One way to use this book is to read it from cover to cover. Although that may be helpful to many people, it also may not be very time efficient, especially if you already know some of the material covered by this book.
One effective method is to take the “Do I Know This Already?” quiz at the beginning of each chapter. You can determine how to proceed with the material in the chapter based on your score on the quiz. If you get a high score, you might simply review the “Foundation Summary” section of that chapter. Otherwise, you should review the entire chapter. These are simply guidelines to help you effectively manage your time while preparing for this exam.
This book is broken into six parts that cover each of the CSI exam topics.
xxix
Figure I-1 CCSP Training/Exam Track
CCSP Prerequisites CCNA Certification
Recommended Training Securing Cisco IOS Networks
(SECUR)
Cisco Secure Virtual Private Networks (CSVPN)
Cisco Secure PIX Firewall Advanced (CSPFA)
Cisco Secure Intrusion Detection
System (CSIDS) CSIDS E-Learning Edition Cisco SAFE Implementation
(CSI) CSI E-Learning Edition
or
Exam Path SECUR Exam 640-501
CSVPN Exam 642-511
CSPFA Exam 642-521
CSIDS Exam 642-531
CSI Exam 642-541
Part I, “Cisco SAFE Overview,” includes Chapters 1 to 4:
■ Chapter 1, “What Is SAFE?” introduces the SAFE network architecture blueprints and the purpose of each.
■ Chapter 2, “SAFE Design Fundamentals,” introduces some of the basic design principles that are used to develop the SAFE small, medium-sized, and remote-user network designs and the classifications of security threats.
■ Chapter 3, “SAFE Design Concepts,” reviews the five axioms described in the SAFE blueprints.
■ Chapter 4, “Understanding SAFE Network Modules,” describes the Campus, Corporate Internet, and WAN modules.
Part II, “Understanding Security Risks and Mitigation Techniques,” includes Chapters 5 to 10:
■ Chapter 5, “Defining a Security Policy,” explains the need for a security policy and the goals and components it should contain. This chapter also describes the Security Wheel concept.
■ Chapter 6, “Classifying Rudimentary Network Attacks,” covers many common attacks, including reconnaissance attacks, unauthorized access, DoS attacks, application layer attacks, and trust exploitation attacks.
■ Chapter 7, “Classifying Sophisticated Network Attacks,” builds on Chapter 6 by covering more advanced attacks, including IP spoofing attacks, traffic sniffing, password attacks, man-in-the-middle attacks, port redirection, and virus and Trojan-horse applications.
■ Chapter 8, “Mitigating Rudimentary Network Attacks,” includes methods to protect your net-work against the attacks discussed in Chapter 6.
■ Chapter 9, “Mitigating Sophisticated Network Attacks,” describes methods to protect your net-work against the attacks described in Chapter 7.
■ Chapter 10, “Network Management,” describes in-band and out-of-band network management as well as network management protocols, including Telnet, SSH, SSL, syslog, SNMP, TFTP, and NTP.
Part III, “Cisco Security Portfolio,” includes Chapters 11 and 12:
■ Chapter 11, “Cisco Perimeter Security Products,” concentrates on the perimeter security and intrusion detection options offered by Cisco.
■ Chapter 12, “Cisco Network Core Security Products,” describes Cisco products for securing network connectivity, securing identity, and managing security and then describes
Cisco AVVID.
xxxi
Part IV, “Designing and Implementing SAFE Networks,” includes Chapters 13 to 17:
■ Chapter 13, “Designing Small SAFE Networks,” describes the components of a SAFE small network design and shows examples of the Campus module and Corporate Internet module in a small network.
■ Chapter 14, “Implementing Small SAFE Networks,” uses the design recommendations dis-cussed in Chapter 13 as a basis for examining the specific configuration requirements for each component of the small network.
■ Chapter 15, “Designing Medium-Sized SAFE Networks,” examines the specific security design requirements of the SAFE medium-sized network, including design guidelines and alternatives for each module.
■ Chapter 16, “Implementing Medium-Sized SAFE Networks,” builds on Chapter 15 by des-cribing the configuration requirements for achieving the desired functionality in your medium-sized network.
■ Chapter 17, “Designing Remote SAFE Networks,” examines the security design requirements of a remote-user network.
Part V, “Scenarios,” includes Chapter 18:
■ Chapter 18, “Scenarios for Final Preparation,” combines the topics discussed throughout the book into six scenarios. This chapter emphasizes an overall understanding of the SAFE design philosophy, associated security threats, threat mitigation, the Cisco Secure product portfolio, and the implementation of these products used in the small, midsize, and remote-user network designs.
Part VI, “Appendixes,” includes the following:
■ Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Sections,” pro-vides the answers to the quizzes that appear in each chapter.
■ Appendix B, “General Configuration Guidelines for Cisco Router and Switch Security,” sum-marizes general recommendations that you should consider adopting on all Cisco routers and switches to tighten the security of these devices.
The following sections provide answers to common questions related to the CSI exam.
Are the Prerequisites Required to Pass the Exam?
Attaining the CCNA certification is not a requirement to pass this exam. It is theoretically possible to pass this exam without first taking the CCNA exam; however, it would be extremely difficult to
pass this exam without having a CCNA equivalent level of knowledge. Much of this exam is dependent on familiarization with Cisco equipment features and configuring those features. The CCNA exam tests the student’s level of knowledge and familiarization of the Cisco IOS command line as well as basic concepts in networking. Note that although it is not required that you first take the CCNA exam before taking any of the CCSP exams, you will not receive the CCSP certification until you have obtained the CCNA certification.
I’ve Completed All Prerequisites for the CCSP Except Taking CSI—Now What?
Once you have taken all of the CCSP exams except for the CSI exam, you need only prepare for this exam and take it. Successfully completing the other CCSP exams will help you significantly with this exam, because it may ask questions about some of the Cisco security equipment that you have already been tested on in the other exams. Taking the other CCSP exams before approaching the CSI exam may well be one of the better study methods for passing the CSI exam.
I Have Not Taken All the Prerequisites—Will This Book Still Help Me to Pass?
That is a hard question to answer. It all depends on your level of knowledge, familiarity, and comfort with Cisco security products. This book is designed to help you prepare to take the CSI exam;
however, it is not a guarantee that if you work through this book you will pass the exam. That is still very much dependent on you and your experience.