Book Image

CCNA Security 210-260 Certification Guide

By : Glen D. Singh, Michael Vinod, Vijay Anandh

Book Image

CCNA Security 210-260 Certification Guide

By: Glen D. Singh, Michael Vinod, Vijay Anandh

Overview of this book

With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam. You’ll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you’ll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols. Next, you’ll learn about security on the data link layer by implementing various security toolkits. You’ll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You’ll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you’ll delve into the concepts of IPS and endpoint security to secure your organization’s network infrastructure. By the end of this book, you’ll be ready to take the CCNA Security Exam (210-260).

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Exploring Security Threats

Exploring Security Threats

Important terms in network security

Introduction to an attack

The DHCP process

Why DHCP snooping?

Delving into Security Toolkits

Delving into Security Toolkits

Firewall functions

Intrusion prevention system

Intrusion detection system

Virtual Private Network

Content security

Understanding Security Policies

Understanding Security Policies

Need for a security policy

Deep Diving into Cryptography

Deep Diving into Cryptography

What is cryptography?

Objectives of cryptography

Types of encryption

Types of cipher

Encryption algorithms

Hashing algorithms

Cryptographic systems

Public Key Infrastructure

Implementing the AAA Framework

Implementing the AAA Framework

Components of AAA

Implementing Cisco AAA - authentication

Issues with authentication

Implementing Cisco AAA - authorization

Implementing Cisco AAA - accounting

Securing the Control and Management Planes

Securing the Control and Management Planes

Introducing the security policy

Technologies to implement secure management network

Planning considerations for secure management

Log messaging implementation for security

Control Plane Policing

Protecting Layer 2 Protocols

Protecting Layer 2 Protocols

Layer 2 attack mitigation

Features of the Virtual Local Area Network

Protecting the Switch Infrastructure

Protecting the Switch Infrastructure

Private VLANs VACL trunking vulnerabilities port security

What is a private VLAN?

Access Control List

Exploring Firewall Technologies

Exploring Firewall Technologies

Services offered by the firewall

Firewalls in a layered defense strategy

Cisco ASA

Cisco ASA portfolio

Basic ASA configuration

Advanced ASA Configuration

Advanced ASA Configuration

Routing on the ASA

Device name, passwords, and domain name

Setting banners using the ASDM

Configuring interfaces

System time and Network Time Protocol

Dynamic Host Configuration Protocol

Access control list on the ASA

Creating policies on the ASA

Advanced NAT configurations

Configuring Zone-Based Firewalls

Configuring Zone-Based Firewalls

Zone-Based Firewall terminologies

Overview of Cisco Common Classification Policy Language

Configuring a Zone-Based Firewall

IPSec – The Protocol that Drives VPN

IPSec – The Protocol that Drives VPN

Internet Key Exchange

Configuring a Site-to-Site VPN

Configuring a Site-to-Site VPN

General uses of a site-to-site VPN

Configuring a site-to-site VPN using a Cisco IOS router

Configuring a site-to-site VPN using a Cisco ASA

Configuring a Remote-Access VPN

Configuring a Remote-Access VPN

Using a remote-access VPN

Configuring a clientless remote-access VPN

Configuring a client-based remote-access VPN

Working with IPS

Working with IPS

Configuring an IPS on a Cisco IOS router

Application and Endpoint Security

Application and Endpoint Security

Cisco Email Security Appliance (ESA) overview

Cisco Web Security Appliance overview

Cisco Cloud Web Security overview

Introduction to Cisco TrustSec

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

The DHCP process

Whenever a client connects to a network, it automatically searches for a Dynamic Host Configuration Protocol (DHCP) server. A DHCP server is used to primarily distribute an IP address, subnet mask, default gateway, and Domain Name System (DNS) server configurations to clients. When the client connects, it broadcasts a DHCPDISCOVER message with a destination MAC address of FFFF.FFFF.FFFF and a destination port of 67

The following is the DHCP four (4) way handshake:

Port 67 is open on the DHCP server. A client uses 68 as the source port.

The DHCP server will respond, send a unicast DHCP Offer message back to the client with potentially usable IP configurations. The client will return a DHCPREQUEST back to the DHCP server, letting the server know it's going to accept the IP configurations from the previous message. They will send a DHCP Acknowledgement message to confirm the IP information the client is going to use for network communication.

A simple method to remember the DHCP process is to use an acronym. So D from Discover, O from Offer, R from Request, and A from Acknowledgement. Putting it all together, it spells DORA.