authorization, and Accounting 63 Chapter Introduction 63 3.1 Purpose of AAA 63 3.1.1 AAA Overview 63 3.1.2 AAA Characteristics 65 3.2 Local AAA Authentication 66 3.2.1 Configuring Local AAA Authentication with CLI 66 3.2.2 Configuring Local AAA Authentication with SDM 68 3.2.3 Troubleshooting Local AAA Authentication 69 3.3 Server-Based AAA 69 69 3.3.1 Server-Based AAA Characteristics 3.3.2 Server-Based AAA Communication Protocols 3.3.3 Cisco Secure ACS 71 3.3.4 Configuring Cisco Secure ACS 73 3.3.5 Configuring Cisco Secure ACS Users and Groups 69 76 3.4 Server-Based AAA Authentication 77 77 3.4.1 Configuring Server-Based AAA Authentication with CLI 3.4.2 Configuring Server-Based AAA Authentication with SDM 78 3.4.3 Troubleshooting Server-Based AAA Authentication 80 3.5 Server-Based AAA Authorization and Accounting 80 3.5.1 Configuring Server-Based AAA Authorization 3.5.2 Configuring Server-Based AAA Accounting 80 82 Chapter Summary 84 Chapter 4 Implementing Firewall Technologies 87 Chapter Introduction 87 4.1 Access Control Lists 88 4.1.1 Configuring Standard and Extended IP ACLs with CLI 4.1.2 Using Standard and Extended IP ACLs 91 4.1.3 Topology and Flow for Access Control Lists 4.1.4 Configuring Standard and Extended ACLs with SDM 93 4.1.5 Configuring TCP Established and Reflexive ACLs 4.1.6 Configuring Dynamic ACLs 4.1.7 Configuring Time-Based ACLs 4.1.8 Troubleshooting Complex ACL Implementations 4.1.9 Mitigating Attacks with ACLs 101 102 92 98 99 88 95
    00_9781587132483_fm.qxd 7/13/09 1:13 PM Page vii 4.2 Firewall Technologies 103 4.2.1 Securing Networks with Firewalls 4.2.2 Types of Firewalls 4.2.3 Firewalls in Network Design 105 107 vii 103 4.3 Context-Based Access Control 108 108 4.3.1 CBAC Characteristics 4.3.2 CBAC Operation 110 4.3.3 Configuring CBAC 112 4.3.4 Troubleshooting CBAC 116 4.4 Zone-Based Policy Firewall 118 4.4.1 Zone-Based Policy Firewall Characteristics 4.4.2 Zone-Based Policy Firewall Operation 120 4.4.3 Configuring a Zone-Based Policy Firewall with CLI 4.4.4 Configuring Zone-Based Policy Firewall with Manual 118 121 SDM 123 4.4.5 Configuring Zone-Based Policy Firewall with SDM Wizard 126 4.4.6 Troubleshooting Zone-Based Policy Firewall 127 Chapter Summary 129 Chapter 5 Implementing Intrusion Prevention 131 Chapter Introduction 131 5.1 IPS Technologies 131 5.1.1 IDS and IPS Characteristics 131 5.1.2 Host-Based IPS Implementations 5.1.3 Network-Based IPS Implementations 133 135 5.2 IPS Signatures 137 137 5.2.1 IPS Signature Characteristics 5.2.2 IPS Signature Alarms 139 5.2.3 Tuning IPS Signature Alarms 5.2.4 IPS Signature Actions 143 5.2.5 Managing and Monitoring IPS 145 142 5.3 Implementing IPS 147 5.3.1 Configuring Cisco IOS IPS with CLI 147 5.3.2 Configuring Cisco IOS IPS with SDM 149 5.3.3 Modifying Cisco IOS IPS Signatures 151 5.4 Verify and Monitor IPS 153 5.4.1 Verifying Cisco IOS IPS 153 5.4.2 Monitoring Cisco IOS IPS 153 Chapter Summary 155
    分享到:
    收藏

    相关推荐

    资料库

    网络技术

    共收录2367份资料,累计7个分类,关注成员有19位,主要包括:综合布线,网管软件,网络监控,网络设备,其它,系统集成,网络基础

    热门标签

    综合布线 网管软件 网络监控 网络设备 其它 系统集成 网络基础

    最新资料