Home > Store

CCNA Security (210-260) Portable Command Guide, 2nd Edition

Register your product to gain access to bonus material or receive a coupon.

CCNA Security (210-260) Portable Command Guide, 2nd Edition


  • Sorry, this book is no longer in print.
Not for Sale



  • Practical, example-rich information for every command on Cisco's newest CCNA® Security exam
  • Real-world samples and best-practice topologies help students work more efficiently, and pass the first time
  • Covers security policies, securing routers, switches, and firewalls; VPNs, IPS, LAN security, and more
  • Perfect take-anywhere resource: no need for thick books or Web access


  • Copyright 2016
  • Dimensions: 6" x 9"
  • Pages: 352
  • Edition: 2nd
  • Book
  • ISBN-10: 1-58720-575-0
  • ISBN-13: 978-1-58720-575-0

Preparing for the latest CCNA Security exam? Here are all  the CCNA Security (210-260) commands you need in one condensed, portable resource. Filled with valuable, easy-to-access information, the CCNA Security Portable Command Guide, is portable enough for you to use whether you’re in the server room or the equipment closet.

Completely updated to reflect the new CCNA Security 210-260 exam, this quick reference summarizes relevant Cisco IOS® Software commands, keywords, command arguments, and associated prompts, and offers tips and examples for applying these commands to real-world security challenges. Configuration examples, throughout, provide an even deeper understanding of how to use IOS to protect networks.

Topics covered include

  • Networking security fundamentals: concepts, policies, strategy
  •  Protecting network infrastructure: network foundations, security management planes/access; data planes (Catalyst switches and IPv6)
  •  Threat control/containment: protecting endpoints and content; configuring ACLs, zone-based firewalls, and Cisco IOS IPS
  •  Secure connectivity: VPNs, cryptology, asymmetric encryption, PKI, IPsec VPNs, and site-to-site VPN configuration
  •  ASA network security: ASA/ASDM concepts; configuring ASA basic settings, advanced settings, and VPNs

 Access all CCNA Security commands: use as a quick, offline resource for research and solutions

  • Logical how-to topic groupings provide one-stop research
  • Great for review before CCNA Security certification exams
  • Compact size makes it easy to carry with you, wherever you go
  •  “Create Your Own Journal” section with blank, lined pages allows you to personalize the book for your needs
  •  “What Do You Want to Do?” chart inside the front cover helps you to quickly reference specific tasks

Sample Content

Online Sample Chapter

Building a Security Strategy

Sample Pages

Download the sample pages (includes Chapter 3 and Index)

