Book Image

CCNA Security 210-260 Certification Guide

By : Glen D. Singh, Michael Vinod, Vijay Anandh
Book Image

CCNA Security 210-260 Certification Guide

By: Glen D. Singh, Michael Vinod, Vijay Anandh

Overview of this book

With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam. You’ll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you’ll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols. Next, you’ll learn about security on the data link layer by implementing various security toolkits. You’ll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You’ll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you’ll delve into the concepts of IPS and endpoint security to secure your organization’s network infrastructure. By the end of this book, you’ll be ready to take the CCNA Security Exam (210-260).

Related Content you might be interested in

Current Title:

Small book image
CCNA Security 210-260 Certification Guide
Glen D. Singh | Michael Vinod | Vijay Anandh
Jun, 2018 | 518 pages
Small book image
Implementing and Administering Cisco Solutions: 200-301 CCNA Exam Guide
Glen D Singh
Nov, 2020 | 764 pages
Small book image
Cisco Certified CyberOps Associate 200-201 Certification Guide
Glen D Singh
Jun, 2021 | 660 pages
Small book image
CCNA Routing and Switching 200-125 Certification Guide
Lazaro Jesus Diaz
Oct, 2018 | 504 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Exploring Security Threats
Exploring Security Threats
Important terms in network security
Introduction to an attack
The DHCP process
Why DHCP snooping?
Summary
2
Delving into Security Toolkits
Delving into Security Toolkits
Firewall functions
Intrusion prevention system
Intrusion detection system
Virtual Private Network
Content security
Summary
3
Understanding Security Policies
Understanding Security Policies
Need for a security policy
Risk
Vulnerability
Threat
Asset
Summary
4
Deep Diving into Cryptography
Deep Diving into Cryptography
What is cryptography?
Objectives of cryptography
Terminologies
Types of encryption
Types of cipher
Encryption algorithms
Hashing algorithms
Cryptographic systems
Public Key Infrastructure
Summary
5
Implementing the AAA Framework
Implementing the AAA Framework
Components of AAA
Implementing Cisco AAA - authentication
Issues with authentication
Implementing Cisco AAA - authorization
Implementing Cisco AAA - accounting
Summary
6
Securing the Control and Management Planes
Securing the Control and Management Planes
Introducing the security policy
Technologies to implement secure management network
Planning considerations for secure management
Log messaging implementation for security
Control Plane Policing
Summary
7
Protecting Layer 2 Protocols
Protecting Layer 2 Protocols
Layer 2 attack mitigation
Features of the Virtual Local Area Network
Summary
8
Protecting the Switch Infrastructure
Protecting the Switch Infrastructure
Private VLANs VACL trunking vulnerabilities port security
What is a private VLAN?
Access Control List
VLAN hopping
Summary
9
Exploring Firewall Technologies
Exploring Firewall Technologies
Services offered by the firewall
Firewalls in a layered defense strategy
Summary
10
Cisco ASA
Cisco ASA
Cisco ASA portfolio
ASA features
Basic ASA configuration
Summary
11
Advanced ASA Configuration
Advanced ASA Configuration
Routing on the ASA
Device name, passwords, and domain name
Setting banners using the ASDM
Configuring interfaces
System time and Network Time Protocol
Dynamic Host Configuration Protocol
Access control list on the ASA
Object groups
Creating policies on the ASA
Advanced NAT configurations
Summary
12
Configuring Zone-Based Firewalls
Configuring Zone-Based Firewalls
Zone-Based Firewall terminologies
Overview of Cisco Common Classification Policy Language
Configuring a Zone-Based Firewall
Summary
13
IPSec – The Protocol that Drives VPN
IPSec – The Protocol that Drives VPN
Terminologies
What is IPSec?
ISAKMP
Internet Key Exchange
Summary
14
Configuring a Site-to-Site VPN
Configuring a Site-to-Site VPN
General uses of a site-to-site VPN
Configuring a site-to-site VPN using a Cisco IOS router
Configuring a site-to-site VPN using a Cisco ASA
Summary
15
Configuring a Remote-Access VPN
Configuring a Remote-Access VPN
Using a remote-access VPN
Configuring a clientless remote-access VPN
Configuring a client-based remote-access VPN
Summary
16
Working with IPS
Working with IPS
Terminologies
IDS and IPS
Configuring an IPS on a Cisco IOS router
Summary
17
Application and Endpoint Security
Application and Endpoint Security
Cisco Email Security Appliance (ESA) overview
Cisco Web Security Appliance overview
Cisco Cloud Web Security overview
BYOD concepts
Introduction to Cisco TrustSec
Summary
18
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Layer 2 attack mitigation

All layers of TCP/IP have their own security threats and vulnerabilities. Unfortunately, if the lower layer is hacked, communications are compromised without the other layers being aware of the problem. Everything at Layer 3 and higher is encapsulated into some type of Layer 2 frame. If an attacker can interrupt, copy, redirect, or confuse the Layer 2 forwarding, they can also disrupt the functions of the upper-layer protocols:

For example, an internal attacker who is connected to the network using some port-scanning tools to scan the open ports can gain access to the switch through which they can start accessing the upper-layer devices.

Port scanning is a reconnaissance mechanism that attackers use to scan the ports that are active.
Previous Section
End of Section 2
Next Section