McGraw-Hill - CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide (Exams SECUR,CSPFA, CSVPN, CSIDS, and CSI).pdf
(
17647 KB
)
Pobierz
fm.vp
Cisco
®
Certified
Security Professional
Certification
EXAM GUIDE
Robert E. Larson
Lance Cockcroft
McGraw-Hill
/Osborne
New York • Chicago • San Francisco • Lisbon
London • Madrid • Mexico City • Milan • New Delhi
San Juan • Seoul • Singapore • Sydney • Toronto
CCSP
™
:
McGraw-Hill
/Osborne
2100 Powell Street, 10
th
Floor
Emeryville, California 94608
U.S.A.
To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact
McGraw-Hill
/Osborne at the above address. For information on translations or book distributors
outside the U.S.A., please see the International Contact Information page immediately following
the index of this book.
CCSP
™
: Cisco® Certified Security Professional Certification All-in-One Exam Guide
(Exams 642-501 SECUR, 642-521 CSPFA,
642-511 CSVPN, 642-531 CSIDS, and 642-541 CSI)
Copyright © 2003 by The McGraw-Hill Companies. All rights reserved. Printed in the United States
of America. Except as permitted under the Copyright Act of 1976, no part of this publication may
be reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of publisher, with the exception that the program listings may be
entered, stored, and executed in a computer system, but they may not be reproduced for publication.
1234567890 DOC DOC 019876543
Book p/n 0-07-222692-7 and CD p/n 0-07-222693-5
parts of
ISBN 0-07-222691-9
Publisher
Brandon A. Nordin
Vice President & Associate Publisher
Scott Rogers
Acquisitions Editor
Nancy Maragioglio
Project Editor
Lisa Wolters-Broder
Acquisitions Coordinator
Jessica Wilson
Technical Editors
Joe Phago
Ole Drews Jensen
Copy Editor
Marcia Baker
Proofreaders
Brian Galloway
Linda Medoff
Indexer
Rebecca Plunkett
Compositors
Apollo Publishing Services
George Toma Charbak
Illustrators
Lyssa Wald
Melinda Moore Lytle
Michael Mueller
Series Design
Peter F. Hancik
This book was composed with Corel VENTURA
™
Publisher.
Information has been obtained by
McGraw-Hill
/Osborne from sources believed to be reliable. However, because of
the possibility of human or mechanical error by our sources,
McGraw-Hill
/Osborne, or others,
McGraw-Hill
/Osborne
does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or
omissions or the results obtained from the use of such information.
This book is dedicated to my parents, Lou and Elmer Larson,
who provided resources and direction when I was young,
plus freedom, inspiration, and support as I got older.
—Bob
About the Authors
Robert E. Larson
lives in the Seattle, Washington area with his wife Jerri and four adult
children. Bob has worked full-time as a computer trainer and course developer since
1985, including network training since 1995. Bob got involved with the Cisco Net-
working Academy program in 1998. He is currently the Cisco Regional Academy contact
at Bates Technical College in Tacoma, plus teaches evening and weekend CCNP, Security,
and CCIE prep classes at Green River Community College. Bob is currently a member of
the Cisco Networking Academy Advisory Council. This is Bob’s third Cisco certification
book, having also written a CCNA and CCNP book. Bob taught the first Academy CCNA
series in Africa in 1999 in Cape Town, South Africa. He has also taught CCNP-level
courses in Birmingham, England; Dillingen, Germany; and Vienna, Austria.
Lance Cockcroft,
Net+, CCA, MCSE, MCT, CCNP, CCDP, has been a Senior Engineer for
many ISP and telecommunications companies, including Bellsouth, Atlanta Broadband,
and Southeastern Networks. Lance is currently the Cisco Product Manager for Self Test Soft-
ware, Cisco’s only authorized test prep vendor. Lance writes and oversees the production of
all Cisco practice tests for Self Test Software. Lance attended and continues to teach for
Kennesaw State University and Southern Polytechnic University located in his hometown
of Marietta, Georgia.
About the Technical Reviewers
Ole Drews Jensen
began working with computers 21 years ago, and five years later made
it his profession. He started out as a programmer in a wide variety of languages, but soon
got involved with administering servers and networks. Today Ole is the Systems Network
Manager for an enterprise company with several subsidiaries in the recruiting industry,
where one of the largest is Carlton Staffing. Ole holds the following certifications: CCNP,
MCSE, and MCP+I, and is currently pursuing the new CCSP.
Setotolwane Johannes “Joe” Phago
, CCIE # 7105, CCNP, Cisco Firewall Specialist, Cisco
VPN Specialist, B.Sc. Computer Science (University of the North, S.A.). He was the first
Black South African CCIE and is a graduate of the first Cisco Networking Academy in Africa.
Joe is currently Senior Network Analyst at Standard Bank of South Africa, a leading banking
and financial services company in S.A. and Africa with a presence on virtually all continents.
CONTENTS
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xxi
Part I
Introduction to Network Security . . . . . . . . . . . . . . . . . . . . . . . . .
1
Chapter 1
Understanding Network Security Threats . . . . . . . . . . . . . . . . . . . . .
3
Identify the Need for Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
Identify the Causes of Network Security Problems . . . . . . . . . . . . . . . . . . . . . . . . .
5
Technology Weakness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6
Policy Weakness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
Configuration Weakness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
The Four Primary Types of Network Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
Unstructured Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
Structured Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9
Internal Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10
External Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10
The Four Primary Types of Network Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
Reconnaissance Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
Access Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
14
Denial of Service (DoS) Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
Data Manipulation Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20
Cisco AVVID and SAFE Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
AVVID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
SAFE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
Cisco Security Wheel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
Network Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
Why Create a Network Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
The Balancing Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
A Security Policy Is to Be Shared . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
28
Who Should Help Create the Security Policy? . . . . . . . . . . . . . . . . . . . . . . .
29
Assets and Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30
Evaluating a Network Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
32
Example of a Network Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
35
Securing the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
35
Wireless Communication Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
36
Monitoring Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
37
Improving Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
40
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
44
v
Plik z chomika:
musli_com
Inne pliki z tego folderu:
Sybex.CCSP.Complete.Study.Guide.Mar.2005.eBook-DDU.pdf
(25233 KB)
Sybex.Books.CCSP.Secure.Intrusion.Detection.and.SAFE.Implementation.Study.Guide.pdf
(24049 KB)
McGraw-Hill - CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide (Exams SECUR,CSPFA, CSVPN, CSIDS, and CSI).pdf
(17647 KB)
640-801 v63-1.pdf
(10982 KB)
Wiley Publishing - The CISSP Prep Guide. Gold Edition.pdf
(9491 KB)
Inne foldery tego chomika:
ASA
IPSec VTI
New_CCSP
SRNDs
WebSense
Zgłoś jeśli
naruszono regulamin