Introduction xxv
Chapter 1 Cybersecurity Fundamentals 2
“Do I Know This Already?” Quiz 3
Foundation Topics 6
Introduction to Cybersecurity 6
Defining What Are Threats, Vulnerabilities, and Exploits 8
Common Software and Hardware Vulnerabilities 30
Confidentiality, Integrity, and Availability 40
Cloud Security Threats 47
IoT Security Threats 51
An Introduction to Digital Forensics and Incident Response 55
Summary 74
Exam Preparation Tasks 74
Review All Key Topics 74
Define Key Terms 76
Review Questions 76
Chapter 2 Cryptography 78
“Do I Know This Already?” Quiz 78
Foundation Topics 80
Introduction to Cryptography 80
Fundamentals of PKI 93
Exam Preparation Tasks 102
Review All Key Topics 102
Define Key Terms 103
Review Questions 103
Chapter 3 Software-Defined Networking Security and Network Programmability 106
“Do I Know This Already?” Quiz 106
Foundation Topics 108
Introduction to Software-Defined Networking 108
Introduction to Network Programmability 132
Exam Preparation Tasks 146
Review All Key Topics 146
Define Key Terms 147
Review Questions 147
Chapter 4 Authentication, Authorization, Accounting (AAA) and Identity Management 150
“Do I Know This Already?” Quiz 151
Foundation Topics 154
Introduction to Authentication, Authorization, and Accounting 154
Authentication 155
Authorization 167
Accounting 169
Infrastructure Access Controls 170
AAA Protocols 172
Cisco Identity Services Engine (ISE) 181
Configuring TACACS+ Access 196
Configuring RADIUS Authentication 202
Additional Cisco ISE Design Tips 211
Exam Preparation Tasks 214
Review All Key Topics 214
Define Key Terms 216
Review Questions 216
Chapter 5 Network Visibility and Segmentation 220
“Do I Know This Already?” Quiz 221
Foundation Topics 224
Introduction to Network Visibility 224
NetFlow 225
IP Flow Information Export (IPFIX) 237
NetFlow Deployment Scenarios 242
Cisco Stealthwatch 250
Cisco Cognitive Threat Analytics (CTA) and Encrypted Traffic Analytics (ETA) 262
NetFlow Collection Considerations and Best Practices 268
Configuring NetFlow in Cisco IOS and Cisco IOS-XE 269
Configuring NetFlow in NX-OS 283
Introduction to Network Segmentation 285
Micro-Segmentation with Cisco ACI 289
Segmentation with Cisco ISE 290
Exam Preparation Tasks 301
Review All Key Topics 301
Define Key Terms 302
Review Questions 302
Chapter 6 Infrastructure Security 306
“Do I Know This Already?” Quiz 307
Foundation Topics 310
Securing Layer 2 Technologies 310
Common Layer 2 Threats and How to Mitigate Them 322
Network Foundation Protection 332
Understanding and Securing the Management Plane 334
Understanding the Control Plane 336
Understanding and Securing the Data Plane 337
Securing Management Traffic 338
Implementing Logging Features 362
Configuring NTP 363
Securing the Network Infrastructure Device Image and Configuration Files 364
Securing the Data Plane in IPv6 365
Securing Routing Protocols and the Control Plane 379
Exam Preparation Tasks 387
Review All Key Topics 387
Define Key Terms 389
Review Questions 389
Chapter 7 Cisco Next-Generation Firewalls and Cisco Next-Generation Intrusion Prevention Systems 392
“Do I Know This Already?” Quiz 392
Foundation Topics 395
Introduction to Cisco Next-Generation Firewalls (NGFW) and
Comparing Network Security Solutions That Provide Firewall Capabilities 411
Deployment Modes of Network Security Solutions and Architectures That
High Availability and Clustering 423
Implementing Access Control 427
Cisco Firepower Intrusion Policies 446
Variables 449
Platform Settings Policy 450
Cisco NGIPS Preprocessors 450
Cisco Advanced Malware Protection (AMP) 452
Security Intelligence, Security Updates, and Keeping Firepower Software Up to Date 457
Exam Preparation Tasks 458
Review All Key Topics 458
Define Key Terms 460
Review Questions 460
Chapter 8 Virtual Private Networks (VPNs) 464
“Do I Know This Already?” Quiz 464
Foundation Topics 467
Virtual Private Network (VPN) Fundamentals 467
Deploying and Configuring Site-to-Site VPNs in Cisco Routers 479
Configuring Site-to-Site VPNs in Cisco ASA Firewalls 502
Configuring Remote Access VPNs in the Cisco ASA 511
Configuring Clientless Remote Access SSL VPNs in the Cisco ASA 514
Configuring Client-Based Remote-Access SSL VPNs in the Cisco ASA 525
Configuring Remote Access VPNs in FTD 530
Configuring Site-to-Site VPNs in FTD 541
Exam Preparation Tasks 543
Review All Key Topics 543
Define Key Terms 544
Review Questions 544
Chapter 9 Securing the Cloud 548
“Do I Know This Already?” Quiz 549
Foundation Topics 551
What Is Cloud and What Are the Cloud Service Models? 551
DevOps, Continuous Integration (CI), Continuous Delivery (CD), and
Describing the Customer vs. Provider Security Responsibility for the Different Cloud Service Models 573
Cisco Umbrella 577
Cisco Email Security in the Cloud 582
Cisco Cloudlock 584
Stealthwatch Cloud 590
AppDynamics Cloud Monitoring 590
Cisco Tetration 593
Exam Preparation Tasks 596
Review All Key Topics 596
Define Key Terms 597
Review Questions 598
Chapter 10 Content Security 600
“Do I Know This Already?” Quiz 600
Foundation Topics 603
Content Security Fundamentals 603
Cisco WSA 604
Cisco ESA 619
Cisco Content Security Management Appliance (SMA) 624
Exam Preparation Tasks 629
Review All Key Topics 629
Define Key Terms 630
Review Questions 630
Chapter 11 Endpoint Protection and Detection 634
“Do I Know This Already?” Quiz 634
Foundation Topics 636
Introduction to Endpoint Protection and Detection 636
Cisco AMP for Endpoints 638
Cisco Threat Response 654
Exam Preparation Tasks 655
Review All Key Topics 655
Define Key Terms 655
Review Questions 656
Chapter 12 Final Preparation 658
Hands-on Activities 658
Suggested Plan for Final Review and Study 658
Summary 659
Glossary of Key Terms 660
Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 678
Appendix B CCNP Security Core SCOR (350-701) Exam Updates 686
Online Element
Appendix C Study Planner
9780135971970, TOC, 3/18/2020
Available for purchase from all major ebook resellers, including InformIT.com