CCSP-Cisco Certified Security Professional

Since Cisco IOS Release 11.2, you can use a text name for access lists in many cases. Some new features have been added to named ACLs that make them more than just text names. The benefits ... [full story]

ICMP (Internet Control Message Protocol—RFC 792) access list syntax doesn’t use port numbers, but adds options to allow filtering on ICMP messages. The actual syntax for filtering UDP is as follows: access-list acl# {permit | deny} icmp {source wildcard | any} ... [full story]

The UDP access list, like TCP, supports both source and destination ports, and, like TCP, uses the same relational operators to define the mnemonic or port numbers. The following code output shows some of the most common UDP port names: ... [full story]

TCP access lists support both source and destination TCP ports, which can be specified using either the port number or mnemonic. Port numbers or name must be preceded with relational operators, such as those shown in the following code output: ... [full story]

Extended access lists provide a higher level of traffic control by being able to filter packets based on the protocol, source and/or destination IP address, and source and/or destination port number. For example, an extended access list can block an ... [full story]

Several basic commands are useful in confirming that ACLs are in place and doing their jobs. Those commands include the following: Show run Show access lists Show IP interfaces Show Run Command One way to see your access lists and how they’re applied is to ... [full story]

Standard Access Lists Standard Access Lists Standard IP access lists filter packets based exclusively on the network layer source address of a data packet. They either block (deny) or allow (permit) traffic, based solely on the origin of the packet. The IP ... [full story]

Access List Basics Access lists are a stack of one-line filters that are processed sequentially to determine whether data packets are allowed to continue on through the router or as a part of a router process. Each statement in the stack ... [full story]

Access Control Lists Overview In this Appendix, you learn to: Create and use standard access lists Create and use extended access lists Create ... [full story]

The SAFE Implementation Exam is based on the principles and technologies contained in the “SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks” (SMR) white paper. This document is available as a PDF that can be downloaded from ... [full story]

Skills Required for the Exam According to Cisco course documentation, as the CCSP candidate studies the SAFE documents and reviews materials from the other four exams in preparation for the SAFE Implementation Exam the following specific skills should be used as ... [full story]

According to the Cisco Web site, the following information provides general guidelines for the content likely to be included on this exam. However, other related topics may also appear on any specific delivery of the exam. Security Fundamentals Need for network security Network ... [full story]

The SAFE Implementation Exam is the capstone exam for the CCSP certification path. The exam tests the knowledge and skills needed to use and implement the principles and technologies contained in the “SAFE: Extending the Security Blueprint to Small, Midsize, ... [full story]

Cisco SAFE Implementation Overview In this chapter, you will learn: To secure the documents required to prepare for the exam The published exam topics The skills and knowledge required to assure a successful attempt To configure any connections covered in any CCSP exam (simulation) The Cisco Certified ... [full story]

1.  What is a subsignature ID? The signature ID The signature ID combined with the host ID The signature ID combined with the organization ID ... [full story]

Signatures represent the intelligence behind your intrusion detection system. To protect your network infrastructure fully, you must understand both how these signatures are structured and each signature series. A signature is a set of rules used to match activity and ... [full story]

This section describes the preference options that can be configured in the Event Viewer. To configure Event Viewer preferences, click the Preferences option from the Edit menu. The following sections make up the Preferences window: Actions Cells Status Events Boundaries Event Severity Indicator Severity Mapping Actions The Actions ... [full story]

Event Viewer combines the functionality of a browser (such as Explorer) with that of a spreadsheet (such as MS Excel) to create a collection of audit event data called a drillsheet. The drillsheet allows groups of similar audit-event records to ... [full story]

Alarms are generated by the sensors and sent to the Event Viewer host via the PostOffice protocol. Once received, these alarms are stored in a database. This database can then be viewed with the Event Viewer. This section discusses the ... [full story]

Network sensors are responsible for generating and sending alarms to the Event Viewer. The Event Viewer host must then receive and display these alarms for security personnel. To insure the integrity of the network, you must understand how to view ... [full story]

The signature severity represents the probability that the matched signature represents a real and immediate security threat to your systems and network. Each signature has a default severity assigned to it by Cisco security engineers and these default severities are ... [full story]

The signature types describe the type of network traffic the signature is used to match. Some signatures detect intrusions by examining the TCP connection requests or UDP connections. Other signature types examine the protocol information in the IP headers or ... [full story]

CIDS signatures fall into four classes. Signatures belong to one of the four classes, based on the type of attack the signature was designed to detect. As discussed in Chapter 23, there are three types of attacks: Reconnaissance, Access, and ... [full story]

The signature implementations of CIDS signatures come in two types: every signature is either context based or content based. Each of these two types of signature implementations describes which part of the TCP/IP packet is examined. Context-Based Signatures Context-based signatures are ... [full story]

CIDS organizes all the signatures into a series. When an alarm is sent, the signature that generated the alarm is also sent. The Event Viewer displays not only the alarm, but also the signature ID. While recognizing every signature ID ... [full story]

CIDS signatures form the intelligence built into your network sensors. A signature is a set of rules pertaining to typical intrusion activity that, when matched, generates a unique response. Signatures can be broken down to be included into a number of ... [full story]

Overview In this chapter, you will learn how to: Understand the CIDS signature series Recognize signature structure and implementation Make use of signature types Know about signature classes Understand signature series Use signature categories Learn about signature severities View and manage alarms Use Event Viewer customization Configure preference settings Understand the ... [full story]

Questions 1.  Which of the following is a disadvantage to placing a single sensor in front of a filtering device? If the sensor is placed in front of the filtering device, it will be unable to detect interior attacks If the sensor is ... [full story]

Extensive planning and preparation are required before deploying sensors on your Internetwork. Until some auditing and planning are done, you can’t even be sure which sensors are needed. This chapter discussed the planning and auditing that can be accomplished to ... [full story]

When a new sensor is installed on the network, it lacks any specific configuration information. In its default state, the sensor has no way of communicating on the network or with any management platform. Before a sensor can be operational, ... [full story]

Once the sensor is installed and powered on, you must gain management access to the sensor. This section describes the methods you can use to connect to your sensor, as well as the default user account you’ll use for initial ... [full story]

Once you decide on the proper placement and deployment strategy, you can then begin to install and configure the sensors. Before you can use Cisco Secure Policy Manager (CSPM) to configure your sensors, though, you must first connect to the ... [full story]