Description

Book Synopsis

Cisco has announced big changes to its certification program.

As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.



Lay the foundation for a successful career in network security

CCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you suc

Table of Contents

Introduction xxi

Assessment Test xxxi

Chapter 1 Understanding Security Fundamentals 1

Goals of Security 2

Confidentiality 2

Integrity 3

Availability 3

Guiding Principles 3

Common Security Terms 6

Risk Management Process 7

Network Topologies 15

CAN 15

WAN 16

Data Center 16

SOHO 17

Virtual 17

Common Network Security Zones 17

DMZ 17

Intranet and Extranet 18

Public and Private 18

VLAN 18

Summary 19

Exam Essentials 19

Review Questions 20

Chapter 2 Understanding Security Threats 25

Common Network Attacks 26

Motivations 26

Classifying Attack Vectors 27

Spoofing 28

Password Attacks 29

Reconnaissance Attacks 30

Buffer Overflow 34

DoS 34

DDoS 36

Man-in-the-Middle Attack 37

ARP Poisoning 37

Social Engineering 38

Phishing/Pharming 38

Prevention 38

Malware 39

Data Loss and Exfiltration 39

Summary 40

Exam Essentials 40

Review Questions 42

Chapter 3 Understanding Cryptography 45

Symmetric and Asymmetric Encryption 46

Ciphers 46

Algorithms 48

Hashing Algorithms 53

MD5 54

SHA-1 54

SHA-2 54

HMAC 55

Digital Signatures 55

Key Exchange 57

Application: SSH 57

Public Key Infrastructure 57

Public and Private Keys 58

Certificates 60

Certificate Authorities 61

PKI Standards 63

PKI Topologies 64

Certificates in the ASA 65

Cryptanalysis 67

Summary 68

Exam Essentials 68

Review Questions 69

Chapter 4 Securing the Routing Process 73

Securing Router Access 74

Configuring SSH Access 74

Configuring Privilege Levels in IOS 76

Configuring IOS Role-Based CLI 77

Implementing Cisco IOS Resilient Configuration 79

Implementing OSPF Routing Update Authentication 80

Implementing OSPF Routing Update Authentication 80

Implementing EIGRP Routing Update Authentication 82

Securing the Control Plane 82

Control Plane Policing 83

Summary 84

Exam Essentials 85

Review Questions 86

Chapter 5 Understanding Layer 2 Attacks 91

Understanding STP Attacks 92

Understanding ARP Attacks 93

Understanding MAC Attacks 95

Understanding CAM Overflows 96

Understanding CDP/LLDP Reconnaissance 97

Understanding VLAN Hopping 98

Switch Spoofing 98

Double Tagging 99

Understanding DHCP Spoofing 99

Summary 101

Exam Essentials 101

Review Questions 102

Chapter 6 Preventing Layer 2 Attacks 107

Configuring DHCP Snooping 108

Configuring Dynamic ARP Inspection 110

Configuring Port Security 112

Configuring STP Security Features 114

BPDU Guard 114

Root Guard 115

Loop Guard 115

Disabling DTP 116

Verifying Mitigations 116

DHCP Snooping 116

DAI 117

Port Security 118

STP Features 118

DTP 120

Summary 120

Exam Essentials 121

Review Questions 122

Chapter 7 VLAN Security 127

Native VLANs 128

Mitigation 128

PVLANs 128

PVLAN Edge 131

PVLAN Proxy Attack 132

ACLs on Switches 133

Port ACLs 133

VLAN ACLs 133

Summary 134

Exam Essentials 134

Review Questions 136

Chapter 8 Securing Management Traffic 141

In-Band and Out-of-Band Management 142

AUX Port 142

VTY Ports 143

HTTPS Connection 144

SNMP 144

Console Port 145

Securing Network Management 146

SSH 146

HTTPS 146

ACLs 146

Banner Messages 147

Securing Access through SNMP v3 149

Securing NTP 150

Using SCP for File Transfer 151

Summary 151

Exam Essentials 152

Review Questions 153

Chapter 9 Understanding 802.1x and AAA 157

802.1x Components 158

RADIUS and TACACS+ Technologies 159

Configuring Administrative Access with TACACS+ 160

Local AAA Authentication and Accounting 160

SSH Using AAA 161

Understanding Authentication and Authorization Using ACS and ISE 161

Understanding the Integration of Active Directory with AAA 162

TACACS+ on IOS 162

Verify Router Connectivity to TACACS+ 164

Summary 164

Exam Essentials 165

Review Questions 166

Chapter 10 Securing a BYOD Initiative 171

The BYOD Architecture Framework 172

Cisco ISE 172

Cisco TrustSec 174

The Function of Mobile Device Management 177

Integration with ISE Authorization Policies 177

Summary 178

Exam Essentials 179

Review Questions 180

Chapter 11 Understanding VPNs 185

Understanding IPsec 186

Security Services 186

Protocols 189

Delivery Modes 192

IPsec with IPV6 194

Understanding Advanced VPN Concepts 195

Hairpinning 195

Split Tunneling 196

Always-on VPN 197

NAT Traversal 198

Summary 199

Exam Essentials 199

Review Questions 200

Chapter 12 Configuring VPNs 203

Configuring Remote Access VPNs 204

Basic Clientless SSL VPN Using ASDM 204

Verify a Clientless Connection 207

Basic AnyConnect SSL VPN Using ASDM 207

Verify an AnyConnect Connection 209

Endpoint Posture Assessment 209

Configuring Site-to-Site VPNs 209

Implement an IPsec Site-to-Site VPN with Preshared Key Authentication 209

Verify an IPsec Site-to-Site VPN 212

Summary 212

Exam Essentials 213

Review Questions 214

Chapter 13 Understanding Firewalls 219

Understanding Firewall Technologies 220

Packet Filtering 220

Proxy Firewalls 220

Application Firewall 221

Personal Firewall 221

Stateful vs. Stateless Firewalls 222

Operations 222

State Table 223

Summary 224

Exam Essentials 224

Review Questions 225

Chapter 14 Configuring NAT and Zone-Based Firewalls 229

Implementing NAT on ASA 9.x 230

Static 231

Dynamic 232

PAT 233

Policy NAT 233

Verifying NAT Operations 235

Configuring Zone-Based Firewalls 236

Class Maps 237

Default Policies 237

Configuring Zone-to-Zone Access 239

Summary 240

Exam Essentials 240

Review Questions 241

Chapter 15 Configuring the Firewall on an ASA 245

Understanding Firewall Services 246

Understanding Modes of Deployment 247

Routed Firewall 247

Transparent Firewall 247

Understanding Methods of Implementing High Availability 247

Active/Standby Failover 248

Active/Active Failover 248

Clustering 249

Understanding Security Contexts 249

Configuring ASA Management Access 250

Initial Configuration 250

Configuring Cisco ASA Interface Security Levels 251

Security Levels 251

Configuring Security Access Policies 253

Interface Access Rules 253

Object Groups 254

Configuring Default Cisco Modular Policy Framework (MPF) 256

Summary 257

Exam Essentials 257

Review Questions 259

Chapter 16 Intrusion Prevention 263

IPS Terminology 264

Threat 264

Risk 264

Vulnerability 265

Exploit 265

Zero-Day Threat 265

Actions 265

Network-Based IPS vs. Host-Based IPS 266

Host-Based IPS 266

Network-Based IPS 266

Promiscuous Mode 266

Detection Methods 267

Evasion Techniques 267

Packet Fragmentation 267

Injection Attacks 270

Alternate String Expressions 271

Introducing Cisco FireSIGHT 271

Capabilities 271

Protections 272

Understanding Modes of Deployment 273

Inline 275

Positioning of the IPS within the Network 275

Outside 275

DMZ 276

Inside 277

Understanding False Positives, False Negatives, True Positives, and True Negatives 277

