Official self-study test preparation guide for the CCIE Security written exam 350-018   Updated content covers all the latest CCIE Security written exam 2.0 objectives, including: AES, EAP, IOS SSH, RDEP, and intrusion prevention DNS, TFTP, Secure Shell, Secure Socket Layer Protocol, NTP, and SNMP Password security, password recovery, and standard and extended access lists Encryption technologies and security protocols, including IPSec, AES, 3DES, TACACS+, and RADIUS Cisco security applications, including Cisco Secure PIX® Firewall, VPN, IDS, IPS, and Cisco Policy Manager Basic security methods and the evolution of new secure networks including packet filtering, proxies, and NAT/PAT Cisco security applications such as the VPN 3000, client-side VPNs, and service modules  With increased reliance on networking resources to provide productivity gains and corporate revenue contributions, the need for network security has never been higher. Rising concerns over corporate espionage, cyber-terrorism, financial fraud, and theft of proprietary information have radically increased the demand for highly skilled networking security professionals. As one of the most sought-after and highly valued networking certifications, the Cisco Systems® CCIE Security certification is answering the need for technical expertise in this critical market by distinguishing the top echelon of internetworking experts.   CCIE Security Exam Certification Guide, Second Edition, is a comprehensive study tool for the CCIE Security written exam version 2.0. Fully updated and reviewed by present and former members of the CCIE Security team at Cisco®, this book helps you understand and master the material you need to know to pass the written exam. Covering all the topics in this challenging exam, this book is your ultimate exam preparation resource. Designed to optimize your study time, CCIE Security Exam Certification Guide helps you assess your knowledge of the material at the start of each chapter with customized quizzes for each topic. Increase retention of key concepts by reviewing succinct summaries of crucial concepts. Test your comprehension with chapter-ending review questions. Determine your assimilation of knowledge and get a taste of the CCIE Security lab exam with sample lab scenarios in the last chapter. Take timed practice exams that mimic the real testing environment with the CD-ROM test engine or customize the test bank to focus on the topics for which you need the most help.   CCIE Security Exam Certification Guide, Second Edition, is part of a recommended study program from Cisco Systems that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.   “This book will be a valuable asset for potential CCIE Security candidates. I am positive individuals will inevitably gain extensive security network knowledge during their preparation for the CCIE Security written exam using this book.” -Yusuf Hussain Bhaiji, CCIE Security Program Manager, Cisco Systems   Companion CD-ROM CD-ROM contains a test engine with over 500 questions covering the full range of CCIE Security written exam topics, flash card format practice questions, and an electronic version of the text. CD-ROM test engine powered by www.boson.com. Boson Software is a Cisco Learning Partner.   This volume is part of the Exam Certification Guide Series from Cisco Press®. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.  

Table of Contents:
Foreword Introduction Chapter 1 General Networking Topics “Do I Know This Already?” Quiz Foundation Topics Networking Basics–The OSI Reference Model Layer 1: The Physical Layer Layer 2: The Data Link Layer Layer 3: The Network Layer Layer 4: The Transport Layer Layer 5: The Session Layer Layer 6: The Presentation Layer Layer 7: The Application Layer TCP/IP and OSI Model Comparison Example of Peer-to-Peer Communication Ethernet Overview Switching and Bridging Bridge Port States Fast EtherChannel Internet Protocol Variable-Length Subnet Masks Classless Interdomain Routing Transmission Control Protocol TCP Mechanisms TCP/IP Services Address Resolution Protocol Reverse ARP Dynamic Host Configuration Protocol Hot Standby Router Protocol Internet Control Message Protocol Telnet File Transfer Protocol and Trivial File Transfer Protocol Routing Protocols Routing Information Protocol Enhanced Interior Gateway Routing Protocol Open Shortest Path First Border Gateway Protocol Integrated Services Digital Network Basic Rate and Primary Rate Interfaces ISDN Framing and Frame Format ISDN Layer 2 Protocols Cisco IOS ISDN Commands IP Multicast Asynchronous Communications and Access Devices Telephony Best Practices Wireless Best Practices Foundation Summary Wireless Best Practices Q & A Scenario: Routing IP on Cisco Routers Scenario Answers Chapter 2 Application Protocols “Do I Know This Already?” Quiz Foundation Topics Domain Name System Trivial File Transfer Protocol File Transfer Protocol Active FTP Passive FTP Hypertext Transfer Protocol Secure Sockets Layer Simple Network Management Protocol SNMP Notifications SNMP Examples Simple Mail Transfer Protocol Network Time Protocol Secure Shell and Cisco IOS SSH Cisco IOS SSH Remote Data Exchange Protocol Foundation Summary Q & A Scenario: Configuring DNS, TFTP, NTP, and SNMP Scenario Answers Chapter 3 Cisco IOS Specifics and Security “Do I Know This Already?” Quiz Foundation Topics Cisco Hardware Random-Access Memory  Nonvolatile RAM System Flash Central Processing Unit Read-Only Memory Configuration Registers Cisco Interfaces Saving and Loading Files show and debug Commands Router CLI show Commands Debugging Cisco Routers Password Recovery Basic Security on Cisco Routers IP Access Lists Access Lists on Cisco Routers Extended Access Lists Layer 2 Switching Security CAM Table Overflow VLAN Hopping Spanning Tree Protocol Manipulation MAC Spoofing Attack DHCP Starvation Attacks Security Policy Best Practices–A Cisco View Foundation Summary Q & A Scenario: Configuring Cisco Routers for Passwords and Access Lists Scenario Answers Chapter 4 Security Protocols “Do I Know This Already?” Quiz Foundation Topics Authentication, Authorization, and Accounting Authentication Authorization Accounting Remote Authentication Dial-In User Service RADIUS Configuration Task List Terminal Access Controller Access Control System Plus TACACS+ Configuration Task List TACACS+ Versus RADIUS Encryption Technology Overview DES and 3DES Advanced Encryption Standard Message Digest 5 and Secure Hash Algorithm Diffie-Hellman IP Security Certificate Enrollment Protocol Extensible Authentication Protocol, Protected EAP, and Temporal Key Integrity Protocol Virtual Private Dial-Up Networks (VPDN) VPDN Configuration Task List Foundation Summary Q & A Scenario: Configuring Cisco Routers for IPSec Scenario Answers Chapter 5 Cisco Security Applications “Do I Know This Already?” Quiz Foundation Topics Cisco Secure for Windows (NT) and Cisco Secure ACS Cisco Secure ACS IDS Fundamentals Notification Alarms Signature-Based IDS Anomaly-Based IDS Network-Based IDS Versus Host-Based IDS IDS Placement IDS Tuning Cisco Secure Intrusion Detection System and Catalyst Services Modules Cisco Secure IDS Cisco Inline IDS (Intrusion Prevention System) Catalyst Services Module CiscoWorks VMS Cisco VPN 3000 Concentrator Cisco Secure VPN Client Cisco Router and Security Device Manager Security Information Monitoring System Foundation Summary Q & A Scenario: Cisco Secure IDS Database Event Scenario Answers Chapter 6 Security Technologies “Do I Know This Already?” Quiz Foundation Topics Advanced Security Concepts Network Address Translation and Port Address Translation NAT Operation on Cisco Routers Cisco PIX Firewall Configuring a PIX Firewall Troubleshooting PIX Firewall Log Files Cisco PIX Firewall Software Features Cisco IOS Firewall Feature Set CBAC Configuration Task List Public Key Infrastructure Virtual Private Networks Network-Based Intrusion Detection Systems Cisco Security Agent and Host-Based IDS Cisco Threat Response Cisco Threat Response IDS Requirements Authorization Technologies (IOS Authentication 802.1X) Foundation Summary Q & A Scenario: Configuring a Cisco PIX Firewall for NAT Scenario Answer Chapter 7 Network Security Policies, Vulnerabilities, and Protection “Do I Know This Already?” Quiz Foundation Topics Network Security Policies Standards Bodies and Incident Response Teams Incident Response Teams Internet Newsgroups Vulnerabilities, Attacks, and Common Exploits Intrusion Detection System Protecting Cisco IOS from Intrusion Foundation Summary Q & A Scenario: Defining Cisco IOS Commands to View DoS Attacks in Real Time Scenario Answers Chapter 8 CCIE Security Self-Study Lab How to Use This Chapter Preparing for this Lab Goal of This Lab CCIE Security Self-Study Lab Part I Goals CCIE Security Self-Study Lab Part II Goals General Lab Guidelines and Setup Communications Server (0 Points) CCIE Security Self-Study Lab Part I: Basic Network Connectivity (4 Hours) Basic Frame Relay Setup (5 Points) Physical Connectivity (0 Points) Catalyst Ethernet Switch Setup I (5 Points) Catalyst Ethernet Switch Setup II (6 Points) IP Host Lookup and Disable DNS (1 Point) PIX Configuration (6 Points) IGP Routing (18 Points) Basic ISDN Configuration (6 Points) DHCP Configuration (3 Points) BGP Routing Configuration (6 Points) CCIE Security Self-Study Lab Part II: Advanced Security Design (4 Hours) IP Access List (4 Points) Prevent Denial-of-Service Attacks (4 Points) Time-Based Access List (4 Points) Dynamic Access List/Lock and Key Feature (5 Points) Cisco IOS Firewall Configuration on R5 (6 Points) IPSec Configuration (6 Points) Advanced PIX Configuration (5 Points) ACS Configuration (5 Points) Cisco Intrusion Detection System (5 Points) Final Configurations Additional Advanced Lab Topics (No Solutions Provided) Advanced Security Lab Topics (4 Points) Content Filtering (2 Points) FTP Issues (3 Points) Routing Table Authenticity (4 Points) Access Control on R2 Ethernet Interface (4 Points) Conclusion Appendix A  Answers to Quiz Questions Appendix B  Study Tips for CCIE Security Examinations Appendix C    Sample CCIE Routing and Switching Lab I Appendix D    Sample CCIE Routing and Switching Lab II