CCNP Security Secure 642-637 Official Cert Guide, w. CD-ROM
(Sprache: Englisch)
This volume is part of the Official Cert Guide from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses,...
Leider schon ausverkauft
versandkostenfrei
Buch
71.34 €
Produktdetails
Produktinformationen zu „CCNP Security Secure 642-637 Official Cert Guide, w. CD-ROM “
This volume is part of the Official Cert Guide from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.
Klappentext zu „CCNP Security Secure 642-637 Official Cert Guide, w. CD-ROM “
CCNP Security Secure 642-637 Official Cert Guide is a comprehensive self-study tool for preparing for the Secure exam. This book teaches you how to secure Cisco IOS Software router and switch-based networks and provide security services based on Cisco IOS Software. Complete coverage of all exam topics as posted on the exam topic blueprint ensures you will arrive at a thorough understanding of what you need to master to succeed on the exam. The book follows a logical organization of the Secure exam objectives. Material is presented in a concise manner, focusing on increasing your retention and recall of exam topics. This book helps you organize your exam preparation through the use of the consistent features, including:· Pre-chapter quiz - These quizzes allow you to assess your knowledge of the chapter content and decide how much time to spend on any given section.
· Foundation Topics - These sections make up the majority of the page count, explaining concepts, configurations, with emphasis on the theory and concepts, and with linking the theory to the meaning of the configuration commands.
· Key Topics - Inside the Foundation Topics sections, every figure, table, or list that should absolutely be understood and remembered for the exam is noted with the words "Key Topic" in the margin. This tool allows you to quickly review the most important details in each chapter.
· Exam Preparation - This ending section of each chapter includes additional features for review and study, all designed to help you remember the details as well as to get more depth. You will be instructed to review key topics from the chapter, complete tables and lists from memory, and define key terms.
· Final Preparation Chapter - This final chapter details a set of tools and a study plan to help you complete your exam preparation.
Inhaltsverzeichnis zu „CCNP Security Secure 642-637 Official Cert Guide, w. CD-ROM “
Introduction xxxiii Part I Network Security Technologies Overview Chapter 1 Network Security Fundamentals 3 "Do I Know This Already?" Quiz 3 Foundation Topics 7 Defining Network Security 7 Building Secure Networks 7 Cisco SAFE 9 SCF Basics 9 SAFE/SCF Architecture Principles 12 SAFE/SCF Network Foundation Protection (NFP) 14 SAFE/SCF Design Blueprints 14 SAFE Usage 15 Exam Preparation 17 Chapter 2 Network Security Threats 21 "Do I Know This Already?" Quiz 21 Foundation Topics 24 Vulnerabilities 24 Self-Imposed Network Vulnerabilities 24 Intruder Motivations 29 Lack of Understanding of Computers or Networks 30 Intruding for Curiosity 30 Intruding for Fun and Pride 30 Intruding for Revenge 30 Intruding for Profit 31 Intruding for Political Purposes 31 Types of Network Attacks 31 Reconnaissance Attacks 32 Access Attacks 33 DoS Attacks 35 Exam Preparation 36 Chapter 3 Network Foundation Protection (NFP) Overview 39 "Do I Know This Already?" Quiz 39 Foundation Topics 42 Overview of Device Functionality Planes 42 Control Plane 43 Data Plane 44 Management Plane 45 Identifying Network Foundation Protection Deployment Models 45 Identifying Network Foundation Protection Feature Availability 48 Cisco Catalyst Switches 48 Cisco Integrated Services Routers (ISR) 49 Cisco Supporting Management Components 50 Exam Preparation 53 Part II Cisco IOS Foundation Security Solutions Chapter 4 Configuring and Implementing Switched Data Plane Security Solutions 57 "Do I Know This Already?" Quiz 57 Foundation Topics 60 Switched Data Plane Attack Types 60 VLAN Hopping Attacks 60 CAM Flooding Attacks 61 MAC Address Spoofing 63 Spanning Tree Protocol (STP) Spoofing Attacks 63 DHCP Starvation Attacks 66 DHCP Server Spoofing 67 ARP Spoofing 67 Switched Data Plane Security Technologies 67 Port Configuration 67 Port Security 71 Root Guard, BPDU Guard, and PortFast 74 DHCP Snooping 75 Dynamic ARP Inspection (DAI) 77 IP Source Guard 79 Private VLANs (PVLAN) 80 Exam Preparation 84 Chapter 5 802.1X and
... mehr
Cisco Identity-Based Networking Services (IBNS) 91 "Do I Know This Already?" Quiz 91 Foundation Topics 94 Identity-Based Networking Services (IBNS) and IEEE 802.1x Overview 94 IBNS and 802.1x Enhancements and Features 94 802.1x Components 96 802.1x Interworking 97 Extensible Authentication Protocol (EAP) 97 EAP over LAN (EAPOL) 98 EAP Message Exchange 99 Port States 100 Port Authentication Host Modes 101 EAP Type Selection 102 EAP-Message Digest Algorithm 5 102 Protected EAP w/MS-CHAPv2 102 Cisco Lightweight EAP 103 EAP-Transport Layer Security 104 EAP-Tunneled Transport Layer Security 104 EAP-Flexible Authentication via Secure Tunneling 105 Exam Preparation 106 Chapter 6 Implementing and Configuring Basic 802.1X 109 "Do I Know This Already?" Quiz 109 Foundation Topics 112 Plan Basic 802.1X Deployment on Cisco Catalyst IOS Software 112 Gathering Input Parameters 113 Deployment Tasks 113 Deployment Choices 114 General Deployment Guidelines 114 Configure and Verify Cisco Catalyst IOS Software 802.1X Authenticator 115 Configuration Choices 115 Configuration Scenario 115 Verify Basic 802.1X Functionality 121 Configure and Verify Cisco ACS for EAP-FAST 121 Configuration Choices 122 Configuration Scenario 122 Configure the Cisco Secure Services Client 802.1X Supplicant 128 Task 1: Create the CSSC Configuration Profile 128 Task 2: Create a Wired Network Profile 128 Tasks 3 and 4: (Optional) Tune 802.1X Timers and Authentication Mode 130 Task 5: Configure the Inner and Outer EAP Mode for the Connection 131 Task 6: Choose the Login Credentials to Be Used for Authentication 132 Task 7: Create the CSSC Installation Package 133 Network Login 134 Verify and Troubleshoot 802.1 X Operations 134 Troubleshooting Flow 134 Successful Authentication 135 Verify Connection Status 135 Verify Authentication on AAA Server 135 Verify Guest/Restricted VLAN Assignment 135 802.1X Readiness Check 135 Unresponsive Supplicant 135 Failed Authentication: RADIUS Configuration Issues 135 Failed Authentication: Bad Credentials 135 Exam Preparation 136 Chapter 7 Implementing and Configuring Advanced 802.1X 139 "Do I Know This Already?" Quiz 139 Foundation Topics 143 Plan the Deployment of Cisco Advanced 802.1X Authentication Features 143 Gathering Input Parameters 143 Deployment Tasks 144 Deployment Choices 144 Configure and Verify EAP-TLS Authentication on Cisco IOS Components and Cisco Secure ACS 145 EAP-TLS with 802.1X Configuration Tasks 145 Configuration Scenario 146 Configuration Choices 146 Task 1: Configure RADIUS Server 147 Task 2: Install Identity and Certificate Authority Certificates on All Clients 147 Task 3: Configure an Identity Certificate on the Cisco Secure ACS Server 147 Task 4: Configure Support of EAP-TLS on the Cisco Secure ACS Server 149 Task 5: (Optional) Configure EAP-TLS Support Using the Microsoft Windows Native Supplicant 151 Task 6: (Optional) Configure EAP-TLS Support Using the Cisco Secure Services Client (CSSC) Supplicant 152 Implementation Guidelines 153 Feature Support 153 Verifying EAP-TLS Configuration 153 Deploying User and Machine Authentication 153 Configuring User and Machine Authentication Tasks 154 Configuration Scenario 154 Task 1: Install Identity and Certificate Authority Certificates on All Clients 155 Task 2: Configure Support of EAP-TLS on Cisco Secure ACS Server 155 Task 3: Configure Support of Machine Authentication on Cisco Secure ACS Server 156 Task 4: Configure Support of Machine Authentication on Microsoft Windows Native 802.1X Supplicant 156 Task 5: (Optional) Configure Machine Authentication Support Using the Cisco Secure Services Client (CSSC) Supplicant 157 Task 6: (Optional) Configure Additional User Support Using the Cisco Secure Services Client (CSSC) Supplicant 158 Implementation Guidelines 158 Feature Support 158 Deploying VLAN and ACL Assignment 159 Deploying VLAN and ACL Assignment Tasks 159 Configuration Scenario 159 Configuration Choices 160 Task 1: Configure Cisco IOS Software 802.1X Authenticator Authorization 160 Task 2: (Optional) Configure VLAN Assignment on Cisco Secure ACS 161 Task 3: (Optional) Configure and Prepare for ACL Assignment on Cisco IOS Software Switch 162 Task 4: (Optional) Configure ACL Assignment on Cisco Secure ACS Server 162 Verification of VLAN and ACL Assignment with Cisco IOS Software CLI 164 Verification of VLAN and ACL Assignment on Cisco Secure ACS 165 Configure and Verify Cisco Secure ACS MAC Address ExceptionPolicies 165 Cisco Catalyst IOS Software MAC Authentication Bypass (MAB) 165 Configuration Tasks 166 Configuration Scenario 166 Tasks 1 and 2: Configure MAC Authentication Bypass on the Switch and ACS 167 Verification of Configuration 168 Implementation Guidelines 168 Configure and Verify Web Authentication on Cisco IOS Software LAN Switches and Cisco Secure ACS 168 Configuration Tasks 169 Configuration Scenario 169 Task 1: Configure Web Authentication on the Switch 169 Task 2: Configure Web Authentication on the Cisco Secure ACS Server 171 Web Authentication Verification 172 User Experience 172 Choose a Method to Support Multiple Hosts on a Single Port 172 Multiple Hosts Support Guidelines 172 Configuring Support of Multiple Hosts on a Single Port 172 Configuring Fail-Open Policies 174 Configuring Critical Ports 174 Configuring Open Authentication 176 Resolve 802.1X Compatibility Issues 176 Wake-on-LAN (WOL) 176 Non-802.1X IP Phones 177 Preboot Execution Environment (PXE) 177 Exam Preparation 178 Chapter 8 Implementing and Configuring Cisco IOS Routed Data Plane Security 183 "Do I Know This Already?" Quiz 183 Foundation Topics 186 Routed Data Plane Attack Types 186 IP Spoofing 186 Slow-Path Denial of Service 186 Traffic Flooding 187 Routed Data Plane Security Technologies 187 Access Control Lists (ACL) 187 Flexible Packet Matching 196 Flexible NetFlow 203 Unicast Reverse Path Forwarding (Unicast RPF) 209 Exam Preparation 212 Chapter 9 Implementing and Configuring Cisco IOS Control Plane Security 219 "Do I Know This Already?" Quiz 219 Foundation Topics 222 Control Plane Attack Types 222 Slow-Path Denial of Service 222 Routing Protocol Spoofing 222 Control Plane Security Technologies 222 Control Plane Policing (CoPP) 222 Control Plane Protection (CPPr) 226 Routing Protocol Authentication 232 Exam Preparation 237 Chapter 10 Implementing and Configuring Cisco IOS Management Plane Security 245 "Do I Know This Already?" Quiz 245 Foundation Topics 248 Management Plane Attack Types 248 Management Plane Security Technologies 248 Basic Management Security and Privileges 248 SSH 254 SNMP 256 CPU and Memory Thresholding 261 Management Plane Protection 262 AutoSecure 263 Digitally Signed Cisco Software 265 Exam Preparation 267 Part III Cisco IOS Threat Detection and Control Chapter 11 Implementing and Configuring Network Address Translation (NAT) 275 "Do I Know This Already?" Quiz 275 Foundation Topics 278 Network Address Translation 278 Static NAT Example 280 Dynamic NAT Example 280 PAT Example 281 NAT Configuration 282 Overlapping NAT 287 Exam Preparation 290 Chapter 12 Implementing and Configuring Zone-Based Policy Firewalls 295 "Do I Know This Already?" Quiz 295 Foundation Topics 298 Zone-Based Policy Firewall Overview 298 Zones/Security Zones 298 Zone Pairs 299 Transparent Firewalls 300 Zone-Based Layer 3/4 Policy Firewall Configuration 301 Class Map Configuration 302 Parameter Map Configurations 304 Policy Map Configuration 306 Zone Configuration 308 Zone Pair Configuration 309 Port to Application Mapping (PAM) Configuration 310 Zone-Based Layer 7 Policy Firewall Configuration 312 URL Filter 313 HTTP Inspection 318 Exam Preparation 323 Chapter 13 Implementing and Configuring IOS Intrusion Prevention System (IPS) 333 "Do I Know This Already?" Quiz 333 Foundation Topics 336 Configuration Choices, Basic Procedures, and Required Input Parameters 336 Intrusion Detection and Prevention with Signatures 337 Sensor Accuracy 339 Choosing a Cisco IOS IPS Sensor Platform 340 Software-Based Sensor 340 Hardware-Based Sensor 340 Deployment Tasks 341 Deployment Guidelines 342 Deploying Cisco IOS Software IPS Signature Policies 342 Configuration Tasks 342 Configuration Scenario 342 Verification 346 Guidelines 347 Tuning Cisco IOS Software IPS Signatures 347 Event Risk Rating System Overview 348 Event Risk Rating Calculation 348 Event Risk Rating Example 349 Signature Event Action Overrides (SEAO) 349 Signature Event Action Filters (SEAF) 349 Configuration Tasks 350 Configuration Scenario 350 Verification 355 Implementation Guidelines 355 Deploying Cisco IOS Software IPS Signature Updates 355 Configuration Tasks 356 Configuration Scenario 356 Task 1: Install Signature Update License 356 Task 2: Configure Automatic Signature Updates 357 Verification 357 Monitoring Cisco IOS Software IPS Events 358 Cisco IOS Software IPS Event Generation 358 Cisco IME Features 358 Cisco IME Minimum System Requirements 359 Configuration Tasks 359 Configuration Scenario 360 Task 2: Add the Cisco IOS Software IPS Sensor to Cisco IME 361 Verification 362 Verification: Local Events 362 Verification: IME Events 363 Cisco IOS Software IPS Sensor 363 Troubleshooting Resource Use 365 Additional Debug Commands 365 Exam Preparation 366 Part IV Managing and Implementing Cisco IOS Site-to-Site Security Solutions Chapter 14 Introduction to Cisco IOS Site-to-Site Security Solutions 369 "Do I Know This Already?" Quiz 369 Foundation Topics 372 Choose an Appropriate VPN LAN Topology 372 Input Parameters for Choosing the Best VPN LAN Topology 373 General Deployment Guidelines for Choosing the Best VPN LAN Topology 373 Choose an Appropriate VPN WAN Technology 373 Input Parameters for Choosing the Best VPN WAN Technology 374 General Deployment Guidelines for Choosing the Best VPN WAN Technology 376 Core Features of IPsec VPN Technology 376 IPsec Security Associations 377 Internet Key Exchange (IKE) 377 IPsec Phases 377 IKE Main and Aggressive Mode 378 Encapsulating Security Payload 378 Choose Appropriate VPN Cryptographic Controls 379 IPsec Security Associations 379 Algorithm Choices 379 General Deployment Guidelines for Choosing Cryptographic Controls for a Site-to-Site VPN Implementation 381 Design and Implementation Resources 382 Exam Preparation 383 Chapter 15 Deploying VTI-Based Site-to-Site IPsec VPNs 387 "Do I Know This Already?" Quiz 387 Foundation Topics 390 Plan a Cisco IOS Software VTI-Based Site-to-Site VPN 390 Virtual Tunnel Interfaces 390 Input Parameters 392 Deployment Tasks 393 Deployment Choices 393 General Deployment Guidelines 393 Configuring Basic IKE Peering 393 Cisco IOS Software Default IKE PSK-Based Policies 394 Configuration Tasks 394 Configuration Choices 395 Configuration Scenario 395 Task 1: (Optional) Configure an IKE Policy on Each Peer 395 Tasks 2 and 3: Generate and Configure Authentication Credentials on Each Peer 396 Verify Local IKE Sessions 396 Verify Local IKE Policies 396 Verify a Successful Phase 1 Exchange 397 Implementation Guidelines 397 Troubleshooting IKE Peering 397 Troubleshooting Flow 397 Configuring Static Point-to-Point IPsec VTI Tunnels 398 Default Cisco IOS Software IPsec Transform Sets 398 Configuration Tasks 398 Configuration Choices 399 Configuration Scenario 399 Task 1: (Optional) Configure an IKE Policy on Each Peer 399 Task 2: (Optional) Configure an IPsec Transform Set 399 Task 3: Configure an IPsec Protection Profile 400 Task 4: Configure a Virtual Tunnel Interface (VTI) 400 Task 5: Apply the Protection Profile to the Tunnel Interface 401 Task 6: Configure Routing into the VTI Tunnel 401 Implementation Guidelines 401 Verify Tunnel Status and Traffic 401 Troubleshooting Flow 402 Configure Dynamic Point-to-Point IPsec VTI Tunnels 403 Virtual Templates and Virtual Access Interfaces 403 ISAKMP Profiles 404 Configuration Tasks 404 Configuration Scenario 404 Task 1: Configure IKE Peering 405 Task 2: (Optional) Configure an IPsec Transform Set 405 Task 3: Configure an IPsec Protection Profile 405 Task 4: Configure a Virtual Template Interface 406 Task 5: Map Remote Peer to a Virtual Template Interface 406 Verify Tunnel Status on the Hub 407 Implementation Guidelines 407 Exam Preparation 408 Chapter 16 Deploying Scalable Authentication in Site-to-Site IPsec VPNs 411 "Do I Know This Already?" Quiz 411 Foundation Topics 414 Describe the Concept of a Public Key Infrastructure 414 Manual Key Exchange with Verification 414 Trusted Introducing 414 Public Key Infrastructure: Certificate Authorities 416 X.509 Identity Certificate 417 Certificate Revocation Checking 418 Using Certificates in Network Applications 419 Deployment Choices 420 Deployment Steps 420 Input Parameters 421 Deployment Guidelines 421 Configure, Verify, and Troubleshoot a Basic Cisco IOS Software Certificate Server 421 Configuration Tasks for a Root Certificate Server 422 Configuration Scenario 423 Task 1: Create an RSA Key Pair 423 Task 2: Create a PKI Trustpoint 424 Tasks 3 and 4: Create the CS and Configure the Database Location 424 Task 5: Configure an Issuing Policy 425 Task 6: Configure the Revocation Policy 425 Task 7: Configure the SCEP Interface 426 Task 8: Enable the Certificate Server 426 Cisco Configuration Professional Support 426 Verify the Cisco IOS Software Certificate Server 427 Feature Support 427 Implementation Guidelines 428 Troubleshooting Flow 429 PKI and Time: Additional Guidelines 429 Enroll a Cisco IOS Software VPN Router into a PKI and Troubleshoot the Enrollment Process 429 PKI Client Features 429 Simple Certificate Enrollment Protocol 430 Key Storage 430 Configuration Tasks 430 Configuration Scenario 431 Task 1: Create an RSA Key Pair 431 Task 2: Create an RSA Key Pair 432 Task 3: Authenticate the PKI Certificate Authority 432 Task 4: Create an Enrollment Request on the VPN Router 433 Task 5: Issue the Client Certificate on the CA Server 434 Certificate Revocation on the Cisco IOS Software Certificate Server 434 Cisco Configuration Professional Support 434 Verify the CA and Identity Certificates 435 Feature Support 435 Implementation Guidelines 436 Troubleshooting Flow 436 Configure and Verify the Integration of a Cisco IOS Software VPN Router with Supporting PKI Entities 436 IKE Peer Authentication 436 IKE Peer Certificate Authorization 437 Configuration Tasks 437 Configuration Scenario 437 Task 1: Configure an IKE Policy 438 Task 2: Configure an ISAKMP Profile 438 Task 3: Configure Certificate-Based Authorization of Remote Peers 438 Verify IKE SA Establishment 439 Feature Support 439 Implementation Guidelines 440 Troubleshooting Flow 440 Configuring Advanced PKI Integration 440 Configuring CRL Handling on PKI Clients 441 Using OCSP or AAA on PKI Clients 441 Exam Preparation 442 Chapter 17 Deploying DMVPNs 447 "Do I Know This Already?" Quiz 447 Foundation Topics 451 Understanding the Cisco IOS Software DMVPN Architecture 451 Building Blocks of DMVPNs 452 Hub-and-Spoke Versus On-Demand Fully Meshed VPNs 452 DMVPN Initial State 453 DMVPN Spoke-to-Spoke Tunnel Creation 453 DMVPN Benefits and Limitations 454 Plan the Deployment of a Cisco IOS Software DMVPN 455 Input Parameters 455 Deployment Tasks 455 Deployment Choices 456 General Deployment Guidelines 456 Configure and Verify Cisco IOS Software GRE Tunnels 456 GRE Features and Limitations 456 Point-to-Point Versus Point-to-Multipoint GRE Tunnels 457 Point-to-Point Tunnel Configuration Example 457 Configuration Tasks for a Hub-and-Spoke Network 459 Configuration Scenario 459 Task 1: Configure an mGRE Interface on the Hub 459 Task 2: Configure a GRE Interface on the Spoke 459 Verify the State of GRE Tunnels 460 Configure and Verify a Cisco IOS Software NHRP Client and Server 461 (m)GRE and NHRP Integration 461 Configuration Tasks 461 Configuration Scenario 461 Task 1: Configure an NHRP Server 461 Task 2: Configure an NHRP Client 462 Verify NHRP Mappings 462 Debugging NHRP 463 Configure and Verify a Cisco IOS Software DMVPN Hub 464 Configuration Tasks 464 Configuration Scenario 464 Task 1: (Optional) Configure an IKE Policy 464 Task 2: Generate and/or Configure Authentication Credentials 465 Task 3: Configure an IPsec Profile 465 Task 4: Create an mGRE Tunnel Interface 465 Task 5: Configure the NHRP Server 465 Task 6: Associate the IPsec Profile with the mGRE Interface 466 Task 7: Configure IP Parameters on the mGRE Interface 466 Cisco Configuration Professional Support 466 Verify Spoke Registration 466 Verify Registered Spoke Details 467 Implementation Guidelines 468 Feature Support 468 Configure and Verify a Cisco IOS Software DMVPN Spoke 468 Configuration Tasks 468 Configuration Scenario 469 Task 1: (Optional) Configure an IKE Policy 469 Task 2: Generate and/or Configure Authentication Credentials 469 Task 3: Configure an IPsec Profile 469 Task 4: Create an mGRE Tunnel Interface 470 Task 5: Configure the NHRP Client 470 Task 6: Associate the IPsec Profile with the mGRE Interface 470 Task 7: Configure IP Parameters on the mGRE Interface 471 Verify Tunnel State and Traffic Statistics 471 Configure and Verify Dynamic Routing in a Cisco IOS Software DMVPN 471 EIGRP Hub Configuration 472 OSPF Hub Configuration 473 Hub-and-Spoke Routing and IKE Peering on Spoke 473 Full Mesh Routing and IKE Peering on Spoke 474 Troubleshoot a Cisco IOS Software DMVPN 474 Troubleshooting Flow 475 Exam Preparation 476 Chapter 18 Deploying High Availability in Tunnel-Based IPsec VPNs 481 "Do I Know This Already?" Quiz 481 Foundation Topics 484 Plan the Deployment of Cisco IOS Software Site-to-Site IPsec VPN High-Availability Features 484 VPN Failure Modes 484 Partial Failure of the Transport Network 484 Partial or Total Failure of the Service Provider (SP) Transport Network 485 Partial or Total Failure of a VPN Device 485 Deployment Guidelines 485 Use Routing Protocols for VPN Failover 486 Routing to VPN Tunnel Endpoints 486 Routing Protocol Inside the VPN Tunnel 486 Recursive Routing Hazard 487 Routing Protocol VPN Topologies 487 Routing Tuning for Path Selection 487 Routing Tuning for Faster Convergence 488 Choose the Most Optimal Method of Mitigating Failure in a VTI-Based VPN 488 Path Redundancy Using a Single-Transport Network 489 Path Redundancy Using Two Transport Networks 489 Path and Device Redundancy in Single-Transport Networks 489 Path and Device Redundancy with Multiple-Transport Networks 489 Choose the Most Optimal Method of Mitigating Failure in a DMVPN 490 Recommended Architecture 490 Shared IPsec SAs 490 Configuring a DMVPN with a Single-Transport Network 490 Configuring a DMVPN over Multiple-Transport Networks 493 Exam Preparation 495 Chapter 19 Deploying GET VPNs 499 "Do I Know This Already?" Quiz 499 Foundation Topics 502 Describe the Operation of a Cisco IOS Software GET VPN 502 Peer Authentication and Policy Provisioning 502 GET VPN Traffic Exchange 504 Packet Security Services 504 Key Management Architecture 505 Rekeying Methods 505 Traffic Encapsulation 507 Benefits and Limitations 507 Plan the Deployment of a Cisco IOS Software GET VPN 508 Input Parameters 508 Deployment Tasks 508 Deployment Choices 509 Deployment Guidelines 509 Configure and Verify a Cisco IOS Software GET VPN Key Server 509 Configuration Tasks 509 Configuration Choices 510 Configuration Scenario 510 Task 1: (Optional) Configure an IKE Policy 511 Task 2: Generate and/or Configure Authentication Credentials 511 Task 3: Generate RSA keys for Rekey Authentication 511 Task 4: Configure a Traffic Protection Policy on the Key Server 512 Task 5: Enable and Configure the GET VPN Key Server Function 512 Task 6: (Optional) Tune the Rekeying Policy 513 Task 7: Create and Apply the GET VPN Crypto Map 513 Cisco Configuration Professional Support 514 Verify Basic Key Server Settings 514 Verify the Rekey Policy 514 List All Registered Members 515 Implementation Guidelines 515 Configure and Verify Cisco IOS Software GET VPN Group Members 515 Configuration Tasks 516 Configuration Choices 516 Configuration Scenario 516 Task 1: Configure an IKE Policy 516 Task 2: Generate and/or Configure Authentication Credentials 517
... weniger
Autoren-Porträt von Trey H. Smith, Sean Wilkins
Sean Wilkins is an accomplished networking consultant for SR-W Consulting (www.sr-wconsulting.com) and has been in the field of IT since the mid 1990s working with companies like Cisco, Lucent, Verizon, and AT&T, as well as several other private companies. Sean currently holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE), and CompTIA (A+ and Network+). He also has a Master of Science degree in information technology with a focus in network architecture and design, a Master of Science in organizational management, a Master's Certificate in network security, a Bachelor of Science degree in computer networking, and an Associate of Applied Science degree in computer information systems. In addition to working as a consultant, Sean spends a lot of his time as a technical writer and editor for various companies. Franklin H. Smith III (Trey) is a senior network security architect with more than 15 years of experience in designing, deploying, and securing large enterprise and service provider networks. His background includes architect-level delivery for many enterprise, data center, and SMB networks. He holds a Bachelor of Business Administration degree in management information systems. Trey's certifications include CCSP, CCNP, CCDP, Microsoft (MCSE), and ISC2 (CISSP). His current focus is on strategic and tactical efforts related to Payment Card Industry (PCI) Data Security Standard (DSS) compliance for a Fortune 50 company.
Bibliographische Angaben
- Autoren: Trey H. Smith , Sean Wilkins
- 2011, 800 Seiten, Maße: 19,7 x 23,8 cm, Gebunden, Englisch
- Verlag: Macmillan Technical Publishing
- ISBN-10: 1587142805
- ISBN-13: 9781587142802
Sprache:
Englisch
Kommentar zu "CCNP Security Secure 642-637 Official Cert Guide, w. CD-ROM"
0 Gebrauchte Artikel zu „CCNP Security Secure 642-637 Official Cert Guide, w. CD-ROM“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "CCNP Security Secure 642-637 Official Cert Guide, w. CD-ROM".
Kommentar verfassen