| |
| |
| Introduction | |
| |
| |
| |
| IOS Router Security | |
| |
| |
| |
| Overview of Network Security | |
| |
| |
| Rationale, Trends, and Goals of Network Security | |
| |
| |
| Security Threats and Vulnerabilities | |
| |
| |
| Security Framework and Policy | |
| |
| |
| Security Products and Solutions | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Basic Router and Switch Security | |
| |
| |
| General Router and Switch Security | |
| |
| |
| Disabling Unneeded Services | |
| |
| |
| Securing the Perimeter Router | |
| |
| |
| Router Management | |
| |
| |
| Securing Switches and LAN Access | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Router ACLs and CBAC | |
| |
| |
| Access Control Lists | |
| |
| |
| Types of IP ACLs | |
| |
| |
| Content-Based Access Control | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Router AAA Security | |
| |
| |
| AAA Secures Network Access | |
| |
| |
| Network Access Server (NAS) AAA Authentication Process | |
| |
| |
| Cisco Secure ACS. AAA Servers Overview and Configuration | |
| |
| |
| The Cisco IOS Firewall Authentication Proxy | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Router Intrusion Detection, Monitoring, and Management | |
| |
| |
| IOS Firewall IDS. Setting up the Cisco IOS Firewall IDS. Monitoring with Logging and Syslog | |
| |
| |
| SNMP | |
| |
| |
| Managing the Router | |
| |
| |
| Security Device Manager (SDM) | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Router Site-to-Site VPNs | |
| |
| |
| Virtual Private Networks | |
| |
| |
| IOS Cryptosystem | |
| |
| |
| Symmetric Encryption | |
| |
| |
| IPSec | |
| |
| |
| Site-to-Site IPSec VPN Using Preshared Keys | |
| |
| |
| Digital Certificates | |
| |
| |
| Configuring Site-to-Site IPSec VPN Using Digital Certificates | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Router Remote Access VPNs | |
| |
| |
| Remote Access VPN | |
| |
| |
| VPN Enterprise Management | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Pix Security Appliance Security | |
| |
| |
| |
| PIX Security Appliance | |
| |
| |
| Introduction to Firewalls | |
| |
| |
| Cisco PIX Security Appliance | |
| |
| |
| Getting Started with the PIX Security Appliance | |
| |
| |
| Routing and Multicast Configuration | |
| |
| |
| PIX Dynamic Host Control Configuration | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| PIX Security Appliance Translations and Connections | |
| |
| |
| Transport Protocols | |
| |
| |
| Network Address Translation | |
| |
| |
| DNS Doctoring, Destination NAT, and DNS Record Translation on the PIX. Connections | |
| |
| |
| Port Address Translation | |
| |
| |
| Multiple Interfaces on a PIX Security Appliance | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| PIX Security Appliance ACLs | |
| |
| |
| ACLs and the PIX Security Appliance | |
| |
| |
| Using ACLs | |
| |
| |
| Filtering | |
| |
| |
| Object Grouping | |
| |
| |
| Nested Object Groups | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| PIX Security Appliance AAA | |
| |
| |
| AAA. Authentication Configuration on the PIX | |
| |
| |
| Authorization Configuration on the PIX Security Appliance | |
| |
| |
| Accounting Configuration on the PIX Security Appliance | |
| |
| |
| Defining Traffic to Utilize AAA Services | |
| |
| |
| Monitoring the AAA Configuration | |
| |
| |
| PPPoE and the PIX Security Appliance | |
| |
| |
| Appendix 11-A | |
| |
| |
| Appendix 11-B | |
| |
| |
| Appendix 11-C | |
| |
| |
| Appendix 11-D | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| PIX Advanced Protocols and Intrusion | |
| |
| |
| Detection | |
| |
| |
| Advanced Protocol Handling | |
| |
| |
| Multimedia Support and the PIX Security Appliance | |
| |
| |
| Attack Guards | |
| |
| |
| Intrusion Detection and the PIX Security Appliance | |
| |
| |
| Shunning | |
| |
| |
| PIX Security Appliance Syslog Logging | |
| |
| |
| SNMP | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| PIX Failover and System Maintenance | |
| |
| |
| Understanding PIX Security Appliance Failover | |
| |
| |
| Serial Cable Failover Configuration | |
| |
| |
| LAN-Based Failover Configuration | |
| |
| |
| System Maintenance via Remote Access | |
| |
| |
| Command Authorization | |
| |
| |
| PIX Security Appliance Password Recovery | |
| |
| |
| Upgrading the PIX Security Appliance Image and the Activation Key | |
| |
| |
| Summary | |
| |
| |
| Key Terms | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| PIX Security Appliance VPNs | |
| |
| |
| PIX Security Appliance Ena | |