did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780782142884

CCSPTM: Secure Intrusion Detection and SAFE Implementation Study Guide: Exams 642-531 and 642-541

by ;
  • ISBN13:

    9780782142884

  • ISBN10:

    0782142885

  • Format: Paperback
  • Copyright: 2004-04-01
  • Publisher: Sybex
  • Purchase Benefits
List Price: $59.99

Summary

Here's the book you need to prepare for Cisco's Secure Intrusion Detection (CSIDS) and SAFE Implementation (CSI) exams. This Study Guide was developed to meet the exacting requirements of today's certification candidates. In addition to the focused and accessible instructional approach that has earned Sybex the "Best Study Guide" designation in the 2003 CertCities Readers Choice Awards, this two-in-one Study Guide provides: Focused coverage on working with a Cisco Intrustion Detection System and SAFE Implemtation Practical examples and insights drawn from real-world experience Leading-edge exam preparation software, including the Sybex testing engine and electronic flashcards for your Palm Authoritative coverage of all exam objectives, including: Secure Intrusion Detection: Designing a Cisco IDS protection solution Installing and configuring a Cisco IDS Sensor Tuning and customizing signatures to work optimally in specific environments Performing device management of supported blocking devices Performing maintenance operations Monitoring a protection solution for small and medium networks Managing a large scale deployment of Cisco IDS Sensors SAFE Implementation Security Fundamentals Architectural Overview Cisco Security Portfolio SAFE Small Network Design SAFE Medium Network Design SAFE Remote-User Network Implementation Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

