Book Image

CCNA Security 210-260 Certification Guide

By : Glen D. Singh, Michael Vinod, Vijay Anandh
Book Image

CCNA Security 210-260 Certification Guide

By: Glen D. Singh, Michael Vinod, Vijay Anandh

Overview of this book

With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam. You’ll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you’ll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols. Next, you’ll learn about security on the data link layer by implementing various security toolkits. You’ll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You’ll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you’ll delve into the concepts of IPS and endpoint security to secure your organization’s network infrastructure. By the end of this book, you’ll be ready to take the CCNA Security Exam (210-260).

Related Content you might be interested in

Current Title:

Small book image
CCNA Security 210-260 Certification Guide
Glen D. Singh | Michael Vinod | Vijay Anandh
Jun, 2018 | 518 pages
Small book image
Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide
Glen D Singh
Nov, 2020 | 764 pages
Small book image
Cisco Certified CyberOps Associate 200-201 Certification Guide
Glen D Singh
Jun, 2021 | 660 pages
Small book image
CCNA Routing and Switching 200-125 Certification Guide
Lazaro Jesus Diaz
Oct, 2018 | 504 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Exploring Security Threats
Exploring Security Threats
Important terms in network security
Introduction to an attack
The DHCP process
Why DHCP snooping?
Summary
2
Delving into Security Toolkits
Delving into Security Toolkits
Firewall functions
Intrusion prevention system
Intrusion detection system
Virtual Private Network
Content security
Summary
3
Understanding Security Policies
Understanding Security Policies
Need for a security policy
Risk
Vulnerability
Threat
Asset
Summary
4
Deep Diving into Cryptography
Deep Diving into Cryptography
What is cryptography?
Objectives of cryptography
Terminologies
Types of encryption
Types of cipher
Encryption algorithms
Hashing algorithms
Cryptographic systems
Public Key Infrastructure
Summary
5
Implementing the AAA Framework
Implementing the AAA Framework
Components of AAA
Implementing Cisco AAA - authentication
Issues with authentication
Implementing Cisco AAA - authorization
Implementing Cisco AAA - accounting
Summary
6
Securing the Control and Management Planes
Securing the Control and Management Planes
Introducing the security policy
Technologies to implement secure management network
Planning considerations for secure management
Log messaging implementation for security
Control Plane Policing
Summary
7
Protecting Layer 2 Protocols
Protecting Layer 2 Protocols
Layer 2 attack mitigation
Features of the Virtual Local Area Network
Summary
8
Protecting the Switch Infrastructure
Protecting the Switch Infrastructure
Private VLANs VACL trunking vulnerabilities port security
What is a private VLAN?
Access Control List
VLAN hopping
Summary
9
Exploring Firewall Technologies
Exploring Firewall Technologies
Services offered by the firewall
Firewalls in a layered defense strategy
Summary
10
Cisco ASA
Cisco ASA
Cisco ASA portfolio
ASA features
Basic ASA configuration
Summary
11
Advanced ASA Configuration
Advanced ASA Configuration
Routing on the ASA
Device name, passwords, and domain name
Setting banners using the ASDM
Configuring interfaces
System time and Network Time Protocol
Dynamic Host Configuration Protocol
Access control list on the ASA
Object groups
Creating policies on the ASA
Advanced NAT configurations
Summary
12
Configuring Zone-Based Firewalls
Configuring Zone-Based Firewalls
Zone-Based Firewall terminologies
Overview of Cisco Common Classification Policy Language
Configuring a Zone-Based Firewall
Summary
13
IPSec – The Protocol that Drives VPN
IPSec – The Protocol that Drives VPN
Terminologies
What is IPSec?
ISAKMP
Internet Key Exchange
Summary
14
Configuring a Site-to-Site VPN
Configuring a Site-to-Site VPN
General uses of a site-to-site VPN
Configuring a site-to-site VPN using a Cisco IOS router
Configuring a site-to-site VPN using a Cisco ASA
Summary
15
Configuring a Remote-Access VPN
Configuring a Remote-Access VPN
Using a remote-access VPN
Configuring a clientless remote-access VPN
Configuring a client-based remote-access VPN
Summary
16
Working with IPS
Working with IPS
Terminologies
IDS and IPS
Configuring an IPS on a Cisco IOS router
Summary
17
Application and Endpoint Security
Application and Endpoint Security
Cisco Email Security Appliance (ESA) overview
Cisco Web Security Appliance overview
Cisco Cloud Web Security overview
BYOD concepts
Introduction to Cisco TrustSec
Summary
18
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

To get the most out of this book

To get started, you'll need the following:

  • Cisco IOS Router 3725 or another IOS router with the Zone-Based Policy Firewall and IPS capabilities
  • Cisco IOS Switch 2960
  • Cisco ASA 5505 or higher
  • Cisco Configuration Professional (CCP) will provide a GUI during the configuration process on the IOS router
  • Java Runtime Environment
  • Any modern web browser, preferably Internet Explorer

If you're unable to get the physical hardware equipment, you can use a network simulator such as GNS3 (https://www.gns3.com/) and use the IOS images. Cisco Packet Tracer (https://www.netacad.com/) can also be used; however, the appliances in Cisco Packet Tracer does not support all the features and commands needed for CCNA security training.

Conventions

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "On the victim's end, for every SYN packet received, it must reply with a SYN/ACK packet."

A block of code is set as follows:

vlan 200
  private-vlan primary
  private-vlan association 201
!
vlan 201
  private-vlan isolated

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

vlan 200
  private-vlan primary
  private-vlan association 201
!
vlan 201
  private-vlan isolated

Any command-line input or output is written as follows:

Router1(config)#aaa accounting exec default start-stop group tacacs+
Router1(config)#aaa accounting commands 15 default start-stop group tacacs+
Router1(config)#aaa accounting network default start-stop group tacacs+

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Once again, navigate to Configuration | Device Setup | Routing | Static Routes on the ASDM. Click on Add."

Warnings or important notes appear like this.
Tips and tricks appear like this.
Previous Section
Next Section