Summary 278

Exam Essentials 278

Review Questions 280

Chapter 17 Content and Endpoint Security 285

Mitigating Email Threats 286

Spam Filtering 286

Context-Based Filtering 287

Anti-malware Filtering 287

DLP 287

Blacklisting 288

Email Encryption 288

Cisco Email Security Appliance 288

Putting the Pieces Together 290

Mitigating Web-Based Threats 292

Understanding Web Proxies 292

Cisco Web Security Appliance 293

Mitigating Endpoint Threats 294

Cisco Identity Services Engine (ISE) 294

Antivirus/Anti-malware 294

Personal Firewall 294

Hardware/Software Encryption of Local Data 294

HIPS 295

Summary 295

Exam Essentials 295

Review Questions 296

Appendix Answers to Review Questions 301

Chapter 1: Understanding Security Fundamentals 302

Chapter 2: Understanding Security Threats 304

Chapter 3: Understanding Cryptography 305

Chapter 4: Securing the Routing Process 307

Chapter 5: Understanding Layer 2 Attacks 309

Chapter 6: Preventing Layer 2 Attacks 311

Chapter 7: VLAN Security 312

Chapter 8: Securing Management Traffic 314

Chapter 9: Understanding 802.1x and AAA 316

Chapter 10: Securing a BYOD Initiative 317

Chapter 11: Understanding VPNs 319

Chapter 12: Configuring VPNs 321

Chapter 13: Understanding Firewalls 322

Chapter 14: Configuring NAT and Zone-Based Firewalls 324

Chapter 15: Configuring the Firewall on an ASA 325

Chapter 16: Intrusion Prevention 327

Chapter 17: Content and Endpoint Security 328

Index 331

CCNA Security Study Guide

    Product form

    £30.39

    Includes FREE delivery

    RRP £37.99 – you save £7.60 (20%)

    Order before 4pm tomorrow for delivery by Sat 4 Jul 2026.

    A Paperback / softback by Troy McMillan

    7 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of CCNA Security Study Guide by Troy McMillan

      Publisher: John Wiley & Sons Inc
      Publication Date: 06/03/2018
      ISBN13: 9781119409939, 978-1119409939
      ISBN10: 1119409934
      Also in:
      Computer networking and communications Network security

      Description

      Book Synopsis

      Cisco has announced big changes to its certification program.

      As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

      The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.



