• Quản trị mạng - Chapter 9: Managing a secure networkQuản trị mạng - Chapter 9: Managing a secure network

    The security policy is an integral component of an organization’s network security design and implementation. It answers questions about what assets are to be protected and how to protect them. • A security policy typically consists of a goverming policy, a technical policy, and an end-user policy. • Standards, guidelines, and procedures cont...

    pdf82 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 776 | Lượt tải: 0

  • Quản trị mạng - Chapter 8: Implementing virtual private networksQuản trị mạng - Chapter 8: Implementing virtual private networks

    Describe the purpose and operation of VPN types • Describe the purpose and operation of GRE VPNs • Describe the components and operations of IPsec VPNs • Configure and verify a site-to-site IPsec VPN with preshared key authentication using CLI • Configure and verify a site-to-site IPsec VPN with preshared key authentication using CCP • Configu...

    pdf124 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 911 | Lượt tải: 1

  • Quản trị mạng - Chapter 7: Cryptographic systemsQuản trị mạng - Chapter 7: Cryptographic systems

    To authenticate each other, users have to obtain the certificate of the CA and their own certificate. These steps require the out-of-band verification of the processes. Public-key systems use asymmetric keys whe one is public and the other one is private. Key management is simplified because two users can freely exchange the certificates. Th...

    pdf104 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 1013 | Lượt tải: 0

  • Quản trị mạng - Chapter 6: Securing the local area networkQuản trị mạng - Chapter 6: Securing the local area network

    Modern enterprise networks deploy wireless, VoIP, and SAN devices that require specialized security solutions. • Wireless technologies are the most prone to network attacks. A number of technologies have evolved to miligate these attacks. • With the increased adoption of VoIP, serveral security considerations specific to VoIP technology have ...

    pdf143 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 849 | Lượt tải: 0

  • Quản trị mạng - Chapter 5: Implementing intrusion preventionQuản trị mạng - Chapter 5: Implementing intrusion prevention

    Signatures may need to be tuned to a specifc netwok. • Continuously monitor an IPS solution to ensure that it is providing an adequate level of protection. • Implement Cisco IOS IPS using CLI or SDM • Modify IPS signatures using CLI or SDM • Use various CLI commends to verify and monitor a Cisco IOS IPS configuration. Học việ

    pdf83 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 835 | Lượt tải: 0

  • Quản trị mạng - Chapter 4: Implementing firewall technologiesQuản trị mạng - Chapter 4: Implementing firewall technologies

    Zone-Based Policy Firewall (ZPF) , introduced in 2006, is the state of the art in modern firewalling. • ZPF operation centers around the creation of zones associated with various security levels. • Implementing ZPF with CLI is much more structured and easier to understand than CBAC . ZPF utilizes class maps and policy maps enabled by C3PL. •...

    pdf132 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 926 | Lượt tải: 0

  • Quản trị mạng - Chapter 3: Authentication, authorization, and accountingQuản trị mạng - Chapter 3: Authentication, authorization, and accounting

    In large or complex networks, AAA authentication can be implemented using server-based AAA. • AAA servers can use RADIUS or TACACS+ protocols to communicate with client routers. • The Cisco Access Control Server (ACS) can be used to provide AAA server services. • Server-based AAA authentication can be configured using CLI or SDM. • Server-b...

    pdf78 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 903 | Lượt tải: 0

  • Quản trị mạng - Chapter 2: Securing network devicesQuản trị mạng - Chapter 2: Securing network devices

    Released in IOS version 12.3, Cisco AutoSecure is a feature that is initiated from the CLI and executes a script. • AutoSecure first makes recommendations for fixing security vulnerabilities and then modifies the security configuration of the router. • There are three forwarding plane services and functions: 1. Enables Cisco Express Forwardin...

    pdf175 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 904 | Lượt tải: 0

  • Quản trị mạng - Chapter 1: Modern network security threatsQuản trị mạng - Chapter 1: Modern network security threats

    Keep patches up to date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks. 2. Shut down unnecessary services and ports. 3. Use strong passwords and change them often 4. Control physical access to systems. 5. Mitigating Network Attacks Avoid unnecessary web page inputs. 6. Perform ba...

    pdf75 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 934 | Lượt tải: 0

  • Quản trị mạng - Chapter 8: Network troubleshootingQuản trị mạng - Chapter 8: Network troubleshooting

    The difficulty in troubleshooting Layer 2 technologies, such as PPP and Frame Relay, is the unavailability of common Layer 3 troubleshooting tools, such as ping, to assist with anything but the identification that the network is down. • Most of the problems that occur with PPP involve link negotiation.

    pdf73 trang | Chia sẻ: nguyenlam99 | Ngày: 09/01/2019 | Lượt xem: 874 | Lượt tải: 0