Download Cisco CCNA Security-Summary PDF

TitleCisco CCNA Security-Summary
TagsNetwork Switch Port (Computer Networking) Transmission Control Protocol Denial Of Service Attack Radius
File Size1.3 MB
Total Pages56
Table of Contents
                            Contents
Introduction
	Cisco Security Management Tools
	Control of Data
	Security Policy
	Risk
	System Development Life Cycle (SDLC)
Understanding the Risks
	Layer 2 risks
	Layer 3 risks
	Upper Layer risks
	Physical
Configuring Devices
	Basic device Configuration
		Creating a Banner
		Configure SSH access
		Enable SDM
		IOS Resilient Configuration
		Password Recovery
	AAA
		RADIUS
		TACACS
		Configuring
	User Privileges
		Privilege Level Access
		Role Based Access
	Logon Security
		Securing VTY Lines
	AutoSecure and One Step Lock Down
		AutoSecure
		SDM One-Step Lockdown & Security Audit
	Logging
	NTP
Layer 2 security
	Port Security
		Configure SNMP Traps for MAC Table Event Notification
	802.1x Port Security / Network Admission Control (NAC)
		Dot1x port control modes-
		EAP
		Example
	Storm Control
	Span ports (Switchport Analyser)
	Securing VLANs
		Filtering Intra-VLAN Traffic
		Private VLANs
	Securing IP at Layer 2
		DHCP Snooping
		Dynamic ARP Inspection (DAI)
		IP Source Guard
	Useful Commands
	Best Practices
IOS Firewall
	Firewall Introduction
		Firewall Types
		Layered Defence Strategy
		Cisco IOS Firewall feature set
	Static Packet Filtering
		Examples
		Named access lists
		Apply a list to an interface / line
		Show commands
		Turbo ACLs
		NOTES
	CBAC/Classic Firewall
	Zone based Firewall (ZFW)
		ZFW Actions
		Creation of a ZFW using Cisco Common Classification Policy (C3PL)
		C3PL/MQC (Modular QoS CLI) – Parameter maps
		C3PL/MQC (Modular QoS CLI) – Class maps
		C3PL/MQC (Modular QoS CLI) – Policy-map
IPS
	IPS Introduction
		Types of IPS/IDS solutions
		Intrusion Detection Methods
		Alerts
		Signatures
		Cisco IDS / IPS Range
	Configuring IPS on a Cisco Router using SDM
		Edit IPS Tab
		Security Dashboard Tab
	Logging & Monitoring
		Reporting / Logging
		CLI Monitoring
		Monitoring using SDM
	Notes
VPN / Cryptography
	Hashing & Digital signatures
		Hashing algorithms
		HMAC – Hashed Message Authentication Codes
		Digital Signatures
	Symmetric Encryption
		Caesar / Substitution Cipher
		Vigenere Cipher
		One Time Pad / Vernam Cipher
		Transposition Cipher
		DES (56bit) & 3DES – EDE (112 & 156bit)
		AES (128, 192 & 256bit)
		IDEA (128bit) International Data Encryption Algorithm
		SEAL – Software Encryption Algorithm
		RC
		Blowfish (32 to 448bit)
	Asymmetric Encryption
		RSA
		Diffie Hellman Key exchange
	Choosing an encryption method
	Key Management
	PKI
		Certificates
		Certificate Authority
	IPSec
		Components
		IPSec Benefits
		Operation methods
		Negotiation
		Phase one
		Phase two
		IPSec Authentication
	Configuring Site to Site VPNs
		Configuring Site to Site VPNs using SDM
		Configuring Site to Site VPNs using CLI
Endpoint Security
	Endpoint Security Introduction
		Operating Systems
		Applications
		Phases of an attack
		Example of some previous attacks and their phases
	Cisco NAC
		NAC Components
		The NAC Process
	Cisco Security Agent (CSA)
	IronPort
San and Voice Security
	SAN Security
		Securing SANs
		Port Authentication
		Data Confidentiality
	Voice Security
		Voice Attacks-
		Approaches to secure VoIP
		IP Phone vulnerabilities
Notes
                        

Similer Documents