CCIE Security Exam Certification Guide - Benjamin_ Henry.pdf

(16077 KB) Pobierz
CCIE.book
CCIE Self-Study
CCIE Security Exam Certification
Guide
Henry Benjamin
Cisco Press
Cisco Press
201 West 103rd Street
Indianapolis, IN 46290 USA
222417885.142.png 222417885.153.png 222417885.164.png 222417885.175.png 222417885.001.png 222417885.012.png 222417885.023.png 222417885.034.png 222417885.045.png 222417885.056.png 222417885.067.png 222417885.078.png 222417885.089.png 222417885.100.png 222417885.102.png 222417885.103.png 222417885.104.png 222417885.105.png 222417885.106.png 222417885.107.png 222417885.108.png 222417885.109.png 222417885.110.png 222417885.111.png 222417885.112.png 222417885.113.png 222417885.114.png 222417885.115.png 222417885.116.png 222417885.117.png 222417885.118.png 222417885.119.png 222417885.120.png 222417885.121.png 222417885.122.png 222417885.123.png 222417885.124.png
ii
CCIE Self-Study
CCIE Security Exam Certification Guide
Henry Benjamin
Copyright © 2003 Cisco Systems, Inc.
Published by:
Cisco Press
201 West 103rd Street
Indianapolis, IN 46290 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from the publisher, except for the inclusion of brief quotations in a review.
Printed in the United States of America 1 2 3 4 5 6 7 8 9 0
First Printing April 2003
Library of Congress Cataloging-in-Publication Number: 2002104850
ISBN: 1-58720-065-1
Warning and Disclaimer
This book is designed to provide information about the
CCIE Security written exam. Every effort has been made to
make this book as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc., shall have neither
liability nor responsibility to any person or entity with respect to any loss or damages arising from the information
contained in this book or from the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized.
Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a term in this book should
not be regarded as affecting the validity of any trademark or service mark.
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted
with care and precision, undergoing rigorous development that involves the unique expertise of members from the
professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could
improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at
feedback@ciscopress.com. Please make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
222417885.125.png 222417885.126.png 222417885.127.png 222417885.128.png 222417885.129.png 222417885.130.png 222417885.131.png 222417885.132.png 222417885.133.png 222417885.134.png 222417885.135.png 222417885.136.png 222417885.137.png 222417885.138.png 222417885.139.png 222417885.140.png 222417885.141.png 222417885.143.png 222417885.144.png 222417885.145.png 222417885.146.png 222417885.147.png 222417885.148.png 222417885.149.png 222417885.150.png 222417885.151.png 222417885.152.png 222417885.154.png 222417885.155.png 222417885.156.png 222417885.157.png 222417885.158.png 222417885.159.png 222417885.160.png 222417885.161.png 222417885.162.png 222417885.163.png
iii
Publisher John Wait
Editor-in-Chief John Kane
Executive Editor Brett Bartow
Cisco Representative Anthony Wolfenden
Cisco Press Program Manager Sonia Torres Chavez
Cisco Marketing Communications Manager Tom Geitner
Cisco Marketing Program Manager
Edie Quiroz
Managing Editor
Patrick Kanouse
Development Editor
Andrew Cupp
Project Editor
San Dee Phillips
Copy Editor
Marcia Ellett
Technical Editors
Gert De Laet, Anand Deveriya,
Charles Resch, Gert Schauwers
Team Coordinator
Tammi Ross
Book Designer
Gina Rexrode
Cover Designer
Louisa Adair
Compositor
Octal Publishing, Inc.
Indexer
Brad Herriman
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
European Headquarters
Cisco Systems Europe
11 Rue Camille Desmoulins
92782 Issy-les-Moulineaux
Cedex 9
France
http://www-europe.cisco.com
Tel: 33 1 58 04 60 00
Fax: 33 1 58 04 61 00
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883
Asia Pacific Headquarters
Cisco Systems Australia,
Pty., Ltd
Level 17, 99 Walker Street
North Sydney
NSW 2059 Australia
http://www.cisco.com
Tel: +61 2 8448 7100
Fax: +61 2 9957 4350
Cisco Systems has more than 200 offices in the following countries. Addresses, phone numbers, and fax numbers are listed on
the Cisco Web site at www.cisco.com/go/offices
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China • Colombia • Costa
Rica • Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong
Hungary • India • Indonesia • Ireland • Israel • Italy Japan • Korea • Luxembourg • Malaysia • Mexico
The Netherlands • New Zealand • Norway • Peru • Philippines • Poland Portugal • Puerto Rico • Romania
Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden
Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam
Zimbabwe
Copyright © 2000, Cisco Systems, Inc. All rights reserved. Access Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA,
CCNP, CCSI, CD-PAC, CiscoLink , the Cisco Net Works logo, the Cisco Powered Network logo, Cisco Systems Networking Academy, Fast Step, FireRunner, Follow Me Browsing,
FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, iQuick Study, iQ Readiness Scorecard, The
iQ Logo, Kernel Proxy, MGX, Natural Network Viewer, Network Registrar, the Networkers logo, Packet , PIX, Point and Click Internetworking, Policy Builder, RateMUX,
ReyMaster, ReyView, ScriptShare, Secure Script, Shop with Me, SlideCast, SMARTnet, SVX, TrafficDirector, TransPath, VlanDirector, Voice LAN, Wavelength Router,
Workgroup Director, and Workgroup Stack are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, are
service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco
Systems, Cisco Systems Capital, the Cisco Systems logo, Collision Free, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, IOS, IP/TV, IPX,
LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, are registered trademarks of Cisco Systems,
Inc. or its affiliates in the U.S. and certain other countries.
All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (0010R)
222417885.165.png 222417885.166.png 222417885.167.png 222417885.168.png 222417885.169.png 222417885.170.png 222417885.171.png 222417885.172.png 222417885.173.png 222417885.174.png 222417885.176.png 222417885.177.png 222417885.178.png 222417885.179.png 222417885.180.png 222417885.181.png 222417885.182.png 222417885.183.png 222417885.184.png 222417885.185.png 222417885.002.png 222417885.003.png 222417885.004.png 222417885.005.png 222417885.006.png 222417885.007.png 222417885.008.png 222417885.009.png 222417885.010.png 222417885.011.png 222417885.013.png 222417885.014.png 222417885.015.png 222417885.016.png 222417885.017.png 222417885.018.png 222417885.019.png
iv
About the Author
, CCIE No.4695, holds three CCIE certifications, having attained
Routing and Switching in May 1999, ISP Dial in June 2001, and Communications
and Services in May 2002. He has more than 10 years experience with Cisco net-
works, including planning, designing, and implementing large IP networks running
IGRP, EIGRP, BGP, and OSPF. Recently, Henry has worked for a large IT organi-
zation based in Sydney, Australia as a key Network Designer, designing and
implementing networks all over Australia and Asia.
In the past two years, Henry has been a key member of the CCIE global team
based in Sydney, Australia. As a senior and core member of the team, his tasks
include writing new laboratory examinations and questions for the coveted CCIE
R/S, CCIE Security, and CCIE C/S tracks, as well as the CCIE written Recertifica-
tion Examinations. Henry has authored two other titles, “CCNP Practical Studies:
Routing” (Cisco Press) and “CCIE R&S Exam Cram.”
Henry holds a Bachelor of Aeronautical Engineering degree from Sydney
University (1991).
About the Contributing Author
, CCIE No. 2657, has both CCIE Security and Routing and Switching certifications. He has more than
nine years of experience in internetworking. Gert currently works for the CCIE team at Cisco in Brussels, Belgium, as
CCIE Proctor/Content Engineer and Program Manager for EMEA. He also holds an Engineering degree in Electronics.
Gert helped write Chapter 9 of this book and acted as a lead technical reviewer for the entire book.
