larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide, 2nd Edition

eBook (Watermarked)

  • Your Price: $44.79
  • List Price: $55.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

  • Description
  • Sample Content
  • Updates
  • Copyright 2013
  • Dimensions: 7-3/8" x 9-1/8"
  • Edition: 2nd
  • eBook (Watermarked)
  • ISBN-10: 0-13-298333-8
  • ISBN-13: 978-0-13-298333-4

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide Second Edition

Foundation learning for the CCNA Security IINS 640-554 exam

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition, is a Cisco-authorized, self-paced learning tool for CCNA® Security 640-554 foundation learning. This book provides you with the knowledge needed to secure Cisco® networks. By reading this book, you will gain a thorough understanding of how to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

This book focuses on using Cisco IOS routers to protect the network by capitalizing on their advanced features as a perimeter router, firewall, intrusion prevention system, and site-to-site VPN device. The book also covers the use of Cisco Catalyst switches for basic network security, the  Cisco Secure Access Control System (ACS), and the Cisco Adaptive Security Appliance (ASA). You learn how to perform basic tasks to secure a small branch office network using Cisco IOS security features available through web-based GUIs (Cisco Configuration Professional) and the CLI
on Cisco routers, switches, and ASAs.

Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book.

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit

-- Develop a comprehensive network security policy to counter threats against information security

-- Secure borderless networks

-- Learn how to use Cisco IOS Network Foundation Protection (NFP) and Cisco Configuration Professional (CCP)

-- Securely implement the management and reporting features of Cisco IOS devices

-- Deploy Cisco Catalyst Switch security features

-- Understand IPv6 security features

-- Plan threat control strategies

-- Filter traffic with access control lists

-- Configure ASA and Cisco IOS zone-based firewalls

-- Implement intrusion prevention systems (IPS) and network address translation (NAT)

-- Secure connectivity with site-to-site IPsec VPNs and remote access VPNs

This volume is in the Foundation Learning Guide Series offered by Cisco Press®. These guides are developed together with Cisco as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams.