Table of Contents

Introduction xix
Assessment Test xxxii
Part I Cisco Secure Intrusion Detection System
Chapter 1 Introduction to Intrusion Detection and Protection
3(60)
Understanding Security Threats
4(16)
Hacker Characteristics
5(1)
Attack Types
6(14)
Implementing Network Security
20(13)
Securing the Network
21(9)
Monitoring Network Security
30(1)
Testing Network Security
31(1)
Improving Network Security
32(1)
Understanding Intrusion Detection Basics
33(6)
Triggers
33(3)
IDS System Location
36(2)
IDS Evasive Techniques
38(1)
Cisco Secure Intrusion Protection
39(2)
Introduction to Cisco Secure IDS
41(14)
Cisco Secure IDS Features
42(4)
Cisco Secure Sensor Platforms
46(4)
Cisco Secure Director Platforms
50(3)
Cisco Host IDS Platforms
53(2)
Summary
55(1)
Exam Essentials
55(2)
Key Terms
57(1)
Written Lab
58(1)
Review Questions
59(2)
Answers to Written Lab
61(1)
Answers to Review Questions
62(1)
Chapter 2 Installing Cisco Secure IDS Sensors and IDSMs
63(66)
Deploying Cisco Secure IDS
65(8)
Sensor Selection Considerations
65(4)
Sensor Deployment Considerations
69(4)
Installing and Configuring Cisco Secure IDS Sensors
73(38)
Planning the Installation
74(2)
Physically Installing the Sensor
76(8)
Gaining Initial Management Access
84(4)
Logging in to the Sensor
88(2)
Configuring the Sensor for the First Time
90(14)
Administering the Sensor
104(4)
Cisco Secure IDS Architecture
108(3)
Summary
111(2)
Exam Essentials
113(1)
Key Terms
114(1)
Commands Used in This Chapter
114(3)
Written Lab
117(1)
Hands-On Lab
118(2)
Lab 2.1: Using the setup Utility
118(1)
Lab 2.2: Configuring the IDS Sensor Using the CLI
118(1)
Lab 2.3: Administering the IDS Sensor
119(1)
Review Questions
120(2)
Answers to Written Lab
122(1)
Answers to Hands-On Labs
123(5)
Answer to Lab 2.1
123(2)
Answer to Lab 2.2
125(1)
Answer to Lab 2.3
126(2)
Answers to Review Questions
128(1)
Chapter 3 Configuring the Network to Support Cisco Secure IDS Sensors
129(62)
Capturing Traffic
130(1)
Configuring Traffic Capture for the 4200 Series Sensors
131(25)
Configuring Traffic Capture Using SPAN
137(8)
Configuring Traffic Capture Using RSPAN
145(11)
Configuring Traffic Capture for the IDSM
156(15)
Configuring SPAN for the IDSM-2
159(2)
Configuring Traffic Capture Using VACLs
161(7)
Configuring Traffic Capture using the mls ip ids Command
168(3)
Configuring the Sensing Interface to Control Trunk Traffic
171(2)
Restricting VLANs on CatOS
172(1)
Restricting VLANs on Cisco IOS
172(1)
Assigning the Command-and-Control Port VLAN
173(1)
Configuring the Command-and-Control VLAN on CatOS
173(1)
Configuring the Command-and-Control VLAN on Cisco IOS
173(1)
Configuring Traffic Capture for the NM-CIDS
174(1)
Summary
175(1)
Exam Essentials
175(2)
Key Terms
177(1)
Written Lab
177(1)
Hands-On Labs
178(4)
Lab 3.1: Configuring VSPAN
180(1)
Lab 3.2: Configuring RSPAN
180(1)
Lab 3.3: Configuring VACL Capture on Cisco IOS
180(1)
Lab 3.4: Configuring VACL Capture for Routed Interfaces on Cisco IOS
181(1)
Lab 3.5: Configuring VACL Capture on CatOS
181(1)
Lab 3.6: Configuring SPAN on CatOS
181(1)
Lab 3.7: Assigning the Command-and-Control Interface to a VLAN
181(1)
Review Questions
182(2)
Answer to Written Lab
184(5)
Answer to Lab 3.1
185(1)
Answer to Lab 3.2
185(1)
Answer to Lab 3.3
186(1)
Answer to Lab 3.4
186(1)
Answer to Lab 3.5
187(1)
Answer to Lab 3.6
187(1)
Answer to Lab 3.7
187(2)
Answers to Review Questions
189(2)
Chapter 4 Configuring Cisco Secure IDS Sensors Using the IDS Device Manager
191(108)
IDS Device Manager Introduction
192(6)
IDM Components and System Requirements
192(1)
Accessing the IDM for the First Time
193(3)
Navigating the IDM
196(2)
Configuring Cisco Secure IDS Sensors Using the IDM
198(50)
Performing Sensor Setup Using the IDM
198(5)
Configuring Intrusion Detection Using the IDM
203(18)
Configuring Blocking Using the IDM
221(23)
Configuring Auto Update Using the IDM
244(4)
Administering and Monitoring Cisco Secure IDS Sensors Using the IDM
248(19)
IDM Administration
248(13)
IDM Monitoring
261(6)
Summary
267(1)
Exam Essentials
268(2)
Key Terms
270(1)
Commands Used in This Chapter
271(5)
Hands-On Labs
276(4)
Lab 4.1: Prepare the Network
277(1)
Lab 4.2: Performing Sensor Setup
277(1)
Lab 4.3: Configuring System Variables
278(1)
Lab 4.4: Configuring Perimeter Devices
278(1)
Lab 4.5: Configuring and Verifying Blocking
278(1)
Lab 4.6: Configuring and Verifying Logging
279(1)
Lab 4.7: Configuring the Sensor Using the Sensor CLI
279(1)
Review Questions
280(2)
Answers to Hands-On Labs
282(16)
Answer to Lab 4.1
282(1)
Answer to Lab 4.2
283(3)
Answer to Lab 4.3
286(1)
Answer to Lab 4.4
287(2)
Answer to Lab 4.5
289(5)
Answer to Lab 4.6
294(1)
Answer to Lab 4.7
295(3)
Answers to Review Questions
298(1)
Chapter 5 Configuring Signatures and Using the IDS Event Viewer
299(94)
Cisco Secure IDS Signatures
300(18)
Cisco Secure IDS Signature Engines
302(5)
Signature Engine Parameters
307(11)
Configuring Cisco Secure IDS Signatures
318(14)
Configuring Signatures Using the IDM
318(8)
Configuring Signatures Using the CLI
326(6)
Introduction to the IDS Event Viewer
332(3)
Installing the IEV
333(2)
Accessing the IEV for the First Time
335(1)
Configuring the IEV
335(36)
Adding Sensors to the IEV
336(4)
Configuring Filters and Views
340(8)
Creating a View
348(6)
Configuring Application Settings and Preferences
354(4)
Administering the IEV Database
358(13)
Summary
371(1)
Exam Essentials
372(2)
Key Terms
374(1)
Commands Used in This Chapter
375(1)
Written Lab
376(1)
Hands-On Labs
377(3)
Lab 5.1: Configuring Signatures on a Sensor
378(1)
Lab 5.2: Installing the IEV And Adding a Device to the IEV
378(1)
Lab 5.3: Using the Realtime Dashboard
378(1)
Lab 5.4: Creating a Filter
379(1)
Lab 5.5: Creating a View
379(1)
Lab 5.6: Viewing Alarm Information
379(1)
Lab 5.7: Exporting Alarm Information
379(1)
Lab 5.8: Configuring IEV Preferences
379(1)
Review Questions
380(2)
Answers to Written Lab
382(1)
Answers to Hands-On Labs
383(9)
Answer to Lab 5.1
383(1)
Answer to Lab 5.2
384(1)
Answer to Lab 5.3
385(1)
Answer to Lab 5.4
386(1)
Answer to Lab 5.5
387(1)
Answer to Lab 5.6
388(2)
Answer to Lab 5.7
390(1)
Answer to Lab 5.8
390(2)
Answers to Review Questions
392(1)
Chapter 6 Enterprise Cisco Secure IDS Management
393(100)
Introduction to CiscoWorks VMS
394(6)
CiscoWorks VMS Components
394(2)
CiscoWorks VMS System Requirements
396(4)
Installing CiscoWorks VMS
400(14)
Installing CiscoWorks Common Services
400(4)
Installing the IDS Management Center and Security Monitoring Center
404(4)
Starting the CiscoWorks Desktop
408(3)
Adding Users
411(1)
Licensing CiscoWorks VMS Components
412(2)
Configuring IDS Sensors Using the IDS MC
414(43)
IDS Management Center Architecture
415(1)
Starting the IDS Management Center
416(2)
Configuring Sensor Groups
418(2)
Adding Sensors to the IDS MC
420(3)
Configuring Sensors Using the IDS MC
423(25)
Saving, Generating, Approving, and Deploying Sensor Configurations
448(7)
Updating Cisco Secure IDS Sensors
455(2)
Administering the IDS MC
457(8)
Configuring System Configuration Settings
457(2)
Configuring Database Rules
459(4)
Configuring Report Settings
463(2)
Summary
465(1)
Exam Essentials
466(1)
Key Terms
467(1)
Written Lab
468(1)
Hands-On Labs
469(3)
Lab 6.1: Initializing the Sensor, Switch, and Perimeter Router
470(1)
Lab 6.2: Installing CiscoWorks VMS
471(1)
Lab 6.3: Adding a Sensor to the IDS MC
471(1)
Lab 6.4: Configuring a Sensor Using the IDS MC
471(1)
Lab 6.5: Configuring and Testing Blocking
471(1)
Review Questions
472(2)
Answer to Written Lab
474(1)
Answers to Hands-On Labs
475(18)
Answer to Lab 6.1
475(3)
Answer to Lab 6.2
478(1)
Answer to Lab 6.3
478(3)
Answer to Lab 6.4
481(5)
Answer to Lab 6.5
486(4)
Answer to Lab 6.6
490(2)
Answers to Review Questions
492(1)
Chapter 7 Enterprise Cisco Secure IDS Monitoring
493(62)
Introduction to the Security Monitor
494(5)
Security Monitor Features
494(1)
Supported Devices for the Security Monitor
495(1)
Accessing the Security Monitor for the First Time
496(3)
Configuring the Security Monitor
499(1)
Configuring Sensors to Support the Security Monitor
499(7)
Defining Devices to Monitor
499(6)
Verifying Sensor Connection Status
505(1)
Working with Events
506(23)
Viewing Events
506(15)
Defining Notifications Using Event Rules
521(8)
Administering the Security Monitoring Center
529(8)
Configuring System Configuration Settings
529(4)
Configuring Database Rules
533(1)
Configuring Reports
533(4)
Summary
537(1)
Exam Essentials
538(1)
Key Terms
539(1)
Written Lab
540(1)
Hands-On Labs
541(2)
Lab 7.1: Adding a Sensor to the Security Monitor
542(1)
Lab 7.2: Using Event Viewer
542(1)
Lab 7.3: Configuring Event Rules
542(1)
Review Questions
543(2)
Answers to Written Lab
545(1)
Answers to Hands-On Labs
546(6)
Answer to Lab 7.1
546(1)
Answer to Lab 7.2
547(2)
Answer to Lab 7.3
549(3)
Answers to Review Questions
552(3)
Part II Cisco SAFE Implementation
Chapter 8 Security Fundamentals
555(32)
Identifying the Need for Network Security
556(3)
Network Attack Taxonomy
559(8)
Application Layer Attacks
560(1)
Denial of Service (DOS) or Distributed Denial of Service (DDOS)
561(1)
IP Weaknesses
562(1)
Man-in-the-Middle Attacks
562(1)
Network Reconnaissance
563(1)
Packet Sniffers
564(1)
Password Attacks
564(1)
Port Redirection
565(1)
Trojan Horse
565(1)
Trust Exploitation
566(1)
Unauthorized Access
566(1)
Virus
567(1)
Network Security Policies
567(1)
Management Protocols and Functions
568(2)
Configuration Management
568(1)
SNMP
569(1)
Syslog
569(1)
TFTP
570(1)
NTP
570(1)
SAFE Architectural Overview
570(3)
SAFE SMR Design Fundamentals
572(1)
SAFE SMR Architecture
572(1)
SAFE Axioms
573(5)
Routers Are Targets
574(1)
Switches Are Targets
575(1)
Hosts Are Targets
576(1)
Networks Are Targets
576(1)
Applications Are Targets
576(1)
Intrusion Detection Systems Mitigate Attacks
577(1)
Secure Management and Reporting Mitigate Attacks
577(1)
Identifying the Security Wheel
578(1)
Summary
579(1)
Exam Essentials
580(1)
Key Terms
581(1)
Written Lab
582(1)
Review Questions
583(2)
Answers to Written Lab
585(1)
Answers to Review Questions
586(1)
Chapter 9 The Cisco Security Portfolio
587(24)
Cisco Security Portfolio Overview
588(1)
Secure Connectivity: Virtual Private Network Solutions
589(7)
Site-to-Site VPN Solution
591(2)
Remote Access VPN Solution
593(2)
Firewall-Based VPN Solution and Perimeter Security
595(1)
Understanding Intrusion Protection
596(2)
IDS
597(1)
Secure Scanner
598(2)
Understanding Identity
600(1)
Cisco Secure Access Control Server (ACS)
600(1)
Understanding Security Management
601(1)
Cisco AVVID
602(1)
Summary
603(1)
Exam Essentials
604(1)
Key Terms
604(1)
Written Lab
605(1)
Review Questions
606(2)
Answers to Written Lab
608(1)
Answers to Review Questions
609(2)
Chapter 10 SAFE Small and Medium Network Designs
611(46)
Small Network Design Overview
612(5)
Corporate Internet Module
612(3)
Campus Module
615(2)
Medium Network Design Overview
617(6)
Corporate Internet Module
618(2)
Campus Module
620(2)
WAN Module
622(1)
Implementation of Key Devices
623(15)
NIDS and HIDS
623(1)
Implementing the ISP Router
624(3)
Implementing the IOS-based Firewall
627(7)
Implementing the PIX Firewall
634(4)
Summary
638(1)
Exam Essentials
639(1)
Key Terms
640(1)
Commands Used in This Chapter
640(4)
Written Lab
644(1)
Hands-On Lab
645(2)
Lab 10.1: Configure IKE Phase 1 on RI
645(1)
Lab 10.2: Configure IKE Phase 1 on PIX1
645(1)
Lab 10.3: Configure IPSec on R1
646(1)
Lab 10.4: Configure IPSec on PIX1
646(1)
Lab 10.5: Configure Host DoS Mitigation on PIX1
646(1)
Review Questions
647(4)
Answers to Written Lab
651(2)
Answers to Hands-On Labs
653(2)
Answer to Lab 10.1
653(1)
Answer to Lab 10.2
653(1)
Answer to Lab 10.3
653(1)
Answer to Lab 10.4
654(1)
Answer to Lab 10.5
654(1)
Answers to Review Questions
655(2)
Chapter 11 SAFE Remote Access Network Design
657(26)
Remote Access Network Design Overview
658(2)
Key Devices
659(1)
Implementing the Remote Access Devices
660(13)
Software Access Option
660(4)
Remote Site Firewall Option
664(3)
VPN Hardware Client Option
667(4)
Remote Site Router Option
671(2)
Summary
673(1)
Exam Essentials
674(1)
Key Terms
674(1)
Commands Used in This Chapter
675(1)
Written Lab
676(1)
Hands-On Labs
677(1)
Lab 11.1: Configuring an ISAKMP Policy
677(1)
Lab 11.2: Configuring a Pre-share Key
677(1)
Review Questions
678(2)
Answers to Written Lab
680(1)
Answers to Hands-On Labs
681(1)
Answer to Lab 11.1
681(1)
Answer to Lab 11.2
681(1)
Answers to Review Questions
682(1)
Glossary 683(14)
Index 697

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program