eBook - ePub
CCNA Security 210-260 Certification Guide
Build your knowledge of network security and pass your CCNA Security exam (210-260)
Glen D. Singh, Michael Vinod, Vijay Anandh
This is a test
Share book
- 518 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
CCNA Security 210-260 Certification Guide
Build your knowledge of network security and pass your CCNA Security exam (210-260)
Glen D. Singh, Michael Vinod, Vijay Anandh
Book details
Book preview
Table of contents
Citations
About This Book
Become a Cisco security specialist by developing your skills in network security and explore advanced security technologies
Key Features
- Enhance your skills in network security by learning about Cisco's device configuration and installation
- Unlock the practical aspects of CCNA security to secure your devices
- Explore tips and tricks to help you achieve the CCNA Security 210-260 Certification
Book Description
With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam.
You'll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you'll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols.
Next, you'll learn about security on the data link layer by implementing various security toolkits. You'll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You'll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you'll delve into the concepts of IPS and endpoint security to secure your organization's network infrastructure.
By the end of this book, you'll be ready to take the CCNA Security Exam (210-260).
What you will learn
- Grasp the fundamentals of network security
- Configure routing protocols to secure network devices
- Mitigate different styles of security attacks using Cisco devices
- Explore the different types of firewall technologies
- Discover the Cisco ASA functionality and gain insights into some advanced ASA configurations
- Implement IPS on a Cisco device and understand the concept of endpoint security
Who this book is for
CCNA Security 210-260 Certification Guide can help you become a network security engineer, a cyber security professional, or a security administrator. You should have valid CCENT or CCNA Routing and Switching certification before taking your CCNA Security exam.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is CCNA Security 210-260 Certification Guide an online PDF/ePUB?
Yes, you can access CCNA Security 210-260 Certification Guide by Glen D. Singh, Michael Vinod, Vijay Anandh in PDF and/or ePUB format, as well as other popular books in Informatik & Zertifizierungsleitfäden in der Informatik. We have over one million books available in our catalogue for you to explore.
Information
Advanced ASA Configuration
In this chapter, we are going to learn how to set up static and dynamic routing protocols, such as RIP, OSPF, and EIGRP. We will use the Adaptive Security Device Manager (ASDM) and Command Line Interface (CLI) to configure the device name, enable a password, domain name, banners, interfaces, system time and NTP, DHCP, and access control lists (ACLs). We will dive into understanding object groups and how they can be used to benefit us during configurations and administration of the Adaptive Security Appliance (ASA). This will lead us to creating service policies and configuring static and dynamic Network Address Translation (NAT).
The following topics will be covered in the chapter:
- Routing on the ASA
- Device name, passwords, domain name
- Setting banners using the ASDM
- Configuring interfaces
- System time and Network Time Protocol (NTP)
- Access control list on the ASA
- Object groups
- Creating policies on ASA
- Advanced NAT configurations
Routing on the ASA
In the previous chapter, we mentioned one of the features of the ASA is its capability to do routing. The ASA supports multiple routing protocols, such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP). In this section, we are going to take a look at how to configure both static and dynamic routing protocols on the ASA.
Static routing
Static routing is the manual configuration on either the router or the ASA. The administrator/network engineer would need to create a route on the ASA to tell the device how to forward traffic destined for a particular network. Without any routes, the device won't know how to forward packets. Static routing can become challenging as the network grows and more routers are added. With static routing, each network would require a manual entry into the routing table (static route) of the device, whether it's a Router or the ASA.
Let's begin setting up a static route on the ASA.
The following topology shows a single ASA for a company where the internet is directly connected to its Outside interface. Just as a Cisco router, the ASA automatically adds its directly-connected routes to its routing table. In the following topology, the ASA has only the 192.168.2.0/24 and 200.1.1.0/30 networks within its routing table:
However, it does not know about the 192.168.1.0/24 network, therefore any traffic, whether returning or destined for the 192.168.1.0/24 network, would be dropped because the ASA does not have a route to forward the packets. This would mean any traffic that is destined for the internet would also not be forwarded by the ASA, since it does not have a default route in place.
We can verify this information quickly using the show route command to view the routing table:
We are going to open the ASDM, then navigate to Configuration | Device Setup | Routing | Static Routes. As we can see, there are no Static Routes installed on the ASA:
Next, we are going to add a static route using the ASDM. On the right side of the window, click on Add. A new window will appear. Since the 192.168.1.0/24 destination network can be reached from the Inside interface, we must assign the interface settings correctly.
Then, we are going to add the destination network, 192.168.1.0/24, within the Network field and set the next-hop.
The next-hop is simply the next device to forward the packet to, based on the destination IP address/network within the packet header.
Referring back to the topology, if the ASA has a packet that is destined for 192.168.1.0/24, the only path to reach the network is through the router, therefore the next-hop will be 192.168.2.2. The next-hop IP address will be placed in the Gateway IP field:
The metric value is the cost to reach the network. Each route in the routing table is a metric based on routing protocols, directly-connected routes, or static routing. Static Routes has a distance of 1 by default. This value should be kept as the default unless you're creating a floating static route on the ASA.
Once the values are assigned, click on OK. The static route has been added:
