Foreword Introduction Part I Network Security Concepts Chapter 1 Understanding Network Security Principles "Do I Know This Already?" Quiz Foundation Topics Exploring Security Fundamentals Why Network Security Is a Necessity Types of Threats Scope of the Challenge Nonsecured Custom Applications The Three Primary Goals of Network Security Confidentiality Integrity Availability Categorizing Data Classification Models Classification Roles Controls in a Security Solution Responding to a Security Incident Legal and Ethical Ramifications Legal Issues to Consider Understanding the Methods of Network Attacks Vulnerabilities Potential Attackers The Mind-set of a Hacker Defense in Depth Understanding IP Spoofing Launching a Remote IP Spoofing Attack with IP Source Routing Launching a Local IP Spoofing Attack Using a Man-in-the-Middle Attack Protecting Against an IP Spoofing Attack Understanding Confidentiality Attacks Understanding Integrity Attacks Understanding Availability Attacks Best-Practice Recommendations Exam Preparation Tasks Review All the Key Topics Complete the Tables and Lists from Memory Definition of Key Terms Chapter 2 Developing a Secure Network "Do I Know This Already?" Quiz Foundation Topics Increasing Operations Security System Development Life Cycle 49 Initiation 49 Acquisition and Development 49 Implementation 50 Operations and Maintenance 50 Disposition 51 Operations Security Overview 51 Evaluating Network Security 52 Nmap 54 Disaster Recovery Considerations 55 Types of Disruptions 56 Types of Backup Sites 56 Constructing a Comprehensive Network Security Policy 57 Security Policy Fundamentals 57 Security Policy Components 58 Governing Policy 58 Technical Policies 58 End-User Policies 59 More-Detailed Documents 59 Security Policy Responsibilities 59 Risk Analysis, Management, and Avoidance 60 Quantitative Analysis 60 Qualitative Analysis 61 Risk Analysis Benefits 61 Risk Analysis Example: Threat Identification 61 Managing and Avoiding Risk 62 Factors Contributing to a Secure Network Design 62 Design Assumptions 63 Minimizing Privileges 63 Simplicity Versus Complexity 64 User Awareness and Training 64 Creating a Cisco Self-Defending Network 66 Evolving Security Threats 66 Constructing a Cisco Self-Defending Network 67 Cisco Security Management Suite 69 Cisco Integrated Security Products 70 Exam Preparation Tasks 74 Review All the Key Topics 74 Complete the Tables and Lists from Memory 75 Definition of Key Terms 75 Chapter 3 Defending the Perimeter 77 "Do I Know This Already?" Quiz 77 Foundation Topics 81 ISR Overview and Providing Secure Administrative Access 81 IOS Security Features 81 Cisco Integrated Services Routers 81 Cisco 800 Series 82 Cisco 1800 Series 83 Cisco 2800 Series 84 Cisco 3800 Series 84 ISR Enhanced Features 85 Password-Protecting a Router 86 Limiting the Number of Failed Login Attempts 92 Setting a Login Inactivity Timer 92 Configuring Privilege Levels 93 Creating Command-Line Interface Views 93 Protecting Router Files 95 Enabling Cisco IOS Login Enhancements for Virtual Connections 96 Creating a Banner Message 98 Cisco Security Device Manager Overview 99 Introducing SDM 99 Preparing to Launch Cisco SDM Exploring the Cisco SDM Interface Exam Preparation Tasks Review All the Key Topics Complete the Tables and Lists from Memory Definition of Key Terms Command Reference to Check Your Memory Chapter 4 Configuring AAA "Do I Know This Already?" Quiz Foundation Topics Configuring AAA Using the Local User Database Authentication, Authorization, and Accounting AAA for Cisco Routers Router Access Authentication Using AAA to Configure Local User Database Authentication Defining a Method List Setting AAA Authentication for Login Configuring AAA Authentication on Serial Interfaces Running PPP Using the aaa authentication enable default Command Implementing the aaa authorization Command Working with the aaa accounting Command Using the CLI to Troubleshoot AAA for Cisco Routers Using Cisco SDM to Configure AAA Configuring AAA Using Cisco Secure ACS Overview of Cisco Secure ACS for Windows Additional Features of Cisco Secure ACS 4.0 for Windows Cisco Secure ACS 4.0 for Windows Installation Overview of TACACS+ and RADIUS TACACS+ Authentication Command Authorization with TACACS+ TACACS+ Attributes Authentication and Authorization with RADIUS RADIUS Message Types RADIUS Attributes Features of RADIUS Configuring TACACS+ Using the CLI to Configure AAA Login Authentication on Cisco Routers Configuring Cisco Routers to Use TACACS+ Using the Cisco SDM Defining the AAA Servers Exam Preparation Tasks Review All the Key Topics Complete the Tables and Lists from Memory Definition of Key Terms Command Reference to Check Your Memory Chapter 5 Securing the Router "Do I Know This Already?" Quiz Foundation Topics Locking Down the Router Identifying Potentially Vulnerable Router Interfaces and Services Locking Down a Cisco IOS Router AutoSecure Cisco SDM One-Step Lockdown Using Secure Management and Reporting Planning for Secure Management and Reporting Secure Management and Reporting Architecture Configuring Syslog Support Securing Management Traffic with SNMPv3 Enabling Secure Shell on a Router Using Cisco SDM to Configure Management Features Configuring Syslog Logging with Cisco SDM Configuring SNMP with Cisco SDM Configuring NTP with Cisco SDM Configuring SSH with Cisco SDM Exam Preparation Tasks Review All the Key Topics Complete the Tables and Lists from Memory Definition of Key Terms Command Reference to Check Your Memory Part II Constructing a Secure Infrastructure Chapter 6 Securing Layer 2 Devices "Do I Know This Already?" Quiz Foundation Topics Defending Against Layer 2 Attacks Review of Layer 2 Switch Operation Basic Approaches to Protecting Layer 2 Switches Preventing VLAN Hopping Switch Spoofing Double Tagging Protecting Against an STP Attack Combating DHCP Server Spoofing Using Dynamic ARP Inspection Mitigating CAM Table Overflow Attacks Spoofing MAC Addresses Additional Cisco Catalyst Switch Security Features Using the SPAN Feature with IDS Enforcing Security Policies with VACLs Isolating Traffic Within a VLAN Using Private VLANs Traffic Policing Notifying Network Managers of CAM Table Updates Port Security Configuration Configuration Recommendations Cisco Identity-Based Networking Services Introduction to Cisco IBNS Overview of IEEE 802.1x Extensible Authentication Protocols EAP-MD5 EAP-TLS PEAP (MS-CHAPv2) EAP-FAST Combining IEEE 802.1x with Port Security Features Using IEEE 802.1x for VLAN Assignment Configuring and Monitoring IEEE 802.1x Exam Preparation Tasks Review All the Key Topics Complete the Tables and Lists from Memory Definition of Key Terms Command Reference to Check Your Memory Chapter 7 Implementing Endpoint Security "Do I Know This Already?" Quiz Foundation Topics Examining Endpoint Security Defining Endpoint Security Examining Operating System Vulnerabilities Examining Application Vulnerabilities Understanding the Threat of Buffer Overflows Buffer Overflow Defined The Anatomy of a Buffer Overflow Exploit Understanding the Types of Buffer Overflows Additional Forms of Attack Securing Endpoints with Cisco Technologies Understanding IronPort The Architecture Behind IronPort Examining the Cisco NAC Appliance Working with the Cisco Security Agent Understanding Cisco Security Agent Interceptors Examining Attack Response with the Cisco Security Agent Best Practices for Securing Endpoints Application Guidelines Apply Application Protection Methods Exam Preparation Tasks Review All the Key Topics Complete the Tables and Lists from Memory Definition of Key Terms Chapter 8 Providing SAN Security "Do I Know This Already?" Quiz Foundation Topics Overview of SAN Operations Fundamentals of SANs Organizational Benefits of SAN Usage Understanding SAN Basics Fundamentals of SAN Security Classes of SAN Attacks Implementing SAN Security Techniques Using LUN Masking to Defend Against Attacks Examining SAN Zoning Strategies Examining Soft and Hard Zoning Understanding World Wide Names Defining Virtual SANs Combining VSANs and Zones Identifying Port Authentication Protocols Understandin.