eBook - ePub
CCNA Security 210-260 Certification Guide
Build your knowledge of network security and pass your CCNA Security exam (210-260)
Glen D. Singh, Michael Vinod, Vijay Anandh
This is a test
Compartir libro
- 518 páginas
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
CCNA Security 210-260 Certification Guide
Build your knowledge of network security and pass your CCNA Security exam (210-260)
Glen D. Singh, Michael Vinod, Vijay Anandh
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Become a Cisco security specialist by developing your skills in network security and explore advanced security technologies
Key Features
- Enhance your skills in network security by learning about Cisco's device configuration and installation
- Unlock the practical aspects of CCNA security to secure your devices
- Explore tips and tricks to help you achieve the CCNA Security 210-260 Certification
Book Description
With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam.
You'll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you'll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols.
Next, you'll learn about security on the data link layer by implementing various security toolkits. You'll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You'll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you'll delve into the concepts of IPS and endpoint security to secure your organization's network infrastructure.
By the end of this book, you'll be ready to take the CCNA Security Exam (210-260).
What you will learn
- Grasp the fundamentals of network security
- Configure routing protocols to secure network devices
- Mitigate different styles of security attacks using Cisco devices
- Explore the different types of firewall technologies
- Discover the Cisco ASA functionality and gain insights into some advanced ASA configurations
- Implement IPS on a Cisco device and understand the concept of endpoint security
Who this book is for
CCNA Security 210-260 Certification Guide can help you become a network security engineer, a cyber security professional, or a security administrator. You should have valid CCENT or CCNA Routing and Switching certification before taking your CCNA Security exam.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es CCNA Security 210-260 Certification Guide un PDF/ePUB en línea?
Sí, puedes acceder a CCNA Security 210-260 Certification Guide de Glen D. Singh, Michael Vinod, Vijay Anandh en formato PDF o ePUB, así como a otros libros populares de Informatik y Zertifizierungsleitfäden in der Informatik. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
Advanced ASA Configuration
In this chapter, we are going to learn how to set up static and dynamic routing protocols, such as RIP, OSPF, and EIGRP. We will use the Adaptive Security Device Manager (ASDM) and Command Line Interface (CLI) to configure the device name, enable a password, domain name, banners, interfaces, system time and NTP, DHCP, and access control lists (ACLs). We will dive into understanding object groups and how they can be used to benefit us during configurations and administration of the Adaptive Security Appliance (ASA). This will lead us to creating service policies and configuring static and dynamic Network Address Translation (NAT).
The following topics will be covered in the chapter:
- Routing on the ASA
- Device name, passwords, domain name
- Setting banners using the ASDM
- Configuring interfaces
- System time and Network Time Protocol (NTP)
- Access control list on the ASA
- Object groups
- Creating policies on ASA
- Advanced NAT configurations
Routing on the ASA
In the previous chapter, we mentioned one of the features of the ASA is its capability to do routing. The ASA supports multiple routing protocols, such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP). In this section, we are going to take a look at how to configure both static and dynamic routing protocols on the ASA.
Static routing
Static routing is the manual configuration on either the router or the ASA. The administrator/network engineer would need to create a route on the ASA to tell the device how to forward traffic destined for a particular network. Without any routes, the device won't know how to forward packets. Static routing can become challenging as the network grows and more routers are added. With static routing, each network would require a manual entry into the routing table (static route) of the device, whether it's a Router or the ASA.
Let's begin setting up a static route on the ASA.
The following topology shows a single ASA for a company where the internet is directly connected to its Outside interface. Just as a Cisco router, the ASA automatically adds its directly-connected routes to its routing table. In the following topology, the ASA has only the 192.168.2.0/24 and 200.1.1.0/30 networks within its routing table:
However, it does not know about the 192.168.1.0/24 network, therefore any traffic, whether returning or destined for the 192.168.1.0/24 network, would be dropped because the ASA does not have a route to forward the packets. This would mean any traffic that is destined for the internet would also not be forwarded by the ASA, since it does not have a default route in place.
We can verify this information quickly using the show route command to view the routing table:
We are going to open the ASDM, then navigate to Configuration | Device Setup | Routing | Static Routes. As we can see, there are no Static Routes installed on the ASA:
Next, we are going to add a static route using the ASDM. On the right side of the window, click on Add. A new window will appear. Since the 192.168.1.0/24 destination network can be reached from the Inside interface, we must assign the interface settings correctly.
Then, we are going to add the destination network, 192.168.1.0/24, within the Network field and set the next-hop.
The next-hop is simply the next device to forward the packet to, based on the destination IP address/network within the packet header.
Referring back to the topology, if the ASA has a packet that is destined for 192.168.1.0/24, the only path to reach the network is through the router, therefore the next-hop will be 192.168.2.2. The next-hop IP address will be placed in the Gateway IP field:
The metric value is the cost to reach the network. Each route in the routing table is a metric based on routing protocols, directly-connected routes, or static routing. Static Routes has a distance of 1 by default. This value should be kept as the default unless you're creating a floating static route on the ASA.
Once the values are assigned, click on OK. The static route has been added:
