eBook - ePub

CCNA Security 210-260 Certification Guide

Name: CCNA Security 210-260 Certification Guide
Author: Glen D. Singh, Michael Vinod, Vijay Anandh

Build your knowledge of network security and pass your CCNA Security exam (210-260)

Glen D. Singh, Michael Vinod, Vijay Anandh

Partager le livre

518 pages
English
ePUB (adapté aux mobiles)
Disponible sur iOS et Android

eBook - ePub

CCNA Security 210-260 Certification Guide

Build your knowledge of network security and pass your CCNA Security exam (210-260)

Glen D. Singh, Michael Vinod, Vijay Anandh

Détails du livre

Aperçu du livre

Table des matières

Citations

À propos de ce livre

Become a Cisco security specialist by developing your skills in network security and explore advanced security technologies

Key Features

Enhance your skills in network security by learning about Cisco's device configuration and installation
Unlock the practical aspects of CCNA security to secure your devices
Explore tips and tricks to help you achieve the CCNA Security 210-260 Certification

Book Description

With CCNA Security certification, a network professional can demonstrate the skills required to develop security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security 210-260 Certification Guide will help you grasp the fundamentals of network security and prepare you for the Cisco CCNA Security Certification exam.

You'll begin by getting a grip on the fundamentals of network security and exploring the different tools available. Then, you'll see how to securely manage your network devices by implementing the AAA framework and configuring different management plane protocols.

Next, you'll learn about security on the data link layer by implementing various security toolkits. You'll be introduced to various firewall technologies and will understand how to configure a zone-based firewall on a Cisco IOS device. You'll configure a site-to-site VPN on a Cisco device and get familiar with different types of VPNs and configurations. Finally, you'll delve into the concepts of IPS and endpoint security to secure your organization's network infrastructure.

By the end of this book, you'll be ready to take the CCNA Security Exam (210-260).

What you will learn

Grasp the fundamentals of network security
Configure routing protocols to secure network devices
Mitigate different styles of security attacks using Cisco devices
Explore the different types of firewall technologies
Discover the Cisco ASA functionality and gain insights into some advanced ASA configurations
Implement IPS on a Cisco device and understand the concept of endpoint security

Who this book is for

CCNA Security 210-260 Certification Guide can help you become a network security engineer, a cyber security professional, or a security administrator. You should have valid CCENT or CCNA Routing and Switching certification before taking your CCNA Security exam.

Foire aux questions

Comment puis-je résilier mon abonnement ?

Il vous suffit de vous rendre dans la section compte dans paramètres et de cliquer sur « Résilier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez résilié votre abonnement, il restera actif pour le reste de la période pour laquelle vous avez payé. Découvrez-en plus ici.

Puis-je / comment puis-je télécharger des livres ?

Pour le moment, tous nos livres en format ePub adaptés aux mobiles peuvent être téléchargés via l’application. La plupart de nos PDF sont également disponibles en téléchargement et les autres seront téléchargeables très prochainement. Découvrez-en plus ici.

Quelle est la différence entre les formules tarifaires ?

Les deux abonnements vous donnent un accès complet à la bibliothèque et à toutes les fonctionnalités de Perlego. Les seules différences sont les tarifs ainsi que la période d’abonnement : avec l’abonnement annuel, vous économiserez environ 30 % par rapport à 12 mois d’abonnement mensuel.

Qu’est-ce que Perlego ?

Nous sommes un service d’abonnement à des ouvrages universitaires en ligne, où vous pouvez accéder à toute une bibliothèque pour un prix inférieur à celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! Découvrez-en plus ici.

Prenez-vous en charge la synthèse vocale ?

Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte à haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accélérer ou le ralentir. Découvrez-en plus ici.

Est-ce que CCNA Security 210-260 Certification Guide est un PDF/ePUB en ligne ?

Oui, vous pouvez accéder à CCNA Security 210-260 Certification Guide par Glen D. Singh, Michael Vinod, Vijay Anandh en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Informatik et Zertifizierungsleitfäden in der Informatik. Nous disposons de plus d’un million d’ouvrages à découvrir dans notre catalogue.

Informations

Éditeur

Packt Publishing

Année

2018

ISBN

9781787124585

Édition

Sujet

Informatik

Sous-sujet

Zertifizierungsleitfäden in der Informatik

Advanced ASA Configuration

In this chapter, we are going to learn how to set up static and dynamic routing protocols, such as RIP, OSPF, and EIGRP. We will use the Adaptive Security Device Manager (ASDM) and Command Line Interface (CLI) to configure the device name, enable a password, domain name, banners, interfaces, system time and NTP, DHCP, and access control lists (ACLs). We will dive into understanding object groups and how they can be used to benefit us during configurations and administration of the Adaptive Security Appliance (ASA). This will lead us to creating service policies and configuring static and dynamic Network Address Translation (NAT).

The following topics will be covered in the chapter:

Routing on the ASA
Device name, passwords, domain name
Setting banners using the ASDM
Configuring interfaces
System time and Network Time Protocol (NTP)
Access control list on the ASA
Object groups
Creating policies on ASA
Advanced NAT configurations

Routing on the ASA

In the previous chapter, we mentioned one of the features of the ASA is its capability to do routing. The ASA supports multiple routing protocols, such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP). In this section, we are going to take a look at how to configure both static and dynamic routing protocols on the ASA.

Static routing

Static routing is the manual configuration on either the router or the ASA. The administrator/network engineer would need to create a route on the ASA to tell the device how to forward traffic destined for a particular network. Without any routes, the device won't know how to forward packets. Static routing can become challenging as the network grows and more routers are added. With static routing, each network would require a manual entry into the routing table (static route) of the device, whether it's a Router or the ASA.

Let's begin setting up a static route on the ASA.

The following topology shows a single ASA for a company where the internet is directly connected to its Outside interface. Just as a Cisco router, the ASA automatically adds its directly-connected routes to its routing table. In the following topology, the ASA has only the 192.168.2.0/24 and 200.1.1.0/30 networks within its routing table:

However, it does not know about the 192.168.1.0/24 network, therefore any traffic, whether returning or destined for the 192.168.1.0/24 network, would be dropped because the ASA does not have a route to forward the packets. This would mean any traffic that is destined for the internet would also not be forwarded by the ASA, since it does not have a default route in place.

We can verify this information quickly using the show route command to view the routing table:

We are going to open the ASDM, then navigate to Configuration | Device Setup | Routing | Static Routes. As we can see, there are no Static Routes installed on the ASA:

Next, we are going to add a static route using the ASDM. On the right side of the window, click on Add. A new window will appear. Since the 192.168.1.0/24 destination network can be reached from the Inside interface, we must assign the interface settings correctly.

Then, we are going to add the destination network, 192.168.1.0/24, within the Network field and set the next-hop.

The next-hop is simply the next device to forward the packet to, based on the destination IP address/network within the packet header.

Referring back to the topology, if the ASA has a packet that is destined for 192.168.1.0/24, the only path to reach the network is through the router, therefore the next-hop will be 192.168.2.2. The next-hop IP address will be placed in the Gateway IP field:

The metric value is the cost to reach the network. Each route in the routing table is a metric based on routing protocols, directly-connected routes, or static routing. Static Routes has a distance of 1 by default. This value should be kept as the default unless you're creating a floating static route on the ASA.

Once the values are assigned, click on OK. The static route has been added: