CCNA Security 210-260 Certification Guide
eBook - ePub

CCNA Security 210-260 Certification Guide

Build your knowledge of network security and pass your CCNA Security exam (210-260)

  1. 518 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

CCNA Security 210-260 Certification Guide

Build your knowledge of network security and pass your CCNA Security exam (210-260)

About this book

Become a Cisco security specialist by developing your skills in network security and explore advanced security technologies

Key Features

  • Enhance your skills in network security by learning about Cisco's device configuration and installation
  • Unlock the practical aspects of CCNA security to secure your devices
  • Explore tips and tricks to help you achieve the CCNA Security 210-260 Certification

Book Description

With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam.

You'll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you'll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols.

Next, you'll learn about security on the data link layer by implementing various security toolkits. You'll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You'll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you'll delve into the concepts of IPS and endpoint security to secure your organization's network infrastructure.

By the end of this book, you'll be ready to take the CCNA Security Exam (210-260).

What you will learn

  • Grasp the fundamentals of network security
  • Configure routing protocols to secure network devices
  • Mitigate different styles of security attacks using Cisco devices
  • Explore the different types of firewall technologies
  • Discover the Cisco ASA functionality and gain insights into some advanced ASA configurations
  • Implement IPS on a Cisco device and understand the concept of endpoint security

Who this book is for

CCNA Security 210-260 Certification Guide can help you become a network security engineer, a cyber security professional, or a security administrator. You should have valid CCENT or CCNA Routing and Switching certification before taking your CCNA Security exam.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access CCNA Security 210-260 Certification Guide by Glen D. Singh, Michael Vinod, Vijay Anandh in PDF and/or ePUB format, as well as other popular books in Computer Science & Certification Guides in Computer Science. We have over one million books available in our catalogue for you to explore.

Advanced ASA Configuration

In this chapter, we are going to learn how to set up static and dynamic routing protocols, such as RIP, OSPF, and EIGRP. We will use the Adaptive Security Device Manager (ASDM) and Command Line Interface (CLI) to configure the device name, enable a password, domain name, banners, interfaces, system time and NTP, DHCP, and access control lists (ACLs). We will dive into understanding object groups and how they can be used to benefit us during configurations and administration of the Adaptive Security Appliance (ASA). This will lead us to creating service policies and configuring static and dynamic Network Address Translation (NAT).
The following topics will be covered in the chapter:
  • Routing on the ASA
  • Device name, passwords, domain name
  • Setting banners using the ASDM
  • Configuring interfaces
  • System time and Network Time Protocol (NTP)
  • Access control list on the ASA
  • Object groups
  • Creating policies on ASA
  • Advanced NAT configurations

Routing on the ASA

In the previous chapter, we mentioned one of the features of the ASA is its capability to do routing. The ASA supports multiple routing protocols, such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP). In this section, we are going to take a look at how to configure both static and dynamic routing protocols on the ASA.

Static routing

Static routing is the manual configuration on either the router or the ASA. The administrator/network engineer would need to create a route on the ASA to tell the device how to forward traffic destined for a particular network. Without any routes, the device won't know how to forward packets. Static routing can become challenging as the network grows and more routers are added. With static routing, each network would require a manual entry into the routing table (static route) of the device, whether it's a Router or the ASA.
Let's begin setting up a static route on the ASA.
The following topology shows a single ASA for a company where the internet is directly connected to its Outside interface. Just as a Cisco router, the ASA automatically adds its directly-connected routes to its routing table. In the following topology, the ASA has only the 192.168.2.0/24 and 200.1.1.0/30 networks within its routing table:
However, it does not know about the 192.168.1.0/24 network, therefore any traffic, whether returning or destined for the 192.168.1.0/24 network, would be dropped because the ASA does not have a route to forward the packets. This would mean any traffic that is destined for the internet would also not be forwarded by the ASA, since it does not have a default route in place.
We can verify this information quickly using the show route command to view the routing table:
We are going to open the ASDM, then navigate to Configuration | Device Setup | Routing | Static Routes. As we can see, there are no Static Routes installed on the ASA:
Next, we are going to add a static route using the ASDM. On the right side of the window, click on Add. A new window will appear. Since the 192.168.1.0/24 destination network can be reached from the Inside interface, we must assign the interface settings correctly.
Then, we are going to add the destination network, 192.168.1.0/24, within the Network field and set the next-hop.
The next-hop is simply the next device to forward the packet to, based on the destination IP address/network within the packet header.
Referring back to the topology, if the ASA has a packet that is destined for 192.168.1.0/24, the only path to reach the network is through the router, therefore the next-hop will be 192.168.2.2. The next-hop IP address will be placed in the Gateway IP field:
The metric value is the cost to reach the network. Each route in the routing table is a metric based on routing protocols, directly-connected routes, or static routing. Static Routes has a distance of 1 by default. This value should be kept as the default unless you're creating a floating static route on the ASA.
Once the values are assigned, click on OK. The static route has been added:

Configuring st...

Table of contents

  1. Title Page
  2. Copyright and Credits
  3. Packt Upsell
  4. Contributors
  5. Preface
  6. Exploring Security Threats
  7. Delving into Security Toolkits
  8. Understanding Security Policies
  9. Deep Diving into Cryptography
  10. Implementing the AAA Framework
  11. Securing the Control and Management Planes
  12. Protecting Layer 2 Protocols
  13. Protecting the Switch Infrastructure
  14. Exploring Firewall Technologies
  15. Cisco ASA
  16. Advanced ASA Configuration
  17. Configuring Zone-Based Firewalls
  18. IPSec – The Protocol that Drives VPN
  19. Configuring a Site-to-Site VPN
  20. Configuring a Remote-Access VPN
  21. Working with IPS
  22. Application and Endpoint Security
  23. Other Books You May Enjoy