      Lay the foundation for a successful career in network security

      CCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you suc

      Table of Contents

      Introduction xxi

      Assessment Test xxxi

      Chapter 1 Understanding Security Fundamentals 1

      Goals of Security 2

      Confidentiality 2

      Integrity 3

      Availability 3

      Guiding Principles 3

      Common Security Terms 6

      Risk Management Process 7

      Network Topologies 15

      CAN 15

      WAN 16

      Data Center 16

      SOHO 17

      Virtual 17

      Common Network Security Zones 17

      DMZ 17

      Intranet and Extranet 18

      Public and Private 18

      VLAN 18

      Summary 19

      Exam Essentials 19

      Review Questions 20

      Chapter 2 Understanding Security Threats 25

      Common Network Attacks 26

      Motivations 26

      Classifying Attack Vectors 27

      Spoofing 28

      Password Attacks 29

      Reconnaissance Attacks 30

      Buffer Overflow 34

      DoS 34

      DDoS 36

      Man-in-the-Middle Attack 37

      ARP Poisoning 37

      Social Engineering 38

      Phishing/Pharming 38

      Prevention 38

      Malware 39

      Data Loss and Exfiltration 39

      Summary 40

      Exam Essentials 40

      Review Questions 42

      Chapter 3 Understanding Cryptography 45

      Symmetric and Asymmetric Encryption 46

      Ciphers 46

      Algorithms 48

      Hashing Algorithms 53

      MD5 54

      SHA-1 54

      SHA-2 54

      HMAC 55

      Digital Signatures 55

      Key Exchange 57

      Application: SSH 57

      Public Key Infrastructure 57

      Public and Private Keys 58

      Certificates 60

      Certificate Authorities 61

      PKI Standards 63

      PKI Topologies 64

      Certificates in the ASA 65

      Cryptanalysis 67

      Summary 68

      Exam Essentials 68

      Review Questions 69

      Chapter 4 Securing the Routing Process 73

      Securing Router Access 74

      Configuring SSH Access 74

      Configuring Privilege Levels in IOS 76

      Configuring IOS Role-Based CLI 77

      Implementing Cisco IOS Resilient Configuration 79

      Implementing OSPF Routing Update Authentication 80

      Implementing OSPF Routing Update Authentication 80

      Implementing EIGRP Routing Update Authentication 82

      Securing the Control Plane 82

      Control Plane Policing 83

      Summary 84

      Exam Essentials 85

      Review Questions 86

      Chapter 5 Understanding Layer 2 Attacks 91

      Understanding STP Attacks 92

      Understanding ARP Attacks 93

      Understanding MAC Attacks 95

      Understanding CAM Overflows 96

      Understanding CDP/LLDP Reconnaissance 97

      Understanding VLAN Hopping 98

      Switch Spoofing 98

      Double Tagging 99

      Understanding DHCP Spoofing 99

      Summary 101

      Exam Essentials 101

      Review Questions 102

      Chapter 6 Preventing Layer 2 Attacks 107

      Configuring DHCP Snooping 108

      Configuring Dynamic ARP Inspection 110

      Configuring Port Security 112

      Configuring STP Security Features 114

      BPDU Guard 114

      Root Guard 115

      Loop Guard 115

      Disabling DTP 116

      Verifying Mitigations 116

      DHCP Snooping 116

      DAI 117

      Port Security 118

      STP Features 118

      DTP 120

      Summary 120

      Exam Essentials 121

      Review Questions 122

      Chapter 7 VLAN Security 127

      Native VLANs 128

      Mitigation 128

      PVLANs 128

      PVLAN Edge 131

      PVLAN Proxy Attack 132

      ACLs on Switches 133

      Port ACLs 133

      VLAN ACLs 133

      Summary 134

      Exam Essentials 134

      Review Questions 136

      Chapter 8 Securing Management Traffic 141

      In-Band and Out-of-Band Management 142

      AUX Port 142

      VTY Ports 143

      HTTPS Connection 144

      SNMP 144

      Console Port 145

      Securing Network Management 146

      SSH 146

      HTTPS 146

      ACLs 146

      Banner Messages 147

      Securing Access through SNMP v3 149

      Securing NTP 150

      Using SCP for File Transfer 151

      Summary 151

      Exam Essentials 152

      Review Questions 153

      Chapter 9 Understanding 802.1x and AAA 157

      802.1x Components 158

      RADIUS and TACACS+ Technologies 159

      Configuring Administrative Access with TACACS+ 160

      Local AAA Authentication and Accounting 160

      SSH Using AAA 161

      Understanding Authentication and Authorization Using ACS and ISE 161

      Understanding the Integration of Active Directory with AAA 162

      TACACS+ on IOS 162

      Verify Router Connectivity to TACACS+ 164

      Summary 164

      Exam Essentials 165

      Review Questions 166

      Chapter 10 Securing a BYOD Initiative 171

      The BYOD Architecture Framework 172

      Cisco ISE 172

      Cisco TrustSec 174

      The Function of Mobile Device Management 177

      Integration with ISE Authorization Policies 177

      Summary 178

      Exam Essentials 179

      Review Questions 180

      Chapter 11 Understanding VPNs 185

      Understanding IPsec 186

      Security Services 186

      Protocols 189

      Delivery Modes 192

      IPsec with IPV6 194

      Understanding Advanced VPN Concepts 195

      Hairpinning 195

      Split Tunneling 196

      Always-on VPN 197

      NAT Traversal 198

      Summary 199

      Exam Essentials 199

      Review Questions 200

      Chapter 12 Configuring VPNs 203

      Configuring Remote Access VPNs 204

      Basic Clientless SSL VPN Using ASDM 204

      Verify a Clientless Connection 207

      Basic AnyConnect SSL VPN Using ASDM 207

      Verify an AnyConnect Connection 209

      Endpoint Posture Assessment 209

      Configuring Site-to-Site VPNs 209

      Implement an IPsec Site-to-Site VPN with Preshared Key Authentication 209

      Verify an IPsec Site-to-Site VPN 212

      Summary 212

      Exam Essentials 213

      Review Questions 214

      Chapter 13 Understanding Firewalls 219

      Understanding Firewall Technologies 220

      Packet Filtering 220

      Proxy Firewalls 220

      Application Firewall 221

      Personal Firewall 221

      Stateful vs. Stateless Firewalls 222

      Operations 222

      State Table 223

      Summary 224

      Exam Essentials 224

      Review Questions 225

      Chapter 14 Configuring NAT and Zone-Based Firewalls 229

      Implementing NAT on ASA 9.x 230

      Static 231

      Dynamic 232

      PAT 233

      Policy NAT 233

      Verifying NAT Operations 235

      Configuring Zone-Based Firewalls 236

      Class Maps 237

      Default Policies 237

      Configuring Zone-to-Zone Access 239

      Summary 240

      Exam Essentials 240

      Review Questions 241

      Chapter 15 Configuring the Firewall on an ASA 245

      Understanding Firewall Services 246

      Understanding Modes of Deployment 247

      Routed Firewall 247

      Transparent Firewall 247

      Understanding Methods of Implementing High Availability 247

      Active/Standby Failover 248

      Active/Active Failover 248

      Clustering 249

      Understanding Security Contexts 249

      Configuring ASA Management Access 250

      Initial Configuration 250

      Configuring Cisco ASA Interface Security Levels 251

      Security Levels 251

      Configuring Security Access Policies 253

      Interface Access Rules 253

      Object Groups 254

      Configuring Default Cisco Modular Policy Framework (MPF) 256

      Summary 257

      Exam Essentials 257

      Review Questions 259

      Chapter 16 Intrusion Prevention 263

      IPS Terminology 264

      Threat 264

      Risk 264

      Vulnerability 265

      Exploit 265

      Zero-Day Threat 265

      Actions 265

      Network-Based IPS vs. Host-Based IPS 266

      Host-Based IPS 266

      Network-Based IPS 266

      Promiscuous Mode 266

      Detection Methods 267

      Evasion Techniques 267

      Packet Fragmentation 267

      Injection Attacks 270

      Alternate String Expressions 271

      Introducing Cisco FireSIGHT 271

      Capabilities 271

      Protections 272

      Understanding Modes of Deployment 273

      Inline 275

      Positioning of the IPS within the Network 275

      Outside 275

      DMZ 276

      Inside 277

      Understanding False Positives, False Negatives, True Positives, and True Negatives 277

      Summary 278

      Exam Essentials 278

      Review Questions 280

      Chapter 17 Content and Endpoint Security 285

      Mitigating Email Threats 286

      Spam Filtering 286

      Context-Based Filtering 287

      Anti-malware Filtering 287

      DLP 287

      Blacklisting 288

      Email Encryption 288

      Cisco Email Security Appliance 288

      Putting the Pieces Together 290

      Mitigating Web-Based Threats 292

      Understanding Web Proxies 292

      Cisco Web Security Appliance 293

      Mitigating Endpoint Threats 294

      Cisco Identity Services Engine (ISE) 294

      Antivirus/Anti-malware 294

      Personal Firewall 294

      Hardware/Software Encryption of Local Data 294

      HIPS 295

      Summary 295

      Exam Essentials 295

      Review Questions 296

      Appendix Answers to Review Questions 301

      Chapter 1: Understanding Security Fundamentals 302

      Chapter 2: Understanding Security Threats 304

      Chapter 3: Understanding Cryptography 305

      Chapter 4: Securing the Routing Process 307

      Chapter 5: Understanding Layer 2 Attacks 309

      Chapter 6: Preventing Layer 2 Attacks 311

      Chapter 7: VLAN Security 312

      Chapter 8: Securing Management Traffic 314

      Chapter 9: Understanding 802.1x and AAA 316

      Chapter 10: Securing a BYOD Initiative 317

      Chapter 11: Understanding VPNs 319

      Chapter 12: Configuring VPNs 321

      Chapter 13: Understanding Firewalls 322

      Chapter 14: Configuring NAT and Zone-Based Firewalls 324

      Chapter 15: Configuring the Firewall on an ASA 325

      Chapter 16: Intrusion Prevention 327

      Chapter 17: Content and Endpoint Security 328

      Index 331

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account