CCIE Security v4.0 Quick Reference provides you with detailed information, highlighting the key topics on the latest CCIE Security exam. This fact-filled Quick Reference allows you to get all-important information at a glance, helping you to focus your study on areas of weakness and to enhance memory retention of important concepts. With this book as your guide, you will reinforce your knowledge of and experience with implementation, maintenance, and support of extensive Cisco network security solutions. You will review topics on networking theory, security protocols, hash algorithms, data encryption standards, application protocols, security appliances, and security applications and solutions. This book provides a comprehensive final review for candidates taking the CCIE Security v4.0 exam. It steps through exam objectives one-by-one, providing concise and accurate review for all topics. Using this book, you will be able to easily and effectively review test objectives without having to wade through numerous books and documents to find relevant content for final review.

Table of Contents:
Introduction xiii Chapter 1 Infrastructure, Connectivity, Communications, and Network Security 1 Networking Basics 1     Ethernet in a Nutshell 3     Bridging and Switching 3     Bridge Port States 3     EtherChannel and Trunking 4 IP Overview 4     Subnetting, Variable-Length Subnet Masking, and Classless Interdomain Routing 6 IPv6 6 Transmission Control Protocol 7     Hot Standby Routing Protocol 9     Virtual Router Redundancy Protocol 10     Generic Routing Encapsulation 10     Next Hop Resolution Protocol 11 Routing Protocols 12     Configuring RIP 12     Interior Gateway Routing Protocol 13         Configuring IGRP 13     Open Shortest Path First Protocol 14     Enhanced Interior Gateway Routing Protocol 16         Configuring EIGRP 16     Border Gateway Protocol 17         Configuring BGP (Basics Only) 17 IP Multicast Overview 18 Wireless 18     Service Set Identifier 18     Authentication and Authorization 19 Client Authentication and Association Process 19 Rogue Access Points 22     Authentication and Authorization Technologies 23 Single Sign-On 26 One-Time Password 27 Lightweight Directory Access Protocol and Active Directory 27 Role-Based Access Control 28     Mobile IP Networks 28 Questions and Answers 30 Chapter 2 Security Protocols 33 RADIUS 33     Configuring RADIUS 34 TACACS+ 35     Configuring TACACS 35 Hash Algorithms 36     Need for Hashing Algorithms 36     Hash-Based Message Authentication Codes 37     Symmetric and Asymmetric Encryption 38     Symmetric Key Algorithms 39     Asymmetric Encryption Protocols 40     Diffie-Hellman Algorithm 41 IP Security 41     Data Integrity 42     Origin Authentication 42     Anti-Replay Protection 42     Confidentiality 42     ISAKMP (RFC 2408) 43 Authentication Header and Encapsulating Security Payload Protocols 44     Tunnel and Transport Modes 44     Secure Shell 45     Configuring SSH 45     Secure Sockets Layer 46     Group Domain of Interpretation 46     Lightweight Directory Access Protocol 47 Public Key Infrastructure 47 802.1x Authentication 48 IEEE 802.1x Extensible Authentication Protocol Security 50 WEP, WPA, and WPA2 50     WPA and WPA2 51         WPA-PSK 51         WPA-Enterprise 51     Web Cache Communication Protocol 51     Security Group Tag eXchange Protocol 52     MACsec 52     DNSSEC 53 Questions and Answers 54 Chapter 3 Application and Infrastructure Security 57 HTTP 57     Configuring HTTP 57 HTTPS 58     Configuring HTTPS 58 Simple Mail Transfer Protocol 58 File Transfer Protocol 59 Domain Name System 60 Trivial File Transfer Protocol 61 Network Time Protocol 62 Syslog 62 Dynamic Host Configuration Protocol 63 Simple Network Management Protocol 64 Remote Desktop Protocol 65 PC over IP 66 Virtual Network Computing 66 Questions and Answers 67 Chapter 4 Threats, Vulnerability Analysis, and Mitigation 69 Recognize and Mitigate Common Attacks 69     ICMP Attacks and PING Floods 69     Man-in-the-Middle Attacks 69     Replay Attacks 70     Spoofing Attacks 71     Back-Door Attacks 71     Bots and Botnets 72     Wireless Attacks 72         Denial-of-Service Attacks 73         Snooping Attacks 73         Decryption Attacks 73     DoS and DDoS Attacks 73         Distributed Denial of Service (DDoS) 74         Identification of Attack Traffic 74         Solutions for Attack Traffic 74     Header Attacks 75     Tunneling Attacks 75 Software and OS Exploits 76 Security and Attack Tools 76     Packet Sniffer and Capture Tools 77     Network Service Mapping Tools 77     Vulnerability Assessment Tools 77 Packet Filtering 77 Content Filtering 77     ActiveX Filtering 78     Java Filtering 78     URL Filtering 78 Endpoint and Posture Assessment 79 QoS Marking Attacks 80 Questions and Answers 80 Chapter 5 Cisco Security Products, Features, and Management 83 Cisco Adaptive Security Appliance 83     Firewall Functionality 83     Firewall Modes (Routing and Multicast Capabilities) 84     Network Address Translation 86     Access Control Lists/Entries and Identity-Based Services 88     Modular Policy Framework 89     ASA Failover and Redundancy 90 Identity Services Engine 92 Virtual Security Gateway 93 Cisco Cloud Web Security (Formerly ScanSafe) 94 Cisco Catalyst 6500 ASA-Service Module 96 Cisco Prime Security Manager 97 Questions and Answers 98 Chapter 6 Cisco Security Technologies and Solutions 99 Cisco Hardware Overview 99 Cisco Router Operating Modes and Management 101 Basic Cisco Router Security 101 IP Access Lists 103 Network-Based Application Recognition 104 Control Plane Policing 104 Control Plane Protection 105     Control Plane Host Subinterface 105     Control Plane Transit Subinterface 105     Control Plane CEF-Exception Subinterface 106 Management Plane Protection 106 Modular QoS CLI 107 Unicast Reverse Path Forwarding 107 Cisco NetFlow 107 CAM Table Overflow and MAC Address Spoofing 108 VLAN Hopping 109 Spanning Tree Protocol Security 109 DHCP Starvation Attack 109 DNS Spoofing 109 Cisco Discovery Protocol 110 VLAN Trunking Protocol Security 110 Network Segregation 110     VLAN Extensible LAN 110 VPN Solutions 111     FlexVPN 111     Dynamic Multipoint VPN 112     Group Encrypted Transport VPN 114         Time-Based Anti-Replay 116     Cisco Easy VPN 116 Load Balancing and Failover 116     Load Balancing 117     Failover 117 Questions and Answers 118 Chapter 7 Security Policies and Procedures, Best Practices and Standards 119 The Need for Network Security Policy 119 Standards Bodies 119 Newsgroups 120 Information Security Standards 121     ISO 17799/BS7799/ISO 27002 121 Attacks, Vulnerabilities, and Common Exploits 121     Ping of Death 122     TCP SYN Flood Attack and Land.C Attack 122     Email Attack 122     CPU-Intensive Attack 122     Teardrop Attack, DNS Poisoning, and UDP Bomb 122     Distributed DoS Attack 123     Chargen Attack 123     Spoof Attack 123     Smurf Attack 123     Man-in-the-Middle Attack 123     Birthday Attack 123 BCP 38 123 Intrusion Detection Systems and Configuring Cisco IOS Software for Security Against Intrusion 124 Security Audit and Validation 125 Risk Assessment/Analysis 125 Change Management Process 126 Incident Response Teams and Framework 126 Computer Security Forensics 127 Common RFCs 127 Questions and Answers 127 Answers Appendix 129     9780133855081   TOC   8/5/2014