About the Technical Reviewers
, CCIE No.10401, in Security and MCSE, has five years of LAN/WAN and network security
experience with Cisco products. Currently, he is the Network Manager at Summerville Senior Living, where he
designed and deployed their nationwide Frame Relay-based WAN network with VoIP. Additionally, he monitors the
LAN/WAN security, penetration testing, and OS hardening. Prior to that, he was a network engineer with NEC, where
he deployed scalable, secure, and redundant network backbone for dotcom and campus environments using Cisco rout-
ers, switches, PIX, and VPN products.
, CCIE No. 6582, currently works at Nuclio as a Senior Network Engineer, where he installs and config-
ures management equipment to monitor customer networks. Among his projects are e-commerce sites with dual Cisco
PIX Firewalls, Cisco Content Switch (CSS) load balancers, Intel and SonicWall SSL off-loaders, Cisco switches
(HSRP-VLANs), and Cisco Secure Intrusion Detection Systems (CSIDS). Among other jobs, he has worked as a Senior
Instructor at Information Technology Institute—Northwestern Business College, and as a Senior Internet Engineer at
Globalcom Inc. He has extensive experience with Cisco hardware, Cisco IOS Software, numerous routed and routing
protocols, and operating systems.
, CCIE No. 6924, has CCIE certifications in Security, Routing and Switching, and Communications
and Services. He has more than four years of experience in internetworking. He is currently working for the CCIE team
at Cisco in Brussels, Belgium, as CCIE Content Engineer. He has an Engineering degree in Electronics.
Henry Benjamin
Gert De Laet
Anand Deveriya
Charles Resch
Gert Schauwers
222417885.020.png 222417885.021.png 222417885.022.png 222417885.024.png 222417885.025.png 222417885.026.png 222417885.027.png 222417885.028.png 222417885.029.png 222417885.030.png 222417885.031.png 222417885.032.png 222417885.033.png 222417885.035.png 222417885.036.png 222417885.037.png 222417885.038.png 222417885.039.png 222417885.040.png 222417885.041.png 222417885.042.png 222417885.043.png 222417885.044.png 222417885.046.png 222417885.047.png 222417885.048.png 222417885.049.png 222417885.050.png 222417885.051.png 222417885.052.png 222417885.053.png 222417885.054.png 222417885.055.png 222417885.057.png 222417885.058.png 222417885.059.png 222417885.060.png
v
Dedication
This book is solely dedicated to two wonderful individuals whom I’ve had the pleasure of meeting on two occasions in
my life. Without their inspiration and love for all humanity, I would not be here writing this book. I dedicate this book to
His Excellency Monsignor, Claudio Gatti, and Marisa Rossi. I thank God for you.
“I am the Mother of the Eucharist. Know Jesus’ word. Love Jesus, the Eucharist.”
—Our Lady, Mary, Mother of the Eucharist
Questo libro è dedicato esclusivamente a due persone meravigliose che ho avuto il piacere di conoscere e incontrare in
due occasioni nella mia vita. Senza la loro ispirazione e il loro amore per tutta l’umanità io non sarei qui a scrivere
questo libro. Dedico questo libro a Sua Eccellenza Mons. Claudio Gatti e a Marisa Rossi.
“Io sono la madre dell’Eucaristia. Conoscete Gesù parola. Amate Gesù Eucaristia.”
—Madonna, Maria, Madre dell’Eucaristia
222417885.061.png 222417885.062.png 222417885.063.png 222417885.064.png 222417885.065.png 222417885.066.png 222417885.068.png 222417885.069.png 222417885.070.png 222417885.071.png 222417885.072.png 222417885.073.png 222417885.074.png 222417885.075.png 222417885.076.png 222417885.077.png 222417885.079.png 222417885.080.png 222417885.081.png 222417885.082.png 222417885.083.png 222417885.084.png 222417885.085.png 222417885.086.png 222417885.087.png 222417885.088.png 222417885.090.png 222417885.091.png 222417885.092.png 222417885.093.png 222417885.094.png 222417885.095.png 222417885.096.png 222417885.097.png 222417885.098.png 222417885.099.png 222417885.101.png

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin