Hands-on preparation for the CCIE Security lab exam Prepare for the CCIE Security lab exam with comprehensive practice lab scenarios designed to test your readiness to take the actual exam Enhance your network security deployment skills by examining the wealth of case studies and lessons in each chapter Understand the security capabilities of Cisco IOS Software and Catalyst 3550 switches, VLANs, and IP addressing Configure ATM, Frame Relay, and ISDN connectivity Evaluate the common security problems associated with IP routing, including coverage of RIP, EIGRP, OSPF, IS-IS, and BGP routing protocols Examine security practices for Cisco devices that can be utilized to increase security on the network, including access lists, IP services, and Cisco IOS Software and CatOS security Learn how to implement AAA, basic and advanced VPNs, and VPDNs Discover effective deployment techniques for the Cisco PIX and IOS Firewalls Learn the steps necessary to deploy IDS on the PIX Firewall and Cisco IOS Software CCIE Practical Studies: Security leads you through the requirements of the CCIE Security one-day lab exam by providing practical lab exercises designed to model complex security solutions. These lab scenarios help you to master the broad scope of technologies needed to succeed on the CCIE Security lab exam and provide you with a solid foundation of knowledge that you can apply to your everyday job as a network security expert. Serving the dual role of expert-level network security reference and CCIE Security lab exam preparation tool, CCIE Practical Studies: Security begins with a review of routing and switching fundamentals and builds upon this foundation with more advanced requirements of modern network security technology. Each chapter contains technology overviews coupled with mini-lab scenarios that demonstrate practical application of the technology. The book concludes with a final chapter containing complete lab scenarios that integrate the concepts and technologies covered in all the earlier chapters. These comprehensive labs mimic the types of scenarios candidates face on the actual one-day lab exam. CCIE Practical Studies: Security is part of a recommended study program from Cisco Systems that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www cisco.com/go/authorizedtraining. "Working through lab activities and practice with show commands and debugs will better prepare the exam candidate to implement and troubleshoot solutions efficiently and successfully." -Kathe Saccenti, co-developer of the CCIE Security exam, Cisco Systems, Inc. Dmitry Bokotey, CCIE No. 4460, holds three CCIE certifications in the fields of Routing and Switching, ISP Dial, and Security. He is a Network Consulting Engineer with US Advanced Services IP/MPLS Central Engineering department at Cisco Systems, Inc. Andrew G. Mason, CCIE No. 7144, CCDP, CSS-1, is the technical director of Boxing Orange (www boxingorange.com), a UK-based Cisco Security and VPN partner specializing in the design and implementation of Cisco security solutions. Raymond Morrow, CCIE No. 4146, CSS-1, is a principal consultant with Computer Solutions, a San Antonio, Texas-based Cisco Silver Partner with Security and VPN partner specialization. Companion CD-ROM CD-ROM contains the solutions to the 8 complete lab scenarios in the book. This book is part of the Cisco Press Practical Studies Series, which offers readers a means to apply theoretical knowledge through hands-on lab scenarios. This unique approach enables readers to practice and hone their internetworking skills while preparing for Cisco certification exams.

Table of Contents:
Foreword. Introduction. 1. The CCIE Security Program. The Cisco CCIE Program. The CCIE Security Exam. Summary. 2. Building a CCIE Mind-Set. What It Takes to Become a CCIE. Developing Proper Study Habits. Lab Experience Versus Real-World Experience. Summary. 3. Building the Test Laboratory. Study Time on a Lab. Planning Your Home Lab. Designing Your Practice Lab for This Book. Summary. 4. Layer 2 and Layer 3 Switching and LAN Connectivity. Catalyst Operating System. Switching Overview. Spanning Tree Overview. Layer 3 Switching Overview. Virtual LAN Overview. VLAN Trunking Protocol Overview. Switch Interface Overview. EtherChannel Overview. Optional Configuration Items. Switched Port Analyzer Overview. Basic Catalyst 3550 Switch Configuration. Summary. Review Questions. FAQs. 5. Frame Relay Connectivity. Frame Relay Overview. Frame Relay Devices. Frame Relay Topologies. Frame Relay Virtual Circuits. Frame Relay Signaling. Network-to-Network Interface. User-Network Interface. Congestion-Control Mechanisms. Configuring Frame Relay. Creating a Broadcast Queue for an Interface. Transparent Bridging and Frame Relay. Configuring a Backup Interface for a Subinterface. TCP/IP Header Compression. Troubleshooting Frame Relay Connectivity. Summary. Review Questions. FAQs. 6. ISDN Connectivity. ISDN Overview. Point-to-Point Protocol (PPP) Overview. Dial-on-Demand Routing (DDR) Overview. Configuring ISDN. Summary. Review Questions. FAQs. 7. ATM Connectivity. ATM Overview. Configuring ATM. Summary. Review Questions. FAQs. 8. RIP. RIP Structure. Configuring RIP. Summary. Review Questions. FAQs. 9. EIGRP. An EIGRP Overview. Configuring EIGRP. EIGRP Building Blocks. Configuring EIGRP Options. Troubleshooting EIGRP. Summary. Review Questions. FAQs. 10. OSPF. Configuring OSPF. Monitoring and Maintaining OSPF. Summary. Review Questions. FAQs. 11. IS-IS. Integrated IS-IS Overview. Configuring IS-IS. IS-IS Building Blocks. The IS-IS State Machine. Pseudonodes. IS-IS Addressing. Limiting LSP Flooding. Generating a Default Route. Route Redistribution. Setting IS-IS Optional Parameters. Configuring IS-IS Authentication. Using show and debug Commands. Summary. Review Questions. FAQs. 12. BGP. Understanding BGP Concepts. Configuring BGP. Summary. Review Questions. FAQ. 13. Redistribution. Metrics. Administrative Distance. Classless and Classful Capabilities. Avoiding Problems Due to Redistribution. Configuring Redistribution of Routing Information. Summary. Review Questions. FAQs. 14. Security Primer. Important Security Acronyms. White Hats Versus Black Hats. Cisco Security Implementations. VPN Overview. AAA Overview. IDS Fundamentals. Summary. Review Questions. FAQs. 15. Basic Cisco IOS Software and Catalyst 3550 Series Security. Cisco IOS Software Security. Basic IOS Security Configuration. Catalyst 3550 Security. Summary. Review Questions. FAQs. 16. Access Control Lists. Overview of Access Control Lists. ACLs on the IOS Router and the Catalyst 3550 Switch. Time-of-Day ACLs.Lock-and-Key ACLs. Reflexive ACLs. Router ACLs. Port ACLs. Fragmented and Unfragmented Traffic. Logging ACLs. Defining ACLs. Maintaining ACLs. Unsupported Features on the Catalyst 3550 Switch. Summary. Review Questions. FAQs. 17. IP Services. Managing IP Connections. MTU Packet Size. Filtering IP Packets Using Access Lists. Hot Standby Router Protocol Overview. IP Accounting Overview. Configuring TCP Performance Parameters. Configuring the MultiNode Load Balancing Forwarding Agent. Network Address Translation Overview. Configuring IP Services. Monitoring and Maintaining IP Services. Summary. Review Questions. FAQs. 18. AAA Services. TACACS+ Versus RADIUS. Configuring AAA. Summary. Review Questions. FAQs. 19. Virtual Private Networks. Virtual Private Network (VPN) Overview. IPSec Overview. Tunnel and Transport Modes. IPSec Operation. Configuring IPSec in Cisco IOS Software and PIX Firewalls. Certificate Authority (CA) Support. Summary. Review Questions. FAQs. 20. Advanced Virtual Private Networks. Issues with Conventional IPSec VPNs. Configuring Advanced VPNs. Summary. Review Questions. FAQs. 21. Virtual Private Dialup Networks. L2F and L2TP Overview. VPDN Process Overview. PPTP Overview. Configuring VPDNs. Summary. Review Questions. FAQs. 22. Cisco IOS Firewall. Creating a Customized Firewall. Configuring TCP Intercept. CBAC Overview. Port-to-Application Mapping (PAM). Summary. Review Questions. FAQs. 23. Cisco PIX Firewall. Security Levels and Address Translation. TCP and UDP. Configuring a Cisco PIX Firewall. Summary. Review Questions. FAQs. 24. IDS on the Cisco PIX Firewall and IOS Software. Cisco IOS Software Intrusion Detection. Cisco PIX Firewall Intrusion Detection. Cisco IOS Software and PIX IDS Signatures. Configuring Cisco IDS. Summary. Review Questions. FAQs. 25. Internet Service Provider Security Services. Preventing Denial-of-Service Attacks). Layer 2 VPN (L2VPN). Configuring ISP Services. Summary. Review Questions. FAQs. 26. Sample Lab Scenarios. Practice Lab Format. How the Master Lab Compares to the CCIE Security Lab Exam. CCIE Practice Lab 1: Building Layer 2. CCIE Practice Lab 2: Routing. CCIE Practice Lab 3: Configuring Protocol Redistribution and Dial Backup. CCIE Practice Lab 4: Configuring Basic Security. CCIE Practice Lab 5: Dial and Application Security. CCIE Practice Lab 6: Configuring Advanced Security Features. CCIE Practice Lab 7: Service Provider. CCIE Practice Lab 8: All-Inclusive Master Lab. Summary. Appendix A. Basic UNIX Security. Appendix B. Basic Windows Security. Appendix C. ISDN Error Codes and Debugging Reference. Appendix D. Password Recovery on Cisco IOS, CatalystOS, and PIX. Appendix E. Security-Related RFCs and Publications. Appendix F. Answers to the Review Questions.