Title | Cisco CCNA Security-Summary |
---|---|
Tags | Network Switch Port (Computer Networking) Transmission Control Protocol Denial Of Service Attack Radius |
File Size | 1.3 MB |
Total Pages | 56 |
Contents Introduction Cisco Security Management Tools Control of Data Security Policy Risk System Development Life Cycle (SDLC) Understanding the Risks Layer 2 risks Layer 3 risks Upper Layer risks Physical Configuring Devices Basic device Configuration Creating a Banner Configure SSH access Enable SDM IOS Resilient Configuration Password Recovery AAA RADIUS TACACS Configuring User Privileges Privilege Level Access Role Based Access Logon Security Securing VTY Lines AutoSecure and One Step Lock Down AutoSecure SDM One-Step Lockdown & Security Audit Logging NTP Layer 2 security Port Security Configure SNMP Traps for MAC Table Event Notification 802.1x Port Security / Network Admission Control (NAC) Dot1x port control modes- EAP Example Storm Control Span ports (Switchport Analyser) Securing VLANs Filtering Intra-VLAN Traffic Private VLANs Securing IP at Layer 2 DHCP Snooping Dynamic ARP Inspection (DAI) IP Source Guard Useful Commands Best Practices IOS Firewall Firewall Introduction Firewall Types Layered Defence Strategy Cisco IOS Firewall feature set Static Packet Filtering Examples Named access lists Apply a list to an interface / line Show commands Turbo ACLs NOTES CBAC/Classic Firewall Zone based Firewall (ZFW) ZFW Actions Creation of a ZFW using Cisco Common Classification Policy (C3PL) C3PL/MQC (Modular QoS CLI) – Parameter maps C3PL/MQC (Modular QoS CLI) – Class maps C3PL/MQC (Modular QoS CLI) – Policy-map IPS IPS Introduction Types of IPS/IDS solutions Intrusion Detection Methods Alerts Signatures Cisco IDS / IPS Range Configuring IPS on a Cisco Router using SDM Edit IPS Tab Security Dashboard Tab Logging & Monitoring Reporting / Logging CLI Monitoring Monitoring using SDM Notes VPN / Cryptography Hashing & Digital signatures Hashing algorithms HMAC – Hashed Message Authentication Codes Digital Signatures Symmetric Encryption Caesar / Substitution Cipher Vigenere Cipher One Time Pad / Vernam Cipher Transposition Cipher DES (56bit) & 3DES – EDE (112 & 156bit) AES (128, 192 & 256bit) IDEA (128bit) International Data Encryption Algorithm SEAL – Software Encryption Algorithm RC Blowfish (32 to 448bit) Asymmetric Encryption RSA Diffie Hellman Key exchange Choosing an encryption method Key Management PKI Certificates Certificate Authority IPSec Components IPSec Benefits Operation methods Negotiation Phase one Phase two IPSec Authentication Configuring Site to Site VPNs Configuring Site to Site VPNs using SDM Configuring Site to Site VPNs using CLI Endpoint Security Endpoint Security Introduction Operating Systems Applications Phases of an attack Example of some previous attacks and their phases Cisco NAC NAC Components The NAC Process Cisco Security Agent (CSA) IronPort San and Voice Security SAN Security Securing SANs Port Authentication Data Confidentiality Voice Security Voice Attacks- Approaches to secure VoIP IP Phone vulnerabilities Notes