Implementing Cisco IOS Network Security (IINS 640-554) Foundation Learning Guide, Rough Cuts, 2nd Edition

Rough Cuts

  • Available to Safari Subscribers
  • About Rough Cuts
  • Rough Cuts are manuscripts that are developed but not yet published, available through Safari. Rough Cuts provide you access to the very latest information on a given topic and offer you the opportunity to interact with the author to influence the final publication.

Not for Sale
  • Description
  • Sample Content
  • Updates
  • Copyright 2013
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 784
  • Edition: 2nd
  • Rough Cuts
  • ISBN-10: 0-13-298335-4
  • ISBN-13: 978-0-13-298335-8

This is the Rough Cut version of the printed book.

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide Second Edition

Foundation learning for the CCNA Security IINS 640-554 exam

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition, is a Cisco-authorized, self-paced learning tool for CCNA® Security 640-554 foundation learning. This book provides you with the knowledge needed to secure Cisco® networks. By reading this book, you will gain a thorough understanding of how to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

This book focuses on using Cisco IOS routers to protect the network by capitalizing on their advanced features as a perimeter router, firewall, intrusion prevention system, and site-to-site VPN device. The book also covers the use of Cisco Catalyst switches for basic network security, the  Cisco Secure Access Control System (ACS), and the Cisco Adaptive Security Appliance (ASA). You learn how to perform basic tasks to secure a small branch office network using Cisco IOS security features available through web-based GUIs (Cisco Configuration Professional) and the CLI
on Cisco routers, switches, and ASAs.

Whether you are preparing for CCNA Security certification or simply want to gain a better understanding of Cisco IOS security fundamentals, you will benefit from the information provided in this book.

Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide, Second Edition, is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit

-- Develop a comprehensive network security policy to counter threats against information security

-- Secure borderless networks

-- Learn how to use Cisco IOS Network Foundation Protection (NFP) and Cisco Configuration Professional (CCP)

-- Securely implement the management and reporting features of Cisco IOS devices

-- Deploy Cisco Catalyst Switch security features

-- Understand IPv6 security features

-- Plan threat control strategies

-- Filter traffic with access control lists

-- Configure ASA and Cisco IOS zone-based firewalls

-- Implement intrusion prevention systems (IPS) and network address translation (NAT)

-- Secure connectivity with site-to-site IPsec VPNs and remote access VPNs

This volume is in the Foundation Learning Guide Series offered by Cisco Press®. These guides are developed together with Cisco as the only authorized, self-paced learning tools that help networking professionals build their understanding of networking concepts and prepare for Cisco certification exams.


Table of Contents

Introduction xxviii

Part I Networking Security Fundamentals

Chapter 1 Network Security Concepts and Policies 1

Building Blocks of Information Security 2

    Basic Security Assumptions 2

    Basic Security Requirements 2

    Data, Vulnerabilities, and Countermeasures 3

        Data Classification 4

        Vulnerabilities Classifications 7

        Countermeasures Classification 8

        Need for Network Security 12

        Intent Evolution 13

        Threat Evolution 14

        Trends Affecting Network Security 16

    Adversaries, Methodologies, and Classes of Attack 19

        Adversaries 20

        Methodologies 21

        Threats Classification 23

        Man-in-the-Middle Attacks 32

        Overt and Covert Channels 33

        Botnets 37

        DoS and DDoS Attacks 37

    Principles of Secure Network Design 39

        Defense in Depth 41

Evaluating and Managing the Risk 42

    Levels of Risks 43

    Risk Analysis and Management 44

        Risk Analysis 44

        Building Blocks of Risk Analysis 47

        A Lifecycle Approach to Risk Management 49

    Regulatory Compliance 50

Security Policies 53

    Security Policy Components 55

        Governing Policy 56

        End-User Policies 57

        Technical Policies 57

        Standards, Guidelines, and Procedures 59

        Security Policy Roles and Responsibilities 61

        Security Awareness 62

Secure Network Lifecycle Management 63

    IT Governance, Risk Management, and Compliance 64

    Secure Network Life Cycle 64

        Initiation Phase 65

        Acquisition and Development Phase 65

        Implementation Phase 66

Submit Errata