Book Image

CCNA Security 210-260 Certification Guide

By : Glen D. Singh, Michael Vinod, Vijay Anandh

Book Image

CCNA Security 210-260 Certification Guide

By: Glen D. Singh, Michael Vinod, Vijay Anandh

Overview of this book

With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam. You’ll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you’ll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols. Next, you’ll learn about security on the data link layer by implementing various security toolkits. You’ll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You’ll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you’ll delve into the concepts of IPS and endpoint security to secure your organization’s network infrastructure. By the end of this book, you’ll be ready to take the CCNA Security Exam (210-260).

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Exploring Security Threats

Exploring Security Threats

Important terms in network security

Introduction to an attack

The DHCP process

Why DHCP snooping?

Delving into Security Toolkits

Delving into Security Toolkits

Firewall functions

Intrusion prevention system

Intrusion detection system

Virtual Private Network

Content security

Understanding Security Policies

Understanding Security Policies

Need for a security policy

Deep Diving into Cryptography

Deep Diving into Cryptography

What is cryptography?

Objectives of cryptography

Types of encryption

Types of cipher

Encryption algorithms

Hashing algorithms

Cryptographic systems

Public Key Infrastructure

Implementing the AAA Framework

Implementing the AAA Framework

Components of AAA

Implementing Cisco AAA - authentication

Issues with authentication

Implementing Cisco AAA - authorization

Implementing Cisco AAA - accounting

Securing the Control and Management Planes

Securing the Control and Management Planes

Introducing the security policy

Technologies to implement secure management network

Planning considerations for secure management

Log messaging implementation for security

Control Plane Policing

Protecting Layer 2 Protocols

Protecting Layer 2 Protocols

Layer 2 attack mitigation

Features of the Virtual Local Area Network

Protecting the Switch Infrastructure

Protecting the Switch Infrastructure

Private VLANs VACL trunking vulnerabilities port security

What is a private VLAN?

Access Control List

Exploring Firewall Technologies

Exploring Firewall Technologies

Services offered by the firewall

Firewalls in a layered defense strategy

Cisco ASA

Cisco ASA portfolio

Basic ASA configuration

Advanced ASA Configuration

Advanced ASA Configuration

Routing on the ASA

Device name, passwords, and domain name

Setting banners using the ASDM

Configuring interfaces

System time and Network Time Protocol

Dynamic Host Configuration Protocol

Access control list on the ASA

Creating policies on the ASA

Advanced NAT configurations

Configuring Zone-Based Firewalls

Configuring Zone-Based Firewalls

Zone-Based Firewall terminologies

Overview of Cisco Common Classification Policy Language

Configuring a Zone-Based Firewall

IPSec – The Protocol that Drives VPN

IPSec – The Protocol that Drives VPN

Internet Key Exchange

Configuring a Site-to-Site VPN

Configuring a Site-to-Site VPN

General uses of a site-to-site VPN

Configuring a site-to-site VPN using a Cisco IOS router

Configuring a site-to-site VPN using a Cisco ASA

Configuring a Remote-Access VPN

Configuring a Remote-Access VPN

Using a remote-access VPN

Configuring a clientless remote-access VPN

Configuring a client-based remote-access VPN

Working with IPS

Working with IPS

Configuring an IPS on a Cisco IOS router

Application and Endpoint Security

Application and Endpoint Security

Cisco Email Security Appliance (ESA) overview

Cisco Web Security Appliance overview

Cisco Cloud Web Security overview

Introduction to Cisco TrustSec

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

Just to recap, we discussed the use of a remote-access VPN in an environment where an employee may be working from home or in the field and require access to the corporate network. Further, we took a look at the necessary steps to configure both a clientless SSL VPN and a client-based VPN on the Cisco ASA. Finally, we verified that the VPN connections were working properly. Now we are able to do the same in an organization or even in our own lab environment. We also saw how to distribute the Cisco AnyConnect Secure Mobility Client securely using the VPN portal.

In the next chapter, we will discuss the need for an Intrusion Detection System (IDS), an Intrusion Prevention System (IPS), and how to configure the Cisco IOS router as an IPS.