E-Book Content
CSI
Cisco SAFE Implementation
Student Guide Version 2.0
Copyright © 2004, Cisco Systems, Inc.
Student Guide
i
Copyright
2004, Cisco Systems, Inc. All rights reserved.
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices. Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan • Thailand • Turkey Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe
Copyright 2004, Cisco Systems, Inc. All rights reserved. CCIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, Internet Quotient, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0203R)
ii
Cisco SAFE Implementation (CSI) v2.0
Copyright © 2004, Cisco Systems, Inc.
Table of Contents
COURSE INTRODUCTION
1-1
Overview Course Objectives Lab Topology Overview
1-1 1-2 1-8
SECURITY FUNDAMENTALS
2-1
Overview Objectives Need for Network Security Network Security Policy Primary Network Threats and Attacks Reconnaissance Attacks and Mitigation Access Attacks and Mitigation Denial of Service Attacks and Mitigation Worm, Virus, and Trojan Horse Attacks and Mitigation Management Protocols and Functions Summary
2-1 2-2 2-3 2-10 2-13 2-16 2-23 2-31 2-37 2-44 2-49
SAFE BLUEPRINT OVERVIEW
3-1
Overview Objectives SAFE Blueprint Overview Design Fundamentals SAFE Axioms Summary
3-1 3-2 3-3 3-7 3-13 3-32
THE CISCO SECURITY PORTFOLIO
4-1
Overview Objectives Cisco Security Portfolio Overview Secure Connectivity—VPN Solutions Secure Connectivity—The VPN 3000 Concentrator Series Secure Connectivity—Cisco VPN-Optimized Routers Perimeter Security Firewalls—Cisco PIX Firewall and Cisco IOS Firewall Intrusion Protection—IDS Host-Based Intrusion Prevention System—CSA Identity—Access Control Solutions
Copyright 2004, Cisco Systems, Inc.
Table of Contents
4-1 4-2 4-3 4-6 4-9 4-14 4-18 4-28 4-33 4-41