Category: Cisco Certification

Covers: CCNA Security IINS exam 640-554

Table of Contents

Introduction xxviii

Part I Networking Security Fundamentals

Chapter 1 Network Security Concepts and Policies 1

Building Blocks of Information Security 2

    Basic Security Assumptions 2

    Basic Security Requirements 2

    Data, Vulnerabilities, and Countermeasures 3

        Data Classification 4

        Vulnerabilities Classifications 7

        Countermeasures Classification 8

        Need for Network Security 12

        Intent Evolution 13

        Threat Evolution 14

        Trends Affecting Network Security 16

    Adversaries, Methodologies, and Classes of Attack 19

        Adversaries 20

        Methodologies 21

        Threats Classification 23

        Man-in-the-Middle Attacks 32

        Overt and Covert Channels 33

        Botnets 37

        DoS and DDoS Attacks 37

    Principles of Secure Network Design 39

        Defense in Depth 41

Evaluating and Managing the Risk 42

    Levels of Risks 43

    Risk Analysis and Management 44

        Risk Analysis 44

        Building Blocks of Risk Analysis 47

        A Lifecycle Approach to Risk Management 49

    Regulatory Compliance 50

Security Policies 53

    Security Policy Components 55

        Governing Policy 56

        End-User Policies 57

        Technical Policies 57

        Standards, Guidelines, and Procedures 59

        Security Policy Roles and Responsibilities 61

        Security Awareness 62

Secure Network Lifecycle Management 63

    IT Governance, Risk Management, and Compliance 64

    Secure Network Life Cycle 64

        Initiation Phase 65

        Acquisition and Development Phase 65

        Implementation Phase 66

        Operations and Maintenance Phase 67

        Disposition Phase 67

        Models and Frameworks 67

    Network Security Posture 69

    Network Security Testing 70

        Security Testing Techniques 70

        Common Testing Tools 71

    Incident Response 72

    Incident Management 73

        Computer Crime Investigations 74

        Laws and Ethics 75

        Liability 76

    Disaster Recovery and Business Continuity Planning 77

        Business Continuity Concepts 78

Summary 79

References 79

    Publications 79

    Web Resources 80

Review Questions 80

Chapter 2 Security Strategy and Cisco Borderless Network 85

Borderless Networks 85

Cisco Borderless Network Security Architecture 86

    Borderless End Zone 88

    Borderless Internet 89

    Borderless Data Center 90

    Policy Management Layer 91

    Borderless Network Services 91

Borderless Security Products 92

    SecureX, a Context-Aware Security Approach 93

        SecureX Core Components 94

    Threat Control and Containment 98

    Cisco Security Intelligence Operation 99

    Cloud Security, Content Security, and Data Loss Prevention 100

        Content Security 101

        Data Loss Prevention 101

        Cloud-Based Security 101

        Web Security 101

        Email Security 104

    Secure Connectivity Through VPNs 105

    Security Management 106

        Cisco Security Manager 107

Summary 108

References 108

Review Questions 109

Part II Protecting the Network Infrastructure

Chapter 3 Network Foundation Protection and Cisco Configuration Professional 111

Threats Against the Network Infrastructure 112

Cisco NFP Framework 114

    Control Plane Security 118

        CoPP 119

        CPPr 119

        Traffic Classes 120

        Routing Protocol Integrity 121

        Cisco AutoSecure 122

    Management Plane Security 123

        Secure Management and Reporting 124

        Role-Based Access Control 126

        Deploying AAA 127

    Data Plane Security 128

        Access Control List Filtering 128

Cisco Configuration Professional 131

    CCP Initial Configuration 133

    Cisco Configuration Professional User Interface and Features 136

        Menu Bar 136

        Toolbar 138

        Navigation Pane 138

        Content Pane 142

        Status Bar 142

Cisco Configuration Professional Building Blocks 142

    Communities 142

        Creating Communities 143

        Managing Communities 144

    Templates 145

    User Profiles 147

    Using CCP to Harden Cisco IOS Devices 148

        Security Audit 149

        One-Step Lockdown 152

        Cisco IOS AutoSecure 152

Summary 154

References 155

Review Questions 155

Chapter 4 Securing the Management Plane on Cisco IOS Devices and AAA 159

Configuring Secure Administration Access 159

    Configuring an SSH Daemon for Secure Management Access 161

    Configuring Passwords on Cisco IOS Devices 163

        Setting Timeouts for Router Lines 164

        Configuring the Minimum Length for Router Passwords 165

        Enhanced Username Password Security 166

    Securing ROM Monitor 167

    Securing the Cisco IOS Image and Configuration Files 168

    Configuring Multiple Privilege Levels 170

    Configuring Role-Based Command-Line Interface Access 171

Implementing Secure Management and Reporting 174

    Planning Considerations for Secure Management and Reporting 175

    Secure Management and Reporting Architecture 176

        Secure Management and Reporting Guidelines 176

    Enabling Time Features 176

        Network Time Protocol 177

    Using Syslog Logging for Network Security 178

        Implementing Log Messaging for Security 179

    Using SNMP to Manage Network Devices 182

        SNMPv3 Architecture 183

        Enabling SNMP Options Using Cisco CCP 185

Configuring AAA on a Cisco Router 186

    Authentication, Authorization, and Accounting 186

        Authenticating Router Access 188

    Configuring AAA Authentication and Method Lists 190

    Configuring AAA on a Cisco Router Using the Local Database 191

        Configuring AAA Local Authentication 192

    AAA on a Cisco Router Using Cisco Secure ACS 198

        Cisco Secure ACS Overview 198

        Cisco Identity Services Engine 204

TACACS+ and RADIUS Protocols 205

    TACACS+ 205

    RADIUS 206

    Comparing TACACS+ and RADIUS 206

AAA on a Cisco Router Using an External Database 208

    Configuration Steps for AAA Using an External Database 208

        AAA Servers and Groups 208

        AAA Authentication Method Lists 210

        AAA Authorization Policies 211

        AAA Accounting Policies 213

    AAA Configuration for TACACS+ Example 215

    Troubleshooting TACACS+ 216

Deploying and Configuring Cisco Secure ACS 218

    Evolution of Authorization 219

        Before: Group-Based Policies 219

        Now: More Than Just Identities 220

    Rule-Based Policies 222

    Configuring Cisco Secure ACS 5.2 223

        Configuring Authorization Policies for Device Administration 224

Summary 230

References 230

Review Questions 231

Chapter 5 Securing the Data Plane on Cisco Catalyst Switches 233

Overview of VLANs and Trunking 234

    Trunking and 802.1Q 235

        802.1Q Tagging 236

        Native VLANs 237

    Configuring VLANs and Trunks 237

        Step 1: Configuring and Verifying 802.1Q Trunks 238

        Step 2: Creating a VLAN 240

        Step 3: Assigning Switch Ports to a VLAN 242

        Step 4: Configuring Inter-VLAN Routing 243

Spanning Tree Overview 244

    STP Fundamentals 245

    Verifying RSTP and PVRST+ 248

Mitigating Layer 2 Attacks 249

    Basic Switch Operation 249

    Layer 2 Best Practices 250

    Layer 2 Protection Toolkit 250

    Mitigating VLAN Attacks 251

        VLAN Hopping 251

    Mitigating Spanning Tree Attacks 254

        PortFast 255

    Mitigating CAM Table Overflow Attacks 259

    Mitigating MAC Address Spoofing Attacks 260

    Using Port Security 261

        Errdisable Recovery 263

Summary 270

References 271

Review Questions 271

Chapter 6 Securing the Data Plane in IPv6 Environments 275

The Need for IPv6 275

IPv6 Features and Enhancements 278

    IPv6 Headers 279

    Stateless Address Autoconfiguration 280

    Internet Control Message Protocol Version 6 281

    IPv6 General Features 282

    Transition to IPv6 283

IPv6 Addressing 285

    IPv6 Address Representation 285

    IPv6 Address Types 286

        IPv6 Unicast Addressing 286

    Assigning IPv6 Global Unicast Addresses 291

        Manual Interface Assignment 291

        EUI-64 Interface ID Assignment 291

        Stateless Autoconfiguration 292

        DHCPv6 (Stateful) 292

    IPv6 EUI-64 Interface Identifier 292

IPv6 and Cisco Routers 293

    IPv6 Address Configuration Example 294

    Routing Considerations for IPv6 294

Revisiting Threats: Considerations for IPv6 295

    Examples of Possible IPv6 Attacks 298

        Recommended Practices 300

Summary 301

References 301

Review Questions 302

Part III Threat Control and Containment

Chapter 7 Planning a Threat Control Strategy 305

Threats Revisited 305

    Trends in Network Security Threats 306

    Threat Mitigation and Containment: Design Fundamentals 307

        Threat Control Design Guidelines 308

        Application Layer Visibility 309

        Distributed Security Intelligence 309

        Security Intelligence Analysis 310

Integrated Threat Control Strategy 311

    Cisco Threat Control and Containment Categories 311

        Integrated Approach to Threat Control 312

        Application Awareness 313

        Application-Specific Gateways 313

        Security Management 313

        Cisco Security Intelligence Operations Site 313

    Cisco Threat Control and Containment Solutions Fundamentals 314

        Cisco Security Appliances 314

        Cisco IPSs 316

Summary 317

References 318

Review Questions 318

Chapter 8 Access Control Lists for Threat Mitigation 319

ACL Fundamentals 320

    Types of IP ACLs 324

ACL Wildcard Masking and VLSM Review 325

    Subnetting Overview 326

        Subnetting Example: Class C 326

        Subnetting Example 327

    Variable-Length Subnet Masking 328

        A Working VLSM Example 329

    ACL Wildcard Bits 331

        Example: Wildcard Masking Process for IP Subnets 332

        Example: Wildcard Masking Process with a Single IP Address 333

        Example: Wildcard Masking Process with a Match Any IP Address 334

    Using ACLs to Control Traffic 335

        Example: Numbered Standard IPv4 ACL–Deny a Specific Subnet 336

        Numbered Extended IPv4 ACL 338

        Displaying ACLs 342

    Enhancing ACLs with Object Groups 343

    ACL Considerations 345

Configuring ACLs for Threat Control Using Cisco Configuration Professional 347

    Rules in Cisco Configuration Professional 347

        Working with ACLs in CCP 348

        ACL Editor 349

        Adding Rules 350

        Associating Rules with Interfaces 352

        Enabling Logging with CCP 354

        Monitoring ACLs with CCP 356

        Configuring an Object Group with CCP 357

    Using ACLs in IPv6 Environments 360

Summary 363

References 364

Review Questions 364

Chapter 9 Firewall Fundamentals and Network Address Translation 367

Introducing Firewall Technologies 367

    Firewall Fundamentals 367

    Firewalls in a Layered Defense Strategy 370

    Static Packet-Filtering Firewalls 372

    Application Layer Gateways 374

    Dynamic or Stateful Packet-Filtering Firewalls 378

    Other Types of Firewalls 382

        Application Inspection Firewalls, aka Deep Packet Inspection 382

        Transparent Firewalls (Layer 2 Firewalls) 383

NAT Fundamentals 384

    Example of Translating an Inside Source Address 387

    NAT Deployment Choices 389

Firewall Designs 390

    Firewall Policies in a Layered Defense Strategy 391

    Firewall Rules Design Guidelines 392

Summary 394

References 394

Review Questions 394

Chapter 10 Cisco Firewalling Solutions: Cisco IOS Zone-Based Firewall and Cisco ASA 397

Cisco Firewall Solutions 398

Cisco IOS Zone-Based Policy Firewall 398

    Zone-Based Policy Firewall Overview 398

    Zones and Zone Pairs 402

        Self Zone 402

        Zone-Based Topology Examples 403

Introduction to Cisco Common Classification Policy Language 403

    Zone-Based Policy Firewall Actions 407

    Service Policy Zone Pair Assignments 408

    Zone-Based Policy Firewall: Default Policies, Traffic Flows, and Zone Interaction 408

        Zone-Based Policy Firewall: Rules for Router Traffic 409

    Configuring Basic Interzone Policies Using CCP and the CLI 411

        Step 1: Start the Basic Firewall Wizard 412

        Step 2: Select Trusted and Untrusted Interfaces 413

        Step 3: Review and Verify the Resulting Policies 416

        Verifying and Tuning the Configuration 416

        Step 4: Enabling Logging 417

        Step 5: Verifying Firewall Status and Activity 419

        Step 6: Modifying Zone-Based Firewall Configuration Objects 420

        Step 7: Verifying the Configuration Using the CLI 421

    Configuring NAT Services for Zone-Based Firewalls 422

        Step 1: Run the Basic NAT Wizard 423

        Step 2: Select NAT Inside and Outside Interfaces 424

        Step 3: Verify NAT with CCP and the CLI 426

Cisco ASA Firewall 427

    Stateful Packet Filtering and Application Awareness 427

    Network Services Offered by the Cisco ASA 5500 Series 428

        Network Address Translation 428

        Additional Network Services 431

    Cisco ASA Security Technologies 431

        Cisco ASA Configuration Fundamentals 432

        Cisco ASA 5505 435

    Cisco ASDM 436

        Preparing the Cisco ASA 5505 for ASDM 437

        Cisco ASDM Features and Menus 438

    Cisco Modular Policy Framework 443

        Class Map: Identifying Traffic on Which a Policy Will Be Enforced 443

        Policy Map: Configuring the Action That Will Be Applied to the Traffic 444

        Service Policy: Activating the Policy 444

        Cisco ASA Modular Policy Framework: Simple Example 445

    Basic Outbound Access Control on Cisco ASA Using Cisco ASDM 446

        Scenario Configuration Steps Using Cisco ASDM 446

Summary 461

References 462 Resources 462

    Other Resources 462

    CCP and ASDM Demo Mode Tutorials 462

Review Questions 463

Chapter 11 Intrusion Prevention Systems 467

IPS Fundamentals 467

    Introducing IDS and IPS 467

        So, IDS or IPS? Why Not Both? 473

        Alarm Types 474

    Intrusion Prevention Technologies 475

        Signature-Based IDS/IPS 476

        Policy-Based IDS/IPS 477

        Anomaly-Based IDS/IPS 477

        Reputation-Based IPS 478

    IPS Attack Responses 478

        IPS Anti-Evasion Techniques 480

        Risk-Based Intrusion Prevention 482

        IPv6-Aware IPS 484

    Alarms 484

        IPS Alarms: Event Monitoring and Management 485

        Global Correlation 486

    IPS Deployment 488

        Cisco IPS Offerings 490

        IPS Best Practices 492

        Cisco IPS Architecture 494

Cisco IOS IPS 495

    Cisco IOS IPS Features 495

        Scenario: Protecting the Branch Office Against Inside Attack 497

    Signatures 497

    Signature Files 498

        Signature Management 500

        Examining Signature Microengines 500

    Signature Tuning 502

        Optimal Signature Set 504

        Monitoring IPS Alarms and Event Management 505

    Configuring Cisco IOS IPS Using Cisco Configuration Professional 507

        Step 1: Download Cisco IOS IPS Signature Package 508

        Step 2: Launch IPS Policies Wizard 509

        Step 3: Verify Configuration and Signature Files 515

        Step 4: Perform Signature Tuning 517

        Step 5: Verify Alarms 521

    Configuring Cisco IOS IPS Using the CLI 524

Summary 529

References 530 Resources 530

    General IDS/IPS Resource 530

Review Questions 530

Part IV Secure Connectivity

Chapter 12 Fundamentals of Cryptography and VPN Technologies 533

VPN Overview 534

    VPN Types 535

        Site-to-Site VPNs 536

        Remote-Access VPNs 537

Examining Cryptographic Services 538

    Cryptology Overview 538

        The History of Cryptography 540

        Ciphers 540

    Block and Stream Ciphers 547

        Block Ciphers 547

        Stream Ciphers 548

    The Process of Encryption 549

        Encryption Application Examples 550

        Cryptanalysis 551

        Desirable Encryption Algorithm Features 554

    Key Management 555

        Key Management Components 555

        Keyspaces 556

        Key Length Issues 556

        Example of the Impact of Key Length 557

Symmetric and Asymmetric Encryption Overview 557

    Symmetric Encryption Algorithms 558

        Comparing Symmetric Encryption Algorithms 560

        DES Modes of Operation 561

        DES Security Guidelines 561

        The Rijndael Cipher 563

        AES Versus 3DES 564

    Asymmetric Encryption Algorithms 565

        Public Key Confidentiality 566

    Encryption Algorithm Selection 567

Cryptographic Hashes and Digital Signatures 568

    Hashing Algorithms 571

        MD5 572

        SHA-1 572

        SHA-2 573

    Hashed Message Authentication Codes 573

    Overview of Digital Signatures 575

        Digital Signatures = Encrypted Message Digest 578

Diffie-Hellman 579

    Diffie-Hellman Example 581

    Cryptographic Processes in VPNs 582

Asymmetric Encryption: Digital Signatures 583

    Asymmetric Encryption Overview 583

        Public Key Authentication 584

    RSA and Digital Signatures 585

Public Key Infrastructure 587

    PKI Terminology and Components 589

    Certificate Classes 590

    Certificate Authorities 590

    PKI Standards 593

        Certificate Revocation 599

    Certificate Use 600

        Digital Certificates and CAs 601

Summary 602

References 603

    Books and Articles 603

    Standards 603

    Encryption Regulations 603

Review Questions 604

Chapter 13 IPsec Fundamentals 609

IPsec Framework 609

    Suite B Cryptographic Standard 611

    Encryption Algorithms 612

    Key Exchange: Diffie-Hellman 613

    Data Integrity 614

    Authentication 615

IPsec Protocol 616

    Authentication Header 618

    Encapsulating Security Payload 619

    IPsec Modes of Operations 620

        Transport Mode 621

        Tunnel Mode 621

IKE Protocol 622

    IKEv1 Modes 624

    IKEv1 Phases 625

        IKEv1 Phase 1 625

        IKEv1 Phase 1 Example 626

        IKEv1 Phase 2 631

    IKE Version 2 632

    IKEv1 Versus IKEv2 633

IPv6 VPNs 635

    IPsec Services for Transitioning to IPv6 636

Summary 637

References 637

    Books 637 Resources 637

Review Questions 637

Chapter 14 Site-to-Site IPsec VPNs with Cisco IOS Routers 641

Site-to-Site IPsec: Planning and Preparation 641

    Site-to-Site IPsec VPN Operations 642

    Planning and Preparation Checklist 643

    Building Blocks of Site-to-Site IPsec 643

        Interesting Traffic and Crypto ACLs 643

        Mirrored Crypto ACLs 644

        Cipher Suite 645

        Crypto Map 646

Configuring a Site-to-Site IPsec VPN Using CCP 647

    Initiating the VPN Wizard 647

        VPN Connection Information 649

        IKE Proposals 652

        Transform Set 653

        Traffic to Protect 654

        Configuration Summary 656

    Creating a Mirror Configuration for the Peer Site 657

Verifying the IPsec Configuration Using CCP and CLI 658

    Verifying IPsec Configuration Using CLI 658

    Verifying IKE Policy Using the CLI 659

        Verifying IKE Phase 2 Policy Using the CLI 660

        Verifying Crypto Maps Using the CLI 660

Monitoring Established IPsec VPN Connections 661

    IKE Policy Negotiation 662

    VPN Troubleshooting 662

    Monitoring IKE Security Association 664

    Monitoring IPsec Security Association 664

Summary 665

References 666

Review Questions 666

Chapter 15 SSL VPNs with Cisco ASA 669

SSL VPNs in Borderless Networks 670

    Cisco SSL VPN 671

SSL and TLS Protocol Framework 672

    SSL and TLS 673

    SSL Cryptography 674

    SSL Tunnel Establishment 675

        SSL Tunnel Establishment Example 676

Cisco SSL VPN Deployment Options and Considerations 679

    Cisco SSL VPN Client: Full Network Access 681

SSL VPN on Cisco ASA in Clientless Mode 683

    Clientless Configuration Scenario 683

    Task 1: Launch the Clientless SSL VPN Wizard from ASDM 684

    Task 2: Configure the SSL VPN Interface 684

    Task 3: Configure User Authentication 686

    Task 4: Configure User Group Policy 686

    Task 5: Configure a Bookmark List 687

    Task 6: Verify the Clientless SSL VPN Wizard Configuration 690

    Log In to the VPN Portal: Clientless SSL VPN 690

SSL VPN on ASA Using the Cisco AnyConnect VPN Client 692

    Cisco AnyConnect Configuration Scenario 693

    Phase 1: Configure Cisco ASA for Cisco AnyConnect 693

        Task 1: Connection Profile Identification 694

        Task 2: VPN Protocols and Device Certificate 695

        Task 3: Client Image 696

        Task 4: Authentication Methods 697

        Task 5: Client Address Assignment 698

        Task 6: Network Name Resolution Servers 700

        Task 7: Network Address Translation Exemption 700

        Task 8: AnyConnect Client Deployment Summary 702

    Phase 2: Configure the Cisco AnyConnect VPN Client 702

    Phase 3: Verify VPN Connectivity with Cisco AnyConnect VPN Client 706

        Verifying VPN Connectivity from Cisco ASA 706

Summary 707

References 708

Review Questions 708

Appendix A Answers to Chapter Review Questions 711

9781587142727   TOC   10/16/2012

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020