CCNA_Security_06_bupt

CCNA_Security_06_bupt - 1 CCNA Security Chapter 6: Securing...

Info iconThis preview shows pages 1–17. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 CCNA Security Chapter 6: Securing the Local Area Network Chapter 6: Securing the Local Area Network 2 Lesson Planning This lesson should take 3-4 hours to present The lesson should include lecture, demonstrations, discussions and assessments The lesson can be taught in person or using remote instruction 3 Major Concepts Describe endpoint vulnerabilities and protection methods Describe basic Catalyst switch vulnerabilities Configure and verify switch security features, including port security and storm control Describe the fundamental security considerations of Wireless, VoIP, and SANs. 4 Contents 6.1 Endpoint Security 6.2 Layer 2 Security Considerations 6.3 Configuring Layer 2 Security 6.4 Wireless, VoIP, and SAN Security 5 6.1 Endpoint Security 6 Endpoint Security Considerations Introducing Endpoint Security Endpoint Security with IronPort Endpoint Security with Network Admission Control Endpoint Security with Cisco Security Agent 7 6.1.1 Introducing Endpoint Security Securing the LAN Addressing Endpoint Security Operating Systems Basic Security Services Types of Application Attacks Cisco Systems Endpoint Security Solutions 8 Securing the LAN IPS MARS VPN ACS Iron Port Firewall Web Server Email Server DNS LAN Hosts Perimeter Internet Areas of concentration: • Securing endpoints • Securing network infrastructure 9 Threat Protection Policy Compliance Infection Containment Secure Host Addressing Endpoint Security Based on three elements: • Cisco Network Admission Control (NAC) • Endpoint protection • Network infection containment 10 Operating Systems Basic Security Services Trusted code and trusted path – ensures that the integrity of the operating system is not violated Privileged context of execution – provides identity authentication and certain privileges based on the identity Process memory protection and isolation – provides separation from other users and their data Access control to resources – ensures confidentiality and integrity of data 11 Types of Application Attacks I have gained direct access to this application’s privileges I have gained access to this system which is trusted by the other system, allowing me to access it. Indirect Direct 12 Cisco Systems Endpoint Security Solutions Cisco NAC IronPort Cisco Security Agent 13 6.1.2 Endpoint Security with IronPort Cisco IronPort Products IronPort C-Series Iron-Port S-Series 14 Cisco IronPort Products IronPort products include: • E-mail security appliances for virus and spam control • Web security appliance for spyware filtering, URL filtering, and anti-malware • Security management appliance 15 IronPort C-Series Internet Internet Antispam Antivirus Policy Enforcement Mail Routing Before IronPort IronPort E-mail Security Appliance Firewall Groupware Users After IronPort Users Groupware Firewall Encryption Platform MTA DLP Scanner DLP Policy Manager 16 IronPort S-Series...
View Full Document

This note was uploaded on 04/10/2011 for the course CSIE 992 taught by Professor Lu during the Spring '11 term at National.

Page1 / 125

CCNA_Security_06_bupt - 1 CCNA Security Chapter 6: Securing...

This preview shows document pages 1 - 17. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online