Table of Contents

    Introduction xxi

Part I: Networking Security Fundamentals

Chapter 1 Networking Security Concepts 1

    Basic Security Concepts 2

        Security Terminology 2

        Confidentiality, Integrity, and Availability (CIA) 2

        Data Classification Criteria 2

        Data Classification Levels 3

        Classification Roles 3

    Threat Classification 3

        Trends in Information Security Threats 4

        Preventive, Detective, and Corrective Controls 4

        Risk Avoidance, Transfer, and Retention 4

    Drivers for Network Security 5

        Evolution of Threats 5

        Data Loss and Exfiltration 5

        Tracking Threats 6

    Malware 6

        Anatomy of a Worm 7

        Mitigating Malware and Worms 7

    Threats in Borderless Networks 8

        Hacker Titles 8

        Thinking Like a Hacker 9

        Reconnaissance Attacks 9

        Access Attacks 10

        Password Cracking 11

        Denial-of-Service Attacks 11

        Distributed Denial-of-Service Attacks 12

        Tools Used by Attackers 13

    Principles of Secure Network Design 13

        Defense in Depth 14

Chapter 2 Implementing Security Policies 15

    Managing Risk 15

        Quantitative Risk Analysis Formula 16

        Quantitative Risk Analysis Example 17

        Regulatory Compliance 17

    Security Policy 19

        Standards, Guidelines, and Procedures 20

        Security Policy Audience Responsibilities 21

        Security Awareness 21

    Secure Network Lifecycle Management 22

        Models and Frameworks 23

        Assessing and Monitoring the Network Security Posture 23

        Testing the Security Architecture 24

    Incident Response 24

        Incident Response Phases 24

        Computer Crime Investigation 25

        Collection of Evidence and Forensics 25

        Law Enforcement and Liability 25

        Ethics 25

    Disaster-Recovery and Business-Continuity Planning 26

Chapter 3 Building a Security Strategy 27

    Cisco Borderless Network Architecture 27

        Borderless Security Products 28

    Cisco SecureX Architecture and Context-Aware Security 28

        Cisco TrustSec 30

        TrustSec Confidentiality 30

        Cisco AnyConnect 31

        Cisco Talos 31

    Threat Control and Containment 31

    Cloud Security and Data-Loss Prevention 32

    Secure Connectivity Through VPNs 32

    Security Management 33

Part II: Protecting the Network Infrastructure

Chapter 4 Network Foundation Protection 35

    Threats Against the Network Infrastructure 35

    Cisco Network Foundation Protection Framework 36

    Control Plane Security 37

        Control Plane Policing 37

    Management Plane Security 38

        Role-Based Access Control 39

        Secure Management and Reporting 39

        Data Plane Security 39

        ACLs 40

        Antispoofing 40

        Layer 2 Data Plane Protection 40

Chapter 5 Securing the Management Plane 41

    Planning a Secure Management and Reporting Strategy 42

    Securing the Management Plane 42

        Securing Passwords 43

        Securing the Console Line and Disabling the Auxiliary Line 43

        Securing VTY Access with SSH 44

        Securing VTY Access with SSH Example 45

        Securing Configuration and IOS Files 46

        Restoring Bootset Files 47

    Implementing Role-Based Access Control on Cisco Routers 47

        Configuring Privilege Levels 47

        Configuring Privilege Levels Example 47

        Configuring RBAC 48

        Configuring RBAC via the CLI Example 49

        Configuring Superviews 49

        Configuring a Superview Example 50

    Network Monitoring 51

        Configuring a Network Time Protocol Master Clock 51

        Configuring an NTP Client 52

        Configuring an NTP Master and Client Example 52

        Configuring Syslog 53

        Configuring Syslog Example 54

        Configuring SNMPv3 54

        Configuring SNMPv3 Example 55

Chapter 6 Securing Management Access with AAA 57

    Authenticating Administrative Access 57

        Local Authentication 57

        Server-Based Authentication 58

        Authentication, Authorization, and Accounting Framework 58

    Local AAA Authentication 58

        Configuring Local AAA Authentication Example 60

    Server-Based AAA Authentication 61

        TACACS+ Versus RADIUS 61

        Configuring Server-Based AAA Authentication 62

        Configuring Server-Based AAA Authentication Example 63

    AAA Authorization 64

        Configuring AAA Authorization Example 64

    AAA Accounting 65

        Configuring AAA Accounting Example 65

    802.1X Port-Based Authentication 65

        Configuring 802.1X Port-Based Authentication 66

        Configuring 802.1X Port-Based Authentication Example 68

Chapter 7 Securing the Data Plane on Catalyst Switches 69

    Common Threats to the Switching Infrastructure 70

        Layer 2 Attacks 70

        Layer 2 Security Guidelines 71

    MAC Address Attacks 72

        Configuring Port Security 72

        Fine-Tuning Port Security 73

        Configuring Optional Port Security Settings 74

        Configuring Port Security Example 75

    VLAN Hopping Attacks 76

        Mitigating VLAN Attacks 76

        Mitigating VLAN Attacks Example 77

    DHCP Attacks 78

        Mitigating DHCP Attacks 78

        Mitigating DHCP Attacks Example 80

    ARP Attacks 80

        Mitigating ARP Attacks 80

        Mitigating ARP Attacks Example 82

    Address Spoofing Attacks 83

        Mitigating Address Spoofing Attacks 83

        Mitigating Address Spoofing Attacks Example 83

    Spanning Tree Protocol Attacks 84

        STP Stability Mechanisms 84

        Configuring STP Stability Mechanisms 85

        Configuring STP Stability Mechanisms Example 86

    LAN Storm Attacks 87

        Configuring Storm Control 88

        Configuring Storm Control Example 88

    Advanced Layer 2 Security Features 88

        ACLs and Private VLANs 89

        Secure the Switch Management Plane 89

Chapter 8 Securing the Data Plane in IPv6 Environments 91

    Overview of IPv6 91

        Comparison Between IPv4 and IPv6 91

        The IPv6 Header 92

        ICMPv6 93

        Stateless Autoconfiguration 94

        IPv4-to-IPv6 Transition Solutions 94

        IPv6 Routing Solutions 94

    IPv6 Threats 95

        IPv6 Vulnerabilities 96

    IPv6 Security Strategy 96

        Configuring Ingress Filtering 96

        Secure Transition Mechanisms 97

        Future Security Enhancements 97

Part III: Threat Control and Containment

Chapter 9 Endpoint and Content Protection 99

    Protecting Endpoints 99

        Endpoint Security 99

        Data Loss Prevention 100

        Endpoint Posture Assessment 100

    Cisco Advanced Malware Protection (AMP) 101

        Cisco AMP Elements 101

        Cisco AMP for Endpoint 102

        Cisco AMP for Endpoint Products 102

    Content Security 103

        Email Threats 103

        Cisco Email Security Appliance (ESA) 103

        Cisco Email Security Virtual Appliance (ESAV) 104

    Cisco Web Security Appliance (WSA) 104

    Cisco Web Security Virtual Appliance (WSAV) 105

    Cisco Cloud Web Security (CWS) 105

Chapter 10 Configuring ACLs for Threat Mitigation 107

    Access Control List 108

        Mitigating Threats Using ACLs 108

        ACL Design Guidelines 108

        ACL Operation 108

    Configuring ACLs 110

        ACL Configuration Guidelines 110

        Filtering with Numbered Extended ACLs 110

        Configuring a Numbered Extended ACL Example 111

        Filtering with Named Extended ACLs 111

        Configuring a Named Extended ACL Example 112

    Mitigating Attacks with ACLs 112

        Antispoofing ACLs Example 112

        Permitting Necessary Traffic through a Firewall Example 114

        Mitigating ICMP Abuse Example 115

    Enhancing ACL Protection with Object Groups 117

        Network Object Groups 117

        Service Object Groups 118

        Using Object Groups in Extended ACLs 119

        Configuring Object Groups in ACLs Example 119

    ACLs in IPv6 121

        Mitigating IPv6 Attacks Using ACLs 121

        IPv6 ACLs Implicit Entries 122

        Filtering with IPv6 ACLs 122

        Configuring an IPv6 ACL Example 123

Chapter 11 Configuring Zone-Based Firewalls 125

    Firewall Fundamentals 125

        Types of Firewalls 125

    Firewall Design 126

        Security Architectures 127

        Firewall Policies 127

        Firewall Rule Design Guidelines 128

        Cisco IOS Firewall Evolution 128

    Cisco IOS Zone-Based Policy Firewall 129

        Cisco Common Classification Policy Language 129

        ZPF Design Considerations 129

        Default Policies, Traffic Flows, and Zone Interaction 130

        Configuring an IOS ZPF 131

        Configuring an IOS ZPF Example 132

Chapter 12 Configuring Cisco IOS IPS 135

    IDS and IPS Fundamentals 135

        Types of IPS Sensors 136

        Types of Signatures 136

        Types of Alarms 136

    Intrusion Prevention Technologies 137

        IPS Attack Responses 137

        IPS Anti-Evasion Techniques 138

        Managing Signatures 140

        Cisco IOS IPS Signature Files 140

        Implementing Alarms in Signatures 140

        IOS IPS Severity Levels 141

        Event Monitoring and Management 141

        IPS Recommended Practices 142

    Configuring IOS IPS 142

        Creating an IOS IPS Rule and Specifying the IPS Signature File Location 143

        Tuning Signatures per Category 144

        Configuring IOS IPS Example 147

Part IV: Secure Connectivity

Chapter 13 VPNs and Cryptology 149

    Virtual Private Networks 149

        VPN Deployment Modes 150

    Cryptology = Cryptography + Cryptanalysis 151

        Historical Cryptographic Ciphers 151

        Modern Substitution Ciphers 152

        Encryption Algorithms 152

        Cryptanalysis 153

    Cryptographic Processes in VPNs 154

        Classes of Encryption Algorithms 155

        Symmetric Encryption Algorithms 155

        Asymmetric Encryption Algorithm 156

        Choosing an Encryption Algorithm 157

        Choosing an Adequate Keyspace 157

    Cryptographic Hashes 157

        Well-Known Hashing Algorithms 158

        Hash-Based Message Authentication Codes 158

    Digital Signatures 159

Chapter 14 Asymmetric Encryption and PKI 161

    Asymmetric Encryption 161

        Public Key Confidentiality and Authentication 161

        RSA Functions 162

    Public Key Infrastructure 162

        PKI Terminology 163

        PKI Standards 163

        PKI Topologies 164

        PKI Characteristics 165

Chapter 15 IPsec VPNs 167

    IPsec Protocol 167

        IPsec Protocol Framework 168

        Encapsulating IPsec Packets 169

        Transport Versus Tunnel Mode 169

        Confidentiality Using Encryption Algorithms 170

        Data Integrity Using Hashing Algorithms 170

        Peer Authentication Methods 171

        Key Exchange Algorithms 172

        NSA Suite B Standard 172

    Internet Key Exchange 172

        IKE Negotiation Phases 173

        IKEv1 Phase 1 (Main Mode and Aggressive Mode) 173

        IKEv1 Phase 2 (Quick Mode) 174

        IKEv2 Phase 1 and 2 174

        IKEv1 Versus IKEv2 175

    IPv6 VPNs 175

Chapter 16 Configuring Site-to-Site VPNs 177

    Site-to-Site IPsec VPNs 177

        IPsec VPN Negotiation Steps 177

        Planning an IPsec VPN 178

        Cipher Suite Options 178

    Configuring IOS Site-to-Site VPNs 179

        Verifying the VPN Tunnel 183

        Configuring a Site-to-Site IPsec VPN 183

Part V: Securing the Network Using the ASA

Chapter 17 Introduction to the ASA 187

    Adaptive Security Appliance 187

        ASA Models 188

        Routed and Transparent Firewall Modes 189

        ASA Licensing 190

    Basic ASA Configuration 191

        ASA 5505 Front and Back Panel 191

        ASA Security Levels 193

        ASA 5505 Port Configuration 194

        ASA 5505 Deployment Scenarios 194

        ASA 5505 Configuration Options 194

Chapter 18 Introduction to ASDM 195

    Adaptive Security Device Manager 195

        Accessing ASDM 195

        Factory Default Settings 196

        Resetting the ASA 5505 to Factory Default Settings 197

        Erasing the Factory Default Settings 197

        Setup Initialization Wizard 197

    Installing and Running ASDM 198

        Running ASDM 200

    ASDM Wizards 202

        The Startup Wizard 202

        VPN Wizards 203

        Advanced Wizards 204

Chapter 19 Configuring Cisco ASA Basic Settings 205

    ASA Command-Line Interface 205

        Differences Between IOS and ASA OS 206

    Configuring Basic Settings 206

        Configuring Basic Management Settings 207

        Enabling the Master Passphrase 208

    Configuring Interfaces 208

        Configuring the Inside and Outside SVIs 208

        Assigning Layer 2 Ports to VLANs 209

        Configuring a Third SVI 209

    Configuring the Management Plane 210

        Enabling Telnet, SSH, and HTTPS Access 210

        Configuring Time Services 211

    Configuring the Control Plane 212

        Configuring a Default Route 212

    Basic Settings Example 212

        Configuring Basic Settings Example Using the CLI 213

        Configuring Basic Settings Example Using ASDM 215

        Configuring Interfaces Using ASDM 217

        Configuring the System Time Using ASDM 221

        Configuring Static Routing Using ASDM 223

        Configuring Device Management Access Using ASDM 226

Chapter 20 Configuring Cisco ASA Advanced Settings 229

    ASA DHCP Services 230

        DHCP Client 230

        DHCP Server Services 230

        Configuring DHCP Server Example Using the CLI 231

        Configuring DHCP Server Example Using ASDM 232

    ASA Objects and Object Groups 235

        Network and Service Objects 236

        Network, Protocol, ICMP, and Service Object Groups 237

        Configuring Objects and Object Groups Example Using ASDM 239

    ASA ACLs 243

        ACL Syntax 244

        Configuring ACLs Example Using the CLI 245

        Configuring ACLs with Object Groups Example Using the CLI 246

        Configuring ACLs with Object Groups Example Using ASDM 247

    ASA NAT Services 250

        Auto-NAT 251

        Dynamic NAT, Dynamic PAT, and Static NAT 251

        Configuring Dynamic and Static NAT Example Using the CLI 253

        Configuring Dynamic NAT Example Using ASDM 254

        Configuring Dynamic PAT Example Using ASDM 257

        Configuring Static NAT Example Using ASDM 258

    AAA Access Control 260

        Local AAA Authentication 260

        Server-Based AAA Authentication 261

        Configuring AAA Server-Based Authentication Example Using the CLI 261

        Configuring AAA Server-Based Authentication Example Using ASDM 262

    Modular Policy Framework Service Policies 266

        Class Maps, Policy Maps, and Service Policies 267

        Default Global Policies 269

        Configure Service Policy Example Using ASDM 271

Chapter 21 Configuring Cisco ASA VPNs 273

    Remote-Access VPNs 273

        Types of Remote-Access VPNs 273

    ASA SSL VPN 274

        Client-Based SSL VPN Example Using ASDM 275

        Clientless SSL VPN Example Using ASDM 286

    ASA Site-to-Site IPsec VPN 294

        ISR IPsec VPN Configuration 294

        ASA Initial Configuration 296

        ASA VPN Configuration Using ASDM 297

Appendix A    Create Your Own Journal Here 303

9781587205750, TOC, 3/11/2016


Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership