Network Security 1 and 2 Companion Guide (網路安全 1 和 2 伴隨指南)

Antoon Rufi

  • 出版商: Cisco Press
  • 出版日期: 2006-10-15
  • 定價: $2,600
  • 售價: 1.5$399
  • 語言: 英文
  • 頁數: 840
  • 裝訂: Hardcover
  • ISBN: 1587131625
  • ISBN-13: 9781587131622
  • 相關分類: 資訊安全
  • 立即出貨 (庫存 < 3)

買這商品的人也買了...

相關主題

商品描述

Description

The completely revised, updated and only authorized textbook for the Cisco Networking Academy Program Network Security 1 and 2 course

  • A portable reference that supports the topics in the Cisco Networking Academy Network Security course aligning 1:1 with course modules
  • Features improved readability, enhanced topic explanations, real-world examples, and all-new graphical presentations
  • Written by leading Academy instructor, Antoon Rufi, who bring a fresh voice to the course material 
Network Security 1 and 2 Companion Guide is the official supplemental textbook for version 2 of the Network Security 1 and 2 course of the Cisco Networking Academy Program. Completely revised and updated with new examples and explanations, this textbook includes original material developed by the author, yet it fully aligns with the Network Security curriculum. Written by an experienced author who presents material in a comprehensive manner--using his own voice and own examples--this new edition augments student understanding of course material. The new edition incorporates improved features to aid instructors and enhance student comprehension. For example, chapters align with course modules in both name and number, and chapter objectives are stated as questions to encourage students to think about and find answers as they read chapters. End-of-chapter questions and summaries align with chapter objectives to emphasize key topics, while key terms are listed in each chapter opener in the order of occurrence to alert students to upcoming vocabulary words. In addition, new features include "How To" quick references for step-by-step tasks; real-world examples and all-new illustrations; concise explanations with a focus on word usage and sentence structure for improved readability; and correlations to the CCNA exam in Chapter Objectives, Check Your Understanding questions, and new Challenge Activities.
 
 
 

Table of Contents

Course 1

Chapter 1          Vulnerabilities, Threats, and Attacks  

            Key Terms  

            Introduction to Network Security  

                         The Need for Network Security  

                         Identifying Potential Risks to Network Security  

                         Open Versus Closed Security Models  

                         Trends Driving Network Security  

                         Information Security Organizations  

            Introduction to Vulnerabilities, Threats, and Attacks  

                         Vulnerabilities  

                         Threats  

                         Attacks  

            Attack Examples  

                         Reconnaissance Attacks  

                         Access Attacks  

                         Denial-of-Service (DoS) Attacks  

                         Masquerade/IP Spoofing Attacks  

                         Distributed Denial-of-Service Attacks  

                         Malicious Code  

            Vulnerability Analysis  

                         Policy Identification  

                         Network Analysis  

                         Host Analysis  

                         Analysis Tools  

            Summary  

            Check Your Understanding  

Chapter 2          Security Planning and Policy  

            Key Terms  

            Discussing Network Security and Cisco  

                         The Security Wheel  

                         Network Security Policy  

            Endpoint Protection and Management  

                         Host- and Server-Based Security Components and Technologies  

                         PC Management  

            Network Protection and Management   

                         Network-Based Security Components and Technologies  

                         Network Security Management  

            Security Architecture  

                         Security Architecture (SAFE)  

                         The Cisco Self-Defending Network  

                         Secure Connectivity  

                         Threat Defense  

                         Cisco Integrated Security  

                         Plan, Design, Implement, Operate, Optimize (PDIOO)  

            Basic Router Security  

                         Control Access to Network Devices  

                         Remote Configuration Using SSH  

                         Router Passwords  

                         Router Privileges and Accounts  

                         Cisco IOS Network Services  

                         Routing, Proxy ARP, and ICMP  

                         Routing Protocol Authentication and Update Filtering  

                         NTP, SNMP, Router Name, DNS   

            Summary  

            Check Your Understanding  

Chapter 3          Security Devices  

            Device Options  

                         Cisco IOS Firewall Feature Set  

                         Creating a Customized Firewall  

                         PIX Security Appliance  

                         Adaptive Security Appliance  

                         Finesse Operating System  

                         The Adaptive Security Algorithm  

                         Firewall Services Module  

            Using Security Device Manager  

                         Using the SDM Startup Wizard  

                         SDM User Interface  

                         SDM Wizards  

                         Using SDM to Configure a WAN  

                         Using the Factory Reset Wizard  

                         Monitor Mode  

            Introduction to the Cisco Security Appliance Family  

                         PIX 501 Security Appliance  

                         PIX 506E Security Appliance  

                         PIX 515E Security Appliance  

                         PIX 525 Security Appliance  

                         PIX 535 Security Appliance  

                         Adaptive Security Appliance Models  

                         PIX Security Appliance Licensing  

                         PIX VPN Encryption License  

                         Security Contexts   

                         PIX Security Appliance Context Licensing   

                         ASA Security Appliance Licensing   

                         Expanding the Features of the PIX 515E  

                         Expanding the Features of the PIX 525   

                         Expanding the Features of the PIX 535  

                         Expanding the Features of the Adaptive Security Appliance Family  

            Getting Started with the PIX Security Appliance  

                         Configuring the PIX Security Appliance  

                         The help Command  

                         Security Levels  

                         Basic PIX Security Appliance Configuration Commands  

                         Additional PIX Security Appliance Configuration Commands  

                         Examining the PIX Security Appliance Status  

                         Time Setting and NTP Support  

                         Syslog Configuration  

            Security Appliance Translations and Connections  

                         Transport Protocols  

                         NAT  

                         Dynamic Inside NAT  

                         Two Interfaces with NAT  

                         Three Interfaces with NAT  

                         PAT   

                         Augmenting a Global Pool with PAT  

                         The static Command  

                         The nat 0 Command  

                         Connections and Translations  

            Manage a PIX Security Appliance with Adaptive Security Device Manager  

                         ASDM Operating Requirements  

                         Prepare for ASDM  

                         Using ASDM to Configure the PIX Security Appliance  

            PIX Security Appliance Routing Capabilities  

                         Virtual LANs  

                         Static and RIP Routing   

                         OSPF  

                         Multicast Routing  

            Firewall Services Module Operation  

                         FWSM Requirements  

                         Getting Started with the FWSM  

                         Verify FWSM Installation  

                         Configure the FWSM Access Lists  

                         Using PDM with the FWSM  

                         Resetting and Rebooting the FWSM  

            Summary  

            Check Your Understanding  

Chapter 4          Trust and Identity Technology  

            Key Terms  

            AAA  

                         TACACS  

                         RADIUS   

                         Comparing TACACS+ and RADIUS  

            Authentication Technologies  

                         Static Passwords  

                         One-Time Passwords   

                         Token Cards  

                         Token Card and Server Methods  

                         Digital Certificates  

                         Biometrics   

            Identity Based Networking Services (IBNS)  

                         802.1x  

            Wired and Wireless Implementations  

            Network Admission Control (NAC)  

                         NAC Components  

                         NAC Phases  

                         NAC Operation  

                         NAC Vendor Participation  

            Summary  

            Check Your Understanding  

Chapter 5          Cisco Secure Access Control Server  

            Key Terms  

            Cisco Secure Access Control Server Product Overview  

                         Authentication and User Databases  

                         The Cisco Secure ACS User Database  

                         Keeping Databases Current  

                         Cisco Secure ACS for Windows Architecture  

                         How Cisco Secure ACS Authenticates Users  

                         User-Changeable Passwords  

                Configuring RADIUS and TACACS+ with Cisco Secure ACS  

                         Installation Steps  

                         Administering Cisco Secure ACS for Windows  

                         Troubleshooting  

            Enabling TACACS+  

            Verifying TACACS+  

                         Failure   

                         Pass   

            Configuring RADIUS  

            Summary  

            Check Your Understanding  

Chapter 6          Configure Trust and Identity at Layer 3  

            Key Terms  

            Cisco IOS Firewall Authentication Proxy  

                         Authentication Proxy Operation  

                         Supported AAA Servers    

                         AAA Server Configuration   

                         AAA Configuration  

                         Allow AAA Traffic to the Router  

                         Authentication Proxy Configuration  

                         Test and Verify Authentication Proxy  

            Introduction to PIX Security Appliance AAA Features  

                         PIX Security Appliance Authentication  

                         PIX Security Appliance Authorization  

                         PIX Security Appliance Accounting  

                         AAA Server Support  

            Configure AAA on the PIX Security Appliance   

                         PIX Security Appliance Access Authentication  

                         Interactive User Authentication  

                         The Local User Database  

                         Authentication Prompts and Timeout  

                         Cut-Through Proxy Authentication  

                         Authentication of Non-Telnet, -FTP, or -HTTP Traffic  

                         Tunnel User Authentication  

                         Authorization Configuration  

                         Downloadable ACLs  

                         Accounting Configuration  

                         Console Session Accounting   

                         Command Accounting   

                         Troubleshooting the AAA Configuration  

            Summary  

            Check Your Understanding  

Chapter 7          Configure Trust and Identity at Layer 2  

            Key Terms  

            Identity Based Networking Services (IBNS)  

                         Features and Benefits  

                         IEEE 802.1x  

                         Selecting the Correct EAP  

                         Cisco LEAP   

                         IBNS and Cisco Secure ACS  

                         ACS Deployment Considerations  

                         Cisco Secure ACS RADIUS Profile Configuration  

            Configuring 802.1x Port-Based Authentication  

                         Enabling 802.1x Authentication  

                         Configuring the Switch-to-RADIUS Server Communication  

                         Enabling Periodic Reauthentication  

                         Manually Reauthenticating a Client Connected to a Port  

                         Enabling Multiple Hosts  

                         Resetting the 802.1x Configuration to the Default Values  

                         Displaying 802.1x Statistics and Status  

            Summary  

            Check Your Understanding  3

Chapter 8          Configure Filtering on a Router  

            Key Terms  

            Filtering and Access Lists  

                         Packet Filtering  

                         Stateful Filtering  

                         URL Filtering  

            Cisco IOS Firewall Context-Based Access Control  

                         CBAC Packets  

                         Cisco IOS ACLs  

                         How CBAC Works  

                         CBAC-Supported Protocols  

            Configuring Cisco IOS Firewall Context-Based Access Control  

                         CBAC Configuration Tasks  

                         Prepare for CBAC  

                         Setting Audit Trails and Alerts  

                         Setting Global Timeouts  

                         Setting Global Thresholds  

                         Half-Open Connection Limits by Host  

                         System-Defined Port-to-Application Mapping  

                         User-Defined PAM  

                         Defining Inspection Rules for Applications  

                         Defining Inspection Rules for IP Fragmentation  

                         Defining Inspection Rules for ICMP  

                         Applying Inspection Rules and ACLs to Interfaces  

                         Testing and Verifying CBAC  

                         Configuring a Cisco IOS Firewall Using SDM  

            Summary  

            Check Your Understanding  

Chapter 9          Configure Filtering on a PIX Security Appliance  

            Key Terms  

            Configuring ACLs and Content Filters  

                         PIX Security Appliance ACLs  

                         Configuring ACLs  

                         ACL Line Numbers  

                         The icmp Command  

                         nat 0 ACLs  

                         Turbo ACLs  

                         Using ACLs  

                         Malicious Code Filtering   

                         URL Filtering  

            Object Grouping  

                         Getting Started with Object Groups  

   &n

商品描述(中文翻譯)

描述

這是Cisco Networking Academy Program Network Security 1和2課程的完全修訂、更新且唯一授權的教科書。

特點包括:
- 支援Cisco Networking Academy Network Security課程主題的便攜參考書,與課程模組1:1對應。
- 改進的可讀性、增強的主題解釋、實際世界的例子和全新的圖形呈現。
- 由領先的學院講師Antoon Rufi撰寫,為課程材料帶來新鮮的聲音。

《Network Security 1和2 Companion Guide》是Cisco Networking Academy Program Network Security 1和2課程版本2的官方補充教科書。這本教科書經過完全修訂和更新,包含了作者開發的原創材料,完全符合Network Security課程。這本新版教科書由一位經驗豐富的作者撰寫,以全面的方式呈現材料,使用自己的聲音和例子,增強學生對課程材料的理解。新版教科書增加了一些改進功能,以幫助教師和提高學生的理解能力。例如,章節的名稱和編號與課程模組對應,章節目標以問題的形式陳述,鼓勵學生在閱讀章節時思考和尋找答案。章節結尾的問題和摘要與章節目標相一致,強調關鍵主題,而關鍵詞則按照出現的順序列在每個章節開頭,提醒學生即將出現的詞彙。此外,新功能還包括“如何”快速參考步驟指南;實際世界的例子和全新的插圖;簡潔的解釋,重點關注詞彙使用和句子結構,以提高可讀性;以及與CCNA考試的相關性,包括章節目標、檢查您的理解問題和新的挑戰活動。

目錄

課程1
章節1:漏洞、威脅和攻擊
- 關鍵詞
- 網絡安全簡介
- 網絡安全的需求
- 確定網絡潛在風險