Home > Store

CCNA Security 640-554 Official Cert Guide

Add To My Wish List

CCNA Security 640-554 Official Cert Guide

By Keith Barker, Scott Morris
Published Jul 6, 2012 by Cisco Press. Part of the Official Cert Guide series.

Book

Sorry, this book is no longer in print.

Not for Sale

About

Description

Extras

Sample Content

Updates

Premium Edition

More Information

About

Features

Straight from Cisco: the official complete assessment, review, and practice for the newest CCNA Security (IINS) exam!
Covers every current CCNA Security exam topic, including key concepts, network infrastructure protection, threat control/containment; and secure connectivity
Extensive updates include: Cisco Configuration Professional GUI tool, ASAP Firewall, ADSM, and IPv6 security
CD contains realistic practice tests
Extensive, proven features help students review more efficiently



Description

Copyright 2013
Edition: 1st

Book
ISBN-10: 1-58720-446-0
ISBN-13: 978-1-58720-446-3

Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNA Security 640-554 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

· Master Cisco CCNA Security 640-554 exam topics

· Assess your knowledge with chapter-opening quizzes

· Review key concepts with exam preparation tasks

· Practice with realistic exam questions on the CD-ROM

CCNA Security 640-554 Official Cert Guide, focuses specifically on the objectives for the Cisco CCNA Security IINS exam. Expert networking professionals Keith Barker and Scott Morris share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The companion CD-ROM contains a powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. The CD also contains 90 minutes of video training on CCP, NAT, object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls.

Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The official study guide helps you master all the topics on the CCNA Security IINS exam, including:

Network security concepts
Security policies and strategies
Network foundation protection (NFP)
Cisco Configuration Professional (CCP)
Management plane security
AAA security
Layer 2 security threats
IPv6 security
Threat mitigation and containment
Access Control Lists (ACLs)
Network Address Translation (NAT)
Cisco IOS zone-based firewalls and ASA firewalls
Intrusion prevention and detection systems
Public Key Infrastructure (PKI) and cryptography
Site-to-site IPsec VPNs and SSL VPNs

CCNA Security 640-554 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The print edition of the CCNA Security 640-554 Official Cert Guide contains 90 minutes of video instruction, two free, complete practice exams as well as an exclusive offer for 70% off Premium Edition eBook and Practice Test.

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam

Also available from Cisco Press for Cisco CCNA Security study is the CCNA Security 640-554 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test.

This integrated learning package:

· Allows you to focus on individual topic areas or take complete, timed exams

· Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

· Provides unique sets of exam-realistic practice questions

· Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most



Extras

Security by Design: Planning for Security in the Design, Deployment, and Operation of IT Systems

Threat Mitigation with ACLs



Premium Edition

The exciting new CCNA Security 640-554 Official Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

The CCNA Security 640-554Premium Edition Practice Test, including four full practice exams (over 250 questions) and enhanced practice test features
PDF and EPUB formats of the CCNA Security 640-554 Official Cert Guide from Cisco Press, which are accessible via your PC, tablet, and Smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

Allows you to focus on individual topic areas or take complete, timed exams
Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
Provides unique sets of exam-realistic practice questions
Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7;

Microsoft .NET Framework 4.0 Client;

Pentium class 1GHz processor (or equivalent);

512 MB RAM;

650 MB disc space plus 50 MB for each downloaded practice exam

About the Premium Edition eBook

CCNA Security 640-554 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNA Security IINS exam. Cisco Certified Internetwork Experts (CCIE) Keith Barker and Scott Morris share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

This eBook comes complete with 90 minutes of video training on CCP, NAT, object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls. See the last page of the eBook file for instructions on downloading the videos.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

This official study guide helps you master all the topics on the CCNA Security IINS exam, including:

Network security concepts
Security policies and strategies
Network foundation protection (NFP)
Cisco Configuration Professional (CCP)
Management plane security
AAA security
Layer 2 security threats
IPv6 security
Threat mitigation and containment
Access Control Lists (ACLs)
Network Address Translation (NAT)
Cisco IOS zone-based firewalls and ASA firewalls
Intrusion prevention and detection systems
Public Key Infrastructure (PKI) and cryptography
Site-to-site IPsec VPNs and SSL VPNs



Sample Content

Online Sample Chapter

Securing the Management Plane on Cisco IOS Devices

Sample Pages

Download the sample pages (includes Chapter 6 and Index)

Introduction xxv

Part I Fundamentals of Network Security

Chapter 1 Networking Security Concepts

“Do I Know This Already?” Quiz 5

Foundation Topics 8

Understanding Network and Information Security Basics 8

Network Security Objectives 8

Confidentiality, Integrity, and Availability 8

Cost-Benefit Analysis of Security 9

Classifying Assets 10

Classifying Vulnerabilities 11

Classifying Countermeasures 12

What Do We Do with the Risk? 12

Recognizing Current Network Threats 13

Potential Attackers 13

Attack Methods 14

Attack Vectors 15

Man-in-the-Middle Attacks 15

Other Miscellaneous Attack Methods 16

Applying Fundamental Security Principles to Network Design 17

Guidelines 17

How It All Fits Together 19

Exam Preparation Tasks 20

Review All the Key Topics 20

Complete the Tables and Lists from Memory 20

Define Key Terms 20

Chapter 2 Understanding Security Policies Using a Lifecycle Approach

“Do I Know This Already?” Quiz 23

Foundation Topics 25

Risk Analysis and Management 25

Secure Network Lifecycle 25

Risk Analysis Methods 25

Security Posture Assessment 26

An Approach to Risk Management 27

Regulatory Compliance Affecting Risk 28

Security Policies 28

Who, What, and Why 28

Specific Types of Policies 29

Standards, Procedures, and Guidelines 30

Testing the Security Architecture 31

Responding to an Incident on the Network 32

Collecting Evidence 32

Reasons for Not Being an Attacker 32

Liability 33

Disaster Recovery and Business Continuity Planning 33

Exam Preparation Tasks 34

Review All the Key Topics 34

Complete the Tables and Lists from Memory 34

Define Key Terms 34

Chapter 3 Building a Security Strategy

“Do I Know This Already?” Quiz 37

Foundation Topics 40

Securing Borderless Networks 40

The Changing Nature of Networks 40

Logical Boundaries 40

SecureX and Context-Aware Security 42

Controlling and Containing Data Loss 42

An Ounce of Prevention 42

Secure Connectivity Using VPNs 43

Secure Management 43

Exam Preparation Tasks 44

Review All the Key Topics 44

Complete the Tables and Lists from Memory 44

Define Key Terms 44

Part II Protecting the Network Infrastructure

Chapter 4 Network Foundation Protection

“Do I Know This Already?” Quiz 49

Foundation Topics 52

Using Network Foundation Protection to Secure Networks 52

The Importance of the Network Infrastructure 52

The Network Foundation Protection (NFP) Framework 52

Interdependence 53

Implementing NFP 53

Understanding the Management Plane 55

First Things First 55

Best Practices for Securing the Management Plane 55

Understanding the Control Plane 56

Best Practices for Securing the Control Plane 56

Understanding the Data Plane 57

Best Practices for Protecting the Data Plane 59

Additional Data Plane Protection Mechanisms 59

Exam Preparation Tasks 60

Review All the Key Topics 60

Complete the Tables and Lists from Memory 60

Define Key Terms 60

Chapter 5 Using Cisco Configuration Professional to Protect the Network Infrastructure

“Do I Know This Already?” Quiz 63

Foundation Topics 65

Introducing Cisco Configuration Professional 65

Understanding CCP Features and the GUI 65

The Menu Bar 66

The Toolbar 67

Left Navigation Pane 68

Content Pane 69

Status Bar 69

Setting Up New Devices 69

CCP Building Blocks 70

Communities 70

Templates 74

User Profiles 78

CCP Audit Features 81

One-Step Lockdown 84

A Few Highlights 84

Exam Preparation Tasks 88

Review All the Key Topics 88

Complete the Tables and Lists from Memory 88

Define Key Terms 88

Command Reference to Check Your Memory 89

Chapter 6 Securing the Management Plane on Cisco IOS Devices

“Do I Know This Already?” Quiz 91

Foundation Topics 94

Securing Management Traffic 94

What Is Management Traffic and the Management Plane? 94

Beyond the Blue Rollover Cable 94

Management Plane Best Practices 95

Password Recommendations 97

Using AAA to Verify Users 97

AAA Components 98

Options for Storing Usernames, Passwords, and Access Rules 98

Authorizing VPN Users 99

Router Access Authentication 100

The AAA Method List 101

Role-Based Access Control 102

Custom Privilege Levels 103

Limiting the Administrator by Assigning a View 103

Encrypted Management Protocols 103

Using Logging Files 104

Understanding NTP 105

Protecting Cisco IOS Files 106

Implement Security Measures to Protect the Management Plane 106

Implementing Strong Passwords 106

User Authentication with AAA 108

Using the CLI to Troubleshoot AAA for Cisco Routers 113

RBAC Privilege Level/Parser View 118

Implementing Parser Views 120

SSH and HTTPS 122

Implementing Logging Features 125

Configuring Syslog Support 125

SNMP Features 128

Configuring NTP 131

Securing the Cisco IOS Image and Configuration Files 133

Exam Preparation Tasks 134

Review All the Key Topics 134

Complete the Tables and Lists from Memory 135

Define Key Terms 135

Command Reference to Check Your Memory 135

Chapter 7 Implementing AAA Using IOS and the ACS Server

“Do I Know This Already?” Quiz 137

Foundation Topics 140

Cisco Secure ACS, RADIUS, and TACACS 140

Why Use Cisco ACS? 140

What Platform Does ACS Run On? 141

What Is ISE? 141

Protocols Used Between the ACS and the Router 141

Protocol Choices Between the ACS Server and the Client (the Router) 142

Configuring Routers to Interoperate with an ACS Server 143

Configuring the ACS Server to Interoperate with a Router 154

Verifying and Troubleshooting Router-to-ACS Server Interactions 164

Exam Preparation Tasks 171

Review All the Key Topics 171

Complete the Tables and Lists from Memory 171

Define Key Terms 171

Command Reference to Check Your Memory 172

Chapter 8 Securing Layer 2 Technologies

“Do I Know This Already?” Quiz 175

Foundation Topics 178

VLAN and Trunking Fundamentals 178

What Is a VLAN? 178

Trunking with 802.1Q 180

Following the Frame, Step by Step 181

The Native VLAN on a Trunk 181

So, What Do You Want to Be? (Says the Port) 182

Inter-VLAN Routing 182

The Challenge of Using Physical Interfaces Only 182

Using Virtual “Sub” Interfaces 182

Spanning-Tree Fundamentals 183

Loops in Networks Are Usually Bad 184

The Life of a Loop 184

The Solution to the Layer 2 Loop 184

STP Is Wary of New Ports 187

Improving the Time Until Forwarding 187

Common Layer 2 Threats and How to Mitigate Them 188

Disrupt the Bottom of the Wall, and the Top Is Disrupted, Too 188

Layer 2 Best Practices 189

Do Not Allow Negotiations 190

Layer 2 Security Toolkit 190

Specific Layer 2 Mitigation for CCNA Security 191

BPDU Guard 191

Root Guard 192

Port Security 192

Exam Preparation Tasks 195

Review All the Key Topics 195

Complete the Tables and Lists from Memory 195

Review the Port Security Video Included with This Book 196

Define Key Terms 196

Command Reference to Check Your Memory 196

Chapter 9 Securing the Data Plane in IPv6

“Do I Know This Already?” Quiz 199

Foundation Topics 202

Understanding and Configuring IPv6 202

Why IPv6? 202

The Format of an IPv6 Address 203

Understanding the Shortcuts 205

Did We Get an Extra Address? 205

IPv6 Address Types 206

Configuring IPv6 Routing 208

Moving to IPv6 210

Developing a Security Plan for IPv6 210

Best Practices Common to Both IPv4 and IPv6 210

Threats Common to Both IPv4 and IPv6 212

The Focus on IPv6 Security 213

New Potential Risks with IPv6 213

IPv6 Best Practices 214

Exam Preparation Tasks 216

Review All the Key Topics 216

Complete the Tables and Lists from Memory 216

Define Key Terms 217

Command Reference to Check Your Memory 217

Part III Mitigating and Controlling Threats

Chapter 10 Planning a Threat Control Strategy

“Do I Know This Already?” Quiz 221

Foundation Topics 224

Designing Threat Mitigation and Containment 224

The Opportunity for the Attacker Is Real 224

Many Potential Risks 224

The Biggest Risk of All 224

Where Do We Go from Here? 225

Securing a Network via Hardware/Software/Services 226

Switches 227

Routers 228

ASA Firewall 230

Other Systems and Services 231

Exam Preparation Tasks 232

Review All the Key Topics 232

Complete the Tables and Lists from Memory 232

Define Key Terms 232

Chapter 11 Using Access Control Lists for Threat Mitigation

“Do I Know This Already?” Quiz 235

Foundation Topics 238

Access Control List Fundamentals and Benefits 238

Access Lists Aren’t Just for Breakfast Anymore 238

Stopping Malicious Traffic with an Access List 239

What Can We Protect Against? 240

The Logic in a Packet-Filtering ACL 241

Standard and Extended Access Lists 242

Line Numbers Inside an Access List 243

Wildcard Masks 244

Object Groups 244

Implementing IPv4 ACLs as Packet Filters 244

Putting the Policy in Place 244

Monitoring the Access Lists 255

To Log or Not to Log 257

Implementing IPv6 ACLs as Packet Filters 259

Exam Preparation Tasks 263

Review All the Key Topics 263

Complete the Tables and Lists from Memory 263

Review the NAT Video Included with This Book 263

Define Key Terms 264

Command Reference to Check Your Memory 264

Chapter 12 Understanding Firewall Fundamentals

“Do I Know This Already?” Quiz 267

Foundation Topics 270

Firewall Concepts and Technologies 270

Firewall Technologies 270

Objectives of a Good Firewall 270

Firewall Justifications 271

The Defense-in-Depth Approach 272

Five Basic Firewall Methodologies 273

Static Packet Filtering 274

Application Layer Gateway 275

Stateful Packet Filtering 276

Application Inspection 277

Transparent Firewalls 277

Using Network Address Translation 278

NAT Is About Hiding or Changing the Truth About Source Addresses 278

Inside, Outside, Local, Global 279

Port Address Translation 280

NAT Options 281

Creating and Deploying Firewalls 283

Firewall Technologies 283

Firewall Design Considerations 283

Firewall Access Rules 284

Packet-Filtering Access Rule Structure 285

Firewall Rule Design Guidelines 285

Rule Implementation Consistency 286

Exam Preparation Tasks 288

Review All the Key Topics 288

Complete the Tables and Lists from Memory 288

Define Key Terms 288

Chapter 13 Implementing Cisco IOS Zone-Based Firewalls

“Do I Know This Already?” Quiz 291

Foundation Topics 294

Cisco IOS Zone-Based Firewall 294

How Zone-Based Firewall Operates 294

Specific Features of Zone-Based Firewalls 294

Zones and Why We Need Pairs of Them 295

Putting the Pieces Together 296

Service Policies 297

The Self Zone 300

Configuring and Verifying Cisco IOS Zone-Based Firewall 300

First Things First 301

Using CCP to Configure the Firewall 301

Verifying the Firewall 314

Verifying the Configuration from the Command Line 315

Implementing NAT in Addition to ZBF 319

Verifying Whether NAT Is Working 322

Exam Preparation Tasks 324

Review All the Key Topics 324

Review the Video Bonus Material 324

Complete the Tables and Lists from Memory 324

Define Key Terms 325

Command Reference to Check Your Memory 325

Chapter 14 Configuring Basic Firewall Policies on Cisco ASA

“Do I Know This Already?” Quiz 327

Foundation Topics 330

The ASA Appliance Family and Features 330

Meet the ASA Family 330

ASA Features and Services 331

ASA Firewall Fundamentals 333

ASA Security Levels 333

The Default Flow of Traffic 335

Tools to Manage the ASA 336

Initial Access 337

Packet Filtering on the ASA 337

Implementing a Packet-Filtering ACL 338

Modular Policy Framework 338

Where to Apply a Policy 339

Configuring the ASA 340

Beginning the Configuration 340

Getting to the ASDM GUI 345

Configuring the Interfaces 347

IP Addresses for Clients 355

Basic Routing to the Internet 356

NAT and PAT 357

Permitting Additional Access Through the Firewall 359

Using Packet Tracer to Verify Which Packets Are Allowed 362

Verifying the Policy of No Telnet 366

Exam Preparation Tasks 368

Review All the Key Topics 368

Complete the Tables and Lists from Memory 368

Define Key Terms 369

Command Reference to Check Your Memory 369

Chapter 15 Cisco IPS/IDS Fundamentals

“Do I Know This Already?” Quiz 371

Foundation Topics 374

IPS Versus IDS 374

What Sensors Do 374

Difference Between IPS and IDS 374

Sensor Platforms 376

True/False Negatives/Positives 376

Positive/Negative Terminology 377

Identifying Malicious Traffic on the Network 377

Signature-Based IPS/IDS 377

Policy-Based IPS/IDS 378

Anomaly-Based IPS/IDS 378

Reputation-Based IPS/IDS 378

When Sensors Detect Malicious Traffic 379

Controlling Which Actions the Sensors Should Take 381

Implementing Actions Based on the Risk Rating 382

IPv6 and IPS 382

Circumventing an IPS/IDS 382

Managing Signatures 384

Signature or Severity Levels 384

Monitoring and Managing Alarms and Alerts 385

Security Intelligence 385

IPS/IDS Best Practices 386

Exam Preparation Tasks 387

Review All the Key Topics 387

Complete the Tables and Lists from Memory 387

Define Key Terms 387

Chapter 16 Implementing IOS-Based IPS

“Do I Know This Already?” Quiz 389

Foundation Topics 392

Understanding and Installing an IOS-Based IPS 392

What Can IOS IPS Do? 392

Installing the IOS IPS Feature 393

Getting to the IPS Wizard 394

Working with Signatures in an IOS-Based IPS 400

Actions That May Be Taken 405

Best Practices When Tuning IPS 412

Managing and Monitoring IPS Alarms 412

Exam Preparation Tasks 417

Review All the Key Topics 417

Complete the Tables and Lists from Memory 417

Define Key Terms 417

Command Reference to Check Your Memory 418

Part IV Using VPNs for Secure Connectivity

Chapter 17 Fundamentals of VPN Technology

“Do I Know This Already?” Quiz 423

Foundation Topics 426

Understanding VPNs and Why We Use Them 426

What Is a VPN? 426

Types of VPNs 427

Two Main Types of VPNs 427

Main Benefits of VPNs 427

Confidentiality 428

Data Integrity 428

Authentication 430

Antireplay 430

Cryptography Basic Components 430

Ciphers and Keys 430

Ciphers 430

Keys 431

Block and Stream Ciphers 431

Block Ciphers 432

Stream Ciphers 432

Symmetric and Asymmetric Algorithms 432

Symmetric 432

Asymmetric 433

Hashes 434

Hashed Message Authentication Code 434

Digital Signatures 435

Digital Signatures in Action 435

Key Management 436

IPsec and SSL 436

IPsec 436

SSL 437

Exam Preparation Tasks 439

Review All the Key Topics 439

Complete the Tables and Lists from Memory 439

Define Key Terms 439

Chapter 18 Fundamentals of the Public Key Infrastructure

“Do I Know This Already?” Quiz 441

Foundation Topics 444

Public Key Infrastructure 444

Public and Private Key Pairs 444

RSA Algorithm, the Keys, and Digital Certificates 445

Who Has Keys and a Digital Certificate? 445

How Two Parties Exchange Public Keys 445

Creating a Digital Signature 445

Certificate Authorities 446

Root and Identity Certificates 446

Root Certificate 446

Identity Certificate 448

Using the Digital Certificates to get the Peer’s Public Key 448

X.500 and X.509v3 Certificates 449

Authenticating and Enrolling with the CA 450

Public Key Cryptography Standards 450

Simple Certificate Enrollment Protocol 451

Revoked Certificates 451

Uses for Digital Certificates 452

PKI Topologies 452

Single Root CA 453

Hierarchical CA with Subordinate CAs 453

Cross-Certifying CAs 453

Putting the Pieces of PKI to Work 453

Default of the ASA 454

Viewing the Certificates in ASDM 455

Adding a New Root Certificate 455

Easier Method for Installing Both Root and Identity certificates 457

Exam Preparation Tasks 462

Review All the Key Topics 462

Complete the Tables and Lists from Memory 462

Define Key Terms 463

Command Reference to Check Your Memory 463

Chapter 19 Fundamentals of IP Security

“Do I Know This Already?” Quiz 465

Foundation Topics 468

IPsec Concepts, Components, and Operations 468

The Goal of IPsec 468

The Play by Play for IPsec 469

Step 1: Negotiate the IKE Phase 1 Tunnel 469

Step 2: Run the DH Key Exchange 471

Step 3: Authenticate the Peer 471

What About the User’s Original Packet? 471

Leveraging What They Have Already Built 471

Now IPsec Can Protect the User’s Packets 472

Traffic Before IPsec 472

Traffic After IPsec 473

Summary of the IPsec Story 474

Configuring and Verifying IPsec 475

Tools to Configure the Tunnels 475

Start with a Plan 475

Applying the Configuration 475

Viewing the CLI Equivalent at the Router 482

Completing and Verifying IPsec 484

Exam Preparation Tasks 491

Review All the Key Topics 491

Complete the Tables and Lists from Memory 491

Define Key Terms 492

Command Reference to Check Your Memory 492

Chapter 20 Implementing IPsec Site-to-Site VPNs

“Do I Know This Already?” Quiz 495

Foundation Topics 498

Planning and Preparing an IPsec Site-to-Site VPN 498

Customer Needs 498

Planning IKE Phase 1 500

Planning IKE Phase 2 501

Implementing and Verifying an IPsec Site-to-Site VPN 502

Troubleshooting IPsec Site-to-Site VPNs 511

Exam Preparation Tasks 526

Review All the Key Topics 526

Complete the Tables and Lists from Memory 526

Define Key Terms 526

Command Reference to Check Your Memory 526

Chapter 21 Implementing SSL VPNs Using Cisco ASA

“Do I Know This Already?” Quiz 529

Foundation Topics 532

Functions and Use of SSL for VPNs 532

Is IPsec Out of the Picture? 532

SSL and TLS Protocol Framework 533

The Play by Play of SSL for VPNs 534

SSL VPN Flavors 534

Configuring SSL Clientless VPNs on ASA 535

Using the SSL VPN Wizard 536

Digital Certificates 537

Authenticating Users 538

Logging In 541

Seeing the VPN Activity from the Server 543

Configuring the Full SSL AnyConnect VPN on the ASA 544

Types of SSL VPNs 545

Configuring Server to Support the AnyConnect Client 545

Groups, Connection Profiles, and Defaults 552

One Item with Three Different Names 553

Split Tunneling 554

Exam Preparation Tasks 556

Review All the Key Topics 556

Complete the Tables and Lists from Memory 556

Define Key Terms 556

Chapter 22 Final Preparation

Tools for Final Preparation 559

Pearson IT Certification Practice Test Engine and Questions on the CD 559

Installing the Software from the CD 560

Activating and Downloading the Practice Exam 560

Activating Other Exams 560

Premium Edition 561

The Cisco Learning Network 561

Memory Tables 561

Chapter-Ending Review Tools 561

Videos 562

Suggested Plan for Final Review/Study 562

Using the Exam Engine 562

Summary 563

Part V Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes 567

Appendix B CCNA Security 640-554 (IINSv2) Exam Updates 573

Glossary 577

On the CD

Appendix C Memory Tables

Appendix D Memory Tables Answer Key

9781587204463 TOC 6/5/2012



Updates

Errata

Download the errata

Submit Errata



More Information



Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Privacy Notice

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
Such marketing is consistent with applicable law and Pearson's legal obligations.
Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

As required by law.
With the consent of the individual (or their parent, if the individual is a minor)
In response to a subpoena, court order or legal process, to the extent permitted or required by law
To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
To investigate or address actual or suspected fraud or other illegal activities
To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Email Address