Covers the CCIE Security written exam 2.0 objectives. Designed to optimize your study time, this book helps you assess your knowledge of the material at the start of each chapter with quizzes for each topic. The CD-ROM test engine enables you take timed practice exams that mimic the real testing environment.

Also included is a powerful testing engine on the companion CD-ROM that contains over 500 practice questions. Henry Benjamin, CCIE No. 4695, is a former customer service engineer for Cisco and a triple CCIE (R/S, ISPD Dial, and Communication Services). He holds a Bachelor of Engineering degree from Sydney University and has more than 10 years experience in Cisco networks including planning, designing and implementation of large IP networks. Currently a senior network consultant for Alphawest, Henry is the author of CCIE Security Exam Certification Guide, First Edition, and CCNP Practical Studies: Routing (Cisco Press). 1587201356

Foreword
Introduction
Chapter 1 General Networking Topics
"Do I Know This Already?" Quiz
Foundation Topics
Networking Basics-The OSI Reference Model
Layer 1: The Physical Layer
Layer 2: The Data Link Layer
Layer 3: The Network Layer
Layer 4: The Transport Layer
Layer 5: The Session Layer
Layer 6: The Presentation Layer
Layer 7: The Application Layer
TCP/IP and OSI Model Comparison
Example of Peer-to-Peer Communication
Ethernet Overview
Switching and Bridging
Bridge Port States
Fast EtherChannel
Internet Protocol
Variable-Length Subnet Masks
Classless Interdomain Routing
Transmission Control Protocol
TCP Mechanisms
TCP/IP Services
Address Resolution Protocol
Reverse ARP
Dynamic Host Configuration Protocol
Hot Standby Router Protocol
Internet Control Message Protocol
Telnet
File Transfer Protocol and Trivial File Transfer Protocol
Routing Protocols
Routing Information Protocol
Enhanced Interior Gateway Routing Protocol
Open Shortest Path First
Border Gateway Protocol
Integrated Services Digital Network
Basic Rate and Primary Rate Interfaces
ISDN Framing and Frame Format
ISDN Layer 2 Protocols
Cisco IOS ISDN Commands
IP Multicast
Asynchronous Communications and Access Devices
Telephony Best Practices
Wireless Best Practices
Foundation Summary
Wireless Best Practices
Q &
A
Scenario: Routing IP on Cisco Routers
Scenario Answers
Chapter 2 Application Protocols
"Do I Know This Already?" Quiz
Foundation Topics
Domain Name System
Trivial File Transfer Protocol
File Transfer Protocol
Active FTP
Passive FTP
Hypertext Transfer Protocol
Secure Sockets Layer
Simple Network Management Protocol
SNMP Notifications
SNMP Examples
Simple Mail Transfer Protocol
Network Time Protocol
Secure Shell and Cisco IOS SSH
Cisco IOS SSH
Remote Data Exchange Protocol
Foundation Summary
Q &
A
Scenario: Configuring DNS, TFTP, NTP, and SNMP
Scenario Answers
Chapter 3 Cisco IOS Specifics and Security
"Do I Know This Already?" Quiz
Foundation Topics
Cisco Hardware
Random-Access Memory
Nonvolatile RAM
System Flash
Central Processing Unit
Read-Only Memory
Configuration Registers
Cisco Interfaces
Saving and Loading Files
show and debug Commands
Router CLI
show Commands
Debugging Cisco Routers
Password Recovery
Basic Security on Cisco Routers
IP Access Lists
Access Lists on Cisco Routers
Extended Access Lists
Layer 2 Switching Security
CAM Table Overflow
VLAN Hopping
Spanning Tree Protocol Manipulation
MAC Spoofing Attack
DHCP Starvation Attacks
Security Policy Best Practices-A Cisco View
Foundation Summary
Q &
A
Scenario: Configuring Cisco Routers for Passwords and
Access Lists
Scenario Answers
Chapter 4 Security Protocols
"Do I Know This Already?" Quiz
Foundation Topics
Authentication, Authorization, and Accounting
Authentication
Authorization
Accounting
Remote Authentication Dial-In User Service
RADIUS Configuration Task List
Terminal Access Controller Access Control System Plus
TACACS+ Configuration Task List
TACACS+ Versus RADIUS
Encryption Technology Overview
DES and 3DES
Advanced Encryption Standard
Message Digest 5 and Secure Hash Algorithm
Diffie-Hellman
IP Security
Certificate Enrollment Protocol
Extensible Authentication Protocol, Protected EAP, and Temporal Key Integrity Protocol
Virtual Private Dial-Up Networks (VPDN)
VPDN Configuration Task List
Foundation Summary
Q &
A
Scenario: Configuring Cisco Routers for IPSec
Scenario Answers
Chapter 5 Cisco Security Applications
"Do I Know This Already?" Quiz
Foundation Topics
Cisco Secure for Windows (NT) and Cisco Secure ACS
Cisco Secure ACS
IDS Fundamentals
Notification Alarms
Signature-Based IDS
Anomaly-Based IDS
Network-Based IDS Versus Host-Based IDS
IDS Placement
IDS Tuning
Cisco Secure Intrusion Detection System and Catalyst Services Modules
Cisco Secure IDS
Cisco Inline IDS (Intrusion Prevention System)
Catalyst Services Module
CiscoWorks VMS
Cisco VPN 3000 Concentrator
Cisco Secure VPN Client
Cisco Router and Security Device Manager
Security Information Monitoring System
Foundation Summary
Q &
A
Scenario: Cisco Secure IDS Database Event
Scenario Answers
Chapter 6 Security Technologies
"Do I Know This Already?" Quiz
Foundation Topics
Advanced Security Concepts
Network Address Translation and Port Address Translation
NAT Operation on Cisco Routers
Cisco PIX Firewall
Configuring a PIX Firewall
Troubleshooting PIX Firewall Log Files
Cisco PIX Firewall Software Features
Cisco IOS Firewall Feature Set
CBAC Configuration Task List
Public Key Infrastructure
Virtual Private Networks
Network-Based Intrusion Detection Systems
Cisco Security Agent and Host-Based IDS
Cisco Threat Response
Cisco Threat Response IDS Requirements
Authorization Technologies (IOS Authentication 802.1X)
Foundation Summary
Q &
A
Scenario: Configuring a Cisco PIX Firewall for NAT
Scenario Answer
Chapter 7 Network Security Policies, Vulnerabilities, and Protection
"Do I Know This Already?" Quiz
Foundation Topics
Network Security Policies
Standards Bodies and Incident Response Teams
Incident Response Teams
Internet Newsgroups
Vulnerabilities, Attacks, and Common Exploits
Intrusion Detection System
Protecting Cisco IOS from Intrusion
Foundation Summary
Q &
A
Scenario: Defining Cisco IOS Commands to View DoS Attacks in Real Time
Scenario Answers
Chapter 8 CCIE Security Self-Study Lab
How to Use This Chapter
Preparing for this Lab
Goal of This Lab
CCIE Security Self-Study Lab Part I Goals
CCIE Security Self-Study Lab Part II Goals
General Lab Guidelines and Setup
Communications Server (0 Points)
CCIE Security Self-Study Lab Part I: Basic Network Connectivity (4 Hours)
Basic Frame Relay Setup (5 Points)
Physical Connectivity (0 Points)
Catalyst Ethernet Switch Setup I (5 Points)
Catalyst Ethernet Switch Setup II (6 Points)
IP Host Lookup and Disable DNS (1 Point)
PIX Configuration (6 Points)
IGP Routing (18 Points)
Basic ISDN Configuration (6 Points)
DHCP Configuration (3 Points)
BGP Routing Configuration (6 Points)
CCIE Security Self-Study Lab Part II: Advanced Security Design (4 Hours)
IP Access List (4 Points)
Prevent Denial-of-Service Attacks (4 Points)
Time-Based Access List (4 Points)
Dynamic Access List/Lock and Key Feature (5 Points)
Cisco IOS Firewall Configuration on R5 (6 Points)
IPSec Configuration (6 Points)
Advanced PIX Configuration (5 Points)
ACS Configuration (5 Points)
Cisco Intrusion Detection System (5 Points)
Final Configurations
Additional Advanced Lab Topics (No Solutions Provided)
Advanced Security Lab Topics (4 Points)
Content Filtering (2 Points)
FTP Issues (3 Points)
Routing Table Authenticity (4 Points)
Access Control on R2 Ethernet Interface (4 Points)
Conclusion
Appendix A
Answers to Quiz Questions
Appendix B
Study Tips for CCIE Security Examinations
Appendix C

Sample CCIE Routing and Switching Lab I
Appendix D

Sample CCIE Routing and Switching Lab II