Description

Book Synopsis

Cisco has announced big changes to its certification program.

As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.



Lay the foundation for a successful career in network security

CCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you suc

Table of Contents

Introduction xxi

Assessment Test xxxi

Chapter 1 Understanding Security Fundamentals 1

Goals of Security 2

Confidentiality 2

Integrity 3

Availability 3

Guiding Principles 3

Common Security Terms 6

Risk Management Process 7

Network Topologies 15

CAN 15

WAN 16

Data Center 16

SOHO 17

Virtual 17

Common Network Security Zones 17

DMZ 17

Intranet and Extranet 18

Public and Private 18

VLAN 18

Summary 19

Exam Essentials 19

Review Questions 20

Chapter 2 Understanding Security Threats 25

Common Network Attacks 26

Motivations 26

Classifying Attack Vectors 27

Spoofing 28

Password Attacks 29

Reconnaissance Attacks 30

Buffer Overflow 34

DoS 34

DDoS 36

Man-in-the-Middle Attack 37

ARP Poisoning 37

Social Engineering 38

Phishing/Pharming 38

Prevention 38

Malware 39

Data Loss and Exfiltration 39

Summary 40

Exam Essentials 40

Review Questions 42

Chapter 3 Understanding Cryptography 45

Symmetric and Asymmetric Encryption 46

Ciphers 46

Algorithms 48

Hashing Algorithms 53

MD5 54

SHA-1 54

SHA-2 54

HMAC 55

Digital Signatures 55

Key Exchange 57

Application: SSH 57

Public Key Infrastructure 57

Public and Private Keys 58

Certificates 60

Certificate Authorities 61

PKI Standards 63

PKI Topologies 64

Certificates in the ASA 65

Cryptanalysis 67

Summary 68

Exam Essentials 68

Review Questions 69

Chapter 4 Securing the Routing Process 73

Securing Router Access 74

Configuring SSH Access 74

Configuring Privilege Levels in IOS 76

Configuring IOS Role-Based CLI 77

Implementing Cisco IOS Resilient Configuration 79

Implementing OSPF Routing Update Authentication 80

Implementing OSPF Routing Update Authentication 80

Implementing EIGRP Routing Update Authentication 82

Securing the Control Plane 82

Control Plane Policing 83

Summary 84

Exam Essentials 85

Review Questions 86

Chapter 5 Understanding Layer 2 Attacks 91

Understanding STP Attacks 92

Understanding ARP Attacks 93

Understanding MAC Attacks 95

Understanding CAM Overflows 96

Understanding CDP/LLDP Reconnaissance 97

Understanding VLAN Hopping 98

Switch Spoofing 98

Double Tagging 99

Understanding DHCP Spoofing 99

Summary 101

Exam Essentials 101

Review Questions 102

Chapter 6 Preventing Layer 2 Attacks 107

Configuring DHCP Snooping 108

Configuring Dynamic ARP Inspection 110

Configuring Port Security 112

Configuring STP Security Features 114

BPDU Guard 114

Root Guard 115

Loop Guard 115

Disabling DTP 116

Verifying Mitigations 116

DHCP Snooping 116

DAI 117

Port Security 118

STP Features 118

DTP 120

Summary 120

Exam Essentials 121

Review Questions 122

Chapter 7 VLAN Security 127

Native VLANs 128

Mitigation 128

PVLANs 128

PVLAN Edge 131

PVLAN Proxy Attack 132

ACLs on Switches 133

Port ACLs 133

VLAN ACLs 133

Summary 134

Exam Essentials 134

Review Questions 136

Chapter 8 Securing Management Traffic 141

In-Band and Out-of-Band Management 142

AUX Port 142

VTY Ports 143

HTTPS Connection 144

SNMP 144

Console Port 145

Securing Network Management 146

SSH 146

HTTPS 146

ACLs 146

Banner Messages 147

Securing Access through SNMP v3 149

Securing NTP 150

Using SCP for File Transfer 151

Summary 151

Exam Essentials 152

Review Questions 153

Chapter 9 Understanding 802.1x and AAA 157

802.1x Components 158

RADIUS and TACACS+ Technologies 159

Configuring Administrative Access with TACACS+ 160

Local AAA Authentication and Accounting 160

SSH Using AAA 161

Understanding Authentication and Authorization Using ACS and ISE 161

Understanding the Integration of Active Directory with AAA 162

TACACS+ on IOS 162

Verify Router Connectivity to TACACS+ 164

Summary 164

Exam Essentials 165

Review Questions 166

Chapter 10 Securing a BYOD Initiative 171

The BYOD Architecture Framework 172

Cisco ISE 172

Cisco TrustSec 174

The Function of Mobile Device Management 177

Integration with ISE Authorization Policies 177

Summary 178

Exam Essentials 179

Review Questions 180

Chapter 11 Understanding VPNs 185

Understanding IPsec 186

Security Services 186

Protocols 189

Delivery Modes 192

IPsec with IPV6 194

Understanding Advanced VPN Concepts 195

Hairpinning 195

Split Tunneling 196

Always-on VPN 197

NAT Traversal 198

Summary 199

Exam Essentials 199

Review Questions 200

Chapter 12 Configuring VPNs 203

Configuring Remote Access VPNs 204

Basic Clientless SSL VPN Using ASDM 204

Verify a Clientless Connection 207

Basic AnyConnect SSL VPN Using ASDM 207

Verify an AnyConnect Connection 209

Endpoint Posture Assessment 209

Configuring Site-to-Site VPNs 209

Implement an IPsec Site-to-Site VPN with Preshared Key Authentication 209

Verify an IPsec Site-to-Site VPN 212

Summary 212

Exam Essentials 213

Review Questions 214

Chapter 13 Understanding Firewalls 219

Understanding Firewall Technologies 220

Packet Filtering 220

Proxy Firewalls 220

Application Firewall 221

Personal Firewall 221

Stateful vs. Stateless Firewalls 222

Operations 222

State Table 223

Summary 224

Exam Essentials 224

Review Questions 225

Chapter 14 Configuring NAT and Zone-Based Firewalls 229

Implementing NAT on ASA 9.x 230

Static 231

Dynamic 232

PAT 233

Policy NAT 233

Verifying NAT Operations 235

Configuring Zone-Based Firewalls 236

Class Maps 237

Default Policies 237

Configuring Zone-to-Zone Access 239

Summary 240

Exam Essentials 240

Review Questions 241

Chapter 15 Configuring the Firewall on an ASA 245

Understanding Firewall Services 246

Understanding Modes of Deployment 247

Routed Firewall 247

Transparent Firewall 247

Understanding Methods of Implementing High Availability 247

Active/Standby Failover 248

Active/Active Failover 248

Clustering 249

Understanding Security Contexts 249

Configuring ASA Management Access 250

Initial Configuration 250

Configuring Cisco ASA Interface Security Levels 251

Security Levels 251

Configuring Security Access Policies 253

Interface Access Rules 253

Object Groups 254

Configuring Default Cisco Modular Policy Framework (MPF) 256

Summary 257

Exam Essentials 257

Review Questions 259

Chapter 16 Intrusion Prevention 263

IPS Terminology 264

Threat 264

Risk 264

Vulnerability 265

Exploit 265

Zero-Day Threat 265

Actions 265

Network-Based IPS vs. Host-Based IPS 266

Host-Based IPS 266

Network-Based IPS 266

Promiscuous Mode 266

Detection Methods 267

Evasion Techniques 267

Packet Fragmentation 267

Injection Attacks 270

Alternate String Expressions 271

Introducing Cisco FireSIGHT 271

Capabilities 271

Protections 272

Understanding Modes of Deployment 273

Inline 275

Positioning of the IPS within the Network 275

Outside 275

DMZ 276

Inside 277

Understanding False Positives, False Negatives, True Positives, and True Negatives 277

Summary 278

Exam Essentials 278

Review Questions 280

Chapter 17 Content and Endpoint Security 285

Mitigating Email Threats 286

Spam Filtering 286

Context-Based Filtering 287

Anti-malware Filtering 287

DLP 287

Blacklisting 288

Email Encryption 288

Cisco Email Security Appliance 288

Putting the Pieces Together 290

Mitigating Web-Based Threats 292

Understanding Web Proxies 292

Cisco Web Security Appliance 293

Mitigating Endpoint Threats 294

Cisco Identity Services Engine (ISE) 294

Antivirus/Anti-malware 294

Personal Firewall 294

Hardware/Software Encryption of Local Data 294

HIPS 295

Summary 295

Exam Essentials 295

Review Questions 296

Appendix Answers to Review Questions 301

Chapter 1: Understanding Security Fundamentals 302

Chapter 2: Understanding Security Threats 304

Chapter 3: Understanding Cryptography 305

Chapter 4: Securing the Routing Process 307

Chapter 5: Understanding Layer 2 Attacks 309

Chapter 6: Preventing Layer 2 Attacks 311

Chapter 7: VLAN Security 312

Chapter 8: Securing Management Traffic 314

Chapter 9: Understanding 802.1x and AAA 316

Chapter 10: Securing a BYOD Initiative 317

Chapter 11: Understanding VPNs 319

Chapter 12: Configuring VPNs 321

Chapter 13: Understanding Firewalls 322

Chapter 14: Configuring NAT and Zone-Based Firewalls 324

Chapter 15: Configuring the Firewall on an ASA 325

Chapter 16: Intrusion Prevention 327

Chapter 17: Content and Endpoint Security 328

Index 331

CCNA Security Study Guide

Product form

£28.49

Includes FREE delivery

RRP £37.99 – you save £9.50 (25%)

Order before 4pm tomorrow for delivery by Wed 21 Jan 2026.

A Paperback / softback by Troy McMillan

Out of stock


    View other formats and editions of CCNA Security Study Guide by Troy McMillan

    Publisher: John Wiley & Sons Inc
    Publication Date: 06/03/2018
    ISBN13: 9781119409939, 978-1119409939
    ISBN10: 1119409934
    Also in:
    Computer networking and communications Network security

    Description

    Book Synopsis

    Cisco has announced big changes to its certification program.

    As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

    The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.



    Lay the foundation for a successful career in network security

    CCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you suc

    Table of Contents

    Introduction xxi

    Assessment Test xxxi

    Chapter 1 Understanding Security Fundamentals 1

    Goals of Security 2

    Confidentiality 2

    Integrity 3

    Availability 3

    Guiding Principles 3

    Common Security Terms 6

    Risk Management Process 7

    Network Topologies 15

    CAN 15

    WAN 16

    Data Center 16

    SOHO 17

    Virtual 17

    Common Network Security Zones 17

    DMZ 17

    Intranet and Extranet 18

    Public and Private 18

    VLAN 18

    Summary 19

    Exam Essentials 19

    Review Questions 20

    Chapter 2 Understanding Security Threats 25

    Common Network Attacks 26

    Motivations 26

    Classifying Attack Vectors 27

    Spoofing 28

    Password Attacks 29

    Reconnaissance Attacks 30

    Buffer Overflow 34

    DoS 34

    DDoS 36

    Man-in-the-Middle Attack 37

    ARP Poisoning 37

    Social Engineering 38

    Phishing/Pharming 38

    Prevention 38

    Malware 39

    Data Loss and Exfiltration 39

    Summary 40

    Exam Essentials 40

    Review Questions 42

    Chapter 3 Understanding Cryptography 45

    Symmetric and Asymmetric Encryption 46

    Ciphers 46

    Algorithms 48

    Hashing Algorithms 53

    MD5 54

    SHA-1 54

    SHA-2 54

    HMAC 55

    Digital Signatures 55

    Key Exchange 57

    Application: SSH 57

    Public Key Infrastructure 57

    Public and Private Keys 58

    Certificates 60

    Certificate Authorities 61

    PKI Standards 63

    PKI Topologies 64

    Certificates in the ASA 65

    Cryptanalysis 67

    Summary 68

    Exam Essentials 68

    Review Questions 69

    Chapter 4 Securing the Routing Process 73

    Securing Router Access 74

    Configuring SSH Access 74

    Configuring Privilege Levels in IOS 76

    Configuring IOS Role-Based CLI 77

    Implementing Cisco IOS Resilient Configuration 79

    Implementing OSPF Routing Update Authentication 80

    Implementing OSPF Routing Update Authentication 80

    Implementing EIGRP Routing Update Authentication 82

    Securing the Control Plane 82

    Control Plane Policing 83

    Summary 84

    Exam Essentials 85

    Review Questions 86

    Chapter 5 Understanding Layer 2 Attacks 91

    Understanding STP Attacks 92

    Understanding ARP Attacks 93

    Understanding MAC Attacks 95

    Understanding CAM Overflows 96

    Understanding CDP/LLDP Reconnaissance 97

    Understanding VLAN Hopping 98

    Switch Spoofing 98

    Double Tagging 99

    Understanding DHCP Spoofing 99

    Summary 101

    Exam Essentials 101

    Review Questions 102

    Chapter 6 Preventing Layer 2 Attacks 107

    Configuring DHCP Snooping 108

    Configuring Dynamic ARP Inspection 110

    Configuring Port Security 112

    Configuring STP Security Features 114

    BPDU Guard 114

    Root Guard 115

    Loop Guard 115

    Disabling DTP 116

    Verifying Mitigations 116

    DHCP Snooping 116

    DAI 117

    Port Security 118

    STP Features 118

    DTP 120

    Summary 120

    Exam Essentials 121

    Review Questions 122

    Chapter 7 VLAN Security 127

    Native VLANs 128

    Mitigation 128

    PVLANs 128

    PVLAN Edge 131

    PVLAN Proxy Attack 132

    ACLs on Switches 133

    Port ACLs 133

    VLAN ACLs 133

    Summary 134

    Exam Essentials 134

    Review Questions 136

    Chapter 8 Securing Management Traffic 141

    In-Band and Out-of-Band Management 142

    AUX Port 142

    VTY Ports 143

    HTTPS Connection 144

    SNMP 144

    Console Port 145

    Securing Network Management 146

    SSH 146

    HTTPS 146

    ACLs 146

    Banner Messages 147

    Securing Access through SNMP v3 149

    Securing NTP 150

    Using SCP for File Transfer 151

    Summary 151

    Exam Essentials 152

    Review Questions 153

    Chapter 9 Understanding 802.1x and AAA 157

    802.1x Components 158

    RADIUS and TACACS+ Technologies 159

    Configuring Administrative Access with TACACS+ 160

    Local AAA Authentication and Accounting 160

    SSH Using AAA 161

    Understanding Authentication and Authorization Using ACS and ISE 161

    Understanding the Integration of Active Directory with AAA 162

    TACACS+ on IOS 162

    Verify Router Connectivity to TACACS+ 164

    Summary 164

    Exam Essentials 165

    Review Questions 166

    Chapter 10 Securing a BYOD Initiative 171

    The BYOD Architecture Framework 172

    Cisco ISE 172

    Cisco TrustSec 174

    The Function of Mobile Device Management 177

    Integration with ISE Authorization Policies 177

    Summary 178

    Exam Essentials 179

    Review Questions 180

    Chapter 11 Understanding VPNs 185

    Understanding IPsec 186

    Security Services 186

    Protocols 189

    Delivery Modes 192

    IPsec with IPV6 194

    Understanding Advanced VPN Concepts 195

    Hairpinning 195

    Split Tunneling 196

    Always-on VPN 197

    NAT Traversal 198

    Summary 199

    Exam Essentials 199

    Review Questions 200

    Chapter 12 Configuring VPNs 203

    Configuring Remote Access VPNs 204

    Basic Clientless SSL VPN Using ASDM 204

    Verify a Clientless Connection 207

    Basic AnyConnect SSL VPN Using ASDM 207

    Verify an AnyConnect Connection 209

    Endpoint Posture Assessment 209

    Configuring Site-to-Site VPNs 209

    Implement an IPsec Site-to-Site VPN with Preshared Key Authentication 209

    Verify an IPsec Site-to-Site VPN 212

    Summary 212

    Exam Essentials 213

    Review Questions 214

    Chapter 13 Understanding Firewalls 219

    Understanding Firewall Technologies 220

    Packet Filtering 220

    Proxy Firewalls 220

    Application Firewall 221

    Personal Firewall 221

    Stateful vs. Stateless Firewalls 222

    Operations 222

    State Table 223

    Summary 224

    Exam Essentials 224

    Review Questions 225

    Chapter 14 Configuring NAT and Zone-Based Firewalls 229

    Implementing NAT on ASA 9.x 230

    Static 231

    Dynamic 232

    PAT 233

    Policy NAT 233

    Verifying NAT Operations 235

    Configuring Zone-Based Firewalls 236

    Class Maps 237

    Default Policies 237

    Configuring Zone-to-Zone Access 239

    Summary 240

    Exam Essentials 240

    Review Questions 241

    Chapter 15 Configuring the Firewall on an ASA 245

    Understanding Firewall Services 246

    Understanding Modes of Deployment 247

    Routed Firewall 247

    Transparent Firewall 247

    Understanding Methods of Implementing High Availability 247

    Active/Standby Failover 248

    Active/Active Failover 248

    Clustering 249

    Understanding Security Contexts 249

    Configuring ASA Management Access 250

    Initial Configuration 250

    Configuring Cisco ASA Interface Security Levels 251

    Security Levels 251

    Configuring Security Access Policies 253

    Interface Access Rules 253

    Object Groups 254

    Configuring Default Cisco Modular Policy Framework (MPF) 256

    Summary 257

    Exam Essentials 257

    Review Questions 259

    Chapter 16 Intrusion Prevention 263

    IPS Terminology 264

    Threat 264

    Risk 264

    Vulnerability 265

    Exploit 265

    Zero-Day Threat 265

    Actions 265

    Network-Based IPS vs. Host-Based IPS 266

    Host-Based IPS 266

    Network-Based IPS 266

    Promiscuous Mode 266

    Detection Methods 267

    Evasion Techniques 267

    Packet Fragmentation 267

    Injection Attacks 270

    Alternate String Expressions 271

    Introducing Cisco FireSIGHT 271

    Capabilities 271

    Protections 272

    Understanding Modes of Deployment 273

    Inline 275

    Positioning of the IPS within the Network 275

    Outside 275

    DMZ 276

    Inside 277

    Understanding False Positives, False Negatives, True Positives, and True Negatives 277

    Summary 278

    Exam Essentials 278

    Review Questions 280

    Chapter 17 Content and Endpoint Security 285

    Mitigating Email Threats 286

    Spam Filtering 286

    Context-Based Filtering 287

    Anti-malware Filtering 287

    DLP 287

    Blacklisting 288

    Email Encryption 288

    Cisco Email Security Appliance 288

    Putting the Pieces Together 290

    Mitigating Web-Based Threats 292

    Understanding Web Proxies 292

    Cisco Web Security Appliance 293

    Mitigating Endpoint Threats 294

    Cisco Identity Services Engine (ISE) 294

    Antivirus/Anti-malware 294

    Personal Firewall 294

    Hardware/Software Encryption of Local Data 294

    HIPS 295

    Summary 295

    Exam Essentials 295

    Review Questions 296

    Appendix Answers to Review Questions 301

    Chapter 1: Understanding Security Fundamentals 302

    Chapter 2: Understanding Security Threats 304

    Chapter 3: Understanding Cryptography 305

    Chapter 4: Securing the Routing Process 307

    Chapter 5: Understanding Layer 2 Attacks 309

    Chapter 6: Preventing Layer 2 Attacks 311

    Chapter 7: VLAN Security 312

    Chapter 8: Securing Management Traffic 314

    Chapter 9: Understanding 802.1x and AAA 316

    Chapter 10: Securing a BYOD Initiative 317

    Chapter 11: Understanding VPNs 319

    Chapter 12: Configuring VPNs 321

    Chapter 13: Understanding Firewalls 322

    Chapter 14: Configuring NAT and Zone-Based Firewalls 324

    Chapter 15: Configuring the Firewall on an ASA 325

    Chapter 16: Intrusion Prevention 327

    Chapter 17: Content and Endpoint Security 328

    Index 331

    Recently viewed products

    © 2026 Book Curl

      • American Express
      • Apple Pay
      • Diners Club
      • Discover
      • Google Pay
      • Maestro
      • Mastercard
      • PayPal
      • Shop Pay
      • Union Pay
      • Visa

      Login

      Forgot your password?

      Don't have an account yet?